BlackArch Linux, The BlackArch Linux Guide

1 The BlackArch Linux Overview.. What is BlackArch Linux ?.. History of BlackArch Linux .. Supported platforms.. Get involved.. 42 User Installation.. Installing on top of ArchLinux.. Installing packages.. Installing packages from source.. Basic Blackman usage.. Installing from full-, netinstall- ISO or ArchLinux.. 73 Developer Arch s Build System and Repositories.. BlackArch PKGBUILD standards.. Groups.. BlackArch .. BlackArch -anti-forensic.. BlackArch -automation.. BlackArch -backdoor.. BlackArch -binary.. BlackArch -bluetooth.. BlackArch -code-audit.. BlackArch -cracker.. BlackArch -crypto.. BlackArch -database.. BlackArch -debugger.. BlackArch -decompiler.. BlackArch -defensive.. BlackArch -disassembler.. BlackArch -dos.. BlackArch -drone.. BlackArch -exploitation.. BlackArch -fingerprint.. BlackArch -firmware.. BlackArch -forensic.

2 BlackArch -fuzzer.. BlackArch -hardware.. BlackArch -honeypot.. BlackArch -keylogger.. BlackArch -malware.. BlackArch -misc.. BlackArch -mobile.. BlackArch -networking.. BlackArch -nfc.. BlackArch -packer.. BlackArch -proxy.. BlackArch -recon.. BlackArch -reversing.. BlackArch -scanner.. BlackArch -sniffer.. BlackArch -social.. BlackArch -spoof.. BlackArch -threat-model.. BlackArch -tunnel.. BlackArch -unpacker.. BlackArch -voip.. BlackArch -webapp.. BlackArch -windows.. BlackArch -wireless.. Repository structure.. Scripts.. Contributing to repository.. Required tutorials.. Steps for contributing.. Example.. Fetch PKGBUILD.. Clean up PKGBUILD.. Adjust PKGBUILD.. Build the package.. Install and test the package.. Add, commit and push package.. Create a pull request.. Adding a remote for upstream.. Requests.. General tips.. 184 Tools Coming Soon.

3 19A FAQ s.. AUTHORS.. 20 Chapter OverviewThe BlackArch Linux Guide is divided into several parts: introduction - Provides a broad overview, introduction , and additional helpful project informa-tion User Guide - Everything a typical user needs to know to effectively use BlackArch Developer Guide - How to get started developing for and contributing to BlackArch Tool Guide - In-depth tool details along example usages (WIP) What is BlackArch Linux ? BlackArch is a complete Linux distribution for penetration testers and security researchers. It is derivedfrom ArchLinuxand users can install BlackArch components individually or in groups directly on topof toolset is distributed as an Arch Linuxunofficial user repositoryso you can install BlackArch ontop of an existing Arch Linux installation. Packages may be installed individually or by constantly expanding repository currently includes over2600tools. All tools are thoroughlytested before being added to the codebase to maintain the quality of the History of BlackArch LinuxComing Supported platformsComing BlackArch Linux Get involvedYou can get in touch with the BlackArch team using the following 2 User InstallationThe following sections will show you how to setup the BlackArch repository and install supports both, installing from the repository using binary packages as well as compilingand installing from is compatible with normal Arch installations.

4 It acts as an unofficial user repository. If youwant an ISO instead, see theISOs Installing on top of ArchLinuxRun root and follow the instructions. See the following # shouldmatch: d062038042c5f141755ea39dbd615e6ff9e23121 sudochmod+x download a fresh copy of the master package list and synchronize Installing packagesYou may now install tools from the BlackArch To list all of the available tools, runpacman-Sgg |grepblackarch |cut-d' ' -f2 |sort-u2. To install all of the tools, runpacman-S blackarch3. To install a category of tools, run6 The BlackArch Linux Guidepacman-S BlackArch -<category>4. To see the BlackArch categories, runpacman-Sg | Installing packages from sourceAs part of an alternative method of installation, you can build the BlackArch packages from can find the PKGBUILDs ongithub. To build the entire repo, you can use theBlackmantool. First, you have to install Blackman. If the BlackArch package repository is setup on yourmachine, you can install Blackman:pacman-S blackman You can build and install Blackman from source:mkdirblackmancd # Or you can install Blackman from the AUR:<whatever AUR helper you use> Basic Blackman usageBlackman is very simple to use, though the flags are different from what you would typically expectfrom something like pacman.

5 Basic usage has been outlined below. Download, compile and install packages:sudoblackman-i package Download, compile and install whole category:sudoblackman-g group Download, compile and install all of the BlackArch tools:sudoblackman-a To list the BlackArch categories:blackman-l To list category tools:blackman-p category7 The BlackArch Linux Installing from full-, netinstall- ISO or ArchLinuxYou can install BlackArch Linux from one of our full- or #iso. The following steps are required after theISO boot up. Install BlackArch -installer package:sudopacman-S BlackArch -installer Runsudoblackarch -install8 Chapter 3 Developer Arch s Build System and RepositoriesPKGBUILD files are build scripts. Each one tells makepkg(1) how to create a package. PKGBUILD files are written in more information, read (or skim through) the following: Arch Wiki: Creating Packages Arch Wiki: makepkg Arch Wiki: PKGBUILD Arch Wiki: Arch Packaging BlackArch PKGBUILD standardsFor the sake of simplicity, our PKGBUILDs are similar to that of the AUR ones, with a few smalldifferences outlined below.

6 Every package must belong to BlackArch at the minimum, there will alsobe a lot of crossover with multiple packages belonging to multiple GroupsTo allow users to install a specific range of packages quickly and easily, packages have been separatedinto groups. Groups allow users to simply go pacman -S <group name> in order to pull a lot blackarchThe BlackArch group is the base group that all packages must belong too. This allows users to installevery package with should be in here: BlackArch Linux BlackArch -anti-forensicPackages that are used for countering forensic activities, including encryption, steganography, andanything that modifies files/file attributes. This all includes tools to work with anything in generalthat makes changes to a system for the purposes of hiding : luks, TrueCrypt, Timestomp, dd, ropeadope, BlackArch -automationPackages that are used for tool or workflow : blueranger, tiger, BlackArch -backdoorPackages that exploit or open backdoors on already vulnerable : backdoor-factory, rrs, BlackArch -binaryPackages that operate on binary files in some : binwally, BlackArch -bluetoothPackages that exploit anything concerning the Bluetooth standard ( ).

7 Examples: ubertooth, tbear, BlackArch -code-auditPackages that audit existing source code for vulnerability : flawfinder, BlackArch -crackerPackages used for cracking cryptographic functions, ie : hashcat, john, BlackArch -cryptoPackages that work with cryptography, with the exception of : ciphertest, xortool, sbd10 The BlackArch Linux BlackArch -databasePackages that involve database exploitations on any : metacoretex, BlackArch -debuggerPackages that allow the user to view what a particular program is doing in : radare2, BlackArch -decompilerPackages that attempt to reverse a compiled program into source : flasm, BlackArch -defensivePackages that are used to protect a user from malware & attacks from other : arpon, chkrootkit, BlackArch -disassemblerThis is similar to BlackArch -decompiler, and there will probably be a lot of programs that fall intoboth, however these packages produce assembly output rather than the raw source : inguma, BlackArch -dosPackages that use DoS (Denial of Service) : 42zip, BlackArch -dronePackages that are used for managing physically engineered : meshdeck, BlackArch -exploitationPackages that takes advantages of exploits in other programs or : armitage, metasploit, zarp11 The BlackArch Linux BlackArch -fingerprintPackages that exploit fingerprint biometric : dns-map, p0f, BlackArch -firmwarePackages that exploit vulnerabilities in firmwareExamples: None yet, amend BlackArch -forensicPackages that are used to find data on physical disks or embedded : aesfix, nfex, BlackArch -fuzzerPackages that use the fuzz testing principle, ie throwing random inputs at the subject to see.

8 Msf, mdk3, BlackArch -hardwarePackages that exploit or manage anything to do with physical : arduino, BlackArch -honeypotPackages that act as honeypots , ie programs that appear to be vulnerable services used to attracthackers into a : artillery, bluepot, BlackArch -keyloggerPackages that record and retain keystrokes on another : None yet, amend BlackArch -malwarePackages that count as any type of malicious software or malware : malwaredetect, peepdf, yara12 The BlackArch Linux BlackArch -miscPackages that don t particularly fit into any : oh-my-zsh-git, winexe, BlackArch -mobilePackages that manipulate mobile : android-sdk-platform-tools, BlackArch -networkingPackage that involve IP : arptools, dnsdiag, BlackArch -nfcPackages that use nfc (near-field communications).Examples: BlackArch -packerPackages that operate on or involve are programs that embed malware within other : BlackArch -proxyPackages that acts as a proxy, ie redirecting traffic through another node on the : burpsuite, ratproxy, BlackArch -reconPackages that actively seeks vulnerable exploits in the wild.

9 More of an umbrella group for : canri, dnsrecon, BlackArch -reversingThis is an umbrella group for any decompiler, disassembler or any similar : capstone, radare2, zerowine13 The BlackArch Linux BlackArch -scannerPackages that scan selected systems for : scanssh, tiger, BlackArch -snifferPackages that involve analyzing network : hexinject, pytactle, BlackArch -socialPackages that primarily attack social networking : jigsaw, BlackArch -spoofPackages that attempt to spoof the attacker such, in that the attacker doesn t show up as an attackerto the : arpoison, lans, BlackArch -threat-modelPackages that would be used for reporting/recording the threat model outlined in a particular : BlackArch -tunnelPackages that are used to tunnel network traffic on a given : ctunnel, iodine, BlackArch -unpackerPackages that are used to extract pre-packed malware from an : BlackArch -voipPackages that operate on voip programs and : iaxflood, rtp-flood, teardown14 The BlackArch Linux BlackArch -webappPackages that operate on internet-facing : metoscan, whatweb, BlackArch -windowsThis group is for any native Windows package that runs via : 3proxy-win32, pwdump, BlackArch -wirelessPackages that operates on wireless networks on any : airpwn, mdk3, Repository structureYou can find the main BlackArch git repo here: There arealso several secondary repos here: the main git repo, there are three important directories: docs - Documentation.

10 Packages - PKGBUILD files. scripts - Useful little ScriptsHere is a reference for scripts in thescripts/directory: baaur - Soon, this will upload packages to the AUR. babuild - Build a package. bachroot - Manage a chroot for testing. baclean - Clean old . files from the package repo. baconflict - Soon this will replacescripts/conflicts. bad-files - Find bad files in built packages. balock - Obtain or release the package repo lock. banotify - Notify IRC about package BlackArch Linux Guide barelease - Release packages to the package repo. baright - Print the BlackArch copyright info. basign - Sign packages. basign-key - Sign a key. blackman - This behaves sort of like pacman but builds from git (not to be confused with nrz sBlackman). check-groups - Check groups. checkpkgs - Check packages for errors. conflicts - Check for file conflicts. dbmod - Modify a package database. depth-list - Create a list sorted by dependency depth.