Guys, meet the new Santoku Linux! Santoku is a general purpose kitchen knife which originated from Japan. Santoku means “three virtues” or “three uses” (Wikipedia). This distribution is not from Japan, but the name was suggested by Thomas Cannon of viaForensics (who happens to be the project leader of Santoku Linux) because the distribution was crafted specifically for Mobile Forensics, Mobile Malware Analysis, and Mobile Security Testing. The current alpha release is based on a fork of the OWASP (Open Web Application Security Project) MobiSec Ubuntu distro thus making this alpha release an OWASP MobiSec Remix (released under GPL) with added tools from viaForensics and some of its contributors or supporters. This project or platform is sponsored and launched by viaForensics which is a known and very innovative digital forensics and security firm that focuses or specializes on computer and mobile forensics, mobile application security, enterprise security, information security and penetration testing, and forensics training. The Three Virtues or Three Uses Like I said, Santoku Linux is aimed at Mobile Forensics, Mobile Malware Analysis, and Mobile Security Testing; these three aims are called the three virtues or the three uses of the said distribution and is the very foundation for the existence of this new distro. With these three virtues, users can use the free and open source tools and some of the commercial tools of Santoku Linux to forensically acquire and analyze data, examine mobile malware, detect malicious softwares, and support security assessment of mobile applications because of the increasing amount of malware that has plagued the users of mobile phones or smart phones. If you are into mobile security and mobile forensics then this distribution is definitely right for you. Mobile Forensics:

Firmware flashing tools for multiple manufacturers

Imaging tools for NAND, media cards, and RAM

Free versions of some commercial forensics tools

Useful scripts and utilities specifically designed for mobile forensics

Mobile Malware Analysis

Mobile device emulators

Utilities to simulate network services for dynamic analysis

Decompilation and disassembly tools

Access to malware databases

Mobile Security Testing

Decompilation and disassembly tools

Scripts to detect common issues in mobile applications

Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more

List of Tools for the Alpha Release Aside from the platform’s three endeavors which are Mobile Forensics, Mobile Malware Analysis, and Mobile Security Testing, this platform can also be used for Application Security Testing and Penetration Testing. As of this moment, the tools included in the July 2012 alpha release are categorized into Development Tools, Reverse Engineering, Penetration Testing, Wireless Analyzers, Device Forensics, and Mobile Infrastructure. Development Tools:

Android SDK Manager

Apple Xcode IDE

BlackBerry JDE

BlackBerry Tablet OS SDK

BlackBerry WebWorks

DroidBox

Eclipse IDE

Windows Phone SDK

Android 2.3.3, 3.2, and 4.0.3 Emulators

SecurityCompass Lab Server (HTTP and HTTPS)

BlackBerry Ripple

BlackBerry Simulators

The set of tools for this category contains software development kits (SDK) or devkits plus the Eclipse IDE (Integrated development environment) in order to create or code applications for mobile software packages. Aside from the development environments, it also comes with emulators and simulators for the Android OS and the Blackberry. Thus, you can test the versions 2.3.3, 3.2, and 4.0.3 for the Android OS for your hacking needs. Penetration Testing:

CeWL

DirBuster

Fierce

Nikto

nmap

Burp Suite

Mallory

w3af Console

w3af GUI

ZAP

BeEF

Ettercap

iSniff

Metasploit Console

Metasploit GUI

NetSed

SET

SQLMap

SSLStrip

With the addition of the tools for the Penetration Testing category, users can do penetration testing easier without the hassle of installing your favorite pentesting tools for web applications and servers. Because pentesting is very important. And so, Fire it all up!
Reverse Engineering:

APK Tool

Dex2Jar

Flawfinder

Java Decompiler

Strace

With the set of tools for Reverse Engineering, users will be able to reverse engineer third party, closed, binary Android apps and rebuild them easier. Thus, making it your average distro for examining source codes and looking for security weaknesses, decompilation, and debugging. This is very important because nowadays a lot of developers who don’t practice or are not aware of safe coding have released their softwares in the Android Market. Wireless Analyzers:

Aircrack-ng

Kismet

Ubertooth Kismet

Ubertooth Spectrum Analyzer

Wireshark

Santoku Linux also includes tools for wireless spectrum, packet analysis of wireless devices, sniffing the network, and for monitoring wireless networks. And of course, it can also be used for cracking and retrieving WEP, WPA/WPA2 keys just like other penetration testing distros out there. Thus, eliminating some of your time in installing your favorite Aircrack-Ng suite. Device Forensics:

AFLogical Open Source Edition

Android Encryption Brute Force

BitPim

BlackBerry Desktop Manager

Foremost

iPhone Backup Analyzer

MIAT

Paraben Device Seizure

Sift Workstation

Sleuth Kit

SQLiteSpy

The Device Forensic Tools will help you in your endeavor in analyzing data, data recovery, data manipulation and exploration, investigate disk images, seize digital evidences, software auditing, and for testing the security of your mobile phones. The Paraben Device Seizure for example has been giving forensic examiners access to mobile device data for over 10 years and is recognized as the first tool for the forensic analysis of cell phones.
Mobile Infrastructure:

BES Express

Google Mobile Management

iPhone Configuration Tool

These categories will help you with your mobile phone’s configuration and installation of its apps or platforms. Take for example the iPhone Configuration Tool which lets you easily create, maintain, encrypt, and push configuration profiles, track and install provisioning profiles and authorized applications, and capture device information including console logs[1] and the BlackBerry Enterprise Server Express which is a free software to mobilize email platforms for growing businesses[2]. There are tools that are still to be updated or added and if you want a cool tool to be added on the distribution then feel free to drop your message or request in the contact page of the Santoku Linux’s official website. Remember, Santoku Linux is by the Community and for the Community. It’s still an alpha release so expect more tools to be added and more improvements. Getting Started (for newbies) Santoku can be downloaded at santoku-linux.com (official website) and the full .iso image or file capacity is 3+ GB so be sure you have a fast connection. Santoku is a pre-configured Linux environment so if you want to install it in your computer or laptop as one of your Operating Systems (multi-boot or dual boot) or as your primary Operating System then you need to create a bootable DVD or USB using the ISO image. Then boot the bootable or live DVD by prioritizing it as your first boot device. If all goes well, you should see something like this:

If you really want to install Santoku Linux then choose the third option that says “install – start the installer directly” or if you just want to try it out first before installing it then choose “live – boot the Live System”, the installation should let you choose your language, time zone, clock settings, and allow you to erase the entire hard disk or install with other OS’s. However, if you have chosen the first option which boots you to the pre-configured Linux environment without installing it, you should see a graphical interface that asks you for a password.

Make sure that you type the word “santoku” in the box that lets you input the password. The next thing you should see is the Desktop Wallpaper of a santoku knife and now you can already play with the distro.

And if want to boot or emulate it with Oracle’s Virtualbox then you can just follow this instruction from the official blog of Santoku. Santoku Pro You may be wondering why there is a link for Santoku Pro in the download link of the official website of Santoku Linux so let me explain a few things about it. The Santoku Pro version will be released later this year (2012) and this version will offer an easy-to-use interface for mobile application security assessment. So be sure to subscribe to the mailing list in order to be updated for this version and for the new tools update because there are still a lot of tools that will soon be added for this new distribution because the Santoku Community (contributors) is growing. Stay tuned! Santoku Linux Download Page: https://santoku-linux.com/download Note: Thanks to Infosec Institute for letting me promote Santoku Linux on their popular and very informative resource page and kudos to Thomas Cannon for heading this project and letting me join his community as a supporter or a contributor. References: http://www.apple.com/support/iphone/enterprise/ http://us.blackberry.com/business/software/besx.html http://www.paraben.com/device-seizure.html