I also suggest Knoppix!
But there is a Knoppix version (STD) with already all the tools you need:
Download @
http://www.knoppix-std.org/authentication
/usr/bin/auth/
freeradius 0.9.3 : GPL RADIUS server
encryption
/usr/bin/crypto/
2c2 : multiple plaintext -> one ciphertext
4c : as with 2c2 (think plausible deniability)
acfe : traditional cryptanalysis (like Vigenere)
cryptcat : netcat + encryption
gifshuffle : stego tool for gif images
gpg 1.2.3 : GNU Privacy Guard
ike-scan : VPN fingerprinting
mp3stego : stego tool for mp3
openssl 0.9.7c
outguess : stego tool
stegbreak : brute-force stego'ed JPG
stegdetect : discover stego'ed JPG
sslwrap : SSL wrapper
stunnel : SSL wrapper
super-freeSWAN 1.99.8 : kernel IPSEC support
texto : make gpg ascii-armour look like weird English
xor-analyze : another "intro to crytanalysis" tool
forensics
/usr/bin/forensics/
sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
biew : binary viewer
bsed : binary stream editor
consh : logged shell (from F.I.R.E.)
coreography : analyze core files
dcfldd : US DoD Computer Forensics Lab version of dd
fenris : code debugging, tracing, decompiling, reverse engineering tool
fatback : Undelete FAT files
foremost : recover specific file types from disk images (like all JPG files)
ftimes : system baseline tool (be proactive)
galleta : recover Internet Explorer cookies
hashdig : dig through hash databases
hdb : java decompiler
mac-robber : TCT's graverobber written in C
md5deep : run md5 against multiple files/directories
memfetch : force a memory dump
pasco : browse IE index.dat
photorec : grab files from digital cameras
readdbx : convert Outlook Express .dbx files to mbox format
readoe : convert entire Outlook Express .directory to mbox format
rifiuti : browse Windows Recycle Bin INFO2 files
secure_delete : securely delete files, swap, memory....
testdisk : test and recover lost partitions
wipe : wipe a partition securely. good for prep'ing a partition for dd
and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)
firewall
/usr/bin/fw/
blockall : script to block all inbound TCP (excepting localhost)
flushall : flush all firewall rules
firestarter : quick way to a firewall
firewalk : map a firewall's rulebase
floppyfw : turn a floppy into a firewall
fwlogwatch : monitor firewall logs
iptables 1.2.8
gtk-iptables : GUI front-end
shorewall 1.4.8-RC1 : iptables based package
honeypots
/usr/bin/honeypot/
honeyd 0.7
labrea : tarpit (slow to a crawl) worms and port scanners
thp : tiny honeypot
ids
/usr/bin/ids/
snort 2.1.0: everyone's favorite networks IDS
ACID : snort web frontend
barnyard : fast snort log processor
oinkmaster : keep your snort rules up to date
hogwash : access control based on snort sigs
bro : network IDS
prelude : network and host IDS
WIDZ : wireless IDS, ap and probe monitor
aide : host baseline tool, tripwire-esque
logsnorter : log monitor
swatch : monitor any file, oh like say syslog
sha1sum
md5sum
syslogd
network utilities
/usr/bin/net-utils/
LinNeighboorhood : browse SMB networks like windows network neighborhood
argus : network auditor
arpwatch : keep track of the MACs on your wire
cdpr : cisco discovery protocol reporter
cheops : snmp, network discovery and monitor tool
etherape : network monitor and visualization tool
iperf : measure IP performance
ipsc : IP subnet calculator
iptraf : network monitor
mrtg : multi router traffic grapher
mtr : traceroute tool
ntop 2.1.0 : network top, protocol analyzer
rrdtool : round robin database
samba : opensource SMB support
tcptrack : track existing connections
password tools
/usr/bin/pwd-tools/
john 1.6.34 : John the Ripper password cracker
allwords2 : CERIAS's 27MB English dictionary
chntpw : reset passwords on a Windows box (including Administrator)
cisilia : distributed password cracker
cmospwd : find local CMOS password
djohn : distributed John the Ripper
pwl9x : crack Win9x password files
rcrack : rainbow crack
servers
/usr/bin/servers
apache
ircd-hybrid
samba
smail
sshd
vnc
net-snmp
tftpd
xinetd
packet sniffers
/usr/bin/sniff/
aimSniff : sniff AIM traffic
driftnet : sniffs for images
dsniff : sniffs for cleartext passwords (thanks Dug)
ethereal 0.10.0 : the standard. includes tethereal
ettercap 0.6.b : sniff on a switched network and more.
filesnarf : grab files out of NFS traffic
mailsnarf : sniff smtp/pop traffic
msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
ngrep : network grep, a sniffer with grep filter capabilities
tcpdump : the core of it all
urlsnarf : log all urls visited on the wire
webspy : mirror all urls visited by a host in your local browser
tcp tools
/usr/bin/tcp-tools/
arpfetch : fetch MAC
arping : ping by MAC
arpspoof : spoof arp
arpwatch : montior MAC addresses on the wire
despoof : detect spoofed packets via TTL measurement
excalibur : packet generator
file2cable : replay a packet capture
fragroute : packet fragmentation tool (thanks again Dug)
gspoof : packet generator
hopfake : spoof hopcount replies
hunt : tcp hijacker
ipmagic : packet generator
lcrzoex : suite of tcp tools
macof : flood a switch with MACs
packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
netsed : insert and replace strings in live traffic
packETH : packet generator
tcpkill : die tcp, die!
tcpreplay : replay packet captures
tunnels
/usr/bin/tunnels/
cryptcat : encrypted netcat
httptunnel : tunnel data over http
icmpshell : tunnel data over icmp
netcat : the incomparable tcp swiss army knife
shadyshell : tunnel data over udp
stegtunnel : hide data in TCP/IP headers
tcpstatflow : detect data tunnels
tiny shell : small encrypted shell
vulnerability assessment
/usr/bin/vuln-test/
ADM tools : like ADM-smb and ADMkillDNS
amap 4.5 : maps applications running on remote hosts
IRPAS : Internet Routing Protocol Attack Suite
chkrootkit 0.43 : look for rootkits
clamAV : virus scanner. update your signatures live with freshclam
curl : commandline utility for transferring anything with a URL
exodus : web application auditor
ffp : fuzzy fingerprinter for encrypted connections
firewalk : map a firewall rulebase
hydra : brute force tool
nbtscan : scan SMB networks
ncpquery : scan NetWare servers
nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
nikto : CGI scanner
nmap 3.48 : the standard in host/port enumeration
p0f : passive OS fingerprinter
proxychains: chain together multiple proxy servers
rpcinfo : hmmmm.... info from RPC?
screamingCobra : CGI scanner
siege : http testing and benchmarking utility
sil : tiny banner grabber
snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
syslog_deluxe : spoof syslog messages
thcrut : THC's "r you there?" network mapper
vmap : maps application versions
warscan : exploit automation tool
xprobe2 : uses ICMP for fingerprinting
yaph : yet another proxy hunter
zz : zombie zapper kills DDoS zombies
wireless tools
/usr/bin/wireless/
airsnarf : rogue AP setup utility
airsnort : sniff, find, crack 802.11b
airtraf : 802.11b network performance analyzer
gpsdrive : use GPS and maps
kismet 3.0.1 : for 802.11 what else do you need?
kismet-log-viewer : manage your kismet logs
macchanger : change your MAC address
wellenreiter : 802.11b discovery and auditing
patched orinoco drivers : automatic (no scripts necessary)
