- a list of Security Live CDs at Knoppix.net – http://www.knoppix.net/wiki/Security_Live_CD
- BackTrack – Penetration Testing Distribution- http://www.backtrack-linux.org/ | http://en.wikipedia.org/wiki/BackTrack
- “Review: BackTrack 2 security live CD” by Lorenzo Simionato (Linux.com; 2007.04.24) – http://www.linux.com/archive/feed/61417
- DVWA (Damn Vulnerable Web App) – http://www.dvwa.co.uk/
- Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
- NST (Network Security Toolkit) – http://networksecuritytoolkit.org/nst/index.html – a bootable ISO live CD/DVD (NST Live) based on Fedora Linux.
- OWASP Live CD – http://appseclive.org/ | http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project:
Welcome to AppSecLive.org! We are an online community focused on, you guessed it, web application security. We welcome all folks from all arenas to join us in discussing everything from tools to techniques relating to the security of the web. AppSecLive.org is also the new home of the OWASP Live CD, which is maintained by Matt Tesauro. This is where you will find support for the OWASP Live CD.
- Samurai Web Testing Framework – http://samurai.inguardians.com/
- The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.