As of our last posting (Single Board Computers Part 2), the team had just received our oDroid systems. Since then, we have been busy researching and programming. As you may recall, the goal of this project is to have a small, affordable computer able to listen to network traffic with scripted commands.
Up to this point in the project, we had envisioned using Xubuntu 13.10 and modifying that particular Linux distribution to meet our project’s goals. Xubuntu is a Canonical Ltd. recognized derivative of Ubuntu, and is one of the most popular Linux distributions. Additionally, Xubuntu has an emphasis on a low memory footprint. System resources (memory and processing power) are limited on a single board computer, so it is important to ensure we use these resources efficiently.
While we valued Xubuntu, the team decided that we would make a switch to Kali Linux. Our project is driven by digital forensics research, and we believed it would be beneficial to start with a Linux distribution designed specifically for digital forensics and penetration testing. . Also, some members of the team use Kali on their work machines, so porting future developments to our oDroid machines will be much easier.
In addition to our Linux distribution switch, members of the team have been working on setting up an ESXi Server. This ESXi Server, along with some scripts, will generate a steady stream of network traffic for us to monitor with our oDroid systems and see how well they perform at various tasks.
There is always programming work being done with various scripts and utilities to help automate tasks. All of the scripts and utilities we develop will be added to our final Kali Linux system image so that others may learn from them and modify them to meet their own specific needs. In the end, the user will be able to run a script from a command line, specify a few simple parameters from a menu, and trust that the system will complete the task. Our primary focus is the automation of several important Metasploit and OpenVAS operations. These scripts will be written for use with the Bash shell and written in the Python or Ruby programming languages.
Beyond work on vulnerability assessment automation and network monitoring, an encryption utility is being implemented in the C++ programming language. This utility will be used to encrypt communications passed to and from the oDroid systems. The utility will also encrypt files local to the system. Because no encryption cipher (with the exception of the one-time pad) can be truly unbreakable, no great emphasis has been placed on designing or implementing a single encryption algorithm for the utility to use. The ultimate goal is to enable the utility to use any encryption algorithm defined in an external source file. This way, the utility may use multiple encryptions used in an order defined by the user with encryption keys. Thus far, most of the work on this utility has gone into parsing command-line arguments in a flexible manner and automating the removal and replacement of unencrypted files in a directory with encrypted versions.