by: Hacking Linux/Unix

Kali and Parrot are not the only Linux distributions for red teams, they are certainly the most popular ones. Now, there is a new kid in the playground SnoopGod! (I know what you think about the name, kinda familiar, right?)

SnoopGod v24.04 (formerly known as Blackbuntu) is based on Ubuntu 24.04 LTS, which is also based on Debian upstream. What does it mean? It is natural to distro-hop and continue to feel familiar with the system and the tools, mainly for those who use Ubuntu as their daily drive distro.

What does SnoopGod bring that distinguishes it from Kali or Parrot?

  • Based on Ubuntu LTS
    • Long-term support (LTS) is especially important to those who need stability and security, it has support for at least 5 years.
    • Arguably, Ubuntu has the larger community, and source of information online. (I am not open to discussing this, just my opinion)
  • KDE Plasma
    • Historically KDE is the heaviest when compared to Xfce (used by Kali) and Gnome (used by Parrot) but KDE Plasma improved so much its performance that does not feel any different than Xfce (designed to be lightweight).
    • It is beautiful and highly customizable.

FIRST IMPRESSIONS

  • Quick to start the live CD and apparently fully compatible (drivers) on a KVM hypervisor.

 

  • Smooth and uncomplicated installation. Did not take too long either.

  • Out of the box, the guest screen resizes with a beautiful animation as the hypervisor window is resized.

  • Reflection
    • Low bar for new users.
    • Pleasant experience.
    • Eye candy!

UNDER THE HOOD OBSERVATIONS

While Kali pulls ALL packages from its own repository, SnoopGod pulls most of its packages from Ubuntu’s repository, including the security patches, and only the specific purpose set of applications comes from SnoopGod’s repository. Except for Metasploit which comes with its repository pre-installed.

  • Rationale
    • The fact that SnoopGod pulls all the system fundamental packages from Ubuntu is a great strategy because it allows the distro maintainers to focus on the specialized tools.
    • Security patches are directly pushed downstream by a much bigger team of specialists (Canonical).
    • Arguably Kali and Parrot should not be used as daily driver OS but a dedicated instance or in a VM or container. SnoopGod on the other hand, is a set of tools on top of an enterprise-level desktop system designed to be one’s daily driver.

PACKAGES ON TOP OF UBUNTU

Cracking

  • crowbar
  • gpp-decrypt
  • rainbowcrack
  • rsmangler

Exploitation

  • beef
  • burpsuite
  • cge
  • exe2hex
  • exploitdb
  • gophish
  • jexboss *
    • A tool for testing and exploiting vulnerabilities in JBoss Application Server and other Java Platforms.
  • libenom *
    • Makes easier and faster the creation of payloads with MSFvenom.
  • metasploit
  • routersploit
  • sharp meter *
  • shellnoob

Forensics

  • ddrescue
  • dumpzilla
  • pdf-parser
  • pdfid

Hardening

  • dex2jar

Information Gathering

  • enum4linux
  • gnmap *
  • lbd
  • linenum *
    • A script for local Linux enumeration and potential privilege escalation.
  • maltego
  • phoneinfoga *
    • An advanced tools to scan international phone numbers.
  • smtp-user-enum
  • subfinder
  • sublist3r
  • trufflehog

Networking

  • cymothoa
  • netexec
  • nishang
  • powersploit
  • pwnat
  • reverser *
    • Helps to create a reverse shell using the method of your choice.

Reverse Engineering

  • ghidra
  • jad
  • javasnoop

Scripts and Utilities

  • dracnmap *
    • This tool performs fast scanning by utilizing the script engine of Nmap.
  • ngrok
  • portmapper *
    • manages the port mappings (port forwarding) of a router if UPnP is enabled.
  • ridenum
  • subbrute *
    • Sub-directories brute-force discovery tool.
  • torbridge *
    • Tunnels all traffic through the Tor Network.
  • webtrace *

Sniffing & Spoofing

  • mitmdump
  • mitmproxy
  • mitmweb
  • sniffjoke
  • webscarab
  • zaproxy

Stress Testing

  • goldeneye
  • iaxflood
  • rtpflood
  • thc-ssl-dos
  • udpflood *
    • Doers what is says on the tin.

Vulnerability Analysis

  • bed
  • jsql-injection
  • nuclei
  • sfuzz
  • sidguesser
  • tnscmd10g
  • unix-privesc
  • xsser

Web Applications

  • cmsmap *
    • A CMS scanner that automates the process of detecting security flaws.
  • dirbuster
  • hurl
  • wpscan

Wireless

  • blueranger
  • fluxion *
    • A security auditing and social-engineering research tool.
  • wifi-honey
  • wps-breaker *
    • Help you to extract the wps pin of many vulnerable routers and get the password.

Note: the tools marked with * are not present in Kali.

REFLECTIONS

This distribution was not meant to replace any of the traditional red teaming-focused distributions but it adds up to the arsenal of builds to the cyber security community.

I went through the painful process of comparing the list of tools of SnoopGod and Kali and it has 16 packet packets that I could not find in Kali.

My recommendation for the maintainers of this distribution is to increase transparency regarding their identity and the goals of the project. This will help build public trust. While there is nothing inherently wrong with the project, cybersecurity professionals need a high level of trust before they feel comfortable running it on their systems

BONUS

How to install the SnoopGod’s repository to empower Ubuntu 24.04 LTS.

sudo nano /etc/apt/sources.list.d/snoopgod.list

Add the following line.

deb [signed-by=/etc/apt/keyrings/snoopgod-pubkey.asc arch=amd64] https://packages.snoopgod.com noble main

Create the public key file.

sudo nano /etc/apt/keyrings/snoopgod-pubkey.asc

Add the following content. It is the public key used to check the signature of the content of SnoopGod’s repository.

-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZnIsOxYJKwYBBAHaRw8BAQdAXf/+0qTAXhtceN+++R+kugh69Jw5fWtov04g
aLvzKrS0OVNub29wR29kIExpbnV4ICh3d3cuc25vb3Bnb2QuY29tKSA8cGFja2Fn
ZXNAc25vb3Bnb2QuY29tPoiTBBMWCgA7FiEEoSm+geJsv9eMZA5h/4oakU2SPqIF
AmZyLDsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ/4oakU2SPqKM
+gD/aNCFF5rRWPA1EUj4AhLUMaehoPOzw1PN0U2tXpgZhbEA/2oCDiCMqRYX4zgv
dSI7QJgO45hZF7TYwZD3dYASCDULuDgEZnIsOxIKKwYBBAGXVQEFAQEHQNCfttgj
eXkH3INdOFH9REhVNX0fJ8kpXs2QbChcchxMAwEIB4h4BBgWCgAgFiEEoSm+geJs
v9eMZA5h/4oakU2SPqIFAmZyLDsCGwwACgkQ/4oakU2SPqK19AD/dIWpWpD0VV5k
7rTSGf8t7tGDvWuTtI3TS5j3hI8jtlQBALRxrgRIezH8rPyGLeIeWZYnLQQu32jk
V6rvhAR+CxoP
=+hep
-----END PGP PUBLIC KEY BLOCK-----

Pull the list of packages from the newly added repository.

sudo apt update

To install one of those exclusive tools:

sudo apt install <PACKAGE_NAME>