SecBSD is an UNIX-like operating system focused on computer security based on OpenBSD. Designed for security testing, hacking and vulnerability assessment, it uses full disk encryption and ProtonVPN + OpenVPN by default.
A security BSD enviroment for security researchers, penetration testers, bug hunters and cybersecurity experts. Developed by Dark Intelligence Team for private use and will be public release coming soon.
Some tools working by default in SecBSD 1.3:
OpenVPN + ProtonVPN.
Nmap by Fyodor.
Metasploit by Rapid7.
Burp Suite Community Edition by PortSwigger Web Security.
Social Engineer Toolkit by Dave Kennedy (ReL1K).
Gobuster by OJ Reeves.
Aquatone & Gitrob by Michael Henriksen.
R3con1z3r by Raji Abdulgafar.
OWASP Zed Attack Proxy by The OWASP ZAP core project.
Radare2 by pancake aka trufae.
WAFW00F by Sandro Gauci && Wendel G. Henrique.
Arjun & Photon by Somdev Sangwan.
Red Hawk by R3D#@0R_2H1N A.K.A Tuhinshubhra.
Exploit pattern by Sven Steinbauer.
Hydra by Van Hauser.
Sublist3r by Ahmed Aboul-Ela.
Wireshark by Gerald Combs.
X Attacker by Mohamed Riahi.
DataSploit by Shubham Mittal, Sudhanshu Chauhan & Kunal Aggarwal.
Cloudflare Enumeration Tool by Matthew Bryant.
Tko-Subs by Anshuman Bhartiya.
Parameth by Ciaran McNally.
Routersploit by Threat9.
Tplmap by Emilio Pinna.
Commmix by Anastasios Stasinopoulos.
Auto Sub Takeover by Jordy Zomer.
Sqlmap by Sqlmap Project.
Hostile Sub Bruteforcer by Ben Sadeghipour.
Aircrack-ng by Thomas d’Otreppe.
Nikto by Chris Sullo.
Can I take over XYZ by EdOverflow.
SSH Punk 1337 by Giuseppe Corti.
SpiderFoot by Steve Micallef.
Knockpy by Gianni Amato.
Exploit Framework by Wang Yihang.
Autosploit by NullArray.
Dirsearch.by Mauro Soria.
ShellPop & ShellKiller by Andre Marques.
This status report covers both September and October 2024 and talks about changes in source tree, ports and more.
The first BETA build for the FreeBSD 14.2 release cycle is now available. ISO images for the amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, aarch64, and riscv64 architectures are FreeBSD mirror sites.
Run Linux Containers on FreeBSD 14 with Podman, Open Source FreeBSD NAS: Maintenance Best Practices, Self-hosting Bitwarden / VaultWarden on FreeBSD, I most definitely should (self-host)!, My 71 TiB ZFS NAS After 10 Years and Zero Drive Failures, Make Your Own CDN With OpenBSD Base and Just 2 Packages, and more.
Errata patches for Apple system management controller have been released for OpenBSD 7.6 and 7.5. Binary updates for the arm64 platform are available via the syspatch utility.
The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option.
The command ctlpersistentreserveout allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. A malicious guest could cause a Denial of Service (DoS) on the host. IV. Workaround No workaround is available. Systems not using virtioscsi(4) or ctld(8) are not affected.
Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvmeopcgetlogpage is vulnerable to a buffer over- read from a guest-controlled value. (CVE-2024-51562) The virtiovqrecordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. (CVE-2024-51563) A guest can trigger an infinite loop in the hda audio driver. (CVE-2024-51564) The hda driver is vulnerable to a buffer over-read from a guest-controlled value. (CVE-2024-51565) The NVMe driver queue processing is vulernable to guest-induced infinite loops. (CVE-2024-51565).
As a user logs in, if the per user XDGRUNTIMEDIR directory already exists, a file descriptor to that directory is leaked in the calling process. This leaked directory file descriptor is inherited by all descendant processes that do not explicitly close it. In particular, it prevents an administrator from using jexec(8) or launching a new jail via jail(8), as both commands use the jailattach(2) system call which fails with EPERM if the calling process has an open directory in its file descriptor table, as a security measure to prevent jail escape. This file descriptor leak is normally harmless from a security standpoint as the XDGRUNTIME_DIR directory's content is usually readable and modifiable only by its owner and its group.
Errata patches for X11 server have been released for OpenBSD 7.6 and 7.5. Errata patch for OpenSSH has been released for OpenBSD 7.6. Binary updates for the amd64, arm64 and i386 platform are available via the syspatch utility. OpenSSH update only affects big-endian architectures, syspatch is not provided for such platforms.
Do you want to run some software that does not have FreeBSD package? With the help of SCRCPY you can control any Android device from a desktop computer.