Shadowcircle, pwnage for (*) beings

About Shadowcircle

Since the beginning of the project in April 2009, shadowcircle aims to bring pentesters worldwide the best IT security auditing environement. Being a generalist pentesting live CD like its father backtrack, it embedds a great tools collection, going from informations gathering to effective penetration.Delivered with the most powerfull toolset, shadowcircle also privileges Free and Open source software over proprietary ones, because when it comes to security, implementation transparency is always the best soltution.

Shadowcircle also have its very own toolset ( All released under the GPL license ).

Key Features

- Full liveCD distribution
- Xfce 4.4 Desktop
- OpenVAS vulnerabilities scanner
- 3 major penetration frameworks*
- Extra packages integrations**

F.A.Q

Q: You said that shadowcircle is a fork of Back|track. Why would it be better for me ? Do you really think it was worth creating a fork for that ?

A: Shadowcircle is different than Back|track in multiple ways. Even if pentesting efficiency is the main goal for both distributions, we didn't choose the same way to achieve it and the philosophy is also different. First we choosed to go with a full Free and open Source environment because we consider that like open security standards, the tools used for auditing must remain totaly transparent and free. Currently some proprietary software remains in shadowcircle but the final goal is to remove and replace it by FOSS that is equivalent or even better. Secondly we wanted to focus on the ease of use. In our opinion the main lack of back|track resides in the tools interactions and embbedded documentation access (when it exists). We want to correct that and make shadowcircle more convenient and easier to learn. So finally yes, we think that all these things alltogether make shadowcircle worth being developped.

Q: Who decides of the tools integration and could these choices being influanced by the community ?

A: Currently the two core mainteners decide which tool or feature must be integrated in the distribution. Though as the shadowcircle users base will grow, we will of course listen to their suggestions and act accordingly.

Q: Will shadowcircle emancipate itself from back|track someday ?

A: This is planned for the second iteration of shadowcircle. we want to start back from a generalist distribution ( probably debian ) and make our own tools integration.

Q: Do you guys work in IT security ?

A: The two mainteners both are system and networks engineers and one of them is currently working as a security consultant for the french administration,. The other one is a security enthousiast ;-)

Q: Do you plan to develop alternate products / branches of shadowcircle ?

A: This is not sure yet though there are active disutions about it. 2 paths are currently being explored: the developpement of a specific branch for mobile devices (that would naturally extend the arch to mips/arm... ) and the developpement of a security appliance distribution (a free qualys-like if you prefer).

Q: What if there is no FOSS equivalent to a proprietary tool currently integrated in the distro ?

A: Then we'll start a side project to create one. This is what is currently done with the Maltego data-miner. We want to remove it from the packages list and since there is not any credible FOSS equivalent yet, we started project zer0farm. It will basically have the same features but it will remain completely free and more powerfull (C/GTK+ vs Java bytecode). Dirbuster will be rewritten too so we'll be finally able to completely remove the JRE from the packages list.

* metasploit, fasttrack and Inguma
** valgrind,irssi,bfmon,iptraf...