After around 8 months of development, HeX 2.0, codename “Bonobo

HeX is a liveCD developed by the rawpacket team that is based on FreeBSD 7.0 and designed to be used for network security monitoring.

There are a lot of new features and a lot of bugfixes that went into this release, but before we get into that, you can grab the iso here:

• mirror 1 (Georgia Tech, USA) [iso] [md5] [sha]
• mirror 2 (Rawpacket, USA) [iso] [md5] [sha] (md5 and sha are broken links right now, use the links from a different mirror until the files propagate)
• mirror 3 (Rawpacket, Malaysia) [iso] [md5] [sha]

Some of the new features include:

• Moved from FreeBSD 6.2 to 7.0 using the newer ULE scheduler instead of the 4BSD scheduler.
• Integration with UnionFS.
• Addition of many new tools like:
  • silktools
  • argus v3
  • dhcpdump
  • rtpbreak
  • pktstat
  • isic
  • tftpgrab
  • flowtag
  • yahsnarf
  • lots more!
• Inclusion of zsh in addition to bash.
• Lots of base package upgrades.
• Additional signatures for fl0p, pads and tcpXtract.
• Additional scripts for packet statistics and analysis.
• NSM-Console updated to 0.8-dev.
• Addition of Firefox plugins and bookmarks for network security.
• New fluxbox themes and desktop wallpapers

Check out the HeX Trac page for the full list of what’s changed in this release. You can also check out some screenshots of the new release on Geek00l’s blog post. In addition to this release, we’ve begun working on the HeX Sensor project, for a drop-in NSM sensor, hopefully we’ll have a release of that soon!

Thanks to the development team for all the work that went into this awesome release! Feel free to leave a comment about any new features you’d like to see, or join us on the mailing list or irc (#rawpacket on Freenode) to hang out and talk about ideas for the next release. Enjoy!

You can grab the iso here. [md5] [sha256]
Or, grab the iso from the mirror. [md5] [sha256]

Since Geek00l already covered a list of the most important changes in his blog post, I’ll just echo the changes in NSM-Console, which is the software that I develop. The version of NSM-Console in Hex 1.0.3 is 0.6-DEVEL, which can be obtained either by checking out the code from subversion (svn co http://svn.security.org.my/trunk/rawpacket-root/usr/home/analyzt/rp-NSM/nsm-console nsm-console), or waiting until I release 0.6

New Features:
– ‘dump‘ command added, you can now dump packet payloads into a binary file for later analysis
– Significant speedups in the harimau module and ‘checkip‘ command if wget is installed
– tcpxtract configuration file changed to extract more types of files
– Added foremost module
– Added clamscan module (Thanks JohnQPublic)
– Argus and tcptrace have reverse dns turned off by default now, it was causing the module to hang for extremely large pcap files. Can be switched on by changed the module options
– rot13 encoding and decoding added
Bugfixes:
– alias command
– urlescape (en|de)coding
– file existence check
– many other things
All the other enhancements, bugfixes and additions.

Since Hex 1.0.2 had NSM-Console version 0.2 in it, if you haven’t downloaded the console or checked it out from subversion since the last hex release, here’s what else has been added since then:

• Release notes for NSM-Console version 0.5

• Release notes for NSM-Console version 0.4

• Release notes for NSM-Console version 0.3

Or you can view the TODO and CHANGELOG for NSM-Console directly. If you want to check out more information about either of the projects, check out the Trac pages for Hex and NSM-Console:

Now, onward to FreeBSD 7.0!

“HeX LiveCD is a Network Security Monitoring (NSM) centric Live CD, built based on the principles of NSM, for analsyst, by analyst. Besides containing most of the popular Open Source NSM tools, the HeX Live CD also contains tools to perform network forensics. This Live CD was built based on the 6.2 Release of FreeBSD, and provides Fluxbox as the default desktop environment. It also includes an installer for installing HeX to hard disk.”

I’m already working on extending the NBF (Network-Based Forensics) offline script to include support for my aimsnarf script. I’m excited about being able to help, hopefully I’ll be able to be useful to the project as well as learning some of the tools I haven’t used before myself

Geek00l will be leading the project with enhanced, chfl4gs and others all providing dev support. I was even going to wait until he announced it before writing this post, but he just keeps saying he’ll do it tomorrow

If you’re interested in the project or any of it’s details, feel free to join us on #rawpacket on Freenode for chatting! (I go by the nick dakrone on IRC)