BlackWeb 1.2 BlackWeb is a penetration and security testing distribution based on Debian. The project's website presents the distribution's features as follows: BlackWeb is a Linux distribution aimed at advanced penetration testing and security auditing. BlackWeb contains several hundred tools which are geared towards various information security tasks, such as penetration testing, security research, computer forensics and reverse engineering. Starting from an appropriately configured LXDE desktop manager it offers stability and speed. BlackWeb has been designed with the aim of achieving the maximum performance and minimum consumption of resources. There are 32-bit (x86) and 64-bit (x86_64) builds of BlackWeb available on the distribution's website. I downloaded the 64-bit build which is 2.6GB in size. Booting from the media brings up a menu asking if we would like to try BlackWeb's live desktop, run the installer or run the graphical installer. Taking the live desktop options presents us with a graphical login screen where we can sign in with the username "root" and the password "blackweb".



Signing in presents us with the LXDE desktop which has an unusual layout and theme. There is a transparent panel at the top of the screen which makes it look as through the application menu button is floating at the top of the screen in the centre of the desktop. The system tray also appears to be free floating in the upper-right corner. A single icon on the desktop is present for opening the file manager. At the bottom of the display is a panel containing quick-launch buttons for a virtual terminal, Firefox and a few other applications.





BlackWeb 1.2 -- The live desktop and application menu

(full image size: 110kB, resolution: 1366x768 pixels)



After exploring the LXDE interface for a while, I decided to try installing BlackWeb. I could not find a launcher for the system installer in the live session and rebooted to start the installer from the boot menu. I soon found the graphical installer option did not work, choosing it would simply return me to the boot menu. The plain install option launches Debian's text installer. The Debian installer is not particularly attractive and there are a lot of steps to go through.



We are guided through selecting out region, keyboard layout, language and disk partitioning. These all worked pretty much as expected and with the same reliability one would expect from upstream Debian. One of the steps in the installer offers to download the latest version of packages from the network and I was asked to select a mirror. I tried three different mirrors and, in each case, the installer connected to the mirror and then produced an error indicating it could not find the files it needed. I then went back a step and chose to install packages from local media only. The installer still tried to download packages from on-line mirrors and failed again. I ended up starting over, sticking to local media and ignoring network errors as they came up.



Later in the install process, I was told the local copy of GRUB's configuration file did not match the version of the file being installed. I was asked which version I wanted to use and was given the chance to view the differences between the two copies. Opting to view the differences did not work and, instead, the installer just went ahead and installed one of the two versions without telling me which one was used.



Despite these problems, the installation eventually completed successfully and, upon restarting the computer, my new copy of BlackWeb loaded and showed me a graphical login screen. The first time I signed into my desktop I noticed three things. The first is we are greeted by a pop-up the first time we log in that asks if we want to save clipboard history. We are warned the clipboard may contain passwords or other information that is stored in plain text and therefore may be readable by others. Once we answer Yes or No, this pop-up does not appear again.



The second thing that was immediately apparent was the installed desktop session looked completely different from the live media desktop. LXDE is displayed with a more classic layout - one opaque panel placed at the bottom of the screen. There is no quick-launch dock and the only icon on the desktop opens the trash folder.



Finally, I found the desktop to be very responsive. Menus snap open as soon as they are clicked and most programs open almost immediately. This made for a pleasant, responsive environment.





BlackWeb 1.2 -- Error when running beef utility

(full image size: 120kB, resolution: 1366x768 pixels)



Applications



BlackWeb's application menu has a classic, tree-style layout. The menu places all of the distribution's penetration testing tools in one sub-menu while the rest of the menu mostly contains typical open source tools. Items like Firefox, a document viewer, the PCManFM file manager, and the Deluge torrent client are included. There are a few media players and note taking programs.



BlackWeb uses Wicd to connect with networks instead of Network Manager, but otherwise most of the utilities are pretty standard. The distribution runs systemd's init software and version 4.9 of the Linux kernel.





BlackWeb 1.2 -- Connecting to wireless networks

(full image size: 122kB, resolution: 1366x768 pixels)



The sub-menu containing security tools is further broken down into sub-categories. There is one batch of tools for cracking passwords, another for exploring and exploiting wireless networks, one for running exploits on compromised systems, and so on. There are also tools for listening to network traffic, examining binary files and exploring databases. Almost all of the launchers open a virtual terminal window and run their corresponding program in the terminal window. These tools almost universally need some parameters to do anything useful, so the effect is that the program fails to do anything and prints out a page of usage tips in the terminal window. Most of the time it would be more straight forward to simply run the desired tool from the command line, unless we are exploring these tools for the first time. I did appreciate having the menu categories though as it means we can quickly discover which security auditing tools are available.



One of the first things I wanted to do was try to recover or reset my root password. I had originally tried to use sudo to perform administrative tasks, but my user did not have sudo access. I then discovered I must have made a typo when creating my root password because I could not sign in to that account. This seemed like a good chance to guess (or brute force) my root password. Unfortunately, I soon discovered that while there was a menu entry (and a manual page) for the John The Ripper password cracker, the executable was not available. In a similar vein, several of the password guessing tools, such as Johnny, rely on John to do their work in the background. Without root access and without John installed, guessing the password was not going to work. I ended up rebooting and setting the password in recovery mode.





BlackWeb 1.2 -- The Johnny password guessing utility

(full image size: 125kB, resolution: 1366x768 pixels)



It was a good thing I was able to reset the root password as a number of the included tools require root access. The rootkit hunter, for instance, needs root permissions to function properly. Given how often I wanted to run tools as root, I was surprised the first user on the system was not granted sudo access and menu entries are not set to run sudo-like permission elevation when these tools are run from the application menu.



To be fair to the distribution, when we run BlackWeb from a live disc instead of installing it, we are always signed in as the root user and these permission issues do not exist.



Hardware



I ran into some hardware-related problems while exploring BlackWeb. The first was that writing the distribution's ISO file to a thumb drive resulted in media which would not boot. I had to modify the ISO with isohybrid before writing it to the USB drive, something most distributions do for us.



Later, I found BlackWeb would not integrate with VirtualBox and, with the default settings, could not make full use of my screen's resolution. We need to install VirtualBox guest modules to fix this. However, VirtualBox modules are not available in the default repositories and we need to find the necessary packages elsewhere. Otherwise, BlackWeb worked well when running in a virtual machine.



The distribution worked fairly well on my laptop. The system booted quickly and ran smoothly. However, there is no working volume control on the desktop and sound was muted. When I launched the PulseAudio mixer (from the application menu) the mixer was unable to connect with PulseAudio as the service appears to be disabled. This means we cannot play any audio files or hear audio in videos.



The distribution is light in memory and, when signed into LXDE, uses just 160MB of RAM. The number of tools on the disk though uses up quite a bit of space. A fresh install of BlackWeb consumes 8.1GB of space.



Other observations



During my exploration of this distribution I made a few other observations. When I first downloaded the distribution I was sceptical of the project's claim that there were several hundred forensic and penetration tools included on the disc. As it turns out, the claim is correct. I counted 304 of these types of tools in the application menu. Granted, some may not work, and a few are quite similar to others, but the majority are unique and there are about 300 to choose from.



A minor annoyance I ran into was the GRUB background is varied, with light and dark spots. This makes it difficult to see and change the text in the boot options. When I was trying to boot into recovery mode, I had to be careful not to make any typos since I wouldn't be able to see the text I was editing.



The project's website has documentation on some of the hacking utilities included on the ISO. However, many of the documentation links lead to pages which simply say "This topic does not exist yet." The documentation will hopefully be fleshed out over time.



The distribution's tools identify it as "BlackWeb 9.9 Stretch", a mixture of the project's name and its parent's version. The latest stable edition is based on Debian 9 Stretch while a new version of BlackWeb is being developed and looks to be based on Debian 10.



Package management on BlackWeb is handled by the APT command line tools. When using APT I ran into two problems. The first is that, even when we try to perform a network install of BlackWeb, the distribution leaves the optical media in the APT sources list. This short-circuits package management until the local media is removed from the /etc/apt/sources.list file. The other problem is there are custom repositories set up for the distribution. These repositories connect us to the hackpedia.org server. This repository cannot be reached and this blocks package management until the repository entries are removed. Once these extra repositories are deleted, a new entry for Debian needs to be added before package management works the same as it would on Debian 9. This problem also occurs on the live media, making it impossible to install or update tools until we manually fix the repositories APT uses.



Conclusions



While I was using BlackWeb, I often had mixed feelings about the distribution in its current state. There are some things this project has done very well. There is a forum, issue tracking, and the source code is all published and easy to find. I really like how the hacking tools are organized in LXDE's menu and there are a lot of tools available. Shipping with a lightweight desktop that uses so little memory makes for a pleasant experience and I like that the project is working toward providing on-line documentation for its utilities. Finally, I like that BlackWeb includes a wide range of penetration testing tools. It's not just password crackers or a fancy wrapper around Metasploit; there is a lot of variety in the tools and approaches a person can use.



On the other hand, I ran into a number of problems and hurdles that slowed me down while using the distribution. There were a few issues with the installer and the live session feels oddly configured - especially when we consider how different LXDE looks once installed. Most of the included tools do not have on-line documentation yet, though hopefully that will change over time. Since some tools need root access to run, I would have liked the first user to have sudo access and to have had those tools run with sudo so I did not need to re-run them manually. A few tools either didn't work for me or, in the case of John, were missing, and this could be polished. Package management was a poor area for BlackWeb as APT does not work out of the box and requires us to remove at least three repositories and manually add another before it will work. Lastly, audio did not work out of the box as it seems PulseAudio is not configured and there is no functioning volume control.





BlackWeb 1.2 -- Trying to adjust audio volume

(full image size: 99kB, resolution: 1366x768 pixels)



On the whole. BlackWeb feels like a good design that is off to a rough start. There are a lot of good resources being assembled, both on the disc and on the website. The distribution feels to me like a younger, lighter version of Kali Linux. Hopefully, over time, the default configuration will be polished and the documentation will expand to provide descriptions and examines of the included tools. * * * * * Hardware used in this review



My physical test equipment for this review was a de-branded HP laptop with the following specifications: Processor: Intel i3 2.5GHz CPU

Display: Intel integrated video

Storage: Western Digital 700GB hard drive

Memory: 6GB of RAM

Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast

Wireless network device: Realtek RTL8188EE Wireless network card