SSR V1.1.

10
PENETRATION TESTING AND
SECURITY AUDITING DISTRO.

Reshma Shaik (12311A1263)

Shabana Fatima (12311A1282)
Shahul Ahmed (12311A1283)

HISTORY OF SSR 1.1.10

The evolution of SSR spans many Months of development,

penetration tests, and unprecedented help from the security
community. SSR originally started with earlier versions of live
Linux distributions called Whoppix, IWHAX, and Auditor.
When SSR was developed, it was designed to be an all in one
Software used on security audits and was specifically crafted
to not leave any remnants of itself on the laptop.

It has since expanded to being the most widely adopted

penetration testing framework in existence and is used by the
security community all over the world.

ABOUT SSR 1.1.10

A Linux distribution is an operating system made from a software

collection, which is based upon the Linux kernel and, often, a
package management system.

Linux users usually obtain their operating system by downloading

one of the Linux distributions, which are available for a wide variety
of systems ranging from embedded devices and personal computers
to powerful supercomputers.

A typical Linux distribution comprises a Linux kernel, GNU tools

and libraries, additional software, documentation, a window system,
a window manager, and a desktop environment.

Most of the included software is free and open-source software made

available both as compiled binaries and in source code form, allowing
modifications to the original software.

A Linux distribution may also be described as a particular

assortment of application and utility software (various GNU
tools and libraries, for example), packaged together with the
Linux kernel in such a way that its capabilities meet the needs
of many users.

The software is usually adapted to the distribution and then

packaged into software packages by the distribution's
maintainers.

The software packages are available online in so-called

repositories, which are storage locations usually distributed
around the world.

UNIX was not designed to stop its users

from doing stupid things, as that would also
stop them from doing clever things.
Anonymous

FEATURES OF SSR 1.1.10

Identify Live Hosts

Information Gathering
Analysis

Web Crawlers

Database Analysis

Bluetooth Analysis

Vulnerability Assessment

Exploitation Tools

Wireless Exploitation Tools

A Bunch of Password Tools

MULTI PLATFORM

OTA - SUPPORT

Premium linux distro

FEATURES OF SSR 1.1.10

Programming languages

Development Tools

C# .Net

Visual Studio 2015

VB .Net

XAMARIN mono

ADO .Net

SQL Server

ASP .Net

MS ACCESS

PYTHON

MYSQL

RUBY

Visual Ruby

SHELL Script

BATCH Script

Quickly

SQL

IronPython | PyQt

HTML5

PHP

CSS

Photoshop CS6

JAVASCRIPT

Skincrafter 3 [light]

Metro style

GTK2 rubygem

Design Tools

CURRENT.
PROJECT..
STATUS.
Still in development phase,

WATERFALL MODEL - CURRENTLY BETWEEN PHASE 3-4

PROJECT PHASES FOR SOFTWARE DEVELOPMENT USING THE WATERFALL MODEL

ANALYSIS:

We analysed the requirements, and fully understood the

problems. This is a research phase that includes no building.
We attempted to ask all the questions and secure all the
answers we need to build the product requirement.

DESIGN:

We designed a technical solution to the problems set out by

the product requirements, including scenarios, layouts and
data models. This phase is usually accompanied by
documentation for each requirement, which enables other
developers to review it for validation.

PROJECT PHASES FOR SOFTWARE DEVELOPMENT USING THE WATERFALL MODEL

IMPLEMENTATION:

With inputs from system design, the system is first developed

in small programs called units, which are integrated in the
next phase. Each unit is developed and tested for its
functionality which is referred to as Unit Testing.

Presently Integration and Testing phase is going on,..

WINDOWS PLATFORM

LINUX PLATFORM

Installer is completed 100%

Application GUI Completed 70%
Integration of tool completed 20%
Resource allocation completed 20%
Application Host Server Completed 45%
Application OTA Support completed - 55%

Official Website for the Software

Webpage Hosted Web-design and Content entered Webserver & App Resource connection -

100%
60%
55%

Front End 30%

Back End 60%
Tools collaboration - 65%
OTA Support 65%

MAC OSX PLATFORM

Front EndBack End Tools Integration OTA Support -

In detail status about all the modules working on,

20%
35%
38%
42%

Flowchart
Bug Patched

rr

or
r

ep
or
te

Cloud Server

se

rs

rel
ea

ve

er

tr

ia
l

lv
ria

Up
da
te

pd
at

re

fo
rt

io
n

si
on

Bu
g

/E

Ne

ew

Software - Error

Software

Application

buy
lice
nse

full version
Software updating

Payment Gateway

Internal Application process flow

Working of OTA

SCREEN-SHOTS

ADVANTAGES OF SSR 1.1.10

Easy to install
Fairly easy to use,
Good G.U.I (Graphical User Interface)
Comes with lots of preinstalled tools
Operates on mul?ple pla@orms: OSs/CPUs
Does Not need high hardware congura?on
Receiving immediate updates for latest vulnerabili?es is obviously good.
Runs on Linux, Windows, Mac OS X and other smaller opera?ng systems
GUI op?ons:
- Console
- GTK
This tool allows the user to script and run specic vulnerability checks.
These checks provide a lot of control where most products do not.

DISADVANTAGES OF SSR 1.1.10

Can be used for destruc?on purposes

Can cause loss of money , resources and privacy
Scan ?me- can range from a few seconds to several hours
Can scan over a range of IP addresses and u?lise stealthy scanning
Firewall problems and network seUng issues
There is a learning curve for people who are new to SSR 1.1.10.
Applica?on is less vulnerable to computer malware!.

ETHICAL ISSUES

Can be used for hacking- to discover vulnerable ports

System admins can use it to check that systems meet security standards
Unauthorised use of SSR 1.1.10 on a system could be illegal. Make sure you have
permission before using this tool
DO respect the privacy of other users on the Internet, just as you expect your privacy
to be respected. How would you feel if someone read your private e-mail or your
grades?
DO keep your passwords private. Giving away your password is like giving away the
key to your house

Reference:
h^p://www.dbr.shtr.org/v_3n1/dbrv3n1c.pdf
h^ps://www.kali.org/blog/

h^ps://github.com/explore

If I had 6h to chop down a tree,

Id spend the first four of them
sharpening my axe.
- Patrick Engebretson