Strengths: Excellent collection of tools; easy to update.
Weaknesses: Documentation is lacking; project is in flux pending a merger.
Verdict: Put it in your testing tools collection immediately - it's worth it.
Live CDs are popular with hackers, and so also popular with penetration testers and corporate security personnel, who can keep their most crucial tools handy without carting laptops around the office. At under 700MB, the image fits neatly on a single CD or decent sized USB flash drive.
Whax used to be called Whoppix, and was based on Knoppix, the popular live CD Linux system which is used for many other tools, including forensic toolkits. But Slax (the live CD version of Slackware) was chosen for the current version because it adds some important features.
Most significant of these is a package management tool which allows for each modification of the CD image. Packages can be upgraded, added or removed and a new ISO image created, which can then be burned onto CD or installed on a USB flash disk. This is a major bonus, because in this market, some tools experience rapid development and do need to be kept up to date. Pentest tools like nessus, and exploit testers like the Metasploit Framework are particularly worth updating.
Whax boots into a graphical KDE environment, but until recently, the system used the lightweight XFCE, which some might prefer because it is definitely faster than KDE. On test systems, KDE performed just fine, but the added startup time was noticeable.
At first glance, the desktop looks like any other KDE Linux system, with all the usual
web-browsing, email and general administration tools in place.
An additional “WHAX Tools” menu contains links to a plethora of security-related packages, although most of these are just as easily accessed through the command line. We suspect that most professionals using Whax will be comfortable with using a terminal, so the menu integration is a nice touch, although probably unnecessary. A web interface listing all the installed tools would be of more use, because many of the tools are not obvious unless you know where to look.
In addition to all the usual port scanning, service auditing and brute-force cracking tools, Whax boasts a full suite of wireless security tools, covering 802.11x and Bluetooth.
The WLAN tools are comprehensive, ranging from discovery and enumeration of wireless hosts through WEP decryption and others. Using a Linux system, you might have difficulties with incompatible wireless hardware – very few wireless vendors provide driver support for Linux systems.
The ndiswrapper tool can use Windows drivers to drive the hardware under Linux, but results are not always guaranteed. Our test Dell system with a Linksys adapter worked just fine, and we were able to crack a test WEP-encrypted network in a matter of minutes.
All the tools for man-in-the-middle attacks are there, too. Whax is worth using even if the wireless penetration testing tools are all you want.
Bluetooth tools are much less extensive, but cover the gamut of identifying devices and conducting bluesnarfing attacks against vulnerable ones.
Other tools include a full set of application tools like web scanners, which will explore target sites looking for known vulnerabilities, and network tools like SNMP enumerators, as well as specific tools targeting Cisco, Microsoft and other common products.
The collection is extremely thorough and, in many cases, there is a degree of overlap with multiple tools available to accomplish the same tasks. Multiple tools are provided to attack VNC sessions, for example, although they operate in the same way and one would probably be just fine. However, choice is an open source tenet which usually pays dividends for users, and Whax users are certainly spoiled for choice with this collection.
Documentation is unreliable, as is often the case with open source software (particularly collections of OSS products). The Whax homepage has also been revamped recently, and many of the pages describing modules are no longer available.
All the tools have documentation, but a centralised resource really should be kept up to date. As a result, users who are not experienced with some of the tools might have difficulty getting up to full speed. However, Whax and Auditor (another pen-test live CD) are set to merge this year under the name BackTrack, and this relative lack of information might be simply an early sign of preparation for this.
Live CDs are a fantastic tool for security professionals, and Whax is an excellent example. The suite of tools provided is superb and well integrated, and the facility to update the system with new modules is a winner. Collections like this do not supplant commercial testing software, but are a strong supporting tool.