raWPacket HeX – Network Security Monitoring & Analysis LiveCD

HeX is a project aimed at the NSM (Network Security Monitoring) community for use by network security analysts. The developers believe that simplicity and analysis work flow logic must be enhanced and emphasized through-out the process of designing this liveCD. Not only have they carefully chosen all the necessary applications and tools to be included to the liveCD, they have also tested them to make sure everything running as smooth as possible. In order to summarize the objective of HeX, they are trying to develop the first and foremost Network Security Monitoring & Network Based Forensics liveCD!

HeX Main Features

HeX Main Menu – Cleaner look and more user interface oriented and maximum 4 levels depth HeX Main Menu allows quick access to all the installed applications in HeX.

Terminal – This is exactly what you need, the ultimate analyzt console!

Instant access to all the Network Security Monitoring(NSM) and Network Based Forensics(NBF) Toolkits via Fluxbox Menu. We have also categorized them nicely so that you know what to use conditionally or based on scenario.

Instant access to the Network Visualization Toolkit, you can watch the network traffics in graphical presentation and that assist you in identifying large scale network attacks easily.

Instant access to Pcap Editing Tools which you can use to modify or anonymize the pcap data, it’s great especially when you want to share your pcap data.

Network and Pentest Toolkits contain a lot of tools to perform network or application based attacks, you can generate malicious packets using them and study malicious packets using those analysis tools listed in NSM-Toolkit and NBF-Toolkit as well.

While we think HeliX liveCD is better choice in digital forensics arsenal, Forensics-Toolkit can be considered as the add-on for people who are interested in doing digital forensics.

Under Applications, there are Desktop, Sysutils and Misc, all of them are pretty self-explained and contain user based applications such as Firefox, Liferea, Xpdf and so forth. Additionally, Misc contains some useful scripts, for example you can just start ssh service by clicking on SSHD-Start.

You can download HeX 1.0.3 here:


Or read more here.

Posted in: Forensics, Hacking Tools, Networking Hacking Tools

, , , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

20 Responses to raWPacket HeX – Network Security Monitoring & Analysis LiveCD

  1. eM3rC August 14, 2008 at 3:10 am #

    Amazing find!

    Thanks Darknet!

  2. Morgan Storey August 14, 2008 at 5:14 am #

    is Network Visualization Toolkit an oss project, I can’t find much info on it. It sounds good, how does it work an NMAP scan or something else?

  3. Brill August 14, 2008 at 10:52 am #

    For anyone interested in this topic I deeply recomend read anything that comes from Richard Bejtlich, he is one of the best experts on NSM with classes at Black Hat, etc. and one of the few books (if not the only one) focused on Network Security Monitoring (The Tao of Network Security Monitoring: Beyond Intrusion Detection).
    It would be quite useful to know his opinion about this project. I might try to ask him through his blog ;-)…. wish me luck!! :)

  4. lyz August 14, 2008 at 11:00 am #

    Lol. Goodluck on that Brill.

    Speaking of hacking, our webservers became a victim of hacking again. All joomla and mambo based sites we’re hacked by a certain DNS-remoter. He/she exploited the com_sef module. Am at a total lost..

  5. Brill August 14, 2008 at 1:18 pm #

    Whoa!! I’ve just checked the Hex web page and the first think you can read is that this project was inspired by Richard’s book that I mentioned in my previous post…. I promise that it was not on purpose!!! :)

  6. Pantagruel August 14, 2008 at 2:07 pm #

    Indeed good luck.

    To my humble opinion “the tao of network security monitoring” is a must read for computer/network security minded people.

    Sorry to hear lyz, a ruined web presence and loads of work to do after an update to 1.5.6

  7. zupakomputer August 14, 2008 at 3:49 pm #

    What you don’t want, with any security monitoring equipment or set-up, is to have the monitoring equipment get hacked or in some way compromised – to be on the ultra-safe side from outside attacks then you’d need router traffic monitoring (and configured alerts) – as in addition to the router itself and its configuration. I think this more and more, as I leaf through catalogues and see expensive firewall readymades on sale, and IDS units and the like. Easy pickings for organised folks – just learn the standards in use, and – well let’s hope it doesn’t get worser in this direction – because some folks are only trained in the use of whatever package or equipment, and not the operation of the network holisitcly.
    Anything with Tao in it must be holistic – I’ll need to look that book up. Sounds good.

  8. Morgan Storey August 15, 2008 at 12:39 am #

    Well another one to add to my Security cd wallet.

    @Brill and Pantagruel: I am subscribed to http://taosecurity.blogspot.com as well, damn good read sometimes.

    @Zupakomputer: I agree too many companies just buy the product for security rather than doing the research or work to make them secure.

  9. lyz August 15, 2008 at 10:46 am #

    “because some folks are only trained in the use of whatever package or equipment, and not the operation of the network holisitcly.”

    Some people wanted to learn about this and that but just lack trainings etc. Possible reasons could be lack of resources too.

  10. William August 15, 2008 at 10:48 am #

    If you are feeling a bit adventurous you could check out the 2.0RC1 and help out a great project.


  11. Morgan Storey August 15, 2008 at 11:03 am #

    I know I am going off topic a little.

    @lyz: sorry but I don’t buy that, you go out and do certification. You read blog posts, you read news articles, you play with stuff on your home lab and you become the holistic network/security/programming guru you should be.
    I know network guys that have a couple racks of switches and routers at home. I know a web developer that has 4+ web servers at home and knocks up a website for fun. I myself spend most of my free time reading security articles, and listening to security podcasts. I play in my walled off lab at home hacking and pwning my own boxes and then locking them down and trying again, I find it fun, some may call it lame. Hex will get a try out this weekend.

  12. lyz August 15, 2008 at 11:12 am #

    @Morgan Storey

    Goodluck on Hex. Well its up to the guy. Old saying goes, “if there’s a will, there’s a way”

  13. lyz August 15, 2008 at 4:44 pm #


    thanks pal for the insights and advice. I actually read your comment 5x and all I can say is thank you. I’ve been battling with this issue for months now because I really don’t know what would be the best approach to those kinds of things.

    I got to do a lot more readings.

  14. Navin August 15, 2008 at 6:17 pm #

    @ Morgan…. on your second comment for this post…totally agree wid U mate…there’ve been so many times…..the fact is tht the term geek/nerd has looong been assoc with some scrawny looking guys with thick lens spectacles, a shirt with a neatly made bow pulled into his pants, playing dungeons and dragons 9the board game and who goes about muttering “sigma raised to the power of psi and then multiplied by omega times pi is the magic ratio tht we seek”!!

    But the fact is tht such people don’t really exist….I myself am a proud Nerd( as I mentioned here http://lifeofnavin.blogspot.com/2008/06/how-nerdy-art-thou.html)…But tht doesnt mean I like to lock myself ina room with my PC all day loong..I do have social friends (or normies as some uber-geeks would call em)…and I do like to watch a good movie/read a good book now N then…the problem is tht we don’t encourage real talent into the right spots…Somputer experts work 9-5 jobs as bank managers while entrepreneurs are stuck in fields tht they don’t really know abt…..when someone pwns a site, its generally just for the satisfaction of knowing tht u still know the trade…but when Ure site gets pwned, u cant really trust the securtiy guy coz he’s just gotten a degree…who’se to decide if he really knows the practicals of hacking??

  15. Morgan Storey August 16, 2008 at 7:35 am #

    @zupakomputer: I don’t listen to them, I like the fact that I am a bit of a geek.

    @Navin: as above, I even play up to being a geek, geeky t-shirts, I get made fun of at work with my “there is no place like” and others. I don’t have glasses and I am not scrawny, or overweight… I do play board games and role playing though, as my site attests to.
    I agree with everything else though, I am highly suspect of any “IT” person who doesn’t play with computers, or code at home. It is like a thin chef. How do they really know what they are talking about, how do they have the passion to go that extra mile.
    Hex downloaded and burning as we speak to I’ll have to be off the thrill of the exploit is calling my name.

  16. geek00l August 16, 2008 at 8:33 am #

    hi guys,

    Have fun with HeX, anything you guys can just poke us at Freenode #rawpacket, we don’t mind for a “Hi”

    Cheers ;]

  17. lyz August 16, 2008 at 9:04 am #

    sure thing geekool!

  18. a13x November 6, 2008 at 2:53 pm #

    sure, geek00l

    i will say HI to you everyday :P

  19. Hrc December 17, 2008 at 6:34 pm #

    I need something to put on small laptop with two LAN ports and that I can:

    – put it between router and LAN
    – check what websites and other network resources client’s employees are accessing (all together)
    – check per IP or by other autentification method what is/was doing (network traffic)

    * it should be able to check in few different periods, like today, this week, this month.

    All with nice graphs, data, etc.

    Look at http://www.kerio.eu/kwf_star.html

    Something like that. Any ideas?

  20. Darknet December 18, 2008 at 11:46 am #

    Try IPCop – http://www.ipcop.org/