When it comes to penetration testing operating systems, Kali Linux is pretty standard tool in the toolbox. But something we have never seen before is a Windows-based penetration testing operating system. There isn’t anything that’s ‘ready-to-go’ and if you were to choose a Windows platform to perform your penetration testing you’d have to spend a couple of hours setting it up.
A windows-based operating system for hackers has never been widely known and the main reason for this is because windows is not open-source and manually installing pentesting tools on Windows can become a problem and be more hassle than it’s worth sometimes. That’s where CommandoVM comes in, developed by FireEye and based on their popular FALRE VM that focused on reverse engineering and malware analysis. CommandoVM comes with automated scripts that will help to build the pentesting environment on your installation of Windows, however a virtual environment is strongly recommended.
There are more than 140 tools that will be installed on your Windows box, including Nmap, Wireshark, Python, Burp-Suite, Hashcat and more. CommandoVM is designed to be installed on Windows 7 SP1 or Windows 10 with Windows 10 being the optimum choice as it allows more features to be installed. (However privacy concerns around Windows 10). It requires a virtual machine with at least 60GB in space and 2GB of memory (although it is best if you configure the virtual machine with a better spec).
Installation is easy enough with a powershell script that makes deployment of the packages much easier than if you were to try and install over 140 tools manually. CommandVM uses Boxstarter, Chocolatey and MyGet packages to install the packages and from what I can tell the installations are silent and unattended.
CommandVM is free to download from Github and using a hypervisor such as HyperV or VirtualBox means you can get setup and test out the tools in no time at all. You can get a 180-day trial of Windows 10 using the Media Creation Tool directly from Microsoft and simply install the operating system, update it and then run the CommandoVM Script. The installation can take a while to complete depending on factors such as Internet Speed or the overall speed of the hardware the virtual machine is running on. FireEye also say that the tools can easily be kept up-to-date running a single command.