Athena OS - Dive into a new Pentesting Experience

Athena is a Arch Linux-based distro focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!

🏅Born for InfoSec Professionals, Bug Bounty Hunters, Passionate Students and Spicy Hackers🏅

Why Athena?

  • Pentesting: Athena can access to BlackArch repository, the biggest pentesting tool warehouse.
  • User-oriented: if Arch is born for experienced users, Athena is conceived for decreasing complexity and improving user experience.
  • Lightweight: Athena optimizes the disk space consumption by retrieving the tools you need only when you use them. Tools you never use won't be stored and the space is only used for what you really need.
  • Performance: Athena is based on Arch Linux so it is configured to load the bare minimum for its purpose. No useless services, no useless modules consuming your resources.
  • Flexibility: for its Arch nature, Athena is flexible and can easily evolve to the new needs of the users.

Wiki: https://github.com/Athena-OS/athena-iso/wiki

Latest Updates

Here I would like to inform you about new features already tested and implemented that have been published in the newest release, for keeping you always informed in a comfortable way.

Athena OS, code name "Parthenos" (ancient Greek: "Virgin"), will be released in the next days, and comes with several important fixes and new implementations!

Athena Parthenos will provide:

  • Hacking roles: added new roles for your hacking activity:
    • Black Hat Omniscient
    • OSINT Specialist
  • Integrated Hack The Box VIP contents for playing retired machines
  • HTB Tools now manage API keyshell prompt and target host according to the user preferences
  • Implemented Tool Recipe viewer for having at hands all the productivity commands you need to improve your work
  • Implemented OpenAI ChatGPT Desktop client, mainly intended for users that need to understand how a security tool works
  • Implemented browser choice between Firefox and Brave
  • Implemented Flameshot choice at installation time
  • Implemented browser quick access graphical interface to hacking web resources (i.e., Hack The Box, TryHackMe, PWNX, Offensive Security) an online tools (i.e., RevShell generator, GTFOBins, CyberChef, CrackStation)
  • Added more security bookmarks
  • Implemented Penetration Testing Kit on browser
  • Implemented PyWhat for identifying all you need
  • Implemented Note-Taking app choice (CherryTree, Notion App Enhanced, Obsidian) and Utility app choice at installation time
  • Implemented logic for automating the usage of NVIDIA driver in Xorg and Wayland for baremetal installation
  • Implemented border and borderless window theme choice
  • NetworkMananger integrates with OpenVPN
  • Implemented Orca for improving the accessibility
  • Implemented Neovim Nvchad
  • Implemented mirrorlist for BlackArch repository
  • Implemented Timeline Project application for displaying and navigating events on a timeline
  • Implemented vnstat as network control monitoring
  • Implemented SOF Firmware and ALSA utils

Remember, I left a small challenge for you inside the system! The tip is clear enough when you login...

Screenshots:


image

🎉 Introduction

Athena is designed from scratch, so already during the development phase useless modules and services have been excluded in order to improve performance and resource consumption. Furthermore, this design approach allowed to review in detailed manner each single package and component to include inside the distribution. It led the OS to build a user-friendly environment, despite based on Arch Linux.

The heritage of Arch Linux impacts positively Athena OS:

  • Better performance: pacman is faster than apt
  • Focused: Athena can be developed and maintained down to the smallest detail
  • Much more security tools: Athena can rely on BlackArch repository, that contains much more security tools than APT repositories
  • Freedom: during the installation, you can configure your Athena with any resource or service you need.
  • Documentation: Arch Linux is very well documented on Internet for any need

Athena's environment is based on GNOME Wayland that provide exciting features the user can enjoy!

Let's give a detailed look on Athena!

 System Requirements

Recommended system requirements for smooth usage in Athena are:

  • 30 GB of hard disk space, SSD preferred
  • At least 4GB of RAM
  • Processor with at least two cores

🎁 Installation

Download the latest Athena release .iso file from the related section. According to your need, you can choose to install Athena on your computer natively, or implement it on a Virtual Machine (e.g., VMware or VirtualBox).

Currently VirtualBox is affected by a bug is enabling 3D Acceleration, so keep it disabled. 3D Acceleration also makes intermittent freezes on the environment if enabled on VMware or VirtualBox if you use xorg. It is strongly suggested to keep it disabled.

When you mount the ISO to your pendrive or your Virtual Machine and boot up Athena, you will meet Athena Calamares Installer, that allows you to customise your future Athena OS as you wish.

📐 Configuration

Latest Release

After the installation and the first boot:

  • open Athena Welcome, clck on HTB Update and copy and paste your Hack The Box API key.

The Hack The Box API Key can be retrieved by your Hack The Box profile settings -> "Create App Token".

Remember to update Hack The Box machines by the HTB Update button periodically.


🔥 Resources

PenTOXIC Menu

PenTOXIC Menu is born for organizing in pretty manner all main security tools you need to start your hacking activity. It consists in two levels:

  • 1st level containing the several hacking categories as submenu, plus Firefox browser and Code OSS as editor
  • 2nd level consisting in the hacking tools deployed for each category

image

PenTOXIC changes its look according to the applied theme!

image

PWNage Menu

PWNage Menu allows you to access quickly to the main hacking platforms for learning purposes and to join the main Discord InfoSec Communities:

  • 1st shell deploys all quick links to the main hacking platforms
  • 2nd shell can be accessed by the Discurity icon on top where the user has the opportunity to join several Discord InfoSec servers or open Discord App.

image


Hack The Box Integration

Cannot you wait for opening browser and accessing to Hack The Box website? Athena gives you the possibility to play Hack The Box machines directly on your Operating System environment in a quick and comfortable manner. Athena offers:

  • Connect/Disconnect to/from Hack The Box VPN servers
  • Play any active free machine you wish
  • Play Starting Point machines
  • Play Retired machines
  • Reset the active machine
  • Stop any active machine
  • Submit a flag and write a review about your hacking experience!
  • ... and of course you can access to the Hack The Box website in one click

For playing Active HTB Machines, use PWNage Menu. For playing Retired Machines, just run htb-play and type the name of the machine you want to play.


Browser Hack Mode

Firefox ESR and Brave have been modified in order to integrate at the installation time the addons you need for your web application pentesting activity. The preinstalled addons are:

  • Cookie Quick Manager
  • FoxyProxy Standard
  • Hack-Tools
  • HacKontext
  • HTTPS Everywhere
  • Penetration Testing Kit
  • Privacy
  • uBlock Origin
  • Wappalyzer

Payload to Dock

Payload to Dock is based on Dash 2 Dock and keeps the access to the most famous payload repositories. It allows you to get the latest version of payloads and accessing their path directly by the shell. It shows:

  • Auto Wordlists
  • FuzzDB
  • PayloadAllTheThings
  • SecLists
  • Security Wordlist

The Dock contains also links to Mimikatz and Powersploit.


BlackArch Repository

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. Its repository contains 2800+ tools, classified for categories. You can install tools individually or in groups according to the categories they belong. BlackArch Repository is compatible with only Arch-based distributions as Athena OS.


NIST Feed

NIST Feed is a special tool able to inform you as soon as possible about a new published or updated CVE by a popup notification! The notification contains a description of the CVE. Are you curious about it and would like to access to details? Left-click on it and you will be redirected to the official NIST NVD page for further details. Do you want to quickly close the popup notification? Right-click on it!

You can decide which kind of CVE you wish to be informed about, for example CVEs with an high impact on the confidentiality and integrity, or CRITICAL CVEs.

Just execute:

nist-feed -h

for getting more details.

Be aware of new vulnerabilities by NIST Feed!

nist-feed


Shortcuts

Keybindings in Athena OS for speeding up your work.

athena_icon-128x128

KeybindDescription
CTRL+SPACEPenTOXIC menu
CTRL+SHIFT+SPACEPWNage menu
SuperMulti-desktop environment
Super+SuperSwitch between desktop and "Show Applications" menu
Super+LScreen Lock

Note that Super key corresponds to the button showing Windows icon in the usual keyboards.

bash-icon

Environment VariableValue
$PAYLOADS/usr/share/payloads
$AUTOWORDLISTS/usr/share/payloads/Auto_Wordlists
$FUZZDB/usr/share/payloads/FuzzDB
$PAYLOADSALLTHETHINGS/usr/share/payloads/PayloadsAllTheThings
$SECLISTS/usr/share/payloads/SecLists
$SECURITYWORDLIST/usr/share/payloads/Security-Wordlist
$MIMIKATZ/usr/share/windows/mimikatz
$POWERSPLOIT/usr/share/windows/powersploit
$ROCKYOU/usr/share/payloads/SecLists/Passwords/Leaked-Databases/rockyou.txt
$DIRBIG/usr/share/payloads/SecLists/Discovery/Web-Content/directory-list-2.3-big.txt
$DIRMEDIUM/usr/share/payloads/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt
$DIRSMALL/usr/share/payloads/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt
$WEBAPI_COMMON/usr/share/payloads/SecLists/Discovery/Web-Content/api/api-endpoints.txt
$WEBAPI_MAZEN/usr/share/payloads/SecLists/Discovery/Web-Content/common-api-endpoints-mazen160.txt
$WEBCOMMON/usr/share/payloads/SecLists/Discovery/Web-Content/common.txt
$WEBPARAM/usr/share/payloads/SecLists/Discovery/Web-Content/burp-parameter-names.txt


image

KeybindDescription
CTRL + sSuper/Mod Key
Mod_Key + \Split Panel Vertically
Mod_Key + -Split Panel Horizontal
Mod_Key + rReload tmux
Mod_Key + SHIFT + iInstall Plugins
Mod_Key + SHIFT + uUpdate Plugins
Mod_Key + cNew Tab
SHIFT + Right/Left Arrow Key or Modkey + nSwitch Between Tabs
Mod_Key + Right/Left/Up/Down Arrow KeySwitch Between Splitted Panels
Mod_Key + wList All Windows and Panels
Mod_Key + xKill Tab or Panel
Mod_Key + &Kill Window
Mod_key + qShow Panel or Tab Number
Mod_Key + tClock
Mod_Key + yCopy Selected Text to Clipboard
Mod_Key + SHIFT + yCopy Working Directory (install xclip package)
Mod_Key + pPaste
Mod_Key + dDetach Terminal
Mod_Key + fFind
Mod_Key + zMake Panel Full Window
Mod_Key + mStart Monitoring Panel
Mod_key + $Rename Session

Tool Recipe

CommandDescription
asciinemaRecord and share your terminal sessions.
athena-theme-tweakSwitch to different Athena themes.
athena-welcomeWelcome application that allows main security tools installation and mirrorlist update.
bashtopResource monitor that shows usage and stats for processor, memory, disks, network and processes.
batcat clone with syntax highlighting and Git integration.
bfetchSuperB general-purpose fetch displayer.
blessHigh-quality, full-featured hex editor.
btrfs-assistantGUI management tool to make managing a Btrfs filesystem easier.
chat-gptChatGPT Desktop application.
codeCore engine of Visual Studio Code.
commentorExtract all comments from the specified URL resource.
convertConvert between image formats as well as resize an image, blur, crop, despeckle, dither, and much more.
discordCross-platform, all-in-one voice and text chat application.
downgradeDowngrade one (or multiple) packages by using the pacman cache or the Arch Rollback Machine.
eogImage viewer.
fishA smart and user-friendly command line shell.
gitFast, scalable, distributed revision control system.
gnome-extensionsGnome Extension manager.
gnome-tweaksConfigure looks and functionality of your desktop.
gpartedGNOME Partition Editor for creating, reorganizing, and deleting disk partitions.
htb-playSelect any Hack The Box you want to play.
htb-updateSet, update or delete your Hack The Box App Token and update Hack The Box machine data.
kittyThe fast, feature-rich, GPU based terminal emulator.
laAn lsd -a alias.
llAn lsd -alFh alias.
lsdAn ls command with a lot of pretty colors and some other stuff.
nanoSimple terminal-based text editor.
nautilusFile Manager.
neofetchCLI system information tool written in BASH.
nist-feedNIST notifier about the newest published CVEs according to your filters.
nvimVim-fork focused on extensibility and usability.
octopiA powerful Pacman (Package Manager) front end using Qt libs.
orcaScreen reader that provides access to the graphical desktop via speech and refreshable braille.
pacmanArch Linux package manager.
pactreePackage dependency tree viewer.
pfetchA pretty system information tool written in POSIX sh.
paruPacman wrapping AUR helper with lots of features and minimal interaction.
pywhatIdentify anything. It easily lets you identifying emails, IP addresses, and more.
timelineCross-platform application for displaying and navigating events on a timeline.
tmuxTerminal multiplexer that allow you switch easily between several programs in one terminal, detach them and reattach them to a different terminal.
treeRecursive directory listing program that produces a depth indented listing of files.
vimHighly configurable text editor built to make creating and changing any kind of text very efficient.
vnstatConsole-based network traffic monitor.
xcpAn extended cp command.
zA smarter cd command for your terminal.

Vim configuration is based on https://github.com/amix/vimrc so it implements smart and useful pluginscolor schemes and modes.

If you would like to enable, edit or disable Burn My Window opening and closing effect:

gnome-extensions prefs burn-my-windows@schneegans.github.com

and check or uncheck your effects.

Change your themes and icons by gnome-tweaks.


Funny Commands

CommandDescription
cmatrixScrolling Matrix like screen in the terminal.
cowsayGenerate an ASCII picture of a cow saying something provided by the user.
devilQuotes by devil eyes.
figletPrint input using large characters made up of ordinary screen characters.
fortunePrint a random, hopefully interesting, adage.
lolcatConcatenate files, or standard input, to standard output, and add rainbow coloring to it.
mymanText-mode Pac-Man.
nyancatAnimated, color, ANSI-text program that renders a loop of the classic Nyan Cat animation.
slA steam locomotive running across your screen. Next time write ls in a good manner.
toiletPrint text using large characters made of smaller characters.
trainChoo-choo!

Next Post Previous Post
No Comment
Add Comment
comment url