Blackarch pacman package groups
Install with pacman -S groupname to quickly install a bunch of tools in one command:
This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf
– this post is a copy-paste of that info – there are a lot of red-team things in the list,
but to blue-team you need to know what the red-team have at their disposal
(and thats why I have included it here, if you dont use these tools responsibly, then that’s your fault, not mine)
If you dont know what defines a red-team and blue-team, then you probably shouldnt use these tools,
they could end you in a lot of trouble if you can’t control them, or if you point them at the wrong network
To allow users to install a specific range of packages quickly and easily, packages have been separated
into groups. Groups allow users to simply go “pacman -S group-name” in order to pull a lot of
The blackarch group is the base group that all packages must belong too. This allows users to install
every package with ease.
What should be in here: Everything.
Packages that are used for countering forensic activities, including encryption, steganography, and
anything that modifies files/file attributes. This all includes tools to work with anything in general
that makes changes to a system for the purposes of hiding information.
Examples: luks, TrueCrypt, Timestomp, dd, ropeadope, secure-delete
Packages that are used for tool or workflow automation.
Examples: blueranger, tiger, wiffy
Packages that exploit or open backdoors on already vulnerable systems.
Examples: backdoor-factory, rrs, weevely
Packages that operate on binary files in some form.
Examples: binwally, packerid
Packages that exploit anything concerning the Bluetooth standard (802.15.1).
Examples: ubertooth, tbear, redfang
Packages that audit existing source code for vulnerability analysis.
Examples: flawfinder, pscan
Packages used for cracking cryptographic functions, ie hashes.
Examples: hashcat, john, crunch
Packages that work with cryptography, with the exception of cracking.
Examples: ciphertest, xortool, sbd
Packages that involve database exploitations on any level.
Examples: metacoretex, blindsql
Packages that allow the user to view what a particular program is ”doing” in realtime.
Examples: radare2, shellnoob
Packages that attempt to reverse a compiled program into source code.
Examples: flasm, jd-gui
Packages that are used to protect a user from malware & attacks from other users.
Examples: arpon, chkrootkit, sniffjoke
This is similar to blackarch-decompiler, and there will probably be a lot of programs that fall into
both, however these packages produce assembly output rather than the raw source code.
Examples: inguma, radare2
Packages that use DoS (Denial of Service) attacks.
Examples: 42zip, nkiller2
Packages that are used for managing physically engineered drones.
Examples: meshdeck, skyjack
Packages that takes advantages of exploits in other programs or services.
Examples: armitage, metasploit, zarp
Packages that exploit fingerprint biometric equipment.
Examples: dns-map, p0f, httprint
Packages that exploit vulnerabilities in firmware
Examples: None yet, amend asap.
Packages that are used to find data on physical disks or embedded memory.
Examples: aesfix, nfex, wyd
Packages that use the fuzz testing principle, ie ”throwing” random inputs at the subject to see what
Examples: msf, mdk3, wfuzz
Packages that exploit or manage anything to do with physical hardware.
Examples: arduino, smali
Packages that act as ”honeypots”, ie programs that appear to be vulnerable services used to attract
hackers into a trap.
Examples: artillery, bluepot, wifi-honey
Packages that record and retain keystrokes on another system.
Examples: None yet, amend asap.
Packages that count as any type of malicious software or malware detection.
Examples: malwaredetect, peepdf, yara
Packages that don’t particularly fit into any categories.
Examples: oh-my-zsh-git, winexe, stompy
Packages that manipulate mobile platforms.
Examples: android-sdk-platform-tools, android-udev-rules
Package that involve IP networking.
Examples: Anything pretty much
Packages that use nfc (near-field communications).
Packages that operate on or invlove packers.
packers are programs that embed malware within other executables.
Packages that acts as a proxy, ie redirecting traffic through another node on the internet.
Examples: burpsuite, ratproxy, sslnuke
Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar
Examples: canri, dnsrecon, netmask
This is an umbrella group for any decompiler, disassembler or any similar program.
Examples: capstone, radare2, zerowine
Packages that scan selected systems for vulnerabilities.
Examples: scanssh, tiger, zmap
Packages that involve analyzing network traffic.
Examples: hexinject, pytactle, xspy
Packages that primarily attack social networking sites.
Examples: jigsaw, websploit
Packages that attempt to spoof the attacker such, in that the attacker doesn’t show up as an attacker
to the victim.
Examples: arpoison, lans, netcommander
Packages that would be used for reporting/recording the threat model outlined in a particular scenario.
Packages that are used to tunnel network traffic on a given network.
Examples: ctunnel, iodine, ptunnel
Packages that are used to extract pre-packed malware from an executable.
Packages that operate on voip programs and protocols.
Examples: iaxflood, rtp-flood, teardown
Packages that operate on internet-facing applications.
Examples: metoscan, whatweb, zaproxy
This group is for any native Windows package that runs via wine.
Examples: 3proxy-win32, pwdump, winexe
Packages that operates on wireless networks on any level.
Examples: airpwn, mdk3, wiffy