Blackarch pacman package groups
Install with pacman -S groupname to quickly install a bunch of tools in one command:
This info is available in the blackarch developers guide here: https://blackarch.org/blackarch-guide-en.pdf
– this post is a copy-paste of that info – there are a lot of red-team things in the list,
but to blue-team you need to know what the red-team have at their disposal
(and thats why I have included it here, if you dont use these tools responsibly, then that’s your fault, not mine)
If you dont know what defines a red-team and blue-team, then you probably shouldnt use these tools,
they could end you in a lot of trouble if you can’t control them, or if you point them at the wrong network
3.2.1 Groups
To allow users to install a specific range of packages quickly and easily, packages have been separated
into groups. Groups allow users to simply go “pacman -S group-name” in order to pull a lot of
packages.
blackarch
The blackarch group is the base group that all packages must belong too. This allows users to install
every package with ease.
What should be in here: Everything.
https://blackarch.org/tools.html
blackarch-anti-forensic
Packages that are used for countering forensic activities, including encryption, steganography, and
anything that modifies files/file attributes. This all includes tools to work with anything in general
that makes changes to a system for the purposes of hiding information.
Examples: luks, TrueCrypt, Timestomp, dd, ropeadope, secure-delete
blackarch-automation
Packages that are used for tool or workflow automation.
Examples: blueranger, tiger, wiffy
blackarch-backdoor
Packages that exploit or open backdoors on already vulnerable systems.
Examples: backdoor-factory, rrs, weevely
blackarch-binary
Packages that operate on binary files in some form.
Examples: binwally, packerid
blackarch-bluetooth
Packages that exploit anything concerning the Bluetooth standard (802.15.1).
Examples: ubertooth, tbear, redfang
blackarch-code-audit
Packages that audit existing source code for vulnerability analysis.
Examples: flawfinder, pscan
blackarch-cracker
Packages used for cracking cryptographic functions, ie hashes.
Examples: hashcat, john, crunch
blackarch-crypto
Packages that work with cryptography, with the exception of cracking.
Examples: ciphertest, xortool, sbd
blackarch-database
Packages that involve database exploitations on any level.
Examples: metacoretex, blindsql
blackarch-debugger
Packages that allow the user to view what a particular program is ”doing” in realtime.
Examples: radare2, shellnoob
blackarch-decompiler
Packages that attempt to reverse a compiled program into source code.
Examples: flasm, jd-gui
blackarch-defensive
Packages that are used to protect a user from malware & attacks from other users.
Examples: arpon, chkrootkit, sniffjoke
blackarch-disassembler
This is similar to blackarch-decompiler, and there will probably be a lot of programs that fall into
both, however these packages produce assembly output rather than the raw source code.
Examples: inguma, radare2
blackarch-dos
Packages that use DoS (Denial of Service) attacks.
Examples: 42zip, nkiller2
blackarch-drone
Packages that are used for managing physically engineered drones.
Examples: meshdeck, skyjack
blackarch-exploitation
Packages that takes advantages of exploits in other programs or services.
Examples: armitage, metasploit, zarp
blackarch-fingerprint
Packages that exploit fingerprint biometric equipment.
Examples: dns-map, p0f, httprint
blackarch-firmware
Packages that exploit vulnerabilities in firmware
Examples: None yet, amend asap.
blackarch-forensic
Packages that are used to find data on physical disks or embedded memory.
Examples: aesfix, nfex, wyd
blackarch-fuzzer
Packages that use the fuzz testing principle, ie ”throwing” random inputs at the subject to see what
happens.
Examples: msf, mdk3, wfuzz
blackarch-hardware
Packages that exploit or manage anything to do with physical hardware.
Examples: arduino, smali
blackarch-honeypot
Packages that act as ”honeypots”, ie programs that appear to be vulnerable services used to attract
hackers into a trap.
Examples: artillery, bluepot, wifi-honey
blackarch-keylogger
Packages that record and retain keystrokes on another system.
Examples: None yet, amend asap.
blackarch-malware
Packages that count as any type of malicious software or malware detection.
Examples: malwaredetect, peepdf, yara
blackarch-misc
Packages that don’t particularly fit into any categories.
Examples: oh-my-zsh-git, winexe, stompy
blackarch-mobile
Packages that manipulate mobile platforms.
Examples: android-sdk-platform-tools, android-udev-rules
blackarch-networking
Package that involve IP networking.
Examples: Anything pretty much
blackarch-nfc
Packages that use nfc (near-field communications).
Examples: nfcutils
blackarch-packer
Packages that operate on or invlove packers.
packers are programs that embed malware within other executables.
Examples: packerid
blackarch-proxy
Packages that acts as a proxy, ie redirecting traffic through another node on the internet.
Examples: burpsuite, ratproxy, sslnuke
blackarch-recon
Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar
packages.
Examples: canri, dnsrecon, netmask
blackarch-reversing
This is an umbrella group for any decompiler, disassembler or any similar program.
Examples: capstone, radare2, zerowine
blackarch-scanner
Packages that scan selected systems for vulnerabilities.
Examples: scanssh, tiger, zmap
blackarch-sniffer
Packages that involve analyzing network traffic.
Examples: hexinject, pytactle, xspy
blackarch-social
Packages that primarily attack social networking sites.
Examples: jigsaw, websploit
blackarch-spoof
Packages that attempt to spoof the attacker such, in that the attacker doesn’t show up as an attacker
to the victim.
Examples: arpoison, lans, netcommander
blackarch-threat-model
Packages that would be used for reporting/recording the threat model outlined in a particular scenario.
Examples: magictree
blackarch-tunnel
Packages that are used to tunnel network traffic on a given network.
Examples: ctunnel, iodine, ptunnel
blackarch-unpacker
Packages that are used to extract pre-packed malware from an executable.
Examples: js-beautify
blackarch-voip
Packages that operate on voip programs and protocols.
Examples: iaxflood, rtp-flood, teardown
blackarch-webapp
Packages that operate on internet-facing applications.
Examples: metoscan, whatweb, zaproxy
blackarch-windows
This group is for any native Windows package that runs via wine.
Examples: 3proxy-win32, pwdump, winexe
blackarch-wireless
Packages that operates on wireless networks on any level.
Examples: airpwn, mdk3, wiffy
