Fedora Security Lab – hack yourself!

Fedora Security Lab is probably one of the most unknown Fedora Labs for the public. It is typically used for a very specific task. But what exactly is that task? This article aims to answer that question!

Security Lab and cyber security

Fedora Security Lab is a Fedora Lab intended for forensic analysis and penetration testing. For people that do not understand this, both concepts are the base of cyber security. This special edition of Fedora comes full of useful utilities, applications, and programs that both professionals and hobbyists alike will find useful to use for penetration testing situations and analyzing the security of either networks or systems.

Computer forensics analysis

Computer forensics analysis is the methodology of collecting, analyzing, and reporting on digital data in a way that is legally admissible (i.e. ethical hacking). The information is used in order to illuminate wrong-doing and improve the detection and prevention of crime.

In penetration testing (or sometimes shortened as pen-testing), we determine the feasibility of a particular set of attack vectors and identify higher-risk vulnerabilities that result from a combination of low-risk vulnerabilities. These are then exploited in a particular sequence. This methodology is also known as “offensive security”.

How the Security Lab is used

Fedora Security Lab tools can determine how exposed you are to cyber attacks. Using the Security Lab, we are able to study the security of our computer by creating an attack chain that could potentially occur in the real world.

Fedora Security Lab comes with several useful utilities. The Fedora Security Lab is available as a live CD with the Xfce desktop environment. The provided applications are divided into categories such as:

  • Code analysis
  • Forensics
  • Intrusion detection
  • Network statistics
  • Password tools
  • Reconnaissance
  • VoIP (Voice over IP)
  • Web Applications Testing
  • Wireless

Among the applications, we can find the usual security software like Nmap, a port scanner, and Wireshark, a network traffic analyzer. Other popular cracking tools that are included out of the box are John the Ripper and powerful tools such as Medusa and Hydra. Most of the applications are used in a terminal. You can check for yourself the list of the Fedora Security Lab software.

Yum Extender (YumEx) is included by default. If you are security-paranoid like me, you can find a huge number of proxies to use 


 behind, such as Squid or Dante.

Getting Security Lab

You can download the Fedora Security Lab by visiting labs.fedoraproject.org and using the direct download. Once you have it downloaded, you can use a tool such as Unetbootin to install it to a USB to be used as a live system or to install to a hard drive.

If you do not like downloading the ISO and prefer P2P, there is the Fedora Torrents list, where you can download all of the Fedora spins and labs.

Words from Security Lab team

Joerg Simon is the Director of Security and Fedora Board Member. This video is from his Security Lab presentation at the Nullcon Security Conference in 2012 called “Another security lab?”. In the first part of the video, he speaks about his favorite applications included in the Security Lab. In the second part, he includes an interesting speech about the cyber-security methodology: what is needed to quantify security, level of porosity, visibility of the target, limitations applied to vulnerabilities, quantification of the trustworthy, and… the importance of open code to get unbiased results.


Be a Fedora Security Lab tester!

Fedora Security Lab was created by Fabian Affolter and Joerg Simon. They are looking for contributors that can help them update applications and test new changes.

Follow this link if you want to test the Fedora Security Lab Beta updates!

Using Software


  1. Alexander

    Not a big deal, but the “Fedora Security Lab” links point to the Spanish site (with …/es/… in the URL).

  2. Dan Mossor

    While I use the Fedora Security Lab in my personal research, I have been forced to use both Kali Linux and the SANS Forensics toolkit in my professional life. Are there any comparisons of the three?

  3. Anonymous Coward

    The Fedora installation guide recommends against using Unetbootin.

  4. Bram Mertens

    Not sure if this is by design but the links to the lab website point to the (partially) Spanish website. The English site is at https://labs.fedoraproject.org/en/security/

  5. Erix

    i’m using FSL since version 19 , it is so stable and i’m using it as my primary OS modified with mate desktop!
    the only catch is : i think no one really cares for the requested packages tickets!!
    i have to do all modifications myself!
    thanks in advance

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions