Slingshot Linux Distribution

Slingshot is an Ubuntu-based Linux distribution with the MATE Desktop Environment built for use in the SANS penetration testing curriculum and beyond. Designed to be stable, reliable and lean, Slingshot is built with Vagrant and Ansible. It includes many standard pen testing tools, as well as the PenTesters Framework (PTF). Course-specific builds include all of the tools, files and documentation needed for class labs.

By Ryan O'Grady ,
Joshua Wright ,
Stephen Sims ,
Jorge Orchilles ,
Ben Allen ,
Daniel Pendolino
470x382_Slingshot_Tools.jpg

Slingshot Community Edition

Login to download
  • Login = slingshot
  • Password = slingshot
  • SHA256 Checksum = 20e6e79919af03de9a49ba62bf0cb5642b545a65cb567e8aa65e3f6612c53c98

Slingshot C2 Matrix Edition

Login to download

The Slingshot C2 Matrix Edition was made to aid learning installation of C2 frameworks and getting you straight to testing which C2s work against your organization. Slingshot C2 Matrix Edition is ideal for red team, blue team, and purple team functions. For more information visit The C2 Matrix website and The C2 Matrix How To Wiki.

  • Login = slingshot
  • Password = slingshot
  • SHA256 Checksum = 16f5d121680e75eaccac04ed2bb3603ddcf788b24552c7b30210a93c0edd48e4

Minimum System Requirements:

  • VMware Player or similar
  • 2 GHz dual-core processor
  • 4 GB of system memory
  • 15 GB of disk space

Key Features of Slingshot

  • Provides a consistent experience for SANS students
  • Extensive use of virtual environments (e.g., pyenv, rbenv) to prevent version conflicts
  • Repeatable and testable build process using Vagrant and Ansible
  • Automated testing during the build process verifies that updates do not break tools
  • Streamlines courseware creation by course authors for students
  • MATE Terminal now available in dark mode

Tools Included in Slingshot CE (Community Edition)

  • Aircrack-ng
  • Asleap
  • basicblobfinder
  • BeEF
  • Bettercap
  • binwalk
  • Burp Suite
  • checksec.sh
  • chisel
  • CloudMapper
  • Covenant
  • coWPAtty
  • Docker
  • Empire 3 (BC Security fork)
  • Ettercap
  • ExploitDB
  • EyeWitness
  • Flamingo
  • GCPBucketBrute
  • hashcat
  • hping3
  • httpie
  • John the Ripper
  • Kismet
  • Kiterunner
  • Koadic
  • Masscan
  • Metasploit Framework
  • ncat
  • Nikto
  • Nmap
  • OpenVAS
  • Padbuster
  • Powershell Empire
  • ProjectDiscovery tools
  • Recon-ng
  • Responder
  • RITA
  • ScoutSuite
  • Sherlock
  • Social Engineer Toolkit
  • sqlmap
  • tcpdump
  • THC-Hydra
  • Unicornscan
  • Veil Evasion
  • Wapiti
  • WeirdAAL
  • Wireshark
  • WPScan
  • Zed Attack Proxy

...with the ability to quickly install hundreds of others with the PenTesters Framework. Did we miss something? Submit a request through our feedback form.