Best Linux Penetration Testing Distributions
Linux Penetration Testing Distributions are a group of special purpose Linux distributions used for analysing and evaluating system and network security. Almost all of those distros can run LIVE from an optical or a usb drive, and most of them are installable and can be used as a standalone Linux distribution. The main user demography includes network and computer security enthusiasts, security students and companies interested in security audits.
A penetration test, or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining unrestricted access to the system and the data.
Pen-testing distros have come a long way. These new pentest distros are being developed and maintained with user friendly design in mind and anyone with moderate Linux knowledge can use them. Tutorials and HOW TO articles are usually available for public usages
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution.
Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners). Kali Linux can run natively when installed on a computer’s hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project’s Metasploit Framework, a tool for developing and executing security exploits.
Kali Linux is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, and as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung’s ARM Chromebook.
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd. Pentoo is also available as an overlayfor an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches – with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.
It’s basically a gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included :
Put simply, Pentoo is Gentoo with the pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo.
Pentoo has a pentoo/pentoo meta ebuild and multiple pentoo profiles, which will install all the pentoo tools based on USE flags. The package list is fairly adequate. If you’re a Gentoo user, you might want to use Pentoo as this is the closest distribution with similar build.
BackBox is a Linux distribution based on Ubuntu Desktop, and designed for performing penetration testing, incident response, computer forensics, and intelligence gathering. The main aim of BackBox is providing an alternative, highly customizable and well performing system. BackBox uses the light window manager Xfce.
It includes some of the most used security and analysis Linux tools, aiming for a wide spread of goals, ranging from web application analysis to network analysis, from stress tests to sniffing, also including vulnerability assessment, computer forensic analysis and exploitation.
Part of the power of this distribution comes from its Launchpad repository core, constantly updated to the latest stable version of the most known and used ethical hacking tools. The integration and development of new tools in the distribution follows the open source community, particularly the Debian Free Software Guidelines criteria.
Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network.
Parrot is designed for everyone, from the Pro pentester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pentesting environment, and it can be used also for an everyday use.
Parrot Security OS is a Debian-based GNU/Linux distribution designed to perform security and penetration tests, do forensic analysis or act in anonymity. It uses the MATE Desktop Environment and it is available as a live lightweight installable ISO image for 32bit and 64bit processors with forensic options at boot, optimizations for programmers and new custom pentesting tools.
BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers and security researchers. The repository contains 1082 tools. You can install tools individually or in groups. BlackArch is compatible with existing Arch installs. For more information, see the installation instructions.
Please note that although BlackArch is past the beta stage, it is still a relatively new project
BlackArch Linux is not for newbies, you can (and most probably will ) get lost even during the install stage. If you’re moderately comfortable with Arch ( or Linux in general ) we highly recommend it.