Whether you’re in an IT security career or pursuing one, learning the ropes in your specific field can help you become better at your job. Using Linux and its varying distros can further your understanding of the uses of ethical hacking and get ready for penetration testing.
9 Best Linux Distros For Hacking
So what does Linux have to do with IT security? Some Linux distros provide various tools for assessing networking security and other similar tasks. The differences between the distros also vary based on user-interface and the specific tools offered.
Kali Linux
The most well-known and used Linux distro for hacking and penetration testing is Kali Linux. It’s based on Debian and was developed by Offensive Security taking on the mantle of BackTrack. Kali Linux follows the Rolling Release model in that every tool that comes with the distro, of which there are plenty, is updated automatically. Kali is the most advanced penetration testing platform available. As such, its tools focus largely around penetration testing from various fields of security and forensics. The Kali Linux community is fairly large and remains active, and there is plenty of available documentation for studying or brushing up on a few tips and tricks that could benefit you.
BackBox
One of the best distros in the field would have to be the Ubuntu-based BackBox. It’s a distro developed specifically for penetration testing and security assessment purposes. It even has its own software repository that provides the latest stable versions of various system and network analysis toolkits and ethical hacking tools. BackBox is designed with a minimalistic approach both in structure and visuals opting to use the XFCE desktop environment. With BackBox you receive a lightning quick, effective, efficient, and fully-customizable experience with a rather large and helpful community.
Parrot Security OS
One of the new distros on the block, Parrot Security OS is brought to us by Frozenbox Network. It’s target audience is penetration testers in need of online anonymity, system encryption, and easy access to the cloud. Yet another distro on this list that is based on Debian, it uses MATE as its desktop environment. With Parrot Security OS you’ll get almost every recognized tool for penetration testing available, as well as some exclusive custom tools from the developer, Frozenbox Network. Just like Kali Linux, Parrot Security OS also benefits from Rolling Release.
BlackArch
BlackArch serves as a penetration testing and security researching distro with its own repository. The consistently growing repository contains thousands of varying tools organized into different categories and groups for easy navigation. BlackArch takes its name from the distro it was built on top of, Arch Linux. This means that if you’re already using Arch Linux as your preferred Linux distro, you can easily set up the collection of BlackArch tools right on top of it.
Bugtraq
Bugtraq comes with multiple desktop environments (XFCE, GNOME, and KDE) based on different Linux distros like Ubuntu, Debian, and OpenSUSE. It is also available in 11 different languages. Bugtraq comes packed with a huge arsenal of penetration testing, forensic, and laboratory tools specifically designed by its loyal community. Some tools involve malware testing, mobile forensics, and GSM frequency audit tools.
DEFT Linux
Next we have Digital Evidence & Forensics Toolkit (DEFT), which is a Linux distribution developed for Computer Forensics. The primary purpose of DEFT is to be able to run a live system without fear of corruption or tampering from outside sources such as external or mobile devices. DEFT is typically paired up with the forensics system for the Windows operating system known as Digital Advanced Response Toolkit, or DART. DART contains the best possible tools you’ll find for forensics and incident response. The staff who developed DEFT are consistently helping to develop new systems that help law enforcement, the military, and government officers.
Samurai Web Testing Framework
The Samurai Web Testing Framework comes as a virtual machine and was developed for online penetration testing. It’s based off of Ubuntu and contains plenty of amazing open source tools that prioritize website attacks. One of the more interesting and convenient features of the Samurai Web Testing Framework is that it includes a pre-configured Wiki set up to store information during your penetration tests. This framework does come with a few prerequisites such as Vagrant, which is a developmental environment that works best with VirtualBox.
Pentoo Linux
The Gentoo Linux-based Pentoo is a distro focused on security and penetration testing. It’s available as a LiveCD with persistence support which means that all changes conducted while live will remain and become available on the next boot up so long as you’re using a USB stick. Pentoo is a carbon copy of Gentoo except with a large assortment of customized tools with a focus toward security and penetration testing. Anyone familiar with the workings and interface of Gentoo will easily adapt to the Pentoo work environment. It’s also available as an overlay to anyone who already uses Gentoo as their preferred Linux distro for hacking.
CAINE
If your current or potential career is that of a forensics specialist, then Computer Aided INvestigative Environment (CAINE) is the distro for you. It was created with the sole purpose of aiding in and testing of digital forensics. CAINE provides built-in investigative tools, is liveDVD session capable, and runs a more old school approach to the Linux desktop environment. CAINE’s selection of forensics tools is top-notch. From the menu you’ll find 18 applications as well as four additional subfolders containing additional specialty forensics tools focused on memory, database, mobile, and networking forensics. It’s a no-nonsense distro for hacking that offers more standard Linux programs than you’re likely to find in most general purpose Linux distros. Visually and functionally, CAINE is less flashy than newer, more user-friendly distros, but its all business approach will get the job done