Top Ten Penetration Testing Linux Distributions


By | Information Security Blogger | Concise Courses



As of early 2012 BackTrack was used by over four million amateur and professional security researchers and professionals. Clearly it is extremely popular but there are other Linux pentesting distributions out there! Just like a good plumber needs his tools so does the budding pentester or curious hacker. Every information security professional needs to work with a penetration testing distro but also, most, if not all, training requires that you must use pentesting tools within a Linux Pentesting/ Forensics Box.



Update May 2013: We have updated this post! Please click here to see the latest news, RSS Feeds, Videos, Specs and Reviews of the World’s Mostly Widely Used and Popular Linux Penetration Testing Distributions. Click on the distro name to jump straight to its’ specific page: Kali Linux, Knoppix STD, BackBox, Pentoo, DEFT, CAINE, Samurai WTF, Matriux Krypton, WEAKERTH4N, Bugtraq and NodeZero
Update May 2013: Related Post: Poll! Which is the best Linux Hacking Distro? Cast your vote!
Update March 2013: BackTrack has evolved into Kali Linux. Our blog post on this was mentioned on the PaulDotCom information security web show, read our Kali Linux Family Tree post and learn about the history and origin of this latest version of BackTrack. Kali Linux is the sixth pentesting distro from Offensive Security (the guys behind BackTrack).
Update February 2013: Owing to some great comments below we edited this post so it has now become the “12 Best Linux Penetration Distro List!”

OK, none of the following Pentesting distributions were in the top 100 list over at Distro Watch but we don’t care – we are talking about penetration testing tools – or specifically the creation of distro’s that have all the necessary  open source tools that help ethical hackers and penetration testers do their job. Like everything else when it comes to choices, every pentesting distro has its own pros, cons and specialty. Some distro for example are better at web application vulnerability discovery, forensics, WiFi cracking, reverse engineering, malware analysis, social engineering etc.


1. BackTrack 5r3

The mamma or best known of Linux pentesting distros. BackTrack has a very cool strapline: “The quieter you become, the more you are able to hear.” That just sounds cool….

BackTrack is based on the ever-popular Ubuntu. The pentesting distro used to be only available within a KDE environment but Gnome become was added as an option with the release of BackTrack v5. For those working in Information Security or intrusion detection, BackTrack is one of the most popular pentesting distros that can run on a live CD or flash drive. The distribution is ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.

Here is a list of some of the awesome tools available in BackTrack 5r3 (the latest release).

To identify Live Hosts:
dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)

Information Gathering Analysis (Social Engineering)
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing

Web Crawlers
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points

Database Analysis
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.

Bluetooth Analysis
Blueranger – Uses link quality to locate Bluetooth devices

Vulnerability Assessment
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer

Exploitation Tools
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities

Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor

Password Tools
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec


2. NodeZero.
Like BackTrack, NodeZero is an Ubuntu based distro used for penetration testing using repositories so every time Ubuntu releases a patch for its bugs, you also are notified for system updates or upgrades. Node Zero used to be famous for its inclusion of THC IPV6 Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, etc, but I think that these days BackTrack 5r3 also includes these tools.

Whereas BackTrack is touted as being a “run-everywhere” distro, i.e. running it live, NodeZero Linux (which can also be run live) state that the distros real strength comes from a hard install. NodeZero, in their own words, believe that a penetration tester “requires a strong and efficient system [achieved by using] a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable Linux environment. Sounds cool. Ever tried it? Let us know in the comments below.


3. BackBox Linux
BackBox is getting more popular by the day. Like BackTrack and NodeZero, BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. The developers state that the intention with BackBox is to create a pentesting distro that is fast and easy to use. BackBox does have a pretty concise looking desktop environment and seems to work very well. Like the other distros BackBox is always updated to the latest stable versions of the most often used and best-known ethical hacking tools through repositories.

BackBox has all the usual suspect for Forensic Analysis, Documentation & Reporting and Reverse Engineering with tools like ettercap, john, metasploit, nmap, Social Engineering Toolkit, sleuthkit, w3af, wireshark, etc.


4. Blackbuntu.
Yes, as the name clearly suggests, this is yet another distro that is based on Ubuntu. Here is a list of Security and Penetration Testing tools – or rather categories available within the Blackbuntu package, (each category has many sub categories) but this gives you a general idea of what comes with this pentesting distro: Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VoIP Analysis, Digital Forensic, Reverse Engineering and a Miscellaneous section. This list is hardly revolutionary but the tools contained within might be different to the other distros.


5. Samurai Web Testing Framework.
This is a live Linux distro that has been pre-configured with some of the best of open source and free tools that focus on testing and attacking websites. (The difference with Samurai Web Testing Framework is that it focuses on attacking (and therefore being able to defend) websites. The developers outline four steps of a web pen-test. These steps are incorporated within the distro and contain the necessary tools to complete the task.
Step 1: Reconnaissance – Tools include Fierce domain scanner and Maltego.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.

Of interest as well, the Live CD also includes a pre-configured wiki, set up to be a central information store during your pen-test.

The Samurai Web Testing Framework is a live Linux distro that focuses on web application vulnerability research and web pentesting within a “safe environment” – i.e. so you can ethical hack without violating any laws. This is a pentesting distro recommended for penetration testers who wants to combine network and web app techniques.


6. Knoppix STD.
This distro is based on Debian and originated in Germany. The architecture is i486 and runs from the following desktops: GNOME, KDE, LXDE and also Openbox. Knoppix has been around for a long time now – in fact I think it was one of the original live distros.

Knoppix is primarily designed to be used as a Live CD, it can also be installed on a hard disk. The STD in the Knoppix name stands for Security Tools Distribution. The Cryptography section is particularly well-known in Knoppix.


7. Pentoo.
Pentoo is a security-focused live CD based on Gentoo. In their own words “Pentoo is Gentoo with the pentoo overlay.” So, if you are into Pentoo then this is the distro for you. Their homepage lists some of their customized tools and kernel, including: a Hardened Kernel with aufs patches, Backported Wifi stack from latest stable kernel release, Module loading support ala slax, XFCE4 wm and Cuda/OPENCL cracking support with development tools.


8. WEAKERTH4N.
This penetration distribution is built from Debian Squeeze and uses Fluxbox for its’ desktop environment. This pentesting distro is particularly well adjusted for WiFi hacking since it contains many Wireless tools. Here is a quick summary of WEAKERTH4N’s tool categories: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing, Android Hacking, Networking and Shells.


9. Matriux Krypton.
This linux distro is, I believe, is the first security distribution based directly on Debian, (after WEAKERTH4N?) if I am wrong please comment below! There are 300 security tools to work, called “arsenals”. The arsenals allow for penetration testing, ethical hacking, system and network administration, security testing, vulnerability analysis, cyber forensics investigations,  exploiting, cracking and data recovery. The last category, data recovery, doesn’t seem to be prevalent in the other distros.


10. DEFT.
The latest version is DEFT 7 which is based on the new Linux Kernel 3 and the DART (Digital Advanced Response Toolkit). This distro is more orientated towards Computer Forensics and uses LXDE as desktop environment and WINE for executing Windows tools under Linux. The developers, (based in Italy) hope that their distro will be used by the Military, Police, Investigators, IT Auditors and professional penetration testers. DEFT is an abbreviation for “Digital Evidence & Forensic Toolkit”


11. CAINE
A reader to our blog suggested to add CAINE which we duly have. CAINE Stands for Computer Aided Investigative Environment, and like many information security products and tools – it is Italian GNU/Linux live distribution. CAINE offers a comprehensive forensic environment that is organized to integrate existing software tools that are composed as software modules, all displayed within a friendly graphical interface. CAINE states to have three objectives. These are, to ensure that the distro works in an interoperable environment that supports the digital investigator during the four phases of the digital investigation. Secondly that the distro has a user friendly graphical interface and finally that it provides a semi-automated compilation of the final forensic report. As you would likely expect, CAINE is fully open-source.

If anyone has used this please let us know.


12. Bugtraq

Bugtraq is another reader submitted pentesting distro. Based on the 26.6.38 kernel, this distro offers a really wide range of penetration and forensic tools. Like most of the others in this list, Bugtraq can hard-install of obviously run as a Live DVD or from a USB drive. Bugtraq claims to have recently configured and updated the kernel for better performance but also importantly so that it can recognize more hardware, including wireless injection patches pentesting. The team at Bugtraq seem solid because they are clearly making an effort to get the kernel to work with more hardware – something which the other distributions don’t always place enough importance.

Some of the special features included with Bugtraq include (as stated) an expanded range of recognition for injection wireless drivers, (i.e. not just the usual Alfa rtl8187), a patched 2.6.38 kernel and solid installation of the usual suspects: Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira etc.

Unique to Bugtraq (as claimed on their site) is the ability to, or better said, ease, of deleting tracks and backdoors. Just by having read about Bugtraq I’m really glad that I can add this to the list because it just sounds like a job well done. If you are interested in any of the following pentesting and forensic categories, then do go and check out Buqtraq: Malware, Penetration Shield, Web audit, Brute force attack, Communication and Forensics Analytics, Sniffers, Virtualizations, Anonymity and Tracking, Mapping and Vulnerability detection.

Quick Summary: You can’t go wrong with any Ubuntu based distro. BackTrack does the job well but I guess, of course, it’s all personal – i.e. does the distro do the job for you? Every penetration tester needs a lean towards a particular tool or tool-set. Frankly they are all good, and it would be prudent to use several of these pentesting distros as live versions. For WiFi hacking then WEAKERTH4N is likely your better friend, whilst to stay within the law, use Samurai.

Bugtraq looks really good – the team behind it seems to have taken considerable time to tick all the boxes. Once we test it I’ll update the post.

Here is a list of other distros (which we think are still alive and kicking – please correct us if we are wrong).

Other Distro’s
Damn Vulnerable Linux (reader comment: more of an operating system for attacking purposes)
Hakin9 (an educational and training distro that you can use to play-along with when subscribing to the Hacking Magazine Hak9)
Helix
nUbuntu
Network Security Toolkit (NST)
OWASP Labrat
Frenzy
grml
Ophcrack
FCCU
OSWA Assistant
Russix
Chaox-NG
GnackTrack
Katana
Securix-NSM
Auditor

And here is a list of distros that, regrettably, have passed on to Linux Heaven.
KCPentrix
Protech
FIRE
Arudius
INSERT
Local Area Security (LAS)
NavynOS
Operator
PHLAK
PLAC
SENTINIX
Talos
ThePacketMaster
Trinux
WarLinux
Whoppix
WHAX
HeX
Stagos FSE
SNARL


42 thoughts on “Top Ten Penetration Testing Linux Distributions”
  1. Sniff3r says:

    Very nice and comprehensive article.
    I was wondering if you, or anyone has heard of or used another Linux distro not listed above, called CAINE(Computer Aided Investigation Environment). It’s a live CD. More VM be found here: http://www.caine-live.net. I’d be interested in know what you think and how you feel it compare with other pentesting/forensics.

    I’ve used it a few times with success, but because its relatively unknown, and its not on NIST’s list of approved forensic distros, I’m curious what others think of it.

    Thanks

    1. Concise-Team says:

      Hey thanks very much for the comment. We will certainly add that distro to the list.

  2. Jole says:

    Great list! I was using Backtrack for last 2 years, and few months ago I switched to BackBox, and I am really satisfied with it. Works amazing!

    1. Concise-Team says:

      Very interesting! Thanks for your post. What do you like about BackBox, have you stuck with that distro or do you go back to BackTrack?

      1. Jole says:

        BackBox looks more minimalistic, that’s why I really like it. I didn’t really make some test, but I have feeling that it is lighter and faster generally than Backtrack. I will stay with Backbox for sure for longer time. There is less tools available, but for me this is plus, cause anyway I didn’t use all the tools provided with Backtrack. In Backbox you have the most important, and all tools work good, without additional setup.
        Regards!

  3. Correcaminos says:

    Hi all! I use bugtaq. After testing it I think is the most complete and easy to use for pentesting. http://bugtraq-team.com/

    1. Concise-Team says:

      Thanks for sharing that. Ill also it Buqtaq to the list.

  4. Robert says:

    I have not looked through this whole list but i am certain Damn Vulnerable Linux is NOT a Pentration Testing Linux Distributions. It is an operating system for attacking purposes.

    Otherwise nice post.

    1. Concise-Team says:

      Really appreciate your comment. I’ll go ahead and edit the Damn Vulnerable Linux section. Thanks again. Concise Team.

  5. z4sk4 says:

    Concise-Team, did you test it the Bugtraq distro?? on internet people say that all is configurated, an i dont know if its true or only marketing… for you who its the best?? backtrack, backbox, samurai, bugtraq blackbuntu…?

    1. Concise-Team says:

      I still haven’t tested buqtraq but to answer your question – I am really impressed with backbox. Backbox just seems to work out of the box. I have only used backbox for a few days so am still new to it but I’ll certainly update the post in a week or two. Let us know if you do test Buqtraq. Thanks!

  6. tribete says:

    Hi,everybody. There are a lot of distros, but in a distro is not only the tools, also the people have to look behinf the system and know how to manage that. For me the most complete distro and the best one (actually waiting for second release) is bugtraq. Not only has a lot of tools like backtrack and other distros, bugtraq give you also the possibility to execute windows programs and where works perfectly and no distro has that.
    Apparently for the second release is going to come with a ot of new stuff!! and has been though for the user :)

    1. Concise-Team says:

      Thanks for your comment. Does Buqtraq execute windows via WINE? (Backtrack comes with WINE per-installed).

      1. tribete says:

        Yes with wine, i saw they installed until netframework 2.0, also i hear the rumors that the next version they installed netframwork 4.0 and of course more tools will be able to work then ^^

        But more stuffs, it has malware you can AV,s etc..

        But im waitting for the second one apparently its comes with a lot of new surprises :)

        Im sorry im a bugtraq fan :P

  7. tribete says:

    And one thing i forgot to mention. BAcktrack is down… i used all releases from backtrack 5, and honestly sucks!, a lot of tools doenst work, when i want to use something i have to configure it by my self, tools from R1 now in R3 dissapear or are not working.

    People stop lying your self backtrack sucks :)

    1. Concise-Team says:

      I have to agree with you. BT R52 and R53 simply don’t install on my machine (I think its because of my chipset) but anyways I had to spend a lot of time configuring basic things like sound, settings and some of the tools didn’t work. The main problem I had was that some of repo’s didn’t update. Anyways – I migrated to Backbox and so far I am really impressed. Backbox doesn’t run in root unlike BT. Maybe BT is better run as a live distro. Thanks for your comments.

      1. tribete says:

        Well i didnt try backbox, i suggest you to try bugtraq, everything is configured, and everuything is automated. Also they give support in their website and thats makes a lot :D

        I will try backbox ^^

  8. sunil sidram bhosale says:

    I’ve been working in backtrack since long ago . It is really true that some of the tools don’t work and you have to sort out the problem . But I am not sure whether BACKBOX will really prove helpful to me as I work more than mere security . I will be very thankful if anybody helps me in knowing of a bruting the remote password application which works awesomely fast .

  9. ghostofaaron says:

    And what about Kali-Linux? Kali Linux is faster than Backtrack
    http://www.kali.org/

    Greetz

    ghostofaaron

    1. 100% agreed – that is why we updated this post. You can see the latest version here (this also includes Polls, Videos, RSS Feeds, Reviews etc etc).

      Thanks for your comment!

  10. I’m still using BackTrack 4. I was never able to get any version of 5 to work on any of my machines except 1 and like reported above a lot of tools that were in the older versions were either difficult to find, not there or simply did not work.

    I plan to try BackBox (I like things that sound easy). I might also try BlackBuntu.

    I still have a knoppix disc around and probably use it second most next to BT4, but it sure is old, but it ALWAYS works on everything I try.

    Great article.

    tks

    1. Thanks for the comment! I had exactly the same issue with BT5! Must have been something to do with the chipset I have on my laptop? In fact, the failure of BT5 to load correctly or even install made me switch to BackBox. The community are a nice and friendly bunch and I really get the impression that a lot of thought has gone into BackBox (BB). I actually use BB for my day to day OS – which wasn’t intentional it just happened and it works great! I guess the fact that BB is an Ubuntu derivative is the key.

      Yes KNOPPIX is the old man by the sea – been around for a long time! Thanks again for your comment!

      PS – I thought the Blackbuntu project was almost dead? Every time I hit the site it always says “please wait for the next release…”

      * You should check out our poll – we asked for everyone’s favorite distro – Kali Linux is first and BackBox is second which is impressive.

  11. Souris Ash says:

    I’m currently using Kali Linux. But I’m not satisfied with it as after learning to use metasploit, I wanted to use armitage. But I really can’t get it running. I’m thinking of trying BT5 r3 and then, BackBox (sounds good!).
    Thanks for the article though, it has helped me a lot.

    Regards,
    Souris Ash

    1. Hi Souris – really appreciate your comment. Although I haven’t tried Metasploit/ Armitage I definitely recommend trying it on BackBox.

      In fact – have a look at our poll. We asked people to vote on their favorite pentesting distro and BackBox is in second place (about 200 people have voted!)

      Thanks again for your comment – Henry

  12. Anonymous says:

    I don’t know if you actually call Anonymous-OS an Operation system for Pen-Testing, but still it’s full
    of tools for DDoS (Distributed Denial of Service) and also Havji,

  13. Anonymous says:

    Backtrack is outdated, Kali Linux replaced it.

    1. Absolutely! In fact I have even seen Kali being referred to BackTrack 6.

      We have a section dedicated to Kali Linux on our site and even offer some Kali Linux Training if you are interested! Thanks for your comment.

  14. Antron says:

    CAINE es el dios!!1

  15. maz bagoes4all says:

    add to the list WIFISLAX

    http://www.wifislax.com/ It is adapted to Live Wifislax 4.6 compatible touch devices.

    These devices are compatible generally bring or support tablets windows 8 (full) and you can access your BIOS to disable the UEFI BIOS and select another boot.

    Currently supported devices are not to bring android serial.

    Requirements:
    2 gb ram
    1 usb port or reader sd / micro sd card

  16. ashwik says:

    hello everyone….i am new to this ethical hacking thingy. i am in search of a good hacking os. please suggest me one…..thankyou

    1. You will never go wrong with Kali Linux

  17. kenza says:

    Hello excused me, I would like to have help.I have installed blackbuntu on my pc acer aspire E1 – 531, Ram: 4 gb, HDD:500 gb. Except that blackbuntu does not recognize my wifi card, what should I do?

    1. hmmm. Not too sure is the answer. My hunch is that the blackbuntu repositories might not be updated but that is just a basic suggestion. Your best bet is to see if blackbuntu have a forum and ask there. Otherwise, try connecting via Ethernet and then update everything by ‘apt-get update’ and then re-boot….

      Let us know how you get on! Thanks for the post.

  18. Sarah Salzstein says:

    Hi, can you add BlackArch Linux to this list, please?

    1. Yes, we really should be updating this list.

      Anyways – we actually published a post – BlackArch Linux: Another awesome pentesting hacking distro

  19. Ssokar says:

    I see that parrot-sec is not on the list. Can you have a look and maybe put this up on the list if it meets your standards?
    I haven’t personally used it but i have heard amazing things about it from users i speak with. it has a nice variety of tools and *apparently* its quite easy to use and visually appealing. Let me know how you go :) Thanks for the great posting, Awesome read.

    1. 100% – we added Parrot Linux to our list.

  20. Vaggelis says:

    Hello
    Can you add backtrack – codename whydah to your list?
    It is very small, and can run on ram also ( > 1 )
    Based on slax with fluxbox
    thx :)

    1. Hi – thanks for the comment. Happy to add this distro but we can’t seem to find out more information on it. Please drop a comment below if you have a link or more information regarding whydah. Thanks!

        1. Thanks for adding this comment! Looks great.

          Let us know how the project develops – we are more than happy to post more stuff regarding Linux Hacking Distro’s on this page.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>