Top Ten Penetration Testing Linux Distributions
By Henry Dalziel | Information Security Blogger | Concise Courses
As of early 2012 BackTrack was used by over four million amateur and professional security researchers and professionals. Clearly it is extremely popular but there are other Linux pentesting distributions out there! Just like a good plumber needs his tools so does the budding pentester or curious hacker. Every information security professional needs to work with a penetration testing distro but also, most, if not all, training requires that you must use pentesting tools within a Linux Pentesting/ Forensics Box.
OK, none of the following Pentesting distributions were in the top 100 list over at Distro Watch but we don’t care – we are talking about penetration testing tools – or specifically the creation of distro’s that have all the necessary open source tools that help ethical hackers and penetration testers do their job. Like everything else when it comes to choices, every pentesting distro has its own pros, cons and specialty. Some distro for example are better at web application vulnerability discovery, forensics, WiFi cracking, reverse engineering, malware analysis, social engineering etc.
BackTrack is based on the ever-popular Ubuntu. The pentesting distro used to be only available within a KDE environment but Gnome become was added as an option with the release of BackTrack v5. For those working in Information Security or intrusion detection, BackTrack is one of the most popular pentesting distros that can run on a live CD or flash drive. The distribution is ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.
Here is a list of some of the awesome tools available in BackTrack 5r3 (the latest release).
To identify Live Hosts:
dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)
Information Gathering Analysis (Social Engineering)
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.
Blueranger – Uses link quality to locate Bluetooth devices
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
Like BackTrack, NodeZero is an Ubuntu based distro used for penetration testing using repositories so every time Ubuntu releases a patch for its bugs, you also are notified for system updates or upgrades. Node Zero used to be famous for its inclusion of THC IPV6 Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, etc, but I think that these days BackTrack 5r3 also includes these tools.
Whereas BackTrack is touted as being a “run-everywhere” distro, i.e. running it live, NodeZero Linux (which can also be run live) state that the distros real strength comes from a hard install. NodeZero, in their own words, believe that a penetration tester “requires a strong and efficient system [achieved by using] a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable Linux environment. Sounds cool. Ever tried it? Let us know in the comments below.
3. BackBox Linux
BackBox is getting more popular by the day. Like BackTrack and NodeZero, BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. The developers state that the intention with BackBox is to create a pentesting distro that is fast and easy to use. BackBox does have a pretty concise looking desktop environment and seems to work very well. Like the other distros BackBox is always updated to the latest stable versions of the most often used and best-known ethical hacking tools through repositories.
BackBox has all the usual suspect for Forensic Analysis, Documentation & Reporting and Reverse Engineering with tools like ettercap, john, metasploit, nmap, Social Engineering Toolkit, sleuthkit, w3af, wireshark, etc.
Yes, as the name clearly suggests, this is yet another distro that is based on Ubuntu. Here is a list of Security and Penetration Testing tools – or rather categories available within the Blackbuntu package, (each category has many sub categories) but this gives you a general idea of what comes with this pentesting distro: Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VoIP Analysis, Digital Forensic, Reverse Engineering and a Miscellaneous section. This list is hardly revolutionary but the tools contained within might be different to the other distros.
5. Samurai Web Testing Framework.
This is a live Linux distro that has been pre-configured with some of the best of open source and free tools that focus on testing and attacking websites. (The difference with Samurai Web Testing Framework is that it focuses on attacking (and therefore being able to defend) websites. The developers outline four steps of a web pen-test. These steps are incorporated within the distro and contain the necessary tools to complete the task.
Step 1: Reconnaissance – Tools include Fierce domain scanner and Maltego.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.
Of interest as well, the Live CD also includes a pre-configured wiki, set up to be a central information store during your pen-test.
The Samurai Web Testing Framework is a live Linux distro that focuses on web application vulnerability research and web pentesting within a “safe environment” – i.e. so you can ethical hack without violating any laws. This is a pentesting distro recommended for penetration testers who wants to combine network and web app techniques.
6. Knoppix STD.
This distro is based on Debian and originated in Germany. The architecture is i486 and runs from the following desktops: GNOME, KDE, LXDE and also Openbox. Knoppix has been around for a long time now – in fact I think it was one of the original live distros.
Knoppix is primarily designed to be used as a Live CD, it can also be installed on a hard disk. The STD in the Knoppix name stands for Security Tools Distribution. The Cryptography section is particularly well-known in Knoppix.
Pentoo is a security-focused live CD based on Gentoo. In their own words “Pentoo is Gentoo with the pentoo overlay.” So, if you are into Pentoo then this is the distro for you. Their homepage lists some of their customized tools and kernel, including: a Hardened Kernel with aufs patches, Backported Wifi stack from latest stable kernel release, Module loading support ala slax, XFCE4 wm and Cuda/OPENCL cracking support with development tools.
This penetration distribution is built from Debian Squeeze and uses Fluxbox for its’ desktop environment. This pentesting distro is particularly well adjusted for WiFi hacking since it contains many Wireless tools. Here is a quick summary of WEAKERTH4N’s tool categories: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing, Android Hacking, Networking and Shells.
9. Matriux Krypton.
This linux distro is, I believe, is the first security distribution based directly on Debian, (after WEAKERTH4N?) if I am wrong please comment below! There are 300 security tools to work, called “arsenals”. The arsenals allow for penetration testing, ethical hacking, system and network administration, security testing, vulnerability analysis, cyber forensics investigations, exploiting, cracking and data recovery. The last category, data recovery, doesn’t seem to be prevalent in the other distros.
The latest version is DEFT 7 which is based on the new Linux Kernel 3 and the DART (Digital Advanced Response Toolkit). This distro is more orientated towards Computer Forensics and uses LXDE as desktop environment and WINE for executing Windows tools under Linux. The developers, (based in Italy) hope that their distro will be used by the Military, Police, Investigators, IT Auditors and professional penetration testers. DEFT is an abbreviation for “Digital Evidence & Forensic Toolkit”
A reader to our blog suggested to add CAINE which we duly have. CAINE Stands for Computer Aided Investigative Environment, and like many information security products and tools – it is Italian GNU/Linux live distribution. CAINE offers a comprehensive forensic environment that is organized to integrate existing software tools that are composed as software modules, all displayed within a friendly graphical interface. CAINE states to have three objectives. These are, to ensure that the distro works in an interoperable environment that supports the digital investigator during the four phases of the digital investigation. Secondly that the distro has a user friendly graphical interface and finally that it provides a semi-automated compilation of the final forensic report. As you would likely expect, CAINE is fully open-source.
If anyone has used this please let us know.
Bugtraq is another reader submitted pentesting distro. Based on the 26.6.38 kernel, this distro offers a really wide range of penetration and forensic tools. Like most of the others in this list, Bugtraq can hard-install of obviously run as a Live DVD or from a USB drive. Bugtraq claims to have recently configured and updated the kernel for better performance but also importantly so that it can recognize more hardware, including wireless injection patches pentesting. The team at Bugtraq seem solid because they are clearly making an effort to get the kernel to work with more hardware – something which the other distributions don’t always place enough importance.
Some of the special features included with Bugtraq include (as stated) an expanded range of recognition for injection wireless drivers, (i.e. not just the usual Alfa rtl8187), a patched 2.6.38 kernel and solid installation of the usual suspects: Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira etc.
Unique to Bugtraq (as claimed on their site) is the ability to, or better said, ease, of deleting tracks and backdoors. Just by having read about Bugtraq I’m really glad that I can add this to the list because it just sounds like a job well done. If you are interested in any of the following pentesting and forensic categories, then do go and check out Buqtraq: Malware, Penetration Shield, Web audit, Brute force attack, Communication and Forensics Analytics, Sniffers, Virtualizations, Anonymity and Tracking, Mapping and Vulnerability detection.
Quick Summary: You can’t go wrong with any Ubuntu based distro. BackTrack does the job well but I guess, of course, it’s all personal – i.e. does the distro do the job for you? Every penetration tester needs a lean towards a particular tool or tool-set. Frankly they are all good, and it would be prudent to use several of these pentesting distros as live versions. For WiFi hacking then WEAKERTH4N is likely your better friend, whilst to stay within the law, use Samurai.
Bugtraq looks really good – the team behind it seems to have taken considerable time to tick all the boxes. Once we test it I’ll update the post.
Here is a list of other distros (which we think are still alive and kicking – please correct us if we are wrong).
Damn Vulnerable Linux (reader comment: more of an operating system for attacking purposes)
Hakin9 (an educational and training distro that you can use to play-along with when subscribing to the Hacking Magazine Hak9)
Network Security Toolkit (NST)
And here is a list of distros that, regrettably, have passed on to Linux Heaven.
Local Area Security (LAS)