10 Pentesting Linux Distributions You Should Try

With the help of open source tools, penetration testing can now be conducted easier (although it can also be hard sometimes :p ) and cheaper. Linux has gained popularity in the area of penetration testing and information security. Not just because of its security but because of its efficiency because most Pentesting Linux distros that can just be booted using your flash drive or a live CD which makes wherein you don't need to install it on your HDD. These live penetration testing distros contains a package of tools for hacking or cracking a system. Each pentesting distro has its own pros, cons and specialty which includes web application vulnerability research, forensics, WiFi cracking, reverse engineering, malware analysis, and many more.

And so I decided to write a review about 10 pentesting distros I've tried and booted on my laptop or PC:

1. BackTrack 5


So tell me.. Who doesn't know about BackTrack? Some windows users do but almost all penetration testers and Linux users are familiar with this pentesting distro based on Ubuntu. BackTrack used to be a KDE pentesting distro but with the release of BackTrack 5, a Gnome Desktop Environment was also released for those users who dislike KDE. In fact with the release of BackTrack 5, the developer (phillips321) of GnackTrack decided to stop his project after careful consideration. Hence, bt5-fixit.sh was released by phillips321 for improving and adding more tools for BackTrack 5. BackTrack is one of my favorite pentesting distros that can run on a live CD or flash drive. Ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.

Famous for its awesome line: "The quieter you become, the more you are able to hear". Download BT5 here.

2. BackBox Linux


BackBox Linux captured my heart because of its sleek performance and its flexibility as what the project claims to be. Its new version which is BackBox 2.01 uses these components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The new version has cool features which include Forensic Analysis, Documentation & Reporting and Reverse Engineering and updated tools like dradis, ettercap, john, metasploit, nmap , Social Engineering Toolkit, sleuthkit, w3af, weevely, wireshark, etc. This pentesting distro is part of Open Soluzioni's project which is founded by Raffaele Forte.

Download this project and see for yourself. What makes their forum cool is that the admin is open for tools request. In fact, Raffaele added reaver (WiFi Protected Setup Attack Tool) in their repository after I made a request in their forum a few months ago.

3. Node Zero


Node Zero is a Ubuntu based distro for penetration testing. It uses the Ubuntu repositories so every time Ubuntu releases a patch for its bugs, you also are notified for system updates or upgrades. Nodezero is famous for its inclusion of THC IPV6 Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, dos-new-ip6, fake-advertise6, fake-mipv6, fake_mld6, fake_router6, implementation6, implementation6d, parasite6, recon6, redir6, rsmurf6, sendpees6, smurf6, toobig6,  and trace6. Node Zero was formally known as Ubuntu Pentest Edition and was the 1st Ubuntu/Gnome based pentesting distro that was released.

Nodezero Linux is an official media partner of ROOTCON. You can check out the list of tools that Nodezero has in this link.

4. Blackbuntu


Don't feel bad with it's name, it's not a forbidden distro that uses dark arts or unethical tools. It's the black theme which makes this distro very mysterious.

Blackbuntu is another penetration testing distro based on Ubuntu obviously because of its name. It uses GNOME as its DE and uses the Ubuntu 10.10 release. The categories of its tools include Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VOIP Analysis, Digital Forensic, Reverse Engineering and other Miscellaneous tools like macchanger and lynis auditing tools. You can download this distro here.

5. Samurai Web Testing Framework


Samurai Web Testing Framework is a live linux distro that focuses on web application vulnerability research, website hacking, web pentesting, and is a pre-configured as web application environment for you to try hacking ethically and without violating any laws. This distro is a must have for penetration testers who wants to combine network and web app techniques. The framework uses the component Ubuntu 9.04 release.

Samurai Web Testing Framework is a project of InGuardians Inc. which is a vendor-independent Information Security Consultancy based in Washington D.C. This distro can be downloaded in sourceforge.


6. Knoppix STD



No!! Not the Knoppix Sexual Transmitted Disease. STD stands for Security Tools Distribution and is based on Knoppix. This distro was last updated on 2009 which means it didn't have updates now unlike the previous distros that I discussed but I would like to give it a plus one for the fluxbox Desktop Environment because of its very light and smooth. They have some cool tools and has a cool feature which is the Cryptography section. Might not work on some new hardwares because of the forgotten system update but it works great in my virtualbox.

You can download this live distro here.

7. Pentoo


Pentoo? Sounds familiar right? My dear friends, Pentoo is based on Gentoo Linux and is a pentesting distro that uses Enlightenment E17 as its desktop environment. It's default wallpaper is really cute. I love Tux. LoL

It has a fairly cool collection of pentetsing tools, Cuda/OPENCL cracking support with development tools and GPU based cracking software pyrit installed on the distro.

8. WEAKERTH4N Linux


WEAKERTH4N is one of the awesome pentesting distros I have ever tried. It's still in its BETA release but the developer has done a good job for this project that some cool pentesting tools included in this distro. It is built from Debian Squeeze and uses Fluxbox as it Desktop environment. You can install this live pentesting distro using Custom Remastersys Installer. It has a lot of wireless tools unlike BackTrack 5.It has the old Android Hacking features.

For wifi warriors out there you should check out the Weaknet Labs Section under WiFu especially Catchme-NG which allows you to troll for a MAC address, or anything from an 802.11 packet using Airodump-ng and WPA-Phishing attack for EAP Phishing.  Download the BETA version here.

9. Matriux Krypton


Matriux Krypton final was released last 2011.08.15 and is another open source security distribution for ethical hackers and penetration testers. Compiled with a cool set of tools which they call arsenals, this distro can be used for penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, exploiting, cracking, data recovery and many more. I also love its startup screen that says "Software is like sex; it's better when it's free" (attributed to Linus Torvalds).

Download this cool pentesting distro and check out their arsenal here.


10. Project Playground


Project Playground or “Pipi” is a pentesting distro based on Debian that uses XFCE as its DE. It centers on web application security practice, it is packed with web apps intended to have vulnerabilities and weaknesses for you to practice. This includes DVWA, mutillidae, gruyere and webgoat and many more. Aside from those mentioned, articles and tutorials are also included. The distro is made in the Philippines by a Filipino open source advocate and pentetsing lover named creatures/kreatures.

For now the alpha release is available for download and I have already tried it. Kudos to creatures/kreatures for the Alpha Release. You can email creatures at ysda27[at]gmail[dot]com or visit his website for more updates about his project.  You can stalk some of his tutorials on the ProjectX Blog.


About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

8 comments:

fiasco_averted said...

I'm getting timeouts from http://kreatures.dyndns.org/, the site for "Project Playground". Is anyone else having this issue and are there mirrors?

Shipcode said...

hello fiasco_averted. kreature's server is currently down for maintenance and is currently planning to update his mirrors ;)

a ji o ji suno ji said...

Wow! Thanks for this. I had no idea that horses could refuse to drink from certain sources. I have to work that into a story. A question: I once won some free lessons in English style riding. The instructor was showing me how to sit, guide the horse etc and mentioned that this particular horse didn't care for turning left and tended to balk. Why do horses develop complexes like that?
Bulldog Puppies

socialboom1 said...

A standard penetration test is a way for scientists to get an idea of how resistant the soil in a certain area is to the invasion of water. The tests conducted on the sample are usually unaffected by the disturbance of the soil. Penetration Testing

n8mare said...

Excellent blog you have here but I was wondering if you knew of any community forums that cover the same topics talked about in this article? I'd really like to be a part of group where I can get opinions from other experienced individuals that share the same interest. If you have any suggestions, please let me know. Thanks a lot!
click here to visit the business website

Skyrim Expart said...

I am happy to be here because this is a very good site that provides lots of information about the topics covered in depth. I’m glad to see that people are actually writing about this issue in such a smart way. fast payday loans

Eclipse Spark said...

hi, can you add Parrot Security OS to your list?? www.parrotsec.org

and remember to change backtrack with kali

yati pathak said...

you are a extra ordinary minded person that's why you are able to made the free amazon gift card codes type of page
download free amazon gift card codes

Post a Comment