Top 5 Penetration Testing Linux Distributions
There is a seemingly endless amount of Linux distros for just about every area of use. This includes pen testing, sometimes called hacking, distros. Some of you are undoubtedly familiar with, at least if you have spent any time looking around at all the distributions out there.
What follows is this humble author’s personal top five lists of Linux distributions for hacking. I will add that this my list, based on my personal experiences. Not everyone is going to agree, and that is fine. In fact, it is the point. The beauty of Linux is that has the person in mind. Made for the individual, not the assembly line.
With that in mind let’s go ahead and dive in. If you have any disagreement or would simply like to add input, maybe start a discussion on it, leave a few comments. Happy to talk about all of it Here we go!
5. Tails
The Amnesiac Incognito Live System. Its primary use is complete anonymity. For the overly cautious individuals that derogatorily called paranoid, this is a gem. Its most obvious feature, from which it draws its name, is that it lacks any persistence.
Basically, it deletes literally everything on it when it gets shut down. That seems pointless at first but if for some reason you maybe feel compromised being able to wipe out everything right away is nice.
It lacks any relevant tools for real pentesting purposes but, you can download these and use them later. This would be a bit of a pain but if you are all about the secrecy then this all you. I mostly use it for preliminary recon and some dark web diving, this can be important for info gathering on the information you may not already have. Outside of that though there are not many uses.
CAUTION: USE IN A VM. This allows you to save the machine state and not lose anything right away. Plus, should something go wrong at all you can just shut it down and boom all of it is gone.
4. Ubuntu
What? Ubuntu? For hacking? It’s just a general-purpose, basic flavor of Linux.
Yes, that is very true. But that is kind of the point. Many of the top pentesting distributions on the web are very heavily loaded with tools and so on. That is not always a bad thing but it is not always a good thing either. After all, the average user is only going to use some of those tools. Especially because many of the tools do the same thing and everyone has a favorite.
Using Ubuntu allows you to add only the tools and applications you want to use and not any of the others. Plus it is extremely intuitive to use, particularly if you have been using it for a while already. The downside is that you will have to download all these applications and tools on your own and that can suck. As well as being time-consuming. Plus it is where most people do all their everyday work, which can be dangerous, should you get back hacked or anything else.
3. Fedora Security Spin
This lovely product is made by Fedora, part of Red Hat, Linus Torvalds’ favorite companies. It is not an operating system made purely for the hacker and security pros like the last two on this list. Instead, it is made with an educational bend in mind.
It is made for students and teachers and expands knowledge, something I am a big fan of. I know how tough it can be to learn on your own. This helps with that big time. And I love that. Now it might not offer every little tool but it should still cover quite a bit. And if you are looking to learn or teach others this is a great place to start. One downside for me as well is that it is Fedora. Nothing personal just felt super comfortable with Red Hat-Fedora products, but that is just me.
2. BackBox
This is a great tool and comes very close to being my number one. It is loaded down with some great tools and is a Ubuntu based system. For the many users who started on Ubuntu, which is most, this is a big deal. It was a big deal for me too. The truth is that I started on Kali and have stuck with it. Simple as that.
Much like many hack/pen test operating systems it can be a tad over the top with all the tools it uses. But that can also be a part of its appeal. Plus the popularity it has means it comes with a great community.
1. Kali Linux
The grandmaster of hacking and pen testing distributions. If you have done a lot of research Kali Linux has almost certainly come up and it was probably at the top of more than a few lists. Why? Cause it really that good. It has pretty much everything you could want, although not all of it. The Metasploit framework, check. Burpsuite, check. Crack-ng, check. A bunch of other things I have never heard of until I first used Kali Linux.
As previously mentioned you will not really be using all the tools here. There is a lot of redundancy and using one password cracker over the other is kind of pointless unless it works better or it simply feels more comfortable for you. Personally, I would rather have too many than not enough. Not everyone is that way of course. Using Kali guarantees your bases are covered and that you will be using a proven tool that pros across the private and public sectors love. This provides a strong community to learn from.
Conclusion
Do lots of research and try all the OSes you can. Get to know what you like and you will feel better going in. Also, research and use VMs, they are great tools to use in pen testing and provide some security. Lastly, look up the AZ Cyber Warfare Range, it is a great tool for education providing several ranges to learn and hone your skills at. Until next time, have a great day, KCCO!!