Top 5 Linux Security Distro’s

So there are a lot of articles on the web about top linux penetration testing distro’s or top forensics distro’s or top security distro’s. In a lot of them they fail to make any distinction between them. Penetration is vastly different from forensics. The other issue I have is in a lot of these articles they will list very old distro’s that are very out of date like Knoppix STD or blackbuntu. I don’t think Knoppix STD has been updated since 2004 and there has been no change in blackbuntu since 2011. So it kind of makes me wonder if some of those articles weren’t written solely for SEO purposes.

From my perspective the top three pentesting distros in order are Kali Linux (formerly known as BackTrack Linux) Pentoo Linux and Parrot Security OS.

Kali Linux

kali linux Desktop

Kali Linux Desktop

Kali would be my number one choice and that is because I have been using BackTrack for years and naturally followed over to Kali Linux. That being said Kali has a lot going for it. It has more than 300 pentesting tools, It’s open source, you can download their source via git. Kali runs great as a live CD or on bare metal. It also works well on a raspberry pi. You can even load kali on your beaglebone black.

Pentoo Linux

pentoo linux pentesting live cd

Pentoo Linux

Pentoo would be my second choice however if you are a huge gentoo fan then this might be your first choice. If you already run gentoo getting pentoo is easy. It’s available in layman. I tend to use pentoo more for SDR stuff since GNU Radio is already compiled with all the dependencies. Pentoo is robust and massive. Give it a try if you haven’t already. You can download it here

Parrot Security OS

Parrot Security OS desktop

Parrot Security OS


Parrot is developed by Frozenbox Network and designed to perform security and penetration tests, do forensic analisys or be anonymous on the web. Parrot Security uses a the Mate Desktop environment which is a nice change of pace. This is a Debian-based distribution similar in look and feel to Kali Linux because the crew at Frozen Network started with the Kali git repository. Edited to add – Version 1.0 is out… check out more here. Parrot Security OS has also made it in my top 5 linux live CD’s list.

When it comes to just forensics my list is a bit shorter. The Top 2 forensics are CAINE Linux and DEFT Linux. Forensics is all about preserving the evidence chain. The process and mentality is much different than Pentesting and as such having a dedicated distro for that tends to be a good thing. If you are unfamiliar with computer forensics you can always take a moment to read some documentation.

CAINE

Caine linux 5.0

Caine linux 5.0


When it comes to forensics Cane linux (Computer Aided Investigative Environment) is an Italian Ubuntu based distro that is all business. If you want an eye opener just run it on one of your old machines and see what you can turn up. It might surprise you.

DEFT

deft linux 8.0

deft linux 8.0


DEFT (Digital Evidence & Forensic Toolkit) is a customized distribution of the Ubuntu live Linux CD. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics. If Caine didn’t exist this would be my goto forensics distro.

And since I always want to under promise and over deliver I will throw in a couple more security distributions as honorable mentions.

NST (Network Security Toolkit).

NST 20 Destop

NST 20 Destop


The latest release of NST is based on Fedora 20 using Linux Kernel 3.13.3-201.fc20

They have been all over the heartblead issue.

Backbox linux

BackBox Linux

BackBox Linux

BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.

Blackarch linux is a light weight pentesting distro based on arch.

Blackarch is a pentesting suite built on top of Arch Linux. I will say that it is a very light and responsive distro. And due to that quick responsiveness and light interface I think this could be a great candidate pentesting distro to run on a raspberry pi or as a virtualbox guest.If you already have an arch linux running you can also add blackarch to it. More info can be found over on their site.

So that is my list as I see it based on my experiences. Your list might be different and if it is I would love to hear about it. Post your comments bellow.

9 thoughts on “Top 5 Linux Security Distro’s

  1. Pingback: Kali Linux 1.0.2 first look | One Mans Anthology

  2. Pingback: Parrot Security OS for Pentesting | One Mans Anthology

  3. Pingback: Pentoo Linux Pentesting Live CD | One Mans Anthology

  4. Paul

    Finally, a list of pentest distros that weren’t all Ubuntu based. I love Kali, but I think with the flexibility and the knowledge required a pentest distro based on Arch or Gentoo (as you have listed here with Pentoo) would make great distros.

    I am not a fan of Canonical and Ubuntu does not teach you much about your platform or anything under under the hood–things i think any self-respecting ethical hacker would want to learn.

  5. Pingback: Linux today | One Mans Anthology

  6. Pingback: Anonymous

  7. Randy

    Thanks for this listing! Im in school for infosec and only have about 2 years of actual linux experience. Ill have to do some digging into these distros, i have a little experience with Kali and ubuntu 14.04, â‚©and a long ways to go..

  8. springbok

    Nice listing of the “mains” – however there are others which you didn’t name and since they have an “Ubuntu” parent, I completely understand why. Each distro has it’s pros and cons, some with printing, some with repos, others with available apps, but this was a nice piece put together in a seemingly unbiased fashion.

Leave a Reply

Your email address will not be published. Required fields are marked *