So there are a lot of articles on the web about top linux penetration testing distro’s or top forensics distro’s or top security distro’s. In a lot of them they fail to make any distinction between them. Penetration is vastly different from forensics. The other issue I have is in a lot of these articles they will list very old distro’s that are very out of date like Knoppix STD or blackbuntu. I don’t think Knoppix STD has been updated since 2004 and there has been no change in blackbuntu since 2011. So it kind of makes me wonder if some of those articles weren’t written solely for SEO purposes.
Kali would be my number one choice and that is because I have been using BackTrack for years and naturally followed over to Kali Linux. That being said Kali has a lot going for it. It has more than 300 pentesting tools, It’s open source, you can download their source via git. Kali runs great as a live CD or on bare metal. It also works well on a raspberry pi. You can even load kali on your beaglebone black.
Pentoo would be my second choice however if you are a huge gentoo fan then this might be your first choice. If you already run gentoo getting pentoo is easy. It’s available in layman. I tend to use pentoo more for SDR stuff since GNU Radio is already compiled with all the dependencies. Pentoo is robust and massive. Give it a try if you haven’t already. You can download it here
Parrot Security OS
Parrot is developed by Frozenbox Network and designed to perform security and penetration tests, do forensic analisys or be anonymous on the web. Parrot Security uses a the Mate Desktop environment which is a nice change of pace. This is a Debian-based distribution similar in look and feel to Kali Linux because the crew at Frozen Network started with the Kali git repository. Edited to add – Version 1.0 is out… check out more here. Parrot Security OS has also made it in my top 5 linux live CD’s list.
When it comes to just forensics my list is a bit shorter. The Top 2 forensics are CAINE Linux and DEFT Linux. Forensics is all about preserving the evidence chain. The process and mentality is much different than Pentesting and as such having a dedicated distro for that tends to be a good thing. If you are unfamiliar with computer forensics you can always take a moment to read some documentation.
When it comes to forensics Cane linux (Computer Aided Investigative Environment) is an Italian Ubuntu based distro that is all business. If you want an eye opener just run it on one of your old machines and see what you can turn up. It might surprise you.
DEFT (Digital Evidence & Forensic Toolkit) is a customized distribution of the Ubuntu live Linux CD. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics. If Caine didn’t exist this would be my goto forensics distro.
And since I always want to under promise and over deliver I will throw in a couple more security distributions as honorable mentions.
NST (Network Security Toolkit).
The latest release of NST is based on Fedora 20 using Linux Kernel 3.13.3-201.fc20
They have been all over the heartblead issue.
BackBox Linux is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.
Blackarch is a pentesting suite built on top of Arch Linux. I will say that it is a very light and responsive distro. And due to that quick responsiveness and light interface I think this could be a great candidate pentesting distro to run on a raspberry pi or as a virtualbox guest.If you already have an arch linux running you can also add blackarch to it. More info can be found over on their site.
So that is my list as I see it based on my experiences. Your list might be different and if it is I would love to hear about it. Post your comments bellow.
- Pentoo Linux Pentesting Live CD
- Voyager Live 14.04