Perhaps, if you have ever thought about becoming a hacker or studying to be an IT security auditor, you might have wondered, “How do I do such and such?” or “What tools are used for that?” Linux pentesting distributions are useful and versatile tools for testing security on different platforms.
And while a lot of security auditors stay faithful to their preferred distributions, let’s honor the saying “new year, new you” by giving ourselves the luxury of highlighting some new tools and looking at how to choose the one that suits us best. The idea is to offer a starting point for getting to know some of the most popular distributions for different aims and purposes.
News! The well-known and much-loved Kali has been updated
Late in November 2017, the wait was finally over. For all the users excited about it, a new update finally came out for this well-known distribution. What am I talking about? “Version 2017.3”, of course. The new features included all the patches, fixes, and updates to the tools and Kernel that were released over the preceding period, which is no small matter, especially if you use Maltego or SET.
Man cannot live by bread alone, and the pentester needs more than just Kali.
It’s time to step away from the comfort zone of the standard-bearer Kali (originally Backtrack), and look at some of the alternatives. Thanks to the efforts of a large community, Linux comes in an array of distributions that offer us a great many options to choose from, and depending on the user’s taste (whether they’re a beginner, advanced, or a ninja hacker) everyone will be able to find something that’s right for them.
One of my favorite distributions, based on Debian, is Parrot. The latest version, which came out in late December 2017, is Parrot Security 3.10, which has excellent support from its dedicated wiki. Its outstanding features include the fact that it is multilingual and that it can be used for audits, thanks to its arsenal of tools, for forensic studies, or for maintaining your anonymity while browsing.
In the images above we can see the boot system and the menu of tools in the main panel of Parrot OS.
Another updated classic: BackBox Linux 5
In my opinion, while they have maintained the spirit of previous versions, in this latest outing they have removed a lot of outdated tools and added in just as many new ones, while refining the GUI even further. Standouts are the user-friendliness and versatility, which is only to be expected for a distribution based on Ubuntu. Even so, it is always useful to visit its wiki to report or correct any errors you might come across.
For ninja-level auditors
One of the fastest distributions is undoubtedly blackarch, which not only offers great performance but almost 2000 tools. User-friendliness is an area of potential improvement though, particularly in terms of its compatibility with different hardware. To mitigate this issue, it may be worth seeking a little help, which you can find in its support forum. One thing worth mentioning is that 32-bit systems will soon cease to be supported, so it is important to choose your platform carefully.
Privacy is naturally something that any ninja auditor would want to preserve, so let’s look at some other options:
One interesting distribution which is not so well known for anonymity and privacy is Subgraph OS. While it doesn’t have as many tools as Kali, it does offer the very useful capability to be executed from a live CD or USB without installing it. The following image shows its boot options:
Among other things, it is frequently used for browsing via the famous Tor proxies or sending anonymous mails. Its wiki offers help with installing it and getting better use out of its features
Another option is Whonix, which was designed to mitigate different threats and attack vectors, and with a special emphasis on privacy. It is a desktop operating system which was designed for advanced security and privacy. Commonly used applications are pre-installed and pre-configured securely, ready for immediate use, so the user does not expose themselves by installing additional applications or personalizing their desktop.
Of course these are just a few examples, and the majority have a great many features in common, as they come with applications for chat, mail and P2P, that are personalized so the user remains anonymous. Nonetheless, if you are interested in this type of distribution, I recommend you also take a look at some of the other offerings with similar features, like discreete linux, IprediaOS, and Tails.
For auditing security on IoT
This internet revolution, connecting multiple devices of many different types, generates a broad spectrum of attack vectors ranging from insecure firmware or protocols to the use of default passwords and the exploitation of vulnerabilities. As such, it is only natural that new distributions should emerge which are designed for use with the Internet of Things (IoT), and that is the case with AttfyOS. Based on Ubuntu, it comes with a great many pre-installed tools that help in finding and studying vulnerabilities on IoT platforms.
Often, the initial part of an audit starts with Open Source Intelligence Techniques (Osint), and as you can imagine there are operating systems that offer these information-gathering techniques: one clear example of this is the curiously-named distribution “Buscador”.
As we can see in the image above, “Buscador” has a wide range of options and tools, and you can dive deeper into these via its wiki.
In this post, we have given you an introductory glance at the most updated and popular tools to have emerged recently, and although we have shown you around ten examples, you can find many more on the web. This article will have helped show you where to start if you are a beginner, or perhaps even if you are an experienced auditor finding yourself with a distribution you didn’t know, and I hope you will now be able to select from a wider range of options when choosing your favorite. Lastly, if you would like to recommend any other distribution or tell us which one is your favorite, feel free to leave your comments at the end of the article.
Image credits: © geralt/Pixabay.com
Author Lucas Paus, ESET