Monday, 10 March 2014

26 Interesting Penetration Testing Linux Distros alternatives.

Penetration Testing Linux distros are a group of special purpose Linux distros used for analyzing and evaluating security measures of a target. This kind of distributions are usually live-cd or usb drive based, but the newer ones has the ability to be installed as a standalone Linux distribution on your computer. The main users of pen-test distribution are network and computer security enthusiasts, security students and audit firms who does security audits with the customer’s permission on their network. Pen-testing distros has come a long way since I first used them about 10 years ago. They used to be unstable and almost always live-cd only. It wasn’t easy to have the packages updated with the latest binaries. We don’t have those problems anymore as nowadays its much easier to create a custom distro with custom repositories. Lets look at some of the more widely used pen-test distros out there:

1 BackTrack: Probably the most widely known pen-test distro out there and one of the oldest distro still being actively developed. There is a thumb-drive and Live DVD version, plus the ability to do a full install in your hard-drive. The distribution is based on Ubuntu with custom packages that gets updated on a regular basis.
Download backtrack 5 r3.iso(free download click on direct download)

2 Knoppix-STD: Another old-timer live distro based on knoppix. STD stands for Security Tools Distro, to avoid any confusion. Contains 1000s of security tools but not advised to be installed as a stand-alone OS.
Download Knoppix-STD.iso (free)

3 Backbox Linux: Another Ubuntu based distro but uses XFCE as its window manager and relies on its own repo to constantly keep its tools updated.
Download backbox

4 Blackbuntu: Built on Ubuntu 10.10 and Gnome, this distro was specifically designed to train students and researchers of information security

5 Samurai Web Testing Framework: Based on Ubuntu and gnome based live CD. Designed specifically for information gathering and pen-testing web apps.

6 NodeZero Linux: Yet another Ubuntu LTS based distro but the emphasis is on native install not a live distro. Currently work is being node to get its own package repository for regular updates.

7 WEAKERTH4N: Based on Debian Squeeze and Fluxbox, its possible to have native HDD install. There is an emphasis on supporting more radios and Wireless pen-test tools out of the box.

8 CAINE : Based on Ubuntu and MATE Desktop Environment, this is a highly customized pen-test distro that sets it apart from other distro with a useful forensic report generation tool.

9 Pentoo: A livecd based on Gentoo and XFCE. Also available as an overlay for existing Gentoo installations. Has the ability to crack passwords using GPGPU out of the box.

10 Bugtraq: Not to be confused with Bugtraq security mailing list. The current version Bugtraq 2 Black Widow available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse. Unique scripts for SVN updates tools, delete tracks, backdoors, Spyder-sql.

11 Matriux : “With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.”

12 Matriux : “DEFT 7 is based on the new Kernel 3 (Linux side) and the DART (Digital Advanced Response Toolkit) with the best freeware Windows Computer Forensic tools. It’s a new concept of Computer Forensic system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management.”

13. parrot security os:
Parrot Security OS is an advanced operating system developed
by Frozenbox Network and designed to perform security and
penetration tests, do forensic analisys or act in anonimity.

14: kali linux: From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration testing distribution ever created. BackTrack has grown far beyond its humble roots as a live CD and has now become a full-fledged operating system. and if you want custom kali for development board like ras pi, beagle board, chrome book, or samsung note 10.1 go here.

15: Anonymous os : kaos.theory's Anonym.OS LiveCD is a bootable live cd based on OpenBSD that provides a hardened operating environment whereby all ingress traffic is denied and all egress traffic is automatically and transparently encrypted and/or anonymized.

 16: gnacktrack: GnackTrack is a Live (and installable) Linux distribution designed for Penetration Testing and is based on Ubuntu. Although this sounds like BackTrack, it is most certainly not; it’s very similar but based on the much loved GNOME! 

17:  Live Hacking CD: Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD” runs directly from the CD and doesn’t require installation on your hard-drive. Once booted you can use the included tools to test, check, ethically hack and perform penetration tests on your own network to make sure that it is secure from outside intruders.

18:  Network Security Toolkit: Is bootable ISO live CD/DVD (NST Live)  based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

 19:  OWASP Live CD: OWASP Live CD is a project that collects some of the best open source security projects in a single CD. Web developers, testers and security professionals can boot from this Live CD and have access to a full security testing suite. This allows its users to test for various security issues in web applications and web sites.

20: Arudius: Arudius is a Linux live CD with tools for penetration testing and vulnerability analysis. A so-called “Linux live CD” is essentially a Linux operating system that is bootstrapped and run directly from a standard CD-ROM. This allows for improved portability of the operating system and for running a variety of Linux software on almost any physical system without affecting the host operating system installed on the hard disk. This is the concept that Arudius exploits as well. Currently, Arudius features more than 140 different security tools and packages. 

 21: Secmic: Secmic is a live Linux security distribution that may be used by security professionals or for educational purposes. It is free to download, and always will be. It comprises over 200 security oriented open source applications and maintains Ubuntu/Kubuntu update compatibility; meaning you will be able to receive security updates directly from the Ubuntu/Kubuntu repositories. b43 / wl hybrid compatibility is included with this Remastersys backup.

22. Security tools distribution STD:  is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

23: NetSecL: NetSecL Linux is by default with hardened configuration leaving the distribution at a security level where it is still usable and providing the tools needed to test your security. GrSecurity and it’s firewall are features that makes the distribution unique along with specially compiled packages:Amap, Ettercap, Hydra, Kismet, Nessus, Nmap, Metasploit, PADS.

24: VAST: VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, videojak, videosnarf and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, and Hydra.This distribution is a work in progress.

25:  Katana : Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Able, and many more.
26: fast track: fast-track is automated penetration testing suite developed by david kennedy. This security suite help the penetration tester to identify and exploit servers using  various techniques. Combining the power of Metasploit Framework and the automation of the attacks, all the pen test process will result effective and time saving (where it’s OK to finish under 3 minutes).

If there is any interesting pentest distro I might have missed, feel free to share in the comments.

No comments:

Post a Comment