[Source: concise-courses.com]
OK, none of the following Pentesting distributions were in the top 100 list over at Distro Watch but
we don’t care – we are talking about penetration testing tools – or
specifically the creation of distro’s that have all the necessary open
source tools that help ethical hackers and penetration testers do their
job. Like everything else when it comes to choices, every pentesting
distro has its own pros, cons and specialty. Some distro for example are
better at web application vulnerability discovery, forensics, WiFi
cracking, reverse engineering, malware analysis, social engineering etc.
1. Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration
testing. It is maintained and funded by Offensive Security Ltd. It was
developed by Mati Aharoni and Devon Kearns of Offensive Security through
the rewrite of BackTrack, their previous forensics Linux distribution.
Kali Linux is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), and Aircrack-ng (a software suite for penetration-testing wireless LANs). Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.
Kali Linux is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, and as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung's ARM Chromebook.
9. BackTrack 5R3
The mamma or best known of Linux pentesting distros. BackTrack has a very cool strapline: “The quieter you become, the more you are able to hear.” That just sounds cool….
The mamma or best known of Linux pentesting distros. BackTrack has a very cool strapline: “The quieter you become, the more you are able to hear.” That just sounds cool….
BackTrack
is based on the ever-popular Ubuntu. The pentesting distro used to be
only available within a KDE environment but Gnome become was added as an
option with the release of BackTrack v5. For those working in
Information Security or intrusion detection, BackTrack is one of the
most popular pentesting distros that can run on a live CD or flash
drive. The distribution is ideal for wireless cracking, exploiting, web
application assessment, learning, or social-engineering a client.
Here is a list of some of the awesome tools available in BackTrack 5r3 (the latest release).
To identify Live Hosts:
dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)
dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)
Information Gathering Analysis (Social Engineering)
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Web Crawlers
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points
Database Analysis
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.
Bluetooth Analysis
Blueranger – Uses link quality to locate Bluetooth devices
Blueranger – Uses link quality to locate Bluetooth devices
Vulnerability Assessment
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Exploitation Tools
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
Password Tools
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec
3. NodeZero.
Like
BackTrack, NodeZero is an Ubuntu based distro used for penetration
testing using repositories so every time Ubuntu releases a patch for its
bugs, you also are notified for system updates or upgrades. Node Zero
used to be famous for its inclusion of THC IPV6 Attack Toolkit which
includes tools like alive6, detect-new-ip6, dnsdict6, etc, but I think
that these days BackTrack 5r3 also includes these tools.
Whereas
BackTrack is touted as being a “run-everywhere” distro, i.e. running it
live, NodeZero Linux (which can also be run live) state that the
distros real strength comes from a hard install. NodeZero, in their own
words, believe that a penetration tester “requires a strong and
efficient system [achieved by using] a distribution that is a permanent
installation, that benefits from a strong selection of tools, integrated
with a stable Linux environment. Sounds cool. Ever tried it? Let us
know in the comments below.
4. BackBox Linux
BackBox
is getting more popular by the day. Like BackTrack and NodeZero,
BackBox Linux is an Ubuntu-based distribution developed to perform
penetration tests and security assessments. The developers state that
the intention with BackBox is to create a pentesting distro that is fast
and easy to use. BackBox does have a pretty concise looking desktop
environment and seems to work very well. Like the other distros BackBox
is always updated to the latest stable versions of the most often used
and best-known ethical hacking tools through repositories.
BackBox
has all the usual suspect for Forensic Analysis, Documentation &
Reporting and Reverse Engineering with tools like ettercap, john,
metasploit, nmap, Social Engineering Toolkit, sleuthkit, w3af,
wireshark, etc.
5. Blackbuntu.
Yes,
as the name clearly suggests, this is yet another distro that is based
on Ubuntu. Here is a list of Security and Penetration Testing tools – or
rather categories available within the Blackbuntu package, (each
category has many sub categories) but this gives you a general idea of
what comes with this pentesting distro: Information Gathering, Network
Mapping, Vulnerability Identification, Penetration, Privilege
Escalation, Maintaining Access, Radio Network Analysis, VoIP Analysis,
Digital Forensic, Reverse Engineering and a Miscellaneous section. This
list is hardly revolutionary but the tools contained within might be
different to the other distros.
6. Samurai Web Testing Framework.
This
is a live Linux distro that has been pre-configured with some of the
best of open source and free tools that focus on testing and attacking
websites. (The difference with Samurai Web Testing Framework is that it
focuses on attacking (and therefore being able to defend) websites. The
developers outline four steps of a web pen-test. These steps are
incorporated within the distro and contain the necessary tools to
complete the task.
Step 1: Reconnaissance – Tools include Fierce domain scanner and Maltego.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.
Step 1: Reconnaissance – Tools include Fierce domain scanner and Maltego.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.
Of
interest as well, the Live CD also includes a pre-configured wiki, set
up to be a central information store during your pen-test.
The
Samurai Web Testing Framework is a live Linux distro that focuses on
web application vulnerability research and web pentesting within a “safe
environment” – i.e. so you can ethical hack without violating any laws.
This is a pentesting distro recommended for penetration testers who
wants to combine network and web app techniques.
7. Knoppix STD.
This
distro is based on Debian and originated in Germany. The architecture
is i486 and runs from the following desktops: GNOME, KDE, LXDE and also
Openbox. Knoppix has been around for a long time now – in fact I think
it was one of the original live distros.
Knoppix
is primarily designed to be used as a Live CD, it can also be installed
on a hard disk. The STD in the Knoppix name stands for Security Tools
Distribution. The Cryptography section is particularly well-known in
Knoppix.
8. Pentoo.
9. WEAKERTH4N.
11. DEFT.
The
latest version is DEFT 7 which is based on the new Linux Kernel 3 and
the DART (Digital Advanced Response Toolkit). This distro is more
orientated towards Computer Forensics and uses LXDE as desktop
environment and WINE for executing Windows tools under Linux. The
developers, (based in Italy) hope that their distro will be used by the
Military, Police, Investigators, IT Auditors and professional
penetration testers. DEFT is an abbreviation for “Digital Evidence &
Forensic Toolkit”
12. CAINE
A
reader to our blog suggested to add CAINE which we duly have. CAINE
Stands for Computer Aided Investigative Environment, and like many
information security products and tools – it is Italian GNU/Linux live
distribution. CAINE offers a comprehensive forensic environment that is
organized to integrate existing software tools that are composed as
software modules, all displayed within a friendly graphical interface.
CAINE states to have three objectives. These are, to ensure that the
distro works in an interoperable environment that supports the digital
investigator during the four phases of the digital investigation.
Secondly that the distro has a user friendly graphical interface and
finally that it provides a semi-automated compilation of the final
forensic report. As you would likely expect, CAINE is fully open-source.
If anyone has used this please let us know.
13. BugtTraq
Some
of the special features included with Bugtraq include (as stated) an
expanded range of recognition for injection wireless drivers, (i.e. not
just the usual Alfa rtl8187), a patched 2.6.38 kernel and solid
installation of the usual suspects: Nessus, OpenVAS, Greenbone, Nod32,
Hashcat, Avira etc.
Unique
to Bugtraq (as claimed on their site) is the ability to, or better
said, ease, of deleting tracks and backdoors. Just by having read about
Bugtraq I’m really glad that I can add this to the list because it just
sounds like a job well done. If you are interested in any of the
following pentesting and forensic categories, then do go and check out
Buqtraq: Malware, Penetration Shield, Web audit, Brute force attack,
Communication and Forensics Analytics, Sniffers, Virtualizations,
Anonymity and Tracking, Mapping and Vulnerability detection.
Quick Summary: You
can’t go wrong with any Ubuntu based distro. BackTrack does the job
well but I guess, of course, it’s all personal – i.e. does the distro do
the job for you? Every penetration tester needs a lean towards a
particular tool or tool-set. Frankly they are all good, and it would be
prudent to use several of these pentesting distros as live versions. For
WiFi hacking then WEAKERTH4N is likely your better friend, whilst to
stay within the law, use Samurai.
Bugtraq
looks really good – the team behind it seems to have taken considerable
time to tick all the boxes. Once we test it I’ll update the post.
Here is a list of other distros (which we think are still alive and kicking – please correct us if we are wrong).
