Linux Distribution Reviews Linux Security

Best Security Focused Linux Distros for Ethical Hacking and Pentesting

A hacker needs a security focused operating system to help discover the weakness in computer systems or network. Among Windows and MAC OS, Linux distributions have the most countless distributions for various purposes. Some are designed for general purposes, such as office suite like what windows and MAC OS do and others are for specific tasks and purposes, such as server, security, and penetration testing.I will not be debating Windows vs MAC vs Linux distributions much more, instead we will focus on what are the best Linux distribution for ethical hacking. For some beginners in the security field this article will help you get started. Because there are so many Linux distributions aimed specifically to do security assessment or penetration testing. The list below is based on combining my objective on this field and the most “popular forensics distribution category” listed on  DistroWatch is a page which display various Linux distributions, popularity rankings, news and another general information.

9. DracOS Linux

DracOS Linux (Dragon Comodo OS) was built based on LFS (linux from scratch) and is used to perform security testing with hundreds of essentials tools to cover penetration testing, forensics and reverse engineering. The interesting thing about DracOS Linux is, this OS has no GUI environment, you can only access the tool by using CLI (command line interface). Newcomer ethical hackers would find more challenge using DracOS Linux as their first penetration testing operating system, but it is not so hard to learn. DracOS Linux is claimed as the lightweight and very powerful penetration testing operation system. You can install DracOS Linux under low spec hardware.

8. Bugtraq

Bugtraq OS is another Linux distribution for penetration testing based on Debian or Ubuntu. Bugtraq was built by bugtraq-team in around 2011. Bugtraq comes with huge amount of tools, which are more well organized than Kali Linux (which in Kali Linux has multiple different tools that has the same functionality). The packs of Bugtraq penetration testing tools consist of mobile forensic tools, malware testing lab, Bugtraq-Community tools, audit tools for GSM, bluetooth, RFID and wireless. Bugtraq is available with XFCE, GNOME and KDE desktop environment.

7. DEFT Linux

DEFT is abbreviated from Digital Evidence & Forensics Toolkit, is a Linux distribution made for computer forensics analysis and incident response. DEFT Linux was built based on Xubuntu, that used LXDE as desktop environment. DEFT Linux runs on Live Mode, which once you boot the system, and start using it. The essential tools and package in DEFT Linux are Digital Forensics Framework, Mobile forensics (Android and IOS), DART (Digital Advance Response Toolkit) containing windows applications that used to organize, collect and run the tools in safe mode for live forensic and incident response. DEFT Linux is used by Military, Police, Security experts, Auditor or individuals.

6. C.A.I.N.E

C.A.I.N.E, short for Computer Aided Investigative Environment is another Linux Live distribution for digital forensics. CAINE was built based on Ubuntu and used MATE and LightDM desktop environment. CAINE is loaded with tools to help investigator or IT auditor finds data points and clues that needed for computer security forensics. The most essentials CAINE Tools are “RegRipper” used to extract and parse information from Windows registry for analysis, “Theharvester” used to collect data about domains and email accounts by using different data source (baidu, bing, google, pgp, linkedln, twitter and yahoo), “VolDiff” used to analyze malware memory footprint.

5. Network Security Toolkit (NST)

Monitoring active connections using Netfilter on NST.

Network Security Toolkit is a Linux distribution based on Fedora Live-CD designed for Network Security and Network penetration testing. NST is aimed at network diagnostic and server monitoring. NST comes with arsenal of Network security tools, which most of the tasks can be accessed via Web User Interface (WUI).

4. BackBox Linux

BackBox Linux is Ubuntu based Linux distribution to perform penetration testing and security assessment. BackBox offers stability and fast, it is configured with XFCE desktop environment. The design idea was, minimum resource consumption and maximize performance. BackBox Linux loaded with known security and analysis tools covers wide range of subject, web applications security assessment, network analysis and computer forensics. Backbox Linux has very well organized tools, which avoid redundant and similar functionality tools.

3. BlackArch Linux

BlackArch Linux is another Linux penetration testing distribution based on Arch Linux. BlackArch Linux ships with 1984 tools (and constantly increasing) for penetration testing and forensic analysis. Its live mode comes with various light and fast window managers, from web applications security assessment such Openbox, dwm, Awesome, Fluxbox, wmii, i3 and spectrwm. The interesting ones among BlackArch tools is, there are applications intregrated for drone security analysis, like Snoppy, Skyjack and Mission Planner.

2. Parrot Security OS

Parrot Security OS is a penetration testing and forensics OS based on Debian. ParrotSec use MATE desktop environment and LightDM display manager. This lightweight pentest OS can run on minimum 256MB of RAM for 32-bit and 512MB for 64-bit. The interesting about ParrotSec OS is, it has an anonymous mode. By activating anonymous mode ParrotSec will automatically route all traffic through TOR. ParrotSec provides a wide array of pentesting tools, digital forensics, reverse engineering and reporting tools. ParrotSec also shipped with tools aimed to do cryptography and programming. An interesting tool in ParrotSec is “Kayak” car hacking tool to diagnose car’s CAN (Controlled Area Network), in other word this tool aims to probe cars for potential security vulnerability.

1. Kali Linux

Finally, on top of the best Linux distribution for penetration testing is Kali Linux. Kali Linux is Debian-based Linux distribution for security auditing and mainly for penetration testing. Kali Linux was developed by “Offensive Security”, shipped with fancy GNOME3 as its desktop environment, which makes Kali Linux run a little bit hard on low spec computer hardware. Kali Linux was reworked from “BackTrack” project. Kali Linux gains more popularity and keeps rising since Mr. Robot scene displayed a computer with Kali Linux OS in particular scenes. Kali Linux is intended to be used for security-related tasks. Kali Linux comes with a huge amount of penetration testing tools from various fields and digital forensics tools. Kali Linux supports a wide range of devices, including i386, amd64, and ARM platform. Kali Linux has also developed the first open source Android penetration testing platform for Nexus devices, it is Kali Linux NetHunter. For now, Kali NetHunter ROM image officially only available for Nexus and OnePlus. But, you actually, can also install Kali NetHunter in any Android phone, there are a lot of tutorials for this on internet. Go for it.

For more information on the top tools in Kali Linux see this article:


About the author



Hy, I am Bima, i am a Freelance Writer and Penetration Tester. Do you have any questions or sharable opportunities? Contact me personally on : dk3ferdiandoo [AT]