Linux distributions can be separated into various categories based on use case and the intended target group. Server, education, games and multimedia are some of the most popular categories of Linux distros.
For security conscious users, however, there's a growing niche of distros aimed at protecting your privacy. These distros help ensure you don't leave a digital footprint as you go about navigating the web.
However, for the truly paranoid, privacy distros are only one part of the equation – and the greater part of that equation involves penetration testing distros. These are distros designed for analysing and evaluating network and system security. These efforts feature a vast array of forensic tools to help you test your configured systems for potential weaknesses.
In this article, we've highlighted 10 of the best privacy and pen testing distros.
This Ubuntu-based distro is designed for pen testing. With the lightweight XFCE as the default window manager, Backbox is incredibly fast.
The software repositories are constantly updated to provide you with the latest stable version of the included tools, which can help you perform web application analysis, stress tests, vulnerability assessment, privilege escalation and much more.
Unlike most other distros that feature a vast array of applications, Backbox makes a conscious effort to avoid redundancy. You'll only find the best possible tool for each specific task or purpose. The tools are sorted into well thought out categories that make them easy to spot.
The project's wiki offers a quick introduction and usage options for many of the included tools. Although primarily designed as a pen testing distro, Backbox also features Tor, usually found in privacy distros to help you hide your digital presence.
Arguably the most popular pen testing distro, based on Debian Wheezy, Kali is developed by Offensive Security Ltd and is a rewrite of its earlier incarnation known as BackTrack Linux.
Available as 32-bit and 64-bit images, you can run Kali off a USB stick or CD, or even install it to disk. The project also supports the ARM architecture and can be run on Raspberry Pi, and it features hundreds of pen testing tools. The default desktop is Gnome but Kali lets you build a custom ISO if you'd rather work with another desktop environment. This extensively customisable distro also allows users to modify and recompile the Linux kernel to their exact requirements.
Kali's popularity can also be gauged by the fact that it's a supported platform for MetaSpoilt Framework, a tool that lets you develop and execute exploit code against a remote machine.
Available for 32-bit and 64-bit machines, Pentoo is a pen testing distro that's based on Gentoo Linux. Existing Gentoo users can optionally install Pentoo, available as an Overlay, on top of their Gentoo installation. The XFCE-based distro supports persistence, so when running off a USB stick, all changes you make will be saved for future sessions.
The included tools are divided into some 15 different categories such as Exploit, Fingerprint, Cracker, Database, Scanner, and so forth. Being based on Gentoo, the distro also inherited the Gentoo Hardened feature set, which allows additional security configuration and control of the distro itself. You can use the Application Finder utility to quickly locate particular apps nested inside the different categories.
As the distro is based on Gentoo, there's some amount of work involved in getting your network card and so on to work. When booting, choose the Verify boot option and configure all your devices.
Based on Ubuntu, this distro is designed for intrusion detection and network security monitoring. Unlike penetration testing distros that you can think of as offensive security distros, Security Onion is more of a defensive distro.
That said, it features many of the offensive tools found in pen testing distros in addition to a number of network monitoring tools such as Wireshark packet sniffer, Suricata intrusion detection software, and others.
Along with XFCE, the distro also provides most of the essential apps featured in Xubuntu to function as a regular desktop. Security Onion is not intended for hobbyists and a certain level of familiarity with network monitoring and intrusion detection is a must to be able to work with the complex apps on offer. Thankfully, the project regularly features guides and video tutorials to help users make the most of the included software.
Caine is an acronym for Computer Aided INvestigation Environment. Available as a Live disk, the latest edition of the distro is based on Ubuntu 14.04 and uses SystemBack as the installer. It can be run from the hard disk, once installed, or even as Live USB or CD. The distro strives to provide a user friendly interface and features a host of tools to aid in system forensics.
It stands out from its peers because of some of the included tools such as rbfstab, a utility that safely mounts plugged devices as read-only for forensic examination.
In addition to a large number of memory, database and network analysis applications and various other forensic tools, Caine also features all the other popular apps found in most desktop distros such as browsers, office tools, email clients, etc.
With a Gentoo derivative on our list, how can Arch be far behind? Described as a lightweight expansion of Arch Linux, BlackArch is available as an installable Live image – but Arch users can install BlackArch on top of their existing installation. The project recommends using the dd command to create a Live USB and not UNetBootin.
The default login for the live session is root:blackarch. At over 4GB, the distro ships with the choice of several different window managers such as Fluxbox, Openbox, Awesome, etc.
Unlike the other pen testing distros, BlackArch is also an adept privacy distro. In addition to the many forensic tools, the distro also offers anti-forensic tools, such as sswap and ropeadope to securely wipe the contents of the swap and the system logs respectively, and many more tools designed to ensure your privacy.
Parrot Security OS
Developed by Frozenbox, an Italian network dedicated to IT security and programming, like BlackArch this Debian-based distro can be used for penetration testing or for maintaining privacy. And also like BlackArch, Parrot Security OS is another rolling release distro. The default login for the live session is root:toor.
The installable Live image offers several boot options such as persistence mode and even encrypted persistence. In addition to the forensic tools, the distro also features several anonymity tools and even cryptography software.
The customised Mate environment presents a very slick looking desktop and Parrot is blazingly fast even on older machines with only 2GB of RAM. The distro features several niche utilities such as apktool, which is used to re-engineer Android APK files.
For privacy conscious users, there is a special category under Applications, labelled anon surf, from where users can enable anonymous surf mode (which uses Tor) with a single click.
A Debian-based distro designed specifically for surfing anonymously, JonDo is an anonymising proxy available for various platforms including Linux, BSD, Windows and Mac. The live distro offers users the option of using the JonDo or Tor proxy to protect their privacy online.
The included applications, where possible, are all pre-configured to allow for anonymity. For instance, Pidgin is configured for anonymous instant messaging. The distro includes several different IM clients such as Pidgin and TorChat, and also privacy-enabled browsers like JonDoFox and TorBrowser.
The project hosts a forum board, wiki and various tutorials to help you make the most of the anonymising tools included with JonDo.
Based on Fedora, Qubes is an install-only distro that strives to provide security through isolation. The distro relies on Xen to create isolated virtual machines for the different desktop functions. Each virtual machine only has access to services that it needs to perform the designated function, thus limiting the potential security threat. Despite all that virtualisation wizardry, Qubes offers a coherent and streamlined desktop.
To install the distro, you must follow the instructions offered on each step of the text-based anaconda installer (which you can see in the image above). The distro gives you the choice of installing Qubes with KDE, XFCE, or both.
While Qubes offers the choice of standard partitioning and LVM, on our test machine the install only worked if we chose the third option: BTRFS. The installation process is complicated, especially in the age of graphical installers, but the effort yields an incredibly secure distro.
As with JonDo Live, Tails Linux also ships with a number of internet apps pre-configured for anonymity. You can use the persistence mode to store settings and files for future sessions when running Tails from a USB drive. Indeed, according to the project's website, you can even run Tails from an SD card.
By default the distro uses the Tor network to anonymise all internet traffic, be it web browsing, email or IRC and instant messaging. Tails wipes all traces of your activity from the disk and uses top-of-the-line cryptographic tools to encrypt all files, emails and instant messaging.
Several important add-ons like AdBlock Plus, NoScript and others are enabled by default in the Tor-enabled Firefox. The latest release ships with Electrum Bitcoin wallet and lets you camouflage the system to resemble Windows 8, along with the usual tricks like spoofing the MAC address.