As a security professional, one of the most important things is to have a set of tools that can help you in performing time-consuming and tedious tasks efficiently. In this article, we will be discussing various Linux distros that can help a security professional on a day-to-day basis. The list will not be in any specific order since different security professionals have different needs and requirements — a forensic expert will be required to have a forensic-related toolkit; an analyst needs some decent tools for all his needs, a web tester would need some web testing tools and so on.
A Linux distro is a Linux distribution that has been curated to perform security-related tasks. A Linux distro will have a Linux base of Ubuntu or Debian flavor and then have some custom tools pre-installed in it. Linux is the best choice for a security professional for obvious reasons and hence most of the distros are built on it. A Linux distro can help in performing analysis, ethical hacking, penetration testing, digital forensic tasks, and various auditing purpose.
You may also like: Penetration Testing: Step-by-Step Guide, Stages, Methods and Application
The article will talk about the distros. But apart from these, there are various other open source tools that can be bundled and used as per custom requirements. The distros will just make the daunting task of installing the tools, configuring the environment for them and then troubleshooting to make the tool run. Some tools may have conflicting dependencies as well. You will not have to take care of all this since the distros are pre-configured. This way you can save time and effort and utilize that in something more productive ways.
Advantages of a Distro:
Saves time and effort to make a custom setup.
Helps beginners to start security testing without getting into the nitty-gritty.
Great pool of distros which can be chosen from.
Let’s discuss the top 10 distros that can help you get started. The choices may confuse you on which one to choose. You can try all and choose what fits your needs.
1. Kali Linux:
Kali is one of the most popular Debian-based security Linux distros that is developed by Offensive security. It has more than 500 pre-installed tools that the community maintains and updates the repositories. The tools are categorized in various categories like – web testing, forensic, password cracking, memory forensics etc. Kali is free and can be used as a virtual machine as well as a live boot which is a perfect fit for both security testing and forensic jobs. There is a lot of help available on the internet that can help you to get started and assist if you get stuck.
2. Parrot security:
Parrot project started in 2013 and since then it has been regularly updated with over more than 40 version updates. The OS is Debian-based and is developed by Frozenbox team. The distro is a mix of Kali and Frozenbox OS and uses Kali repositories for tool updates. The OS is designed for penetration testing, vulnerability testing, and digital forensics. It requires a minimum of 256MB RAM and works with both 32 and 64bit systems as well and has an ARM-compatible version. Parrot OS can be installed on a cloud and updated to perform cloud-based security testing. For those who require a lightweight system, Parrot distro should be a choice for them. Parrot security can be downloaded here.
BlackArch is another security Linux distribution that is actively developed and maintained for over 2000 tools. It can be installed as it is on the top of the Arch Linux. The project is relatively new with just ~12 developers but the tool repository is huge and is tested before adding it to the code. It also offers an installation guide in 8 languages and a video-based tutorial as well to get you well versed with it. The official website has a tool list as well as a description of it for easy understanding. The aim is to make things simple. The images are available at the below link and you can choose an image from ISO, OVA ARM etc. You can download it here.
Image Source: https://blackarch.org/downloads.html
4. Samurai Web Penetration testing Framework:
Samurai web penetration testing framework is built on open source software and is specifically crafted for web penetration testing. It contains all the open source tools that can be used in all the four stages of web application penetration testing. Below is a small list of tools that it has as per the web penetration testing steps.
This is the best fit if you need something specific to perform web testing.
One thing that makes Bugtraq stand out is that the team is an expert in Linux customization. They curate the Linux for boot entry, tools, files, wallpapers, logos, etc. to fit the requirement. It is available in various Linux flavors (Debian, Ubuntu, and OpenSUSE). The team at Bugtraq is experienced and the tools have been developed in Python along with LUA integration. The distribution is available in 11 languages and has a wide range of features. One of the key features of Bugtraq is that it has tools that span over a wide range of security domains – Penetration testing, malware analysis, Android penetration testing, wireless hacking, mobile forensics etc.
Image Source: http://bugtraq-team.com/
6. Fedora Security Spin:
Fedora security spin is developed with an intent to teach security to the students and beginners. It is maintained by security testers and developers in order to provide a secure environment for forensic jobs and other information security auditing purpose. The distribution has most of the tools that are required for learning basics in terms of network monitoring, web application penetration, brute forcing, scanning etc. The tool list contains but is not limited to Etherape, Nmap, Medusa, Ettercap, Skipfish, SQLNinja, Wireshark etc. You can get a copy of the spin from the link given here.
You may also like: Brute Force Attacks: Prominent Tools to Tackle Such Attacks
CAINE stands for Computer Aided Investigation environment. This Linux distro helps security professionals to investigate and perform digital forensics jobs (also consider checking out this career guide for data science jobs). It has all the tools that can aid a digital investigator during the various phases of the investigation. The tools are graphical and simple to use. CAINE is an open source tool and has various tutorials available on the website to help you install and run various tools like Autopsy, Sleuthkit etc.
You may also like: Top 20 Trending Computer Forensics Tools of 2018
Image Source: https://www.caine-live.net/
Santoku is a bootable Linux environment designed to perform security tasks only for mobiles. This is one of the rare distros that focus on mobile security and testing. It has pre-installed drivers, utilities and other prerequisites. Santoku is a Japanese chef knife that can be used to perform three functions, thus the distro is developed to cater to three areas of mobile security. You can download it here.
We will discuss this one by one in detail:
Mobile forensics: Santoku has the capability to forensically acquire and analyze data, firmware flashing and has tools for memory imaging and forensic analysis.
Mobile Malware analysis: To perform a successful malware analysis we need to have three basic requirements that are filled by this Linux distro.
(i) A malware simulation machine that can be reset. Santoku has mobile emulators for this that can be used to perform dynamic malware analysis.
(ii) Debuggers and disassemblers for static analysis of malware.
(iii) Malware sample database.
Mobile security: To perform various mobile security testing of applications. Capability to decompile, disassemble and work with binaries (also consider checking this perfect guide for cybersecurity certifications).
You may also like: Introduction to Malware: Definition, Attacks, Types, and Analysis
Backbox is a free open source community project that has been aimed to promote Information Security. It is an Ubuntu-based OS that is lightweight, fast, optimization-aimed and compatible with older hardware. The distro has pre-organised tools that can be used for network, system analysis, web application testing, stress testing, sniffing and vulnerability analysis, computer forensics, exploitation etc. The distro is highly customizable and users can chisel it as per need. In case you are interested to access the machine from anywhere and want it to be device agnostic, you have an option to opt for cloud version (Backbox AWS) of Backbox. You can get your hands on Backbox here.
Image Source: https://linux.backbox.org/
10. Pentoo Linux:
Pentoo is based on Gentoo Linux and has a focus on performing penetration testing. If you have Gentoo already installed, you can install Pentoo over that itself. The project has various developers that have been focussed on overall maintenance of the project. It supports both 32 and 64 bit systems and is available for Live boot from CD/USB. The distro has a persistence mechanism for changes to be stored in the live boot session. There are a lot of tools available for the penetration testers ranging from scanners, web application testing, cracking, database analysis, exploitation etc. to get their hands dirty with.
You may also like: What is a Sniffing attack and How can you defend it?
Various organizations have a requirement-basis type of work. An organization that is focused on web application development will require a security tester to perform web application penetration testing. For an organization that works on the development of mobile applications and solutions will be required to test the application for any kind of security flaws and backdoors. If there is any kind of security incident, a forensic investigator is required to dig the case and ensure that all steps in the investigation are taken care of.
For all these activities, the security team of the organization needs to have a trusted environment that has been designed to fulfill the tasks. Since these are already developed and distributed, the security teams can download and start the work. The selection can be different but these will help the team to get the security task done. For most of the tasks, the tools are already present which can be downloaded and run, then the rest of the playground is all set.
Now that we have discussed the list of popular Linux distros, you must have got some idea of what is available and its features. This may not be an exhaustive list but the most popular ones. There are other distros as well as DEFT for digital evidence forensics and security testing but these should be enough to cater to the most common needs of a security professional.
Before selection of what will suit you the best, simply jot down your requirements, an outcome that is expected and the features of the Linux distros, then weigh what gives you the most. This may not help you to get exactly what you want but it will definitely help you to narrow down your choices. Once finalized, you can chisel that as per your exact need or requirement. Since the security domain is vast and the list may not contain what you want. A little research on Google will help you find if something is already present which we have missed. Do share your thoughts in the comments section below.