Deciding on a Linux distribution can be quite the daunting task, It is rather intimidating for beginners in network security and may be time consuming researching for the right distro with the right tools.
What we will be covering in this article will not only be the best distros for beginners but a variety of them that may be of use to individuals looking for different things.
A distribution contains, at least, the Operating System, but very often much more software.
We will be listing various distros focused on security, The tools provided by the mentioned distros as well as who the distro would be suitable for. The list is in no particular order.
Kali Linux is a Debian based Linux distro aimed at advanced Penetration Testing, It is developed and funded by Offensive Security and follows the rolling release model.
The benefits of Kali apart from cosplaying as your favorite Mr Robot character are numerous, It is often considered an industry standard featuring over 600 penetration testing tools. It also presents complete customization down to the kernel.
Support for Kali Linux is available via Offensive Security and they provide a rather interesting bug bounty program for those interested.
Although the praise, Kali would not be preferred for those unfamiliar with the Linux OS nor for those who are looking for a run of the mill general purpose desktop installation, But for those looking to professionally get into pentesting or are already in the industry, Kali Linux may be your choice of OS.
BlackArch is an Arch-Linux based pentesting distro, It is developed through community based efforts and despite the Arch title is fairly easy to install, allowing a regular ISO installation.
With BlackArch one would have over 2500 tools at their disposal, This distro can also be installed upon existing Arch Linux computers. With the excessive tools this OS would not be for those unfamiliar with Arch Linux or Linux in general.
BlackArch is quite the light distro considering the number of tools it employs so it would be a good alternative of a heavier OS like Kali Linux for devices with lower specs.
DEFT (Digital Evidence & Forensics Toolkit)is a household name when it comes to digital forensics and intelligence activities. This Linux distro is made up of a GNU/Linux and DART (Digital Advanced Response Toolkit).
Depending on the mode you choose to boot DEFT into you may be greeted by a command line interface or an LXDE desktop environment. DEFT Linux also includes some tools for the analysis of mobile devices. Aside from the security tools, DEFT also comes with a complete suite of desktop productivity applications, including LibreOffice, Firefox and Chromium browsers. Wine is also available for running Windows apps.
DEFT is a very professional and stable system, It is meant to be used by the Military, the Police, Private security professionals, IT Auditors and Individuals as well.
BackBox is an Ubuntu based Linux distro that provides a network and systems analysis toolkit. It is developed through community based efforts meaning contribution to its development is relatively easier
It features around 70 penetration testing tools covering Zenmap, Sqlmap, Wireshark and many more. An interesting feature in BackBox is its Launchpad repository core. What this does is that it constantly updates packages of the most used hacking tools to their latest most stable release version from the open source community.
Due to its choice of desktop manager XFCE, BackBox requires minimal resources to run on a device making it function on old and obsolete devices as well. For newcomers to the world of hacking or Linux BackBox may be a suitable choice.
Bugtraq is an open-source Linux distribution based on Debian and Ubuntu aimed at digital forensics, penetration testing, Malware Laboratories, and GSM Forensics; It can be built with different desktop managers like XFCE, GNOME and KDE.
It features an arsenal of pentesting tools including but not limited toobile forensic tools, malware testing laboratories, tools of the Bugtraq-Community, audit tools for GSM, wireless, bluetooth and RFID, integrated Windows tools, tools focused on ipv6, and typical pentesting and forensics tools. It is also available in 11 different languages.
One could say that Bugtraq is more a organised repackaging of Kali Linux, It is a suitable OS for beginners as well as professionals.
Parrot Security operating system is a Debian-based Linux distribution built by Frozenbox Network for cloud oriented penetration testing and also follows the rolling release model.
Parrot OS is rather secure keeping itself frequently updated and can be fully sandboxed as well. Parrot also comes pre-installed with several security tools, Parrot comes with two different installation type, one being Parrot Home which is aimed more towards a daily use OS. The other being Parrot Security which has the pre installed tools.
Using the LightDM desktop manager it is also suitable for devices with lower capabilities and runs very well on them. Personally I recommend Parrot OS for new comers as it is quite easy to get into when one is unfamiliar with the Linux OS.
Before diving into Pentoo OS we must first discuss Gentoo, Gentoo is Linux distribution centered around compiling packages from source. While this may seem counter productive as it is very time consuming there are many benefits to this method.
Pentoo OS is an overlay for Gentoo, ie, Pentoo is to Gentoo what BlackArch is to Arch-Linux. Pentoo has an advanced Python-based package management system with cool features such as system profiles, config file management, safe unmerging, and virtual packages, among others.
Pentoo offers several customization features and uses the XFCE desktop environment. It is a security-centric distro and so the tools that it ships with are divided into the categories of Scanner, MitM, Expoit, Forensics, etc. It also provides rolling release updates.
The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. Its main focus is to provide pentesting on the web.
The VM contains the best open source and free tools that focus on attacking and testing against websites some of which are Fierce domain scanner, Maltego for mapping; w3af, burp for discovery; BeEF, AJAXShell for exploitation; and many more tools at your disposal.
The VM also includes a a pre-configured wiki, set up to be the central information store during your pen-test. Which can prove to be quite useful. This is a suitable Framework for Web Penetration Testing.
Fedora Security Spin is a variation of Fedora designed for security auditing and testing, it may also be used for educational purposes. It provides a safe test environment for the activities above along with the tools and features present in Fedora Security.
The spin is maintained by a community of Security testers and developers. It comes with the clean and fast XFCE Desktop Environment and a customized menu to have all the instruments one may need to follow a proper test path on security testing or to rescue a broken system.
This OS may appeal to students and teachers as it assists in practicing or learning network and information security.
NST (Network Security Toolkit) is a bootable ISO image based on Fedora. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools.
An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution.
ArchStrike, an Arch Linux repository for security professionals and enthusiasts who use Arch Linux as their base OS. It is security a penetration testing and security layer on top of Arch Linux, and is carefully crafted for learning Ethical hacking.
This can either be installed as its own ISO or installed on top of an already set up Arch Linux system, It features a plethora of security and penetration tools. ArchStrike provides a live desktop environment based on the Openbox window manager. One can choose from over 1450+ tools to install from within the repository.
Requiring experience with Arch Linux this would not be recommended for those who are unfamiliar with it.
Caine (Computer Aided Investigative Environment) is a GNU/Linux live distribution created as a Digital Forensics project. It’s a professional open source forensic platform that integrates software tools as modules along with powerful scripts in a graphical interface environment.
It comes bundled with some impressive and wide range digital forensics tools, that are precious for digital forensics professionals. Namely, MWSnap, Wireshark, Arsenal Image Mounter, QuickHash, Autopsy, WinAudit, etc.
Caine offers an interoperable environment that supports the digital investigator during the four phases of the digital investigation, along with user friendly tools and an user friendly GUI. It would primarily be used by law enforcement, military and corporate examiners for investigation purposes.
The Absolute Best?
There we have it, Some of the best Linux distributions to help you on your security adventures. Picking the right distro relies on your own current knowledge and skill level; As well as the purpose it will be serving you. So there is no absolute best distro, All of them serve their own purposes. Technically speaking, you could even use Ubuntu for security, it not the tool that matters, its your skill.
I hope I was able to bring insight into these distros and you’ll be leaving this article well satisfied, If you did go ahead and hit that share button and always remember to stay safe.
All images used belong to their respective owners