Linux Smackdown: Which Distro Reigns Supreme for Pentesting?

There are some things in life that were simply meant for each other: peanut butter and jelly, snow and Christmas, and Friday night and pizza. In the case of pizza, it goes well with pretty much anything, especially cold beer. When it comes to the art of pentesting, the first ingredient is a target loaded with vulnerabilities. Check. It then helps to have an OS that is custom-made for pentesting and loaded to the gills with tools and utilities. Check, again! That OS is Linux.Linux was a godsend for users of Intel x86 machines back when MS Windows left a lot to be desired – even more so than it does today. First released in 1991, Linux was developed by Linus Torvalds as an open source software project under the GNU General Public License. The underlying source code for the Linux kernel may be modified and freely distributed for both commercial and non-commercial applications. This is the real power and beauty of the Linux project: you can customize the OS to your heart’s content for whatever the application. There are both desktop or server applications and even distros for older, resource-strapped systems.The power and flexibility of Linux also extends to customizing the OS for specialized applications as in the case of pentesting. The ability to run Linux either in dual-boot installations resident on a hard drive along with other OSes or as a “live distro” booting from a USB flash drive or CD/DVD optical media is a distinct advantage. Linux can also be run in a virtualized environment for enhanced performance. This is critical when needing to simulate real life conditions.There are both free and commercial versions of Linux, but why pay for it when there are so many terrific free distros to choose from and all of the pentesting Linux distros are offered free of charge. Choosing the best distro for pentesting is no easy task considering the wealth of available options. Answering the question as to which distro is the best for pentesting then comes down to stating, “It depends.” (You can rarely go wrong choosing the "It depends" answer when it comes to complex technical issues.)The Linux distros for pentesting are virtual Swiss Army knives of apps and utilities, each one tailored for a specific type of security testing application. In addition to pentesting, these distros also include apps for computer forensics, reverse engineering, ethical hacking, Cloud pentesting, privacy exploits and cryptography. Many distros combine all of these features such as Parrot Security OS. Others specialize in particular areas of vulnerability like Wi-Fi hacking as in the case of Weakerthn4n or computer forensics as found in DEFT.At their core, Linux pentesting distros contain a suite of scanning tools for sniffing out vulnerabilities within a target system. There are four phases of web application pentesting and scanning falls into the first phase known as “reconnaissance”:

• Reconnaissance
• Mapping
• Discovery
• Exploit

The workhorse of Linux pentesting distros is Kali Linux. It’s the distro that is featured prominently in the pentesting training courses offered here on Cybrary.it. Kali Linux is a Debian-derived Linux distribution explicitly developed for digital forensics and pentesting. It evolved from BackTrack Linux and both are maintained by Offensive Security, Ltd.Kali can be installed and run natively from a computer’s hard drive as well as booted from a live CD or USB device or run within a VM. To make Kali even more powerful it is part of the Metasploit framework which is a platform for developing and executing security exploits.Kali is a great pentesting distro to cut your teeth on, but you’ll eventually want to investigate a few of the other pentesting distros. Specializing in a particular area of security testing is great, but it may cause you to miss other risks that potentially threatening an organization. These other risks can extend to the network, web app threats such as SQL injection and cross-site scripting exploits, and remote file includes. In combination, you’re up against blended attacks that can get particularly nasty. Anticipating them and discovering where systems are vulnerable can head off trouble down the road. There are Swiss Army knives for all sorts of activities from fishing to camping to crafts and hobbies. Sometimes it’s nice to have more than one variety in your toolbox.A great place to start on your journey in pentesting and learning more about testing tools, especially Kali Linux, are the two introductory courses here on Cybrary.it: “Web App Penetration Testing” with Raymond Evans and the “Metasploit” course taught by Dean Pompilio.