Ready to Start Your Career?
December 13, 2016
Linux Smackdown: Which Distro Reigns Supreme for Pentesting?
December 13, 2016
There are some things in life that were simply meant for each other: peanut butter and jelly, snow and Christmas, and Friday night and pizza. In the case of pizza, it goes well with pretty much anything, especially cold beer. When it comes to the art of pentesting, the first ingredient is a target loaded with vulnerabilities. Check. It then helps to have an OS that is custom-made for pentesting and loaded to the gills with tools and utilities. Check, again! That OS is Linux.Linux was a godsend for users of Intel x86 machines back when MS Windows left a lot to be desired – even more so than it does today. First released in 1991, Linux was developed by Linus Torvalds as an open source software project under the GNU General Public License. The underlying source code for the Linux kernel may be modified and freely distributed for both commercial and non-commercial applications. This is the real power and beauty of the Linux project: you can customize the OS to your heart’s content for whatever the application. There are both desktop or server applications and even distros for older, resource-strapped systems.The power and flexibility of Linux also extends to customizing the OS for specialized applications as in the case of pentesting. The ability to run Linux either in dual-boot installations resident on a hard drive along with other OSes or as a “live distro” booting from a USB flash drive or CD/DVD optical media is a distinct advantage. Linux can also be run in a virtualized environment for enhanced performance. This is critical when needing to simulate real life conditions.There are both free and commercial versions of Linux, but why pay for it when there are so many terrific free distros to choose from and all of the pentesting Linux distros are offered free of charge. Choosing the best distro for pentesting is no easy task considering the wealth of available options. Answering the question as to which distro is the best for pentesting then comes down to stating, “It depends.” (You can rarely go wrong choosing the "It depends" answer when it comes to complex technical issues.)The Linux distros for pentesting are virtual Swiss Army knives of apps and utilities, each one tailored for a specific type of security testing application. In addition to pentesting, these distros also include apps for computer forensics, reverse engineering, ethical hacking, Cloud pentesting, privacy exploits and cryptography. Many distros combine all of these features such as Parrot Security OS. Others specialize in particular areas of vulnerability like Wi-Fi hacking as in the case of Weakerthn4n or computer forensics as found in DEFT.At their core, Linux pentesting distros contain a suite of scanning tools for sniffing out vulnerabilities within a target system. There are four phases of web application pentesting and scanning falls into the first phase known as “reconnaissance”: