Hi fellas,

As part of my work, I did plenty of researches about hacking / pentesting operating systems in order to find which one could be the most suitable for my needs. Chose his operating system is crucial and avoids unpleasant surprises that could lead to an incredible wastage of time (tools incompatibility, etc). That is why I decided to share with you guys, the fruits of my investigation. I hope that it will be helpful to anyone that still hesitate between different OSs.

Introduction

Hacking or penetration testing relies, partially, on a set of tools used to assess multiple aspects of an information system. Their installation can be quite tedious, and their compatibilities with different operating systems is an obstacle that users face during the installation phase. To overcome this issue, several projects were created to provide an efficient and reliable support such as Kali Linux, BlackBuntu, BackBox, BlackArch, Parrot security OS and Cyborg Awk.

For the sake of this experience, I assessed those systems according to the following criteria : their usability, performance, stability, their number of tools available and the quality of their content manager. To ensure objectivity and consistency of my research, each distribution has been evaluated on a Virtual Machine possessing four Giga Bytes of RAM and two control processor units. This configuration has been specially chosen to minimise the amount of resources available in order to stress the system with greedy instructions such as ARP poisoning, shell bomb, etc.

Kali Linux

Kali Linux is a Linux distribution based on Jessie Debian, created and maintained by Offensive Security, an influential company in the penetration testing area. From a usability point of view, this system presents, through GNOME 3, a user-friendly interface to its user which seems familiar to anybody who already used any mainstream Linux distribution e.g. Ubuntu, Xubuntu, Debian, etc. Moreover, the tools are classified by domain and make easier to discover new software. Furthermore, because this system is presented as a reference for pentesters and highly maintained, it affords a colossal quantity of tools, covering every possible computer security aspect. Hosted and available from their repository, it allows to keep tools updated, which is mandatory for such activity.

However, Kali Linux has critical performance and stability issues. Indeed, it is based, for Network Interface Card compatibility reasons, on a modified version of Debian UNIX Kernel. Moreover, it is important to note that the previous version of Kali Linux was Backtrack5, which suffered from the same issue. Most of them have been fixed, but the essential problem remains.

To conclude, Kali Linux is a great pentesting operating system. However, its lack of stability reduces its efficiency. This distribution is well more focused to run on a live session which involves some problems for a long pentesting session. It is, certainly, possible to create a persistent environment but it requires external tools which are not provided during the installation phase. Despite those issues, Kali Linux is available on several platforms e.g. Raspberry Pi, Chromebooks, Odroid and tablet thanks to NetHunter. Moreover, the important community involved in this project allows resolving rapidly most of the reported issues that can occur when a release or a tool become obsolete.

BlackBuntu

BlackBuntu is based on Xubuntu, a fork of Ubuntu which originally provides a XFCE interface which has been replaced by GNOME in order to improve the usability of the distribution. However, this system is awful to use. Indeed, tools are not installed properly on the machine and are just reachable in their distinct directory which makes impossible to run a tool from the home user. Moreover, the classification of those tools is not intuitive at all, and it is very complicated to detect the presence of specific software without using locate, or similar, command line. Furthermore, this project was abandoned by its founders and developers in 2014 therefore, rendering it out of date.

Nevertheless, the performance and stability provided by BlackBuntu seems reasonable, excepted some termcaps inconstancy.

To conclude, this pentesting distribution had a great potential but became completely obsolete, due to the fact that it is not maintained anymore.

Backbox

BackBox is based on Ubuntu and provides a nice and user-friendly interface. However, the menu has been completely revamped to give way to a set of submenus that have to be, consecutively clicked, as an LDAP directory software would provide, to display the associated tools, which is, in long term usage, quite irritating. Moreover, this system suffers for random crashes, reducing its stability and performance considerably. Indeed, it is not acceptable to have to reboot for such reason during a penetration testing when each second is valuable.

Regardless, BackBox provides a reasonable list of tools and have, as Kali Linux, its own repository which ensures the reliability of their system.

To conclude, despite the fact that BackBox provides fewer tools than Kali Linux, it seems to be a good pentesting OS and runs quite well on few resources.

BlackArch

BlackArch is an operating system based on ArchLinux and well known for its lightness. Indeed, ArchLinux embeds just the necessary components required for its installation and its execution. Moreover, it comes without GUI which affords the possibility to create a customised working environment, depending on the tastes of anyone. Furthermore, BlackArch is distinguishable from others by its modularity. In fact, it is nothing more or less that just a layer that can be implemented over a traditional ArchLinux distribution, allowing users to convert their existing system into a complete penetration testing laboratory.

From a usability point of view, BlackArch is formidable. Indeed, every tool, thanks to FluxBox, is accessible through the right click, making it very easy to handle. By the same token, the amount of tools provided by this operating system is colossal, around one thousand and forty, and largely exceed those available on Kali Linux. Lastly, as the previously assessed systems, BlackArch has its own tools repository, avoiding any obsolescence.

However, by essence, ArchLinux is not the most reliable and stable operating system on the market. Indeed, users often play the role of Beta testers to assess and report incidences once the system is updated, which can lead, sometimes, to a downgrade. Consequently, without any deeper experiences in the Linux world, it will be almost impossible for a novice to handle this system.

To conclude, BlackArch is a very lightweight system which runs perfectly for whom to feel at ease with system architecture, partitioning processing and command line. It seems to be a good trade-off between a home-made distribution and a Kali Linux or a Parrot Security OS.

Parrot Security OS

Parrot Security OS is based on Debian and consequently, takes advantage of its reliability. Moreover, it presents to its user through a user-friendly and intuitive interface with a classified tools list, improving the usability of the distribution. As Kali Linux, it furnishes a vast number of tools, covering multiple aspects of computer security and keeps them up-to-date via their repository. Lastly, the batterie of tests shows that the system has a great performance and stability, incomparable with other similar pentesting distributions.

Finally, Parrot Security OS is quite similar to Kali Linux but well more stable and performant. It is, in my opinion, the best user-friendly and pre-built OS for pentesting. Moreover, it provides the possibility to run in stealth or forensic mode which makes this OS highly flexible and could fit with any needs.

Cyborg Hawk

Cyborg Hawk is based on Debian and seems to be inspired from Kali Linux. Indeed, it provides the same menu, user interface and tools than Kali with some additional fancy widgets such as the memory and CPU usage, the disk space available, etc.

However, those fantasies have a terrible impact on the performance. Indeed, by randomly moving a window, the CPU usage reaches the 60%, which emits doubts about its reliability.
To conclude, Cyborg Hawk tries to distinguish itself via some fancy widgets whose aim is to put the user into the skin of a hacker but without really succeed to provide a reliable and stable environment.

Conclusion

Choose the best support is critical to ensure the quality and the reliability of your hacking / pentesting session. Each of the operating system assessed previously has its own regarding usability, stability and performance. However, the tools provided by those systems could be, for most of them, useless, according to your objectives and so, can potentially slow down the machine for non relevant reasons.

Consequently, I advise to whom want to possess an efficient and reliable machine, to set up his own with, only, the tools that are necessary to reach the settled goals. Moreover, install a tool from scratch improves the understanding of its behaviours and simplifies the learning phase. Lastly, it affords the possibility to have a minimalist and ergonomic interface without undesirable features that can impact on the performance.

Are you interested by my personal setup ?

Best,
Nitrax

Thanks for this. It seems that all of these OSes lack stability.

Yep mate ! That is why I configured my own system, allowing me to control at a deeper level each process and service running on my machine. Indeed, under a “ready to use” platform such as Kali Linux, you are dependant on their updates which can potentially fuck up your complet setup if you changed librairies version, network manager, etc.

Moreover, their fucking bloody GUI that nobody uses terribly impact on the machine performance and makes them almost unusable with a low spec hardware …

Really nice write up. I love your style and easy reading way of writing. I just comment on the “stability of Arch Linux” though.

(I bet people knew I would bring this up)

Arch Linux if treated well can be extremely stable. Especially if you factor out Gnome or KDE your box can be insanely stable. I’ve been running Arch for over 2 years and in those years I only experienced issues when running a full DE (in the beginning stages of my usage of it). That’s all. The same is true for BlackArch.

I am very interested in seeing your setup. Personally I just run Arch with BlackArch repos and install packages from wherever they come from when needed (the AUR is a pretty good place for that). I’ve found tmuxinator is a very powerful addition to my setup. Although not everybody seems to comprehend quite how good it can be when coupled with keyboard shortcuts.

- pry0cc

Oh man. Tell me about it. I personally don’t think I’ve ran Kali Linux for more than a week without being screwed over by updates .

In Arch, things do break sometimes, but its always the user’s fault (well, most of the time, unless its a problem with the package and some dependency issue). When I first started out, I didn’t know much about how things were done, but in the first few weeks, I got to know so much, because everything had to be done by hand. I had to enter commands, so many lines. No surprise fixing my system in ttys made me a terminal ‘snob’.

The thing is, Arch isn’t unstable, its the user who breaks stuff by doing things the wrong way. When people refer to Arch being unstable, its usually Arch with Testing enabled. It’s a really tempting deal but with its disadvantages. [Testing] means glitches, bugs and a really hard system to use. What else do you expect?

@pry0cc I prefer installing tools from the official repos and AUR. All the big tools with numerous dependencies, in fact, all the tools I’ve wanted to get were avaiable on the official rpeos and AUR, so I haven’t felt the need. Though I think that’d be a better way to get hacking tools, it still doesn’t matter.

Worse than a cancer

This is my complete opinion, but personally I think Kali is good for live boots not necessarily stand alone OS on ones hard drive. If anyone doesn’t know already but I personally run Parrot which ran so much better then Kali ever did and I haven’t ran into any issues thus far.

Personally, @pry0cc I’m not surprise you brought up Arch. lol.

Cheers.

@pry0cc @worz I agree with you, and issues involved when using Arch is mainly due to the HCI (Humain computer interaction). However, it is well more easy to fucked up an Arch than a stable version of debian . Arch is, from my point of view, a relevant and viable solution that merit to give it a try.

Yep, the only reason that pushes me to start Kali is to discover new tools ! Parrot is excellent mate, and would have been my choice if I wasn’t a UNIX nazi that cannot handle the fact to have useless dependences on his system

I will have to disagree again. Arch can run on a purely minimum environment. Worse case scenario you can just delete most of the packages and reinstall with pacstrap. With debian you’ve gotta go full fresh install.

It takes agreeing to disagree. This is all based on opinion. There’s litterly no right answer, except the fact that @pry0cc can’t accept the fact that there’s no right answer.

Cheers.

P.S. All in good nature right?

Disagreement is a good thing. It allows you to exchange thoughts and see others point of view. There usually is never a right answer but a spectrum of opinion. Agreement allows you to see those opinions.

Just a question of point of vue. Quite enlightening

So @Nitrax, the poll is pretty decisive… When are you gonna show us your setup?

Looks like there are no plans.

@pry0cc I will mate, give me a few days, a lot of work to do atm. I scheduled to post it at the end of the week. Sorry for the delay

Why so much hates

No worries at all! I know how it is.

Here’s my setup:

Coffee spilled everywhere.Piles of notebooks.Piles of books.Broken Raspberry Pi lying around.

Do I have to continue?

Cheers.

I’f were talking about spilled liquid. Mine is full of spilled whiskey xD just ask @oaktree