As part of my work, I did plenty of researches about hacking / pentesting operating systems in order to find which one could be the most suitable for my needs. Chose his operating system is crucial and avoids unpleasant surprises that could lead to an incredible wastage of time (tools incompatibility, etc). That is why I decided to share with you guys, the fruits of my investigation. I hope that it will be helpful to anyone that still hesitate between different OSs.
Hacking or penetration testing relies, partially, on a set of tools used to assess multiple aspects of an information system. Their installation can be quite tedious, and their compatibilities with different operating systems is an obstacle that users face during the installation phase. To overcome this issue, several projects were created to provide an efficient and reliable support such as Kali Linux, BlackBuntu, BackBox, BlackArch, Parrot security OS and Cyborg Awk.
For the sake of this experience, I assessed those systems according to the following criteria : their usability, performance, stability, their number of tools available and the quality of their content manager. To ensure objectivity and consistency of my research, each distribution has been evaluated on a Virtual Machine possessing four Giga Bytes of RAM and two control processor units. This configuration has been specially chosen to minimise the amount of resources available in order to stress the system with greedy instructions such as ARP poisoning, shell bomb, etc.
Kali Linux is a Linux distribution based on Jessie Debian, created and maintained by Offensive Security, an influential company in the penetration testing area. From a usability point of view, this system presents, through GNOME 3, a user-friendly interface to its user which seems familiar to anybody who already used any mainstream Linux distribution e.g. Ubuntu, Xubuntu, Debian, etc. Moreover, the tools are classified by domain and make easier to discover new software. Furthermore, because this system is presented as a reference for pentesters and highly maintained, it affords a colossal quantity of tools, covering every possible computer security aspect. Hosted and available from their repository, it allows to keep tools updated, which is mandatory for such activity.
However, Kali Linux has critical performance and stability issues. Indeed, it is based, for Network Interface Card compatibility reasons, on a modified version of Debian UNIX Kernel. Moreover, it is important to note that the previous version of Kali Linux was Backtrack5, which suffered from the same issue. Most of them have been fixed, but the essential problem remains.
To conclude, Kali Linux is a great pentesting operating system. However, its lack of stability reduces its efficiency. This distribution is well more focused to run on a live session which involves some problems for a long pentesting session. It is, certainly, possible to create a persistent environment but it requires external tools which are not provided during the installation phase. Despite those issues, Kali Linux is available on several platforms e.g. Raspberry Pi, Chromebooks, Odroid and tablet thanks to NetHunter. Moreover, the important community involved in this project allows resolving rapidly most of the reported issues that can occur when a release or a tool become obsolete.
BlackBuntu is based on Xubuntu, a fork of Ubuntu which originally provides a XFCE interface which has been replaced by GNOME in order to improve the usability of the distribution. However, this system is awful to use. Indeed, tools are not installed properly on the machine and are just reachable in their distinct directory which makes impossible to run a tool from the home user. Moreover, the classification of those tools is not intuitive at all, and it is very complicated to detect the presence of specific software without using locate, or similar, command line. Furthermore, this project was abandoned by its founders and developers in 2014 therefore, rendering it out of date.
Nevertheless, the performance and stability provided by BlackBuntu seems reasonable, excepted some termcaps inconstancy.
To conclude, this pentesting distribution had a great potential but became completely obsolete, due to the fact that it is not maintained anymore.
BackBox is based on Ubuntu and provides a nice and user-friendly interface. However, the menu has been completely revamped to give way to a set of submenus that have to be, consecutively clicked, as an LDAP directory software would provide, to display the associated tools, which is, in long term usage, quite irritating. Moreover, this system suffers for random crashes, reducing its stability and performance considerably. Indeed, it is not acceptable to have to reboot for such reason during a penetration testing when each second is valuable.
Regardless, BackBox provides a reasonable list of tools and have, as Kali Linux, its own repository which ensures the reliability of their system.
To conclude, despite the fact that BackBox provides fewer tools than Kali Linux, it seems to be a good pentesting OS and runs quite well on few resources.
BlackArch is an operating system based on ArchLinux and well known for its lightness. Indeed, ArchLinux embeds just the necessary components required for its installation and its execution. Moreover, it comes without GUI which affords the possibility to create a customised working environment, depending on the tastes of anyone. Furthermore, BlackArch is distinguishable from others by its modularity. In fact, it is nothing more or less that just a layer that can be implemented over a traditional ArchLinux distribution, allowing users to convert their existing system into a complete penetration testing laboratory.
From a usability point of view, BlackArch is formidable. Indeed, every tool, thanks to FluxBox, is accessible through the right click, making it very easy to handle. By the same token, the amount of tools provided by this operating system is colossal, around one thousand and forty, and largely exceed those available on Kali Linux. Lastly, as the previously assessed systems, BlackArch has its own tools repository, avoiding any obsolescence.
However, by essence, ArchLinux is not the most reliable and stable operating system on the market. Indeed, users often play the role of Beta testers to assess and report incidences once the system is updated, which can lead, sometimes, to a downgrade. Consequently, without any deeper experiences in the Linux world, it will be almost impossible for a novice to handle this system.
To conclude, BlackArch is a very lightweight system which runs perfectly for whom to feel at ease with system architecture, partitioning processing and command line. It seems to be a good trade-off between a home-made distribution and a Kali Linux or a Parrot Security OS.
Parrot Security OS
Parrot Security OS is based on Debian and consequently, takes advantage of its reliability. Moreover, it presents to its user through a user-friendly and intuitive interface with a classified tools list, improving the usability of the distribution. As Kali Linux, it furnishes a vast number of tools, covering multiple aspects of computer security and keeps them up-to-date via their repository. Lastly, the batterie of tests shows that the system has a great performance and stability, incomparable with other similar pentesting distributions.
Finally, Parrot Security OS is quite similar to Kali Linux but well more stable and performant. It is, in my opinion, the best user-friendly and pre-built OS for pentesting. Moreover, it provides the possibility to run in stealth or forensic mode which makes this OS highly flexible and could fit with any needs.
Cyborg Hawk is based on Debian and seems to be inspired from Kali Linux. Indeed, it provides the same menu, user interface and tools than Kali with some additional fancy widgets such as the memory and CPU usage, the disk space available, etc.
However, those fantasies have a terrible impact on the performance. Indeed, by randomly moving a window, the CPU usage reaches the 60%, which emits doubts about its reliability.
To conclude, Cyborg Hawk tries to distinguish itself via some fancy widgets whose aim is to put the user into the skin of a hacker but without really succeed to provide a reliable and stable environment.
Choose the best support is critical to ensure the quality and the reliability of your hacking / pentesting session. Each of the operating system assessed previously has its own regarding usability, stability and performance. However, the tools provided by those systems could be, for most of them, useless, according to your objectives and so, can potentially slow down the machine for non relevant reasons.
Consequently, I advise to whom want to possess an efficient and reliable machine, to set up his own with, only, the tools that are necessary to reach the settled goals. Moreover, install a tool from scratch improves the understanding of its behaviours and simplifies the learning phase. Lastly, it affords the possibility to have a minimalist and ergonomic interface without undesirable features that can impact on the performance.
Are you interested by my personal setup ?