Lord777
Professional
- Messages
- 2,576
- Reaction score
- 1,550
- Points
- 113
Content
Building your own collection of hacking tools is great, but now it is customary to take one of the specialized distributions as a basis. Usually this is Kali Linux, but we will consider not only it, but also other operating systems for hacking (pentesting), sometimes no less effective, and in some areas even more useful.
There are many operating systems for cracking. Some are popular, others are not very popular, but they all pursue the goal of giving the hacker a convenient, versatile and reliable tool for all occasions. The average hacker will never use most of the programs included in such customized assemblies, but they are added to show off their status.
While these distributions are designed to be attacked, you are solely responsible for using them! Do not forget that the use of this knowledge to the detriment is punishable by law.
Best operating systems to crack
Today we will try to review the majority of interesting distributions for hackers, both popular and undeservedly forgotten. If we missed something, feel free to use comments. Go!
NST
The set includes several dozen of the most important tools, mainly network scanners, clients for all kinds of services and all sorts of traffic interceptors. But there are not enough useful things like, for example, masscan, and even the banal aircrack, although airsnort is available.
Most of the tools are located in the Internet folder
Most of the goodies can be found in the Applications → Internet folder. Here we have Angry IP Scanner, written, by the way, in Java, and Ettercap, and even OWASP ZAP, which we already wrote about in the article " Review of the best vulnerability scanners".
There is a good collection of modules for all kinds of spoofing and scanning from the netwag package. In practice, he showed himself well, it's a pity, not very convenient and terribly outdated.
All the software I've tested works great. In general, everyone who misses the ancient interface and familiar tools is recommended.
Download hacker NST distribution
Kali
As you, of course, know, Kali Linux is one of the most popular distributions for hackers, and it would be strange if we did not write about it. Even schoolchildren know about it, and more recently it is available as an application directly from the Microsoft Store (for more details, see the article "Installing Kali Linux on Windows 10").
Of course, accessibility is a definite plus, but the system is slightly overloaded with a set of tools (although not as much as BlackArch), besides, some of them out of the box work crookedly or do not work at all.
There is no foolproofing in Kali either. As practice shows, not all users understand that it is not worth making this system the main one. From the core to the shell, it was created and optimized for performing combat missions on the fronts of information security and is poorly suited for quiet daily work. Many of the mechanisms needed in everyday life are simply not there, and an attempt to install them is likely to cause malfunctions in the normal operation of the OS, if it does not completely disable it.
In short, Kali is like a match - a powerful thing in skilled hands, it is easy to get it, but it is better not to give it to children. It is not possible to cover all possible official and unofficial utilities at once (and there are more than 600 of them, for a minute) of this system, if only because new and new modules, frameworks, utilities and other bells and whistles are constantly appearing.
Kali is designed for a wide range of tasks, but the main one is attacks in a network environment, for example, searching for vulnerabilities in web applications and gaining access to wireless networks. As the successor to BackTrack, Kali is generally well suited to work with wireless communication channels, especially WiFi.
Testing the strength of remote hosts is also possible using, for example, Metasploit, but the core and a significant part of the tools are focused on working with WiFi.
Another plus point is the presence in the standard delivery of a large number of dictionaries for various attacks, not only on WiFi, but also on accounts on the Internet and on network services.
Kali Linux runs in WSL
For even greater ease of use, the official website offers a version of the distribution kit for virtual machines, because when hacking it is much more reasonable to use the system without installation - you never know who will dig into your computer later!
The verdict is this: if you know how to use it, it's a cool thing, but don't try to show it to your child.
Download the most popular hacker OS Kali Linux
DEFT
Developed by DEFT on the Lubuntu platform and provided with a user-friendly graphical interface. The product includes a set of profile utilities, ranging from antiviruses, search engines for information in the browser cache, network scanners and other useful tools, and ending with computer forensics tools that are necessary when searching for hidden information on disk.
Using this OS, it will not be difficult to gain access to erased, encrypted or corrupted data on various types of physical media.
The main toolkit is hiding in the DEFT section, which, in turn, is located in a kind of Start menu.
Initially, this distribution was intended for the needs of the network police and incident response specialists in the field of information security, so another strength of DEFT is competitive intelligence, including the analysis of the relationships between social media accounts.
There is even an interesting utility for detecting the geolocation of a given LinkedIn or Twitter account. I could not check how efficiently it works at the moment, but she copes with determining the belonging of the account to the country and city.
Unlike Kali Linux, DEFT has foolproof protection built in. Without proper preparation, almost no tool can simply be launched, and without a deep understanding of the work of protective mechanisms, there is nothing to do here at all.
Literally every application or option requires root privileges, so don't rush to launch everything right away or create an unprivileged user.
I also found a "present": several repositories, from where DEFT gets updates, are closed with keys. For a couple of days I rummaged through the forums until I found where to request data from, and the keys themselves were also found.
As a result, this system is good for forensics (computer forensics) and incident investigation, especially if there is physical access to information carriers - be it a disk, flash drive or smartphone (a hacker, boss, employee, competitor, wife, lover, her daddy - emphasize the necessary).
Download hacker distribution kit DEFT
Tsurugi
Tsurugi (this word means two-handed Japanese sword) is based on Ubuntu, MATE is used as the GUI. It is intended more for forensics or OSINT than for pentesting, but its tools, as well as some features, allow it to be used in this direction as well. Initially, the system is delivered in live-image mode, but if you wish, you can perform a permanent installation.
Standard distribution desktop for Tsurugi hack
After logging into the system, we see a simple GUI, prudently hung from all sides with widgets of indicators of the processor load, hard drives, RAM, network speed and other things.
Yes, the hand of the creators of Kali is quite noticeable here. The abundance of pre-installed tools that are not always needed is immediately evident. At the same time, the system interface looks more than minimalistic and compact. But the logic of the security system, as well as working with the web or anti-tracking protection, is based on the best DEFT practices.
The entire main arsenal is located in Applications → TSURUGI.
Distribution menu for Tsurugi penetration test
This includes working with images, malware analysis, data recovery, and, as mentioned, a set of utilities for OSINT.
It should be borne in mind that this OS, like Kali, has no protection against crooked hands. It is suitable for those who have good Linux skills and who act prudently and thoughtfully. As befits a sharp Japanese sword!
The extensive toolkit allows you to use the system as a multitool for a wide range of tasks. While Tsurugi looks a bit like Kali, there are still some serious differences. While some of the utilities, just like in Kali, work incorrectly or do not work at all, the percentage of problematic tools is much lower here, and you can see that someone cares about it.
If for some reason you do not want to use Kali, then Tsurugi will be a worthy tool in your set of the best hacking operating systems. We won't put five stars at least because one of the authors of this review put aside a brick from the sound of a sword at the start of the OS. However, let's not talk about sad things.
Download the operating system for hackers Tsuguri
Parrot
What's inside? The same MATE is used as a desktop environment. The experience of use is (subjectively) pleasant.
Above, in the Application section, you will find the Anon Surf utility. One of the features of Parrot is that some anonymization tools are preinstalled, and when you select Anonsurf Start, all system traffic will be redirected through Tor. In the same section, you can use the DNS of the OpenNIC project - this is a non-national alternative to top-level domain registries. Here, by selecting the Check IP parameter, you can check the current external IP.
The second section is Cryptography. Here you should pay attention to the GPA utility - this is a graphical interface of the GnuPG program designed to encrypt information and create electronic digital signatures. It is essentially an alternative to PGP encryption. And if you need GPG, then you will have the zuluCrypt utility at hand - an analogue of VeraCrypt, which allows you to encrypt folders, partitions, flash drives, and more.
The next (and most interesting) section is Parrot. It contains exactly those utilities for testing the security of computer systems, because of which this OS got into the review "The best operating systems for a hacker." Many of the presented utilities are already known to us from Kali Linux, but there are also unique ones.
I would like to dwell on the "Internet" tab in more detail. Here we see the pre-installed Tor Browser and the Electrum bitcoin wallet , as well as the XSSer utility, a framework for detecting and exploiting XSS vulnerabilities in web applications. There is also the Claws Mail mail client, which is a full-fledged mail client with support for GPG encryption. A bonus is Ricochet IM - a decentralized anonymous messenger that works over the Tor network.
These are, perhaps, all the features of Parrot Security OS that I would like to talk about. As you can see, Parrot OS is not only suitable for penetration tests, it can also serve as an OS for daily use for those who know why they need it.
Parrot seemed to us to be a high-quality and conveniently made hacker operating system. It's nice to work with a system where you don't need to repair tools first.
Download Parrot Security
BlackArch
Rate the friendliness of the interface: if you managed to download this monster and run it, you need to enter a username and password, which you should read about in the installation instructions on the site (this is root / blackarch, if that). Live users seem to have been forgotten.
Further: after login, no hints of the menu or anything like that are visible. Before us is practically naked Fluxbox, so it is called by right-clicking anywhere on the desktop.
Application groups of the BlackArch distribution
All applications are conveniently categorized in the blackarch submenu of the main menu. 49 categories are presented, in which there are tools for any occasion. Navigating menus with a mouse like in Windows? Oh no, in this distribution you can safely forget about the mouse. Only keyboard, only hardcore! On the other hand, since you have decided to contact * nix-systems and hack, it is foolish to count on something else.
As for the tools themselves, all popular and not so popular hacking tools are presented here, including, of course, such iconic ones as Metasploit and BeEF XSS. Reviewing all the tools in this truly huge set is even more hopeless than Kali and Parrot. So I'll go to the top, and if you are interested, you can delve into reading the documentation as much as you see fit.
Wine is attacking!
BlackArch is not shy about using Wine to run some non-native applications. As an example - mft2csv (in the screenshot above), which parses the MFT of the NTFS file system for further analysis. Java is also available (OpenJDK 14.0.1).
MSF is also in place
The terminal, as well as the whole graphical shell of the system, looks dull, but the software versions are up-to-date. On the one hand, it seems that they wanted to do it like in a movie about hackers, on the other hand, the system is still quite usable, although it requires serious skills.
In general, if you are not ready to wade through the minefield of configs, arguments when starting software, googling for every sneeze and other delights of this multitool - look towards Kali and Parrot, there is at least something you can do without a desktop reference. BlackArch is more than unfriendly to newcomers. And, the stump is clear, do not try to put it as the main one.
Download BlackArch from the official website
BackBox
BackBox is based on Ubuntu (more precisely, Xubuntu), which makes it convenient to use as a home OS, in addition, a bunch of documentation and forums are available for Ubuntu with answers to common questions. There are no kernel tweaks here, so no fraud will spoil anything. These features make this distro an excellent choice for a beginner pentester.
BackBox Linux 7 Menu
There are not so many tools out of the box, only about 200 pieces, but it is quite enough for the first steps in information security. Otherwise, BackBox is just Xubuntu with all its bugs and features.
An important plus, which I cannot but draw attention to, is that all the tools are very conveniently grouped in the menu. Even if you don’t know any tools, for example, for WiFi hacking, you can easily find them.
There is not much more to say, just use it to your health.
Download BackBox
Distribution table for a hacker
Best operating systems to crack
Conclusions
There was supposed to be a lecture that it is unacceptable to use most of these distributions as the main OS, but it will not be. Try different operating systems for jailbreak, choose the ones that are closer to your heart, and wish you good luck.
- 1. Best Operating Systems to Hack
- 1.1 NST
- 1.2 Kali
- 1.3 DEFT
- 1.4 Tsurugi
- 1.5 Parrot
- 1.6 BlackArch
- 1.7 BackBox
- 2. Distribution table for a hacker
- 3. Conclusions
Building your own collection of hacking tools is great, but now it is customary to take one of the specialized distributions as a basis. Usually this is Kali Linux, but we will consider not only it, but also other operating systems for hacking (pentesting), sometimes no less effective, and in some areas even more useful.
There are many operating systems for cracking. Some are popular, others are not very popular, but they all pursue the goal of giving the hacker a convenient, versatile and reliable tool for all occasions. The average hacker will never use most of the programs included in such customized assemblies, but they are added to show off their status.
While these distributions are designed to be attacked, you are solely responsible for using them! Do not forget that the use of this knowledge to the detriment is punishable by law.
Best operating systems to crack
Today we will try to review the majority of interesting distributions for hackers, both popular and undeservedly forgotten. If we missed something, feel free to use comments. Go!
NST
- First release: 2003
- Based on: Fedora
- Platforms: x64
- Graphic shell: MATE
The set includes several dozen of the most important tools, mainly network scanners, clients for all kinds of services and all sorts of traffic interceptors. But there are not enough useful things like, for example, masscan, and even the banal aircrack, although airsnort is available.
Most of the tools are located in the Internet folder
Most of the goodies can be found in the Applications → Internet folder. Here we have Angry IP Scanner, written, by the way, in Java, and Ettercap, and even OWASP ZAP, which we already wrote about in the article " Review of the best vulnerability scanners".
There is a good collection of modules for all kinds of spoofing and scanning from the netwag package. In practice, he showed himself well, it's a pity, not very convenient and terribly outdated.
All the software I've tested works great. In general, everyone who misses the ancient interface and familiar tools is recommended.
Download hacker NST distribution
Kali
- First release: 2013
- Based on: Debian
- Platforms: x86, x64, ARM, VirtualBox
- Graphical front-end: Xfce
As you, of course, know, Kali Linux is one of the most popular distributions for hackers, and it would be strange if we did not write about it. Even schoolchildren know about it, and more recently it is available as an application directly from the Microsoft Store (for more details, see the article "Installing Kali Linux on Windows 10").
Of course, accessibility is a definite plus, but the system is slightly overloaded with a set of tools (although not as much as BlackArch), besides, some of them out of the box work crookedly or do not work at all.
There is no foolproofing in Kali either. As practice shows, not all users understand that it is not worth making this system the main one. From the core to the shell, it was created and optimized for performing combat missions on the fronts of information security and is poorly suited for quiet daily work. Many of the mechanisms needed in everyday life are simply not there, and an attempt to install them is likely to cause malfunctions in the normal operation of the OS, if it does not completely disable it.
In short, Kali is like a match - a powerful thing in skilled hands, it is easy to get it, but it is better not to give it to children. It is not possible to cover all possible official and unofficial utilities at once (and there are more than 600 of them, for a minute) of this system, if only because new and new modules, frameworks, utilities and other bells and whistles are constantly appearing.
Kali is designed for a wide range of tasks, but the main one is attacks in a network environment, for example, searching for vulnerabilities in web applications and gaining access to wireless networks. As the successor to BackTrack, Kali is generally well suited to work with wireless communication channels, especially WiFi.
Testing the strength of remote hosts is also possible using, for example, Metasploit, but the core and a significant part of the tools are focused on working with WiFi.
Another plus point is the presence in the standard delivery of a large number of dictionaries for various attacks, not only on WiFi, but also on accounts on the Internet and on network services.
Kali Linux runs in WSL
For even greater ease of use, the official website offers a version of the distribution kit for virtual machines, because when hacking it is much more reasonable to use the system without installation - you never know who will dig into your computer later!
The verdict is this: if you know how to use it, it's a cool thing, but don't try to show it to your child.
Download the most popular hacker OS Kali Linux
DEFT
- First release: 2005
- Based on: Ubuntu
- Platforms: x86
- Graphic shell: LXDE
Developed by DEFT on the Lubuntu platform and provided with a user-friendly graphical interface. The product includes a set of profile utilities, ranging from antiviruses, search engines for information in the browser cache, network scanners and other useful tools, and ending with computer forensics tools that are necessary when searching for hidden information on disk.
Using this OS, it will not be difficult to gain access to erased, encrypted or corrupted data on various types of physical media.
The main toolkit is hiding in the DEFT section, which, in turn, is located in a kind of Start menu.
Initially, this distribution was intended for the needs of the network police and incident response specialists in the field of information security, so another strength of DEFT is competitive intelligence, including the analysis of the relationships between social media accounts.
There is even an interesting utility for detecting the geolocation of a given LinkedIn or Twitter account. I could not check how efficiently it works at the moment, but she copes with determining the belonging of the account to the country and city.
Unlike Kali Linux, DEFT has foolproof protection built in. Without proper preparation, almost no tool can simply be launched, and without a deep understanding of the work of protective mechanisms, there is nothing to do here at all.
Literally every application or option requires root privileges, so don't rush to launch everything right away or create an unprivileged user.
I also found a "present": several repositories, from where DEFT gets updates, are closed with keys. For a couple of days I rummaged through the forums until I found where to request data from, and the keys themselves were also found.
As a result, this system is good for forensics (computer forensics) and incident investigation, especially if there is physical access to information carriers - be it a disk, flash drive or smartphone (a hacker, boss, employee, competitor, wife, lover, her daddy - emphasize the necessary).
Download hacker distribution kit DEFT
Tsurugi
- First release: 2018
- Based on: Ubuntu
- Platforms: x86 (partially), x64
- Graphic shell: MATE
Tsurugi (this word means two-handed Japanese sword) is based on Ubuntu, MATE is used as the GUI. It is intended more for forensics or OSINT than for pentesting, but its tools, as well as some features, allow it to be used in this direction as well. Initially, the system is delivered in live-image mode, but if you wish, you can perform a permanent installation.
Standard distribution desktop for Tsurugi hack
After logging into the system, we see a simple GUI, prudently hung from all sides with widgets of indicators of the processor load, hard drives, RAM, network speed and other things.
Yes, the hand of the creators of Kali is quite noticeable here. The abundance of pre-installed tools that are not always needed is immediately evident. At the same time, the system interface looks more than minimalistic and compact. But the logic of the security system, as well as working with the web or anti-tracking protection, is based on the best DEFT practices.
The entire main arsenal is located in Applications → TSURUGI.
Distribution menu for Tsurugi penetration test
This includes working with images, malware analysis, data recovery, and, as mentioned, a set of utilities for OSINT.
It should be borne in mind that this OS, like Kali, has no protection against crooked hands. It is suitable for those who have good Linux skills and who act prudently and thoughtfully. As befits a sharp Japanese sword!
The extensive toolkit allows you to use the system as a multitool for a wide range of tasks. While Tsurugi looks a bit like Kali, there are still some serious differences. While some of the utilities, just like in Kali, work incorrectly or do not work at all, the percentage of problematic tools is much lower here, and you can see that someone cares about it.
If for some reason you do not want to use Kali, then Tsurugi will be a worthy tool in your set of the best hacking operating systems. We won't put five stars at least because one of the authors of this review put aside a brick from the sound of a sword at the start of the OS. However, let's not talk about sad things.
Download the operating system for hackers Tsuguri
Parrot
- First release: 2013
- Based on: Debian
- Platforms: x86, x64, ARM
- Graphic shell: MATE
What's inside? The same MATE is used as a desktop environment. The experience of use is (subjectively) pleasant.
Above, in the Application section, you will find the Anon Surf utility. One of the features of Parrot is that some anonymization tools are preinstalled, and when you select Anonsurf Start, all system traffic will be redirected through Tor. In the same section, you can use the DNS of the OpenNIC project - this is a non-national alternative to top-level domain registries. Here, by selecting the Check IP parameter, you can check the current external IP.
The second section is Cryptography. Here you should pay attention to the GPA utility - this is a graphical interface of the GnuPG program designed to encrypt information and create electronic digital signatures. It is essentially an alternative to PGP encryption. And if you need GPG, then you will have the zuluCrypt utility at hand - an analogue of VeraCrypt, which allows you to encrypt folders, partitions, flash drives, and more.
The next (and most interesting) section is Parrot. It contains exactly those utilities for testing the security of computer systems, because of which this OS got into the review "The best operating systems for a hacker." Many of the presented utilities are already known to us from Kali Linux, but there are also unique ones.
I would like to dwell on the "Internet" tab in more detail. Here we see the pre-installed Tor Browser and the Electrum bitcoin wallet , as well as the XSSer utility, a framework for detecting and exploiting XSS vulnerabilities in web applications. There is also the Claws Mail mail client, which is a full-fledged mail client with support for GPG encryption. A bonus is Ricochet IM - a decentralized anonymous messenger that works over the Tor network.
These are, perhaps, all the features of Parrot Security OS that I would like to talk about. As you can see, Parrot OS is not only suitable for penetration tests, it can also serve as an OS for daily use for those who know why they need it.
Parrot seemed to us to be a high-quality and conveniently made hacker operating system. It's nice to work with a system where you don't need to repair tools first.
Download Parrot Security
BlackArch
- First release: unknown
- Based on: Arch
- Platforms: x64
- Graphical shell: none, there are several desktop managers
Rate the friendliness of the interface: if you managed to download this monster and run it, you need to enter a username and password, which you should read about in the installation instructions on the site (this is root / blackarch, if that). Live users seem to have been forgotten.
Further: after login, no hints of the menu or anything like that are visible. Before us is practically naked Fluxbox, so it is called by right-clicking anywhere on the desktop.
Application groups of the BlackArch distribution
All applications are conveniently categorized in the blackarch submenu of the main menu. 49 categories are presented, in which there are tools for any occasion. Navigating menus with a mouse like in Windows? Oh no, in this distribution you can safely forget about the mouse. Only keyboard, only hardcore! On the other hand, since you have decided to contact * nix-systems and hack, it is foolish to count on something else.
As for the tools themselves, all popular and not so popular hacking tools are presented here, including, of course, such iconic ones as Metasploit and BeEF XSS. Reviewing all the tools in this truly huge set is even more hopeless than Kali and Parrot. So I'll go to the top, and if you are interested, you can delve into reading the documentation as much as you see fit.
Wine is attacking!
BlackArch is not shy about using Wine to run some non-native applications. As an example - mft2csv (in the screenshot above), which parses the MFT of the NTFS file system for further analysis. Java is also available (OpenJDK 14.0.1).
MSF is also in place
The terminal, as well as the whole graphical shell of the system, looks dull, but the software versions are up-to-date. On the one hand, it seems that they wanted to do it like in a movie about hackers, on the other hand, the system is still quite usable, although it requires serious skills.
In general, if you are not ready to wade through the minefield of configs, arguments when starting software, googling for every sneeze and other delights of this multitool - look towards Kali and Parrot, there is at least something you can do without a desktop reference. BlackArch is more than unfriendly to newcomers. And, the stump is clear, do not try to put it as the main one.
Download BlackArch from the official website
BackBox
- First release: 2010
- Based on: Ubuntu
- Platforms: x64
- Graphical front-end: Xfce
BackBox is based on Ubuntu (more precisely, Xubuntu), which makes it convenient to use as a home OS, in addition, a bunch of documentation and forums are available for Ubuntu with answers to common questions. There are no kernel tweaks here, so no fraud will spoil anything. These features make this distro an excellent choice for a beginner pentester.
BackBox Linux 7 Menu
There are not so many tools out of the box, only about 200 pieces, but it is quite enough for the first steps in information security. Otherwise, BackBox is just Xubuntu with all its bugs and features.
An important plus, which I cannot but draw attention to, is that all the tools are very conveniently grouped in the menu. Even if you don’t know any tools, for example, for WiFi hacking, you can easily find them.
There is not much more to say, just use it to your health.
Download BackBox
Distribution table for a hacker
Best operating systems to crack
Conclusions
There was supposed to be a lecture that it is unacceptable to use most of these distributions as the main OS, but it will not be. Try different operating systems for jailbreak, choose the ones that are closer to your heart, and wish you good luck.
