Linux Penetration Testing
🛑 ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻
Linux Penetration Testing
The 6 Best Linux Distros for Power Users in 2021
Share
Share
Tweet
Share
Email
Write For Us
Home
Contact Us
Terms
Privacy
Copyright
About Us
Fact Checking Policy
Corrections Policy
Ethics Policy
Ownership Policy
Partnership Disclaimer
Want to enter the fascinating world of cybersecurity? Begin your journey by installing the best Linux distro for ethical hacking and pentesting.
Linux users have a plethora of free operating systems when it comes to penetration testing and digital forensics. The world of ethical hacking has continued to evolve, which is probably one of the reasons why many people find themselves being attracted to these auditing fields.
To serve this purpose, several Linux distros and software are available for forensic investigation, ethical hacking, and penetration testing. If you are an advanced Linux user looking to flex your brain muscles and get the ball rolling, it’s time for you to check some of these cybersecurity-related Linux distros.
Kali Linux derives its root from Debian and is one of the most popular and advanced penetration testing Linux distributions. The operating system is available in 32-bit and 64-bit. Users who want to try the OS can download ISO files and virtual images for Kali Linux.
Kali is an open-source operating system maintained by Offensive Security. The OS offers over 350 tools in the following categories:
ArchStrike, a security-related Linux distro based on Arch Linux, is used heavily by cybersecurity professionals.
Deriving its roots from Arch Linux, it offers a wide range of options when it comes to package management. The ease of installation and removal of available packages makes this OS seamless to the end-users.
There are more than 5000 tools available on this system related to exploitation, social engineering, spoofing, malware, brute-force, networking, forensics, DDoS, and enumeration.
Demon Linux, as the name aptly suggests, is a Linux-based operating system commonly used for ethical hacking. Despite its dark theme, it continues to be a lightweight and user-friendly distro for security professionals. Its true simplicity comes to the fore, as you can open any app with a single key.
Additionally, Demon Linux consists of a simple dock design that works effortlessly. Users can record their desktop and take screenshots easily from the quick access menu bar.
Cyborg Hawk is an Ubuntu-based distro that is home to more than 750 open-source tools. If you are an Ubuntu aficionado, this OS is going to please you to bits.
Cyborg Hawk ranks quite high on the list of network security and assessment operating systems. Rest assured, you can even perform accurate mobile security and wireless infrastructure testing within this OS.
On the contrary, it might not be as good as Kali; nevertheless, it does its job rather well.
BackBox is an Ubuntu-based open-source OS, which has rapidly become one of the most popular names in the world of ethical hacking.
Additionally, it provides users with a network analysis toolkit, which is quite helpful in the world of penetration testing. BackBox ships with 70 tools; however, before running any tools, make sure you have a good understanding of the tool you are planning to use. Otherwise, you might find yourself lost in the labyrinth of commands.
Some common pre-installed tools include Metasploit, SQLmap, Aircrack-ng, Nmap, Scapy, w3af, and Wireshark, amongst many others.
Parrot Security, based on Debian, is tailor-made for security experts, privacy-conscious users, and developers. It inherits its code repositories from Debian and is developed in collaboration with CAINE. It supports privacy browsers and cryptographic software like I2P and Tor.
Parrot Security, as an OS, comes equipped with a full arsenal of tools for IT security and digital forensics. You can even develop your own programs and maintain your privacy while surfing the internet. Parrot ships with the MATE desktop (by default), and provides different flavors to its end-users.
Parrot is regularly updated, is quite secure, and is fully sandboxed. Since it is open-source, you can view the source code easily and customize it as per your requirements.
Computer Aided Investigative Environment, more commonly known as CAINE, is a renowned and popular Linux distro that offers a user-friendly graphical menu and interface. CAINE Linux derives its roots from Ubuntu and is a big player in the world of system forensics.
CAINE's graphical interface offers a complete forensic environment, which you can integrate with the existing software tools. If you are looking for a meaningful well-structured report to help you with a better investigation and foster communication with your team, CAINE should be your first choice.
Some common forensic tools within this OS include Autopsy, The Sleuth Kit, Wireshark, PhotoRec, fsstat, RegRipper, and tinfoleak.
Pentoo is an open-source Linux-based operating system, available in 32-bit and 64-bit architectures. If you have used Gentoo Linux in the past, you'll find Pentoo relatively easy to install and use.
Pentoo is available with a full UEFI and comes well-equipped with UNetbootin, a secure boot support software. Thanks to the live run feature of the operating system, you can run it directly from a USB stick.
This distro ships with Xfce as the default desktop environment. Xfce is a lightweight, reliable desktop, and offers a ton of customizable options. Some additional tool categories include exploitation, MitM fuzzers, forensics, crackers, and database. It also offers a series of vital applications which include the likes of GPGPU, OpenCL, CUDA, John the Ripper, and Hashcat.
There are a ton of open-source penetration testing OSes available for forensic testing. Each operating system is free to download and offers a myriad of customizations to the end-users.
Although these operating systems might seem complex at first, nevertheless, they offer a bird's-eye view of the various segments required within forensic testing. If you are a beginner in the world of forensic testing, then it is time to do some research, before tackling any complicated tools.
Wini is a Delhi based writer, having 2 years of writing experience. During her writing stints, she has been associated with digital marketing agencies and technical firms. She has written content related to programming languages, cloud technology, AWS, Machine Learning, and much more. In her free time, she likes to paint, spend time with her family and travel to the mountains, whenever possible.
Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!
~$ git clone https: // github.com / Hadesy2k / sqliv.git
~$ cd sqliv && sudo python2 setup.py -i
~$ sqliv -d [ SQLi dork ] -e [ SEARCH ENGINE ] -p 100
~$ sqlmap - u "[TARGET URL]" --dbs
~$ sqlmap - u "[TARGET URL]" - D [ DATABASE_NAME ] --tables
~$ sqlmap - u "[TARGET URL]" - D [ DATABASE_NAME ] - T [ TABLE_NAME ] --columns
~$ sqlmap -u "[TARGET URL]" -D [ DATABASE_NAME ] -T [ TABLE_NAME ] -C [ COLUMN_NAME ] --dump
~$ git clone --recursive https: // github.com / FluxionNetwork / fluxion.git
~$ cd fluxion
Today, i would like to shorten and pick the top 10 best tools for penetration testing on linux. The consideration of choosing these tools is based on Common Types of Cybersecurity Attacks by Rapid7 and i also include several OWASP Top 10 Application Security Risks 2017 . Based OWASP, “Injection flaws” such as SQL injection, OS command injection, and LDAP injection is in the first rank. Below are common types of cybersecurity attacks explained by Rapid7:
Below are the top 10 tools for penetration testing on linux. Some of these tools ore preinstalled in most penetration testing OS, such Kali Linux. The latter, is installed by using a project on Github.
HTTrack is a tool to mirror web page by downloading all resources, directories, images, HTML file to our local storage. HTTrack commonly called website cloner. We can then use the copy of web page to inspect the file or to set fake website for phising attack. HTTrack comes preinstalled under most pentest OS. In terminal Kali Linux you can use HTTrack by typing:
HTTrack then guide you to input the parameters it needs, like project name, base path, target URL, proxy, etc.
Wireshark was originally named Ethereal is foremost network packet analyzer. Wireshark let you sniff or capturing the network traffic, which is very helpful for network analysis, troubleshooting, vulnerable assessment. Wireshark comes with GUI and CLI version (called TShark).
TShark (non-GUI version) capturing network packets
Wireshark (GUI version) capturing network packets on wlan0
NMap (abbreviated from Network Mapper) is the best network auditing tool used for network discovery (host, port, service, OS fingerprinting and vulnerability detection).
NMap scanning service auditing against linuxhint.com using NSE -scripting engine
Hydra is claimed to be the fastest network login info (username, password ) cracker. Beside that, hydra supports numerous attack protocols, some of them are: FTP, HTTP(S), HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, SNMP, SOCKS5, SSH, Telnet, VMware-Auth, VNC and XMPP.
Hydra comes with three versions, they are: hydra (CLI), hydra-wizard (CLI Wizard), and xhydra (GUI version). The deep insight of explanation on how to using THC Hydra is available on: https://linuxhint.com/crack-web-based-login-page-with-hydra-in-kali-linux/
Aircrack-ng is a complete network auditing suite to assess wireless network connection. There are four category in aircrack-ng suite, Capturing, Attacking, Testing and Cracking. All aircrack-ng suite tools are CLI (coomand line interface.) below are some of the most used tools:
– aircrack-ng : Cracking WEP, WPA/WPA2-PSK using dictionary attack
– airmon-ng : Activate or deactivate wireless card into monitor mode.
– airodump-ng : Sniff packet on the wireless traffic.
– aireplay-ng : Packet injection, use to DOS attacking the wireless target.
OWASP ZAP (Open Web Application Security Project – Zed Attack Proxy) is all in one Web applications security auditing tool. OWASP ZAP is written in Java and available in cross platform in GUI interactive. OWASP ZAP has so many features, such proxy server, AJAX web crawler, web scanner, and fuzzer. When OWASP ZAP used as proxy server, it then display all the files from traffic and let attacker to manipulate the data from the traffic.
OWASP ZAP run spider and scanning linuxhint.com
SQLiv is small tool used to detect and find SQL injection vulnerability on world wide web using search engines dorking. SQLiv is not come preinstalled in your pentest OS. To install SQLiv open terminal and type:
SQL injection vulnerability found !!!
SQLMap is a free tool to detect and exploit SQL injection vulnerability automatically. Once you find target URL with SQL injection vulnerability it is the time for SQLMap to execute the attack. Below are procedure (steps) to dump the data from exploited SQL in target URL.
SQLMap dump the credential data !!!
Fluxion is the best tool for doing Evil Twin Attack, it is free and available in Github. Fluxion works by set up twin access point as target AP, while continuously deauth all connections from or to target AP, fluxion waiting for target to connect into its fake AP, then redirected into portal web page which is asking the target to input the target AP (Wi-Fi) password with reason to continue the access. Once the user input the password, fluxion will does matching the password key and the handshake it captured earlier. If the password matches then the user will be told that he/she will be redirected and continue the internet access, which the actual is fluxion shuts the program and save the target info include the password into log file. Installing fluxion is quiet easy. Run the following command into terminal :
On the first run, fluxion will check for dependency, and installs them automatically. After that go a long with the fluxion wizard instructions.
Do you familiar with popular MiTMA tool called Ettercap?. Now, you need to know another tool which does the same but better. It is bettercap. Bettercap does performing MITM attack on wireless network, ARP spoofing, manipulate HTTP(S) and TCP packet in realtime, sniff credentials, defeating SSL/HSTS, HSTS Preloaded.
Yet, metasploit is the most powerful tool among others. Metasploit framework has so many module against huge different cross platform, device, or service. Just for brief intro to metasploit framework. Metasploit has mainly four modules:
It is the injection method or a way to attack compromised system target
Payload is what the exploit carry on and run after the exploit was succeed. By using payload the attacker is able to get data by interacting with target system.
Let’s say auxiliary module is mainly aimed to test, scan or recon to target system. It does not inject payload, nor aimed to gain an access to victim machine.
Encoder used when the attacker wanted to sent malicious program or called backdoor, the program is encoded to evade the victim machine protection such firewall or anti virus.
Once the attacker has able to gain access to victim machine, what does he/she do next is installing backdoor to victim machine to get back connect for further action.
These are the top 10 best tools for penetration testing on linux.
Hy, I am Bima, i am a Freelance Writer and Penetration Tester. Do you have any questions or sharable opportunities? Contact me personally on : dk3ferdiandoo [AT] gmail.com
Linux Hint LLC, editor@linuxhint.com
1309 S Mary Ave Suite 210, Sunnyvale, CA 94087
Privacy Policy and Terms of Use
A password will be e-mailed to you.
Home Topic Distributions Top 5 Linux Penetration Testing Distributions
Copyright © 2022 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds.
Linux penetration testing distributions are useful and versatile tools that can help you to get the most out of your Linux system while simultaneously avoiding the malicious threats of the internet. Of course, the reason for using a Linux pen testing distribution may seem obvious to anyone who understands what penetration testing is or performs security auditing professionally, it’s often less clear to people outside of the security industry that a wealth of open source tools exist to help them perform there own security testing.
As usual with Linux there is plenty of choice! With plenty of penetration testing distributions out there to choose from, this can prove challenging for beginners or people who are from outside the security industry. Overall the standard of Linux distros has increased over the years, in the beginning these distros were essentially Linux live cd’s with scripts / precompiled binaries dropped in a directory. Today distros like Kali are setting the standard, all scripts and tools are packaged and updated using the Debian distributions package manager.
However, with great choice, comes a great level of… indecisiveness
Narrowing down your decision and uncovering the best distro for the job can present some real difficulties.
Fortunately, we’re here to help. In this list, we’ve compiled what we believe to be some of the best options available today to help you get the most out of your security auditing.
Developed by Offensive Security, Kali Linux is the rewrite of BackTrack and has certainly earned its place at the top of our list for its incredible capabilities as an operating system to aid in hacking purposes. This OS is a Debian-based system that features over 500
Pen testing applications and tools already installed. This gives you an impressive start on your security toolbox and leaves little room for you to want more. The flexible tools it comes with are updated on a regular basis, metasploit framework is a packaged install and kept up to date by Rapid7 directly. Kali supports many different platforms, including VMware and ARM. Additionally, Kali Linux is also a workable solution for computer forensics, as it includes a live boot feature that offers the ideal environment to detect vulnerabilities and take care of them appropriately.
In addition, Kali Linux has also just released a new version—of which we’re thoroughly impressed, and think you will be too. Kali Linux 2017.1 brings new exciting features and updates in comparison to older versions and other options. Updated packages, better and increased hardware support, and countless updated tools. If you want to be completely up-to-date and have the best of the best in terms of your Linux penetration testing distro, then you might like Kali Linux’s new release as much as we do.
Parrot Security OS is another one of our top choices when it comes to selecting the right Linux penetration testing distribution for your needs. Like Kali Linux, it’s another Debian-based OS option that packs a lot into its programming. Developed by the team at Frozenbox’s, Parrot Security is an option that’s cloud-friendly. The operating system is designed to specialize in ethical hacking, computer forensics, pen testing, cryptography, and more. Compared to other OS options on the market for these purposes, Parrot Security OS is a lightweight operating system that offers the utmost efficiency to users.
Parrot Security OS is the ideal blend of the best of Frozenbox OS and Kali Linux. Moreover, this incredibly customizable operating system is ideal for hacking and comes with a strong support community. If you run into trouble, this is one of the most user-friendly options when it comes to finding a right solution to get the OS to help you accomplish your goals.
Backbox is our favorite Linux operating system for penetration testing that is not Debian-based. This is an Ubuntu-based operating system ideal for assessing the security of your computer and conducting penetration testing. Backbox Linux comes with a wide array of options in the way of security analysis tools, which can be applied for analysis of web applications, networks, and more. As a fast, easy to use, and efficient operating system, Backbox Linux is famous in the hacker’s community. The OS includes a complete desktop environment with software applications that are updated on a regular basis, always keeping you up to date and supplied with the most stable versions of all your most important programs.
If you are big on penetration testing and
Sexy Girls Outdoor
Art Ass
Mature Ni