14 FREE Operating System for Penetration Testing &

Digital Forensics
geekflare.com/penetration-testing-os

December 10, 2016

Want to see yourself as Penetration Tester, IT Security Expert?

There are thousands of standalone software & tools for ethical hacking, penetration
testing, forensic investigation and it can be a burden to maintain and keep a track on
standard OS like Linux, Windows or MAC OS.

If you are practicing ethical hacking, then you would love the following Linux-based
operating system designed for you.

This OS has a bunch of software inbuilt, so you don’t need to install it individually.
There is a various method to install them, including VM and in Cloud.

Let’s go through them…

Kali Linux
Kali Linux is one of the most modern advanced pen testing Linux distributions based on
Debian.

1/12
Kali Linux is available in 64 bit, 32 bit, and virtual images to download. Lately, it was
made available in AWS and Azure cloud.

Having more than 350 tools in the following category and extensive documentation
makes Kali excellent.

Information Gathering
Vulnerability Analysis
Wireless, Password, Hardware Attacks
Web Applications
Exploitation, Forensics. Stress Testing, Reporting
Sniffing, Spoofing,
Reverse Engineering

Kali is an open-source maintained by offensive security.

So, go ahead and play around with it. If you are new to Kali Linux, then you may check
out this tutorial for the beginner.

ArchStrike
ArchStrike is based on Arch Linux for a security professional and available to download
for the following platform.

2/12
 64 bit
32 bit
VirtualBox
VMWare

There are around 5000 packages available for almost everything you need in various
categories, and some of them are:

Exploit
Malware
Spoofing/Sniffing
DDoS
Social Engineering
Enumeration
Networking
Forensics
Brute Force

ArchStrike is straightforward and lightweight, so give a try and see if that works for you.

BlackArch
BlackArch is another distro based on Arch Linux based with more than 1600 tools. You
can either install the tools individually or in a group.

3/12
BlackArch can be installed on top of Arch Linux or from ISO. Documentation is
available in English, French, Turkish, and Brazillian language.

BackBox Linux
BackBox is an open-source Linux distro for security analysis and pen-testing. BackBox
is hacker-friendly and has more than 100 packages, including some of the commonly
used.

NMAP
Scapy
Wireshark
Aircrack
SQL Map
W3af
Metasploit

4/12
BackBox is available for i386 and amd64 platform to download. If you don’t want to get
into the installation on your server, then you may try their cloud platform (It’s not
FREE).

Cyborg
Cyborg is an Ubuntu-based next-generation distro for security expert with more than
700 open source tools.

If you are an Ubuntu lover, then you are going to like Cyborg. It has the following
toolkit.

Mobile Security
Wireless Security
Stress Testing
Reverse Engineering
Exploitation Toolkit
Information Gathering
Vulnerability Assessment
Privilege Escalation
Maintain Access
Forensics
RFID/NFC/VOIP
5/12
 Reporting
Hardware
Malware

Cyborg is available in the following two versions of the distro for download.

1. Cyborg Essential 64bit

2. Cyborg Hawk 64bit

A large number of tools make Cyborg attractive and worth giving a try. They got a
detailed tutorial too.

CAINE
CAINE (Computer Aided Investigate Environment) is a live Linux distro with a user-
friendly graphical interface and menu.

With CAINE, you can create a meaningful well-structured report of an investigation

that makes communication easy with the rest of the team.

6/12
You can carry CAINE in a USB pen drive with a large number of the toolset.

Bugtraq
Bugtraq is an advanced, robust pen-testing platform available in 11 languages. It comes
with more than 500 security tools and ready to download in either 32bit or 64bit.

Bugtraq is based on GNU/Linux, so you get an excellent menu and user-interface and
the following customization.

Syslinux boot entry

Pressed file
Services
Kernel

Some of the following essential tools you will get with Bugtraq:

Nessus
Burt Suite
Nikto
Evil-grade
Hydra
Wireshark
Beef

7/12
Want to get this installed on your Mobile? Good news, you can do that on Android.

Samurai
Samurai WTF (Web Testing Framework) is a virtual machine available for Virtual Box
and VMWare.

The virtual machine is pre-configured with many open source security tools, including
the following.

Fierce domain scanner

Maltego
WebScarab
Ratproxy
W3af
Burp
Beef
AJAXShell

STD

8/12
STD (Security Tool Distribution) is a collection of hundreds of open-source ethical
hacking tools. STD is live distro, and tools are grouped as below.

Authentication
Encryption
Forensics
Firewall
Honeypots
IDS
Network
Password tools
Packet sniffing
Tunnels
Vulnerability assessment
Wireless

Pentoo
Pentoo is based on Gentoo with lots of customized tools & kernel and available in 32bit
and 64bit.

9/12
DEFT
DEFT (Digital Evidence & Forensic Toolkit) is based on Ubuntu. Deft is bundled with
valuable open-source tools to make investigation comfortable and faster.

Parrot Security
Parrot is based on Debian targeted for penetration testing, privacy protection & digital
forensics.

Parrot Security is developed in collaboration with Caine and has a much cryptographic
software, privacy browser like TOR, I2P.
10/12
You can also buy VPS, which comes with pre-installed Parrot Security hosted in their
data centers.

SELKS
SELKS (Suricata Elasticsearch Logstash Kibana Scirius) is based on Debian and focused
on Suricata IDS/IPS (Intrusion detection system/Intrusion prevention system). SELKS
is available with a desktop or without, so choose what you like.

NST
NST (Network Security Toolkit) is focused on system and network investigation. You
can either use the live version, DVD, or USB drive.

NST is packaged with top 125 security tools by Insecure.org

I hope above operating system designed for an ethical hacker; security expert makes the
incident investigation easy and quicker.

Note: Kaspersky has lately announced the secure OS is coming up soon.

You may also be interested in learning practical hacking and penetration testing.

TAGS:
11/12
Linux

12/12