Currently, everyone is familiar with Kali Linux. In addition, many people use it on a daily basis, while DNS masking has become an industry standard for spies. When the Subsystem for Linux appeared, several Kali components became available for installation on Windows.
There have been many Linux distributions that have appeared over the past few years, and we’ll get straight into it.
This Ubuntu-based distribution includes serial tunneling of traffic via VPN and TOR. It includes a whole set of tools for privacy protection (VeraCrypt, zuluCrypt, KeePassXC, utilities for metadata anonymization, etc.), as well as a function for emergency deletion of data from the computer.
The Parrot distribution is based on Debian. It’s quite similar to Kali, but the difference is that it has more preinstalled software for everyday use. In addition, there are many professional tools: more than 600 tools are included and they are gathered in a menu according to their purpose.
This is an Android-based mobile operating system for Google’s Pixel line of smartphones. It’s important difference is the verification of the operating system’s signature with user keys. This allows locking the bootloader again after installing the OS and closing many attack vectors when physically accessing a smartphone.
The Pentoo LiveUSB release comes with a toolkit and driver that have been altered for hacking routes. It’s centered on Gentoo Linux and feels more like an instrument for experimentation and study than for daily work. In reality, the system is designed for users who are familiar with the original distribution.
Although this distribution does not leave any traces on your hard drive and allows you to work on unreliable machines, it’s not ideal for everyday use.
This version of the OS was created as a training and demonstration platform for information security lectures. Fedora Security Lab runs from a USB memory stick and saves the software and the results of your work on it.
This distribution is designed for novice pentesters and security specialists. All pre-installed programs are categorized and selected so as to avoid redundancy. BackBox is functionally poorer than Kali Linux, but it’s a very useful tool for novice researchers.
This is a large library with specialized applications. The current repository contains 2812 projects which can take up to a day to learn. Consider it a plus, because you can find utilities for every situation, but many tools repeat the functionality of each other. This state of affairs makes the OS very heavy, which may increase the runtime on some PCs.
The Samurai platform enables the fast deployment of training targets (e.g. Juice Shop). Samurai comes with a number of well-known pentesting tools (Maltego and Fierce, w3af and Burp Suite, etc.), as well as a wiki for documenting findings.
The purpose of this distribution is digital forensics. Its application is currently a main topic in many SANS training sessions. SIFT Workstation supports AFF (Advanced Forensic Format) through qcow, a total of 14 forensic evidence formats (Evidence Image).
This operating system is based on a hypervisor and on the concept of security by isolating everything and everything in dedicated containers. It has a very complex and interesting architecture.
It’s not a full-fledged operating system, but rather a collection of setup scripts that set up a Windows 10 virtual machine for offensive operations utilizing the Chocolatey, Boxstarter, and MyGet package manager, allowing for centralized automatic updating of the OS’s contents (like in Linux).
REMnux distribution is also focused on forensic malware analysis. Includes tools for static and dynamic code analysis, memory forensics, and more. It’s a standalone Linux distribution and can be installed as a virtual machine or container, or on Ubuntu.
On corporate networks, this distribution is used for threat detection, log management, and network security monitoring. It enables you to deploy surveillance quickly, gather data from hundreds of network nodes, and then do data analysis on the gathered information.
FLARE VM combines tools for penetration testing, reverse engineering and malware analysis. This scripting suite deploys debuggers, disassemblers, decompilers, utilities for static and dynamic analysis and application vulnerability assessment.
ThreatPursuit VM is focused on analysts and on intelligence, analysis, statistics collection, and threat hunting and modeling.
OSINT VM distribution provides an out-of-the-box set of basic tools and scripts for open-source reconnaissance with a human search focus. It’s based on the live-build-config Kali Linux.
The Ubuntu software underlies Tsurugi distribution. Analysis of malware, open-source reconnaissance, and digital forensics are its main focuses. additionally to investigate computer vision technology.
More than 175 tools for cyber forensics, evidence gathering, and investigations are included in the CSI distribution. Since all traffic is routed through Tor and is based on the server version Ubuntu 22.04 LTS, CSI LINUX can be linked to the Whonix gateway.
Septor is similar to Kodachi in concept, but it is relatively new and relies more on the TOR network.
This software is a duo of a couple of Debian-based virtual machines with protection against network attacks aimed at de-anonymizing the user.