11

What are the relative benefits of BlackArch or other Arch-based distro over Kali?

Are the tools broadly the same, or does one have better functionality in a particular area?

Are there any other pen-test distros that are based on a Linux OS that is not Arch, Debian, or Ubuntu? The only one I can find is -- http://networksecuritytoolkit.org -- which is based on Fedora and thus more RHEL/CentOS-compatible

atdre
  • 18,885
  • 6
  • 58
  • 107
  • BlackArch is still going strong -- 2016.04.28 release with new installer! -- https://twitter.com/blackarchlinux/status/725983337383362560 – atdre May 03 '16 at 19:46

2 Answers2

6

I would say the biggest difference is that ArchPwn is not as actively developed. (EDIT: see BlackArch, this project was reborn!). A lot happens in a year in the realm of security. In fact in the last year a tool for cracking WPA-PSK called Pyrit was released and can be found on BackTrack.

Now the counter argument is that both Archlinux and Ubuntu have package managers, and even though its a live CD you can really install anything or have USB stick with your own tool chain. It really depends what you are after. In fact no Live CD is going to have everything. Invariably you'll need a USB stick.

rook
  • 46,916
  • 10
  • 92
  • 181
  • USB stick, or build your own image based on one of the existing LiveCDs. – Iszi Feb 02 '12 at 03:19
  • 2
    @Iszi Yeah I still like having a large (64gb) persistent store with my own word lists and rainbow tables. I guess you could use a dropbox for some of that instead of a usb stick. – rook Feb 02 '12 at 04:00
  • @Iszi: yeah, I'd really like to get both running on a USB flash drive that will multi-boot into hardware dependent options such as the MacBook Air 4,1, or an HP laptop with a SED, etc. Sounds easier to do with any Ubuntu-based distro, but Arch Linux is so cool! – atdre Feb 02 '12 at 07:20
  • 2
    There is a new Arch Linux pentesting expansion called [BlackArch](http://blackarch.org/). We have over 300 tools in our toolset and are less than 45 tools away from providing the entire Kali toolset. –  Nov 28 '13 at 23:50
  • @Evan Teitelman thanks for the update, I'll edit my post. – rook Nov 29 '13 at 05:01
  • Just checked out BlackArch now -- also noticed that it uses capstone-engine.org -- thanks for the recommendation @Evan! – atdre Feb 17 '14 at 14:51
1

With single-board computers (SBCs) such as the Raspberry Pi 2 (or B+, collectively referred to as "RPI", based on the Broadcom chips) and the USB Armory (based on the Freescale chips), you have to make decisions about how to proceed forward.

First of all, Kali on ARM supports LUKS with NUKE -- https://www.offensive-security.com/kali-linux/raspberry-pi-luks-disk-encryption/

However, Kali Linux does not have the massive repo support found in Arch flavors. See the enormous list of community-provided packages. In other words, it's easier to install Arch on ARM and then get your pen-test, netsec, and forensics tools from either:

  • Images and/or Repo support in ArchAssault ARM
  • Adding the BlackArch repo post-install
  • A combination of these concepts, much like choosing among HomeBrew and MacPorts on OS X

Consistency is also important, however. With Kali Linux 2.0 releasing this week, many may decide to go forward with updating their bare metal, guest VMs, NetHunter on Android, RPIs, and/or live DVDs/USBs. For those using live distributions, one could always switch between many OSes using the Isostick or similar. Questions remain, however, about everyone switching to the new Kali paradigm or not.

More and more, I am looking to replace Kali with ArchAssault and/or BlackArch. The bare metal support is better for Chromebooks via Arch. While Arch runs on Android, it is not easy to install -- Kali NetHunter is clearly the superior choice. NetHunter is going to support some very-important security testing hardware, such as the Proxmark3, as well as packet injection on USB WiFi devices like the Alfa or the TL-WN722N out of the box. Arch distros will likely continue to do this on SBCs and Chromebooks. It's a mixed bag. Sometimes some Chromebooks or Android devices are supported by Kali ARM or NetHunter and others by Arch ARM.

I have not yet pulled the trigger on replacing Kali with these Arch-based distros. The writing is on the wall, though, especially for those who are active app developers in addition to security professionals. For example, I barely was able to compile NodeJS and MongoDB under Kali ARM for my USB Armory (taking hours of my time). I'm left questioning if this effort was worth the investment for a few simple features like NUKE support or easy Proxmark3 support.

Further trends:

  • Intrusion prevention and detection with Croissants or Security Onion
  • Penetration testing with the Xubuntu Attack VM -- from the Cobalt Strike Armitage team
  • Using the Penetration-Testing Framework (PTF) via any Unix-based environment -- from the TrustedSec team
  • HackPorts for OS X
  • Huge slide deck about running a bunch of security-focused distros in ESXi in VMware Fusion on a MacBook Pro
atdre
  • 18,885
  • 6
  • 58
  • 107
  • 1
    This answer is a perfect example of why product recommendations are discouraged throughout the SE network. Your uses for these distros are specific to you, and do not represent the the uses of all security researchers. I also find it hard to compare/contrast the features of a distro with another when the answer was written before the current version was even released. – cremefraiche Mar 01 '16 at 03:22
  • 1
    None of these are commercial products. They are open-source software packages at best. Your comment is a perfect example of confusing a valid, organized list of data that is relevant to a higher-level question at hand. – atdre Mar 01 '16 at 16:09