BugGyaan #11: A visit to a Bistro filled with Distros

Now that we’ve covered virtual machines in the #10 blog post, you would have noticed that every instance of a virtual machine needs an operating system either in the form of a disk image or a filesystem.

GNU/Linux is one of the most widely used open-source operating systems in the world with an estimated 96.3% of the worlds top servers running on Linux. Most of the world’s ethical hackers use GNU/Linux because of its high customizability and open-source implementations

Ever wondered why people insist on GNU/Linux rather than just Linux in a professional setting? This is because Linux standalone is a “Kernel” and not an “Operating System”. It still lacks like network manager, package manager, desktop environments etc. GNU provides these tools. enabling a user to use the Linux kernel.

The analogy is simple enough kernel is like the engine. A Linux kernel is a specific type of engine. A desktop operating system is like a car. A server operating system can be a heavy truck. An embedded system is similar to motorbikes. desktop environments can be thought of as a body of the vehicle along with interiors (dashboard etc.), themes and icons as the paint job, rim job and other customizable features. Finally, applications are like accessories you use for a specific purpose (like the music system)

The thing with open-source software as the name suggests is that their source code is available and can be modified or redistributed by anyone. The original GNU/Linux did not possess the capabilities that we see on Linux systems today. Modifications made to the original were wrapped up into separate Distributions or Distro’s as they call it.

A Linux distro is no different from an operating system. It is composed of the Linux kernel, GNU tools, additional software and a package manager. It may also include a display server and desktop environment to be used as the regular desktop operating system.

Each Distro is curated to a specific need or job. It comes packed with the tools needed to complete the job. This however does not mean that tools on Kali Linux don’t run on Ubuntu. They are ultimately the same operating system in their bare-bones.

For people who are getting into cybersecurity, choosing a good distro becomes essential for becoming more efficient and learning the tricks of the trade. Here is a rundown of all the distros out there for cybersecurity geeks and where to get started on your new VM!

Kali Linux

Kali Linux maintained and funded by Offensive Security Ltd. is first in our list. Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. Kali is one of the best and optimised operating systems of hackers.

Multi-language support — Although penetration tools tend to be written in English, to improve the usage of the non-native English users Kali includes true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.

Completely customizable — The initial design of the Kali Linux is not up to the mark because the look and feel are not so good, to avoid that problem Kali has made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.

Wide-ranging wireless device support — A regular sticking point with Linux distributions has been supported for wireless interfaces. Kali Linux supports as many wireless devices as possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.

Custom kernel, patched for injection — As penetration testers, we often need to do wireless assessments and testing, so our kernel has the latest injection patches.

Advantages :

1. Advanced Penetration Testing tools: In Kali Linux, more than 500+ advanced Penetration Testing tools are included. The tools of BackTrack Linux which are not up to the mark or repeated in many ways has been replaced in the Kali Linux system with advanced Penetration testing tools.
2. Free Linux tools: The Kali Linux system is totally free like the BackTrack Linux and will always offer its users free lifetime services. This is a huge plus factor that forces people to use this system.
3. Support: Kali address to the File-system Hierarchy Standard, allowing Linux users to easily locate binaries, support files, libraries, etc. This is the very important feature of the Kali Linux that makes it stand out among the other Linux systems.

Disadvantages :

1. KALI is not as easy to use, because it’s penetration oriented, and it doesn’t spoon-feed either.
2. KALI is not exactly the most search (as in research), and training oriented Linux. You need to find and see Wiki sources
3. In the process of using KALI for NORMAL, you may Trash some of KALI’s specialized settings for its own security.

Parrot OS

Parrot Linux (Parrot Security, parrot OS, Parrot GNU/Linux) is a free and open-source GNU/Linux distribution based on Debian Testing designed for security experts, developers, and privacy-aware people. When I say Debian based, it means that the code repositories adhere to Debian development standards. It includes a full portable arsenal for IT security and digital forensics operations, but it also includes everything you need to develop your own programs or protect your privacy while surfing the net. The operating system ships with the MATE desktop environment preinstalled and is available in several flavours to fit your needs.

Advantages :

1. Secure — It is always updated, frequently released and fully sandboxed! Everything is under our complete control.
2. Free — It is free and open-source, we can view source code and customize it as per our requirements.
3. Lightweight — This Operating system has proven to be extremely lightweight and run surprisingly fast even on very old hardware or with very limited resources.

Disadvantages :

1. it’s not as beginner-friendly as Kali Linux and it doesn’t come with as many tools.
2. Parrot OS is more of a use case-specific distribution where you’re looking for something more lightweight than Kali Linux.
3. Not minimalistic out of the box, although that can be changed with a few GUI tweaks

BackBox

Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories that are constantly updated to the latest stable version of the most popular and best known ethical hacking tools. Additionally, BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.

Advantages :

1. BackBox Linux ships with over 70 powerful programs such as Wireshark, Metasploit/Armitage, and Crunch, among others.
2. Desktop Environment uses XFCE which is lighter than other desktop environments such as GNOME, MATE, and UNITY.
3. BackBox’s Launchpad repository core is especially compelling, as it constantly updates to the latest stable versions of major pentesting/ethical hacking tools.
4. BackBox is based on Ubuntu and Debian Linux distros, respectively; additional extensibility can be easily built-in at the operator’s discretion.

Disadvantages :

1. Documentation of issues occurring in BackBox is lacklustre compared to Kali and Parrot OS
2. The desktop permissions are in the user. Any user who wants to install, open, and edit desktop apps must use root access first.
3. Steep learning curve

Conclusion :

I hope you got a clear idea about the various distros and how they stack up against each other. I discussed pretty much everything about both the operating systems in a detailed manner. But selecting an operating system is based on your taste and choice, if you have a low specification system I would highly recommend going with Parrot Sec OS on BackBox. other than that go with Kali as it is one of the most beginner-friendly platforms for hackers.

Any of the above distros will work on virtual machines without much hassle. If you are unable to install them, stay tuned to our YouTube page, we have more tutorials coming soon!

Want to know more? Join our discord server for more info! : https://discord.io/bugbase

BugBase is India’s first consolidated platform for companies to host crowdsourced bug bounty programs that can be reached out to by ethical hackers and develop a security enthusiasts community all over the country.

Our website: https://bugbase.in/