Linux Distros used by Security Professionals and Kali Linux Commands

6 min readJan 3, 2022

Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly given some interesting tasks, In my second task I was given was given to research and write a short note on different Linux Distros used by Security Professionals, and I feel like this is on of the thing that everyone should know about, so let’s start.

Kali Linux

Kali Linux is one of the most famous Linux distribution used by security professionals. This is Debian-based, open source distribution which is created and maintained by the “Offensive Security group”.

Kali Linux comes with over 600 pre-installed flexible tools that are frequently updated and specifically crafted for penetration testing, data forensics, security research and reverse engineering. It also comes with a forensic mode which you can enable from the boot menu, and will allow you to avoid any data changes in the system by disabling such network services. This is very helpful for pen testing and locating any weak points a company might have.

Some examples of tools in this are nikto, nmap, sqlmap, commix, etc.

Parrot OS

Parrot Security OS is another famous Linux Distribution used by security professionals. This is Debian-based, created and maintained by Frozenbox. It’s very lightweight, and provides great anonymity for hacking, and is excellent for pen testing, forensics, cryptography tasks and even software development.

While other distribution are designed strictly for pen testing and ethical hacking, Parrot OS Security is also a good choice if you merely want to surf the Internet while maintaining your privacy. Parrot Security OS has a cloud-friendly environment and features an encrypted system.

Some examples of tools in this are nmap, sqlmap, tor, etc

BackBox

BackBox is an Ubuntu-based OS best suited for penetration testing and assessing your computer’s security. It’s also called predecessor to Kali Linux. This is also a famous Linux distribution which is not based on Debian.

BackBox can be used to easily create an environment to perform security testing and simulate attacks. It’s also one of the fastest Linux distribution out there, and the tools offered include network analysis, application analysis, forensic analysis, exploitation and stress testing tools as well as vulnerability assessment, documentation and reporting.

Some examples of this tools in this are wireshark, tcpdump, sqlmap, etc.

BlackArch

BlackArch is the number one Linux distribution for security researchers when it comes to penetration testing. BlackArch doesn’t provide a desktop environment but a Window Manager. The many pen testing tools can be downloaded separately or in categories such as crackers, debuggers, anti-forensics, keyloggers, proxy, backdoors, sniffers, malware, fuzzers, disassemblers, wireless and others. There are more than 2000 tools pre-installed in this system.

Some examples of tools in this are amass, zmap, cyberscan, etc

DEFT Linux

DEFT stands for Digital Evidence and Forensic Toolkit — so the name itself implies the best possible use for this Linux distro. It’s built around DART and comes with many well-known forensic tools. DEFT Linux is built for running live systems without corrupting or altering the devices connected to the computer where booting occurs.

This is widely used by security professionals and is a staple among law enforcement agencies and military. DEFT Linux can boot up to two different modes, a GUI Mode and a text mode. Depending on those modes, it can either give you a command line interface or one with 2 different usage modes; a text mode and a GUI mode.

Some examples of tools in this are Autopsy, Recoll, RegRipper, etc.