14 March 2006 | 1,136,297 views

10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

Check Your Web Security with Acunetix

1. BackTrack

The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Get BackTrack Here.

2. Operator

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Get Operator Here

3. PHLAK

PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.

Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.

Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).

4. Auditor

Auditor although now underway merging with WHax is still an excellent choice.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Get Auditor Here

5. L.A.S Linux

L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).

Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.

Get L.A.S Linux Here

6. Knoppix-STD

Horrible name I know! But it’s not a sexually trasmitted disease, trust me.

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Get Knoppix-STD Here

7. Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Get Helix Here

8. F.I.R.E

A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Get F.I.R.E Here

9. nUbuntu

nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Get nUbuntu Here

10. INSERT Rescue Security Toolkit

A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).

INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.

The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2

Get INSERT Here

Extra – Knoppix

Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!

Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.

KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.

Get Knoppix Here

Other Useful Resources:

SecurityDistros
FrozenTech LiveCD List
DistroWatch

Others to consider (Out of date or very new):

SlackPen
ThePacketMaster
Trinux
WarLinux
Network Security Toolkit
BrutalWare
KCPentrix
Plan-B
PENToo

New ones added from authors e-mail/slashdotters and diggers:

Arudius
The Gentoo Forensic Toolkit
Anonym-OS

Digg This Article



Recent in General Hacking:
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool

Related Posts:
- nUbuntu Development Kicking Off Again – Security LiveCD
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking
- SecureDVD – Multiboot Live Security Distro’s

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,136,297 views
- Hack Tools/Exploits - 579,871 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 413,489 views

Low-cost VPS Hosting

114 Responses to “10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)”

  1. Janel 14 March 2006 at 11:21 pm Permalink

    INSERT also installs on USB thumb drives, though not very easily. I ordered one pre-installed from http://linuxusb.nfshost.com/ and it works great (though not on some of the older computers I’ve tried). Great for quickly bypassing security on computers. -Janel

  2. AF-Geek 15 March 2006 at 1:18 am Permalink

    I also like “Auditor” at http://www.remote-exploit.org/index.php/Auditor

    Thanks for the great listing. Time to use up some downloading bandwidth!

    Dugg!

  3. Darknet 15 March 2006 at 2:44 am Permalink

    Janel: Thanks I might edit that in, haven’t tried it on USB.

    AF-Geek: Auditor is there at number 4 :) Even though it’s merged with WHax they are still both great on their own.

  4. JB 15 March 2006 at 6:13 am Permalink

    I have used both Auditor and Helix, with great results from both. I will have to check out the rest of these recommendations, especially BackTrack.

  5. Ivan Minic 15 March 2006 at 8:01 am Permalink

    Wow… Thanks for this :)

  6. TP 15 March 2006 at 9:45 am Permalink

    Where is OpenBSD???

  7. freak 15 March 2006 at 9:55 am Permalink

    my e-penis is bigger/better than yours!! thats all this article is. its like comparing vi to emacs, or slackware to redhat. there is no ‘better’ they all have/lack something that the others do not. just list the pros/cons and let the end user decide which best suites his/her needs. then there is less likely a chance of a flame way.

  8. piercedfreak 15 March 2006 at 9:57 am Permalink

    why not just roll your own. the scripts are everywhere, and you can be sure there isnt a hidden rootkit in the installer, or apps, plus you can make sure it has the tools you know how to use, and will need, instead of having to deal with pico, if you are a emacs person, or vi, and what not.

  9. Fred 15 March 2006 at 11:10 am Permalink

    OpenBSD live cd =

    OliveBSD

  10. Joe 15 March 2006 at 11:24 am Permalink

    Great synopsis of these tools. Thanks for gathering it all together.

  11. John Doe 15 March 2006 at 11:39 am Permalink

    Most certainly not the top 10, but here’s one which should have been added…

    http://g.paderni.free.fr/olivebsd/

  12. John Smith 15 March 2006 at 12:40 pm Permalink

    OpenBSD

  13. JD 15 March 2006 at 12:45 pm Permalink

    To all the people asking why the OpenBSD Live CD isn’t included :

    Does using OpenBSD damage your eyes or something? Look at the big bold letters at the top of this page – this is about Live CDs used for security testing and not about how secure the Live CDs are. I checked out OliveBSD and I didn’t see a single security auditing package included.

    Thank you wasting my time – keep up the excellent advocacy work.

  14. obaid 15 March 2006 at 3:36 pm Permalink

    lol

  15. tankgrrl 15 March 2006 at 4:30 pm Permalink

    Not for pentesting, but good for investigations:

    Anonym.OS BSD Live CD

  16. antifreak 15 March 2006 at 5:26 pm Permalink

    Yeah, freak(s)…just shut it. Darknet put this all together for people who appreciate it. If you don’t…then ‘roll your own’ e-penis. Many of us don’t have time to track down all the scripts, compare versions, and put it all together.

    Thanks, Dark, mucho appreciated from this side…

  17. Hackbird 16 March 2006 at 7:18 am Permalink

    I tested BackTrack in and out. The basic idea and concept is really great. Since it’s just a beta version it’s not too stable. But anyway, a terrific toolset one couldn’t avoid!

  18. Rubén 16 March 2006 at 4:25 pm Permalink

    OpenBSD is not GNU/Linux.

    So, the term ‘distro’ is usually used to GNU/Linux.

  19. SiD3WiNDR 19 March 2006 at 10:27 am Permalink

    You may also want to check out lnx4n6 (Linux Forensics) created by the Belgian Federal Computer Crime Unit.

  20. SwordlessSamuri 27 March 2006 at 4:54 am Permalink

    BackTrack Rocks, altough there is some wireless bug’s… but all else is A-ok… Knoppix STD is out of date, and PHLAK has old packages…

  21. Paul 15 May 2006 at 11:53 am Permalink

    All 10 distros are available on one DVD:
    http://www.securedvd.org/ sdfsdfasd

  22. jac0b 6 July 2006 at 6:02 pm Permalink

    just bump into your site. its a good article. a well compiled reference.

  23. Joe 22 July 2006 at 8:08 pm Permalink

    Becareful. Backtrak is great, but on some laptops it does not control the fans well and will burn them up. Compaq/HP NW and NC series especially.

  24. ozgur 12 January 2007 at 4:41 am Permalink

    I tried SecureDVD. It is great…but…
    4th and 8th distros don’t work!

  25. Steve 5 March 2007 at 8:38 pm Permalink

    Great write up. I really like BackTrack myself. You’ll have to update this in a year when other distros have been created!

    _Steve

  26. SiD3WiNDR 7 March 2007 at 8:38 pm Permalink

    Heh, it’s actually been just about a year since this was posted ;-)

  27. kolli 11 March 2007 at 1:55 pm Permalink

    Great write up. I really like BackTrack myself. You’ll have to update this in a year when other distros have been created!

  28. Oyun 13 July 2007 at 8:47 pm Permalink

    Good document.thanks

  29. tek se7en 12 December 2007 at 9:58 am Permalink

    pen-test live cd’s + crappy old laptop = easily disposable evidence…

  30. Sir Henry 15 December 2007 at 6:22 pm Permalink

    I would be interested to see your updated list for this year. After the bumps in the road for the guys developing nUbuntu, I would wonder where it would end up on your list now.

  31. Nick 29 January 2008 at 6:09 pm Permalink

    Very usefull article.Wait for new things!!!

  32. Mada R Perdhana 31 March 2008 at 3:02 am Permalink

    May be you might see my forensic distro Stagos FSE (Forensics Suite Edition) on my site.

    See you, there!

  33. James C 31 March 2008 at 7:38 pm Permalink

    @ Mada R Perdhana
    Your site seem’s down?

  34. Pantagruel 31 March 2008 at 9:02 pm Permalink

    @James C

    The site was up this afternoon, perhaps he’s doing some updates, slashdotted seems unlikely.

  35. Mada R Perdhana 3 April 2008 at 3:37 am Permalink

    @James C

    I’m sorry for the inconvenience, the hosting server looks like have a trouble with their server.

    if you like you could download Stagos FSE from http://www.forensicfocus.com or
    download directly from my campus server
    http://lab.akakom.org/~mada/stagos

    best regards,
    Mada R Perdhana

  36. Allan 6 May 2008 at 10:16 pm Permalink

    I’ve become a big big big fan of grml (http://grml.org/). Based on Debian, it has the hardware detection capability of Knoppix without the extra weight of OpenOffice, KDE, etc. It’s “for sysadmins / texttool-users / geeks” but X is included (and runs great).

  37. travesti 28 May 2008 at 11:22 pm Permalink

    I have used both Auditor and Helix, with great results from both. I will have to check out the rest of these recommendations, especially BackTrack
    yes …

  38. razta 29 May 2008 at 9:45 am Permalink

    Ive tried knoppix and backtrack, both great live cds! Theres a good windows boot cd, more of a recovery cd than security, however still a mint cd to have! “UBCD for Win” http://www.ubcd4win.com

  39. Giuseppe 1 June 2008 at 5:31 pm Permalink

    I need to crack a Wifi with a Wep Key. I tried Russix but it seems to not work with my Laptop that is: Fujitsu Siemens Amilo Pro V3205.. Somebody knows a Live cd or a software suitable for that Laptop?

  40. zupakomputer 6 July 2008 at 10:09 pm Permalink

    Anyone know a boot code / cheat code (or method) to get Knoppix ‘orrible name STD to boot from a SATA optical drive?

    It doesn’t scan at boot for SATA opticals, and I get the ‘can’t find filesystem’ error –

    gave the codes to look for files directly a go & also to ignore hardware at bootup, just in case they worked, but nah they don’t.

    Can I mount the optical drive from the limited shell (which is probably as cumbersome anyway as looking at the contents directly from within another OS)? Or do I just have to plug in an IDE optical and use that (ie – there’s just no SATA optical support)?

    1….2….3…..4 pingu’s!

  41. zupakomputer 7 July 2008 at 3:17 pm Permalink

    Nobody knows yet………

    I’m using it justnow, on my older PC! Boots fine there, & I can use dialup to get online. This is so cool. I didn’t know these distros were like full OSs I thought they were just disk lists of tools.

    When it works, there is but one pingu.

  42. _a13x_ 29 July 2008 at 5:58 am Permalink

    how about hex http://www.rawpacket.org

  43. lyz 15 August 2008 at 9:24 am Permalink

    @ _a13x_

    Darknet highlighted this tool on the latest post.

    Look –> http://www.darknet.org.uk/2008/08/rawpacket-hex-network-security-monitoring-analysis-livecd/

  44. Morgan Storey 16 August 2008 at 10:03 am Permalink

    @zukakomputer: Unfortunately the base that STD was built on is simply too old. Pre the large emergence of SATA. You will have to wait as the rest of have for a new version… whenever that is.

  45. Nic 5 November 2008 at 9:03 am Permalink

    Very usefull article.Wait for new things!!!

  46. SUPREMO 6 March 2009 at 12:47 am Permalink

    These are great tools but I have found that ophcrack which can be downloaded from sourceforge is easy to use and very effective for recovering windows xp and vista usernames+passwords or even rainbow crack is good too.

  47. XXX 6 April 2009 at 9:40 am Permalink

    there are backtrack Virtual image available………

    contact me if u want…..