1. BackTrack
The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).
BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.
Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.
2. Operator
Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).
Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.
3. PHLAK
PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.
Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.
Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).
4. Auditor
Auditor although now underway merging with WHax is still an excellent choice.
The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.
5. L.A.S Linux
L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).
Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.
6. Knoppix-STD
Horrible name I know! But it’s not a sexually trasmitted disease, trust me.
STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.
7. Helix
Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.
Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.
8. F.I.R.E
A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.
9. nUbuntu
nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.
The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.
10. INSERT Rescue Security Toolkit
A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).
INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.
The current version is based on Linux kernel 2.6.12.5 and Knoppix 4.0.2
Extra – Knoppix
Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!
Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.
KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.
Other Useful Resources:
SecurityDistros
FrozenTech LiveCD List
DistroWatch
Others to consider (Out of date or very new):
SlackPen
ThePacketMaster
Trinux
WarLinux
Network Security Toolkit
BrutalWare
KCPentrix
Plan-B
PENToo
New ones added from authors e-mail/slashdotters and diggers:
Janel says
INSERT also installs on USB thumb drives, though not very easily. I ordered one pre-installed from http://linuxusb.nfshost.com/ and it works great (though not on some of the older computers I’ve tried). Great for quickly bypassing security on computers. -Janel
AF-Geek says
I also like “Auditor” at http://www.remote-exploit.org/index.php/Auditor
Thanks for the great listing. Time to use up some downloading bandwidth!
Dugg!
Darknet says
Janel: Thanks I might edit that in, haven’t tried it on USB.
AF-Geek: Auditor is there at number 4 :) Even though it’s merged with WHax they are still both great on their own.
JB says
I have used both Auditor and Helix, with great results from both. I will have to check out the rest of these recommendations, especially BackTrack.
Ivan Minic says
Wow… Thanks for this :)
TP says
Where is OpenBSD???
freak says
my e-penis is bigger/better than yours!! thats all this article is. its like comparing vi to emacs, or slackware to redhat. there is no ‘better’ they all have/lack something that the others do not. just list the pros/cons and let the end user decide which best suites his/her needs. then there is less likely a chance of a flame way.
piercedfreak says
why not just roll your own. the scripts are everywhere, and you can be sure there isnt a hidden rootkit in the installer, or apps, plus you can make sure it has the tools you know how to use, and will need, instead of having to deal with pico, if you are a emacs person, or vi, and what not.
Fred says
OpenBSD live cd =
OliveBSD
Joe says
Great synopsis of these tools. Thanks for gathering it all together.
John Doe says
Most certainly not the top 10, but here’s one which should have been added…
http://g.paderni.free.fr/olivebsd/
John Smith says
OpenBSD
JD says
To all the people asking why the OpenBSD Live CD isn’t included :
Does using OpenBSD damage your eyes or something? Look at the big bold letters at the top of this page – this is about Live CDs used for security testing and not about how secure the Live CDs are. I checked out OliveBSD and I didn’t see a single security auditing package included.
Thank you wasting my time – keep up the excellent advocacy work.
obaid says
lol
tankgrrl says
Not for pentesting, but good for investigations:
Anonym.OS BSD Live CD
antifreak says
Yeah, freak(s)…just shut it. Darknet put this all together for people who appreciate it. If you don’t…then ‘roll your own’ e-penis. Many of us don’t have time to track down all the scripts, compare versions, and put it all together.
Thanks, Dark, mucho appreciated from this side…
Hackbird says
I tested BackTrack in and out. The basic idea and concept is really great. Since it’s just a beta version it’s not too stable. But anyway, a terrific toolset one couldn’t avoid!
Rubén says
OpenBSD is not GNU/Linux.
So, the term ‘distro’ is usually used to GNU/Linux.
SiD3WiNDR says
You may also want to check out lnx4n6 (Linux Forensics) created by the Belgian Federal Computer Crime Unit.
SwordlessSamuri says
BackTrack Rocks, altough there is some wireless bug’s… but all else is A-ok… Knoppix STD is out of date, and PHLAK has old packages…
Paul says
All 10 distros are available on one DVD:
http://www.securedvd.org/ sdfsdfasd
jac0b says
just bump into your site. its a good article. a well compiled reference.
Joe says
Becareful. Backtrak is great, but on some laptops it does not control the fans well and will burn them up. Compaq/HP NW and NC series especially.
ozgur says
I tried SecureDVD. It is great…but…
4th and 8th distros don’t work!
Steve says
Great write up. I really like BackTrack myself. You’ll have to update this in a year when other distros have been created!
_Steve
SiD3WiNDR says
Heh, it’s actually been just about a year since this was posted ;-)
kolli says
Great write up. I really like BackTrack myself. You’ll have to update this in a year when other distros have been created!
Oyun says
Good document.thanks
tek se7en says
pen-test live cd’s + crappy old laptop = easily disposable evidence…
Sir Henry says
I would be interested to see your updated list for this year. After the bumps in the road for the guys developing nUbuntu, I would wonder where it would end up on your list now.
Nick says
Very usefull article.Wait for new things!!!
Mada R Perdhana says
May be you might see my forensic distro Stagos FSE (Forensics Suite Edition) on my site.
See you, there!
James C says
@ Mada R Perdhana
Your site seem’s down?
Pantagruel says
@James C
The site was up this afternoon, perhaps he’s doing some updates, slashdotted seems unlikely.
Mada R Perdhana says
@James C
I’m sorry for the inconvenience, the hosting server looks like have a trouble with their server.
if you like you could download Stagos FSE from http://www.forensicfocus.com or
download directly from my campus server
http://lab.akakom.org/~mada/stagos
best regards,
Mada R Perdhana
Allan says
I’ve become a big big big fan of grml (http://grml.org/). Based on Debian, it has the hardware detection capability of Knoppix without the extra weight of OpenOffice, KDE, etc. It’s “for sysadmins / texttool-users / geeks” but X is included (and runs great).
travesti says
I have used both Auditor and Helix, with great results from both. I will have to check out the rest of these recommendations, especially BackTrack
yes …
razta says
Ive tried knoppix and backtrack, both great live cds! Theres a good windows boot cd, more of a recovery cd than security, however still a mint cd to have! “UBCD for Win” http://www.ubcd4win.com
Giuseppe says
I need to crack a Wifi with a Wep Key. I tried Russix but it seems to not work with my Laptop that is: Fujitsu Siemens Amilo Pro V3205.. Somebody knows a Live cd or a software suitable for that Laptop?
zupakomputer says
Anyone know a boot code / cheat code (or method) to get Knoppix ‘orrible name STD to boot from a SATA optical drive?
It doesn’t scan at boot for SATA opticals, and I get the ‘can’t find filesystem’ error –
gave the codes to look for files directly a go & also to ignore hardware at bootup, just in case they worked, but nah they don’t.
Can I mount the optical drive from the limited shell (which is probably as cumbersome anyway as looking at the contents directly from within another OS)? Or do I just have to plug in an IDE optical and use that (ie – there’s just no SATA optical support)?
1….2….3…..4 pingu’s!
zupakomputer says
Nobody knows yet………
I’m using it justnow, on my older PC! Boots fine there, & I can use dialup to get online. This is so cool. I didn’t know these distros were like full OSs I thought they were just disk lists of tools.
When it works, there is but one pingu.
_a13x_ says
how about hex http://www.rawpacket.org
lyz says
@ _a13x_
Darknet highlighted this tool on the latest post.
Look –> https://www.darknet.org.uk/2008/08/rawpacket-hex-network-security-monitoring-analysis-livecd/
Morgan Storey says
@zukakomputer: Unfortunately the base that STD was built on is simply too old. Pre the large emergence of SATA. You will have to wait as the rest of have for a new version… whenever that is.
Nic says
Very usefull article.Wait for new things!!!
SUPREMO says
These are great tools but I have found that ophcrack which can be downloaded from sourceforge is easy to use and very effective for recovering windows xp and vista usernames+passwords or even rainbow crack is good too.
XXX says
there are backtrack Virtual image available………
contact me if u want…..