10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

1. BackTrack

The newest contender on the block of course is BackTrack, which we have spoken about previously. An innovative merge between WHax and Auditor (WHax formely WHoppix).

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions Whax and Auditor, combining the best features from both distributions, and paying special attention to small details, this is probably the best version of either distributions to ever come out.

Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

Get BackTrack Here.

2. Operator

Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).

Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.

Get Operator Here


PHLAK or [P]rofessional [H]acker’s [L]inux [A]ssault [K]it is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf.

Mainly based around Penetration Testing, PHLAK is a must have for any pro hacker/pen-tester.

Get PHLAK Here (You can find a PHLAK Mirror Here as the page often seems be down).

4. Auditor

Auditor although now underway merging with WHax is still an excellent choice.

The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Get Auditor Here

5. L.A.S Linux

L.A.S Linux or Local Area Security has been around quite some time aswell, although development has been a bit slow lately it’s still a useful CD to have. It has always aimed to fit on a MiniCD (180MB).

Local Area Security Linux is a ‘Live CD’ distribution with a strong emphasis on security tools and small footprint. We currently have 2 different versions of L.A.S. to fit two specific needs – MAIN and SECSERV. This project is released under the terms of GPL.

Get L.A.S Linux Here

6. Knoppix-STD

Horrible name I know! But it’s not a sexually trasmitted disease, trust me.

STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. Its sole purpose in life is to put as many security tools at your disposal with as slick an interface as it can.

Get Knoppix-STD Here

7. Helix

Helix is more on the forensics and incident response side than the networking or pen-testing side. Still a very useful tool to carry.

Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics.

Get Helix Here

8. F.I.R.E

A little out of date, but still considered the strongest bootable forensics solution (of the open-source kind). Also has a few pen-testing tools on it.

FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment.

Get F.I.R.E Here

9. nUbuntu

nUbuntu or Network Ubuntu is fairly much a newcomer in the LiveCD arena as Ubuntu, on which it is based, is pretty new itself.

The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution. nUbuntu is the result of an idea two people had to create a new distribution for the learning experience.

Get nUbuntu Here

10. INSERT Rescue Security Toolkit

A strong all around contender with no particular focus on any area (has network analysis, disaster recovery, antivirus, forensics and so-on).

INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM.

The current version is based on Linux kernel and Knoppix 4.0.2


Extra – Knoppix

Remember this is the innovator and pretty much the basis of all these other distros, so check it out and keep a copy on you at all times!

Not strictly a security distro, but definately the most streamlined and smooth LiveCD distribution. The new version (soon to be released – Knoppix 5) has seamless NTFS writing enabled with libntfs+fuse.

KNOPPIX is a bootable CD or DVD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk.

Get Knoppix Here

Other Useful Resources:

FrozenTech LiveCD List

Others to consider (Out of date or very new):

Network Security Toolkit

New ones added from authors e-mail/slashdotters and diggers:

The Gentoo Forensic Toolkit

Digg This Article

Posted in: Hacking Tools, Networking Hacking Tools

, , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

47 Responses to 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

  1. Janel March 14, 2006 at 11:21 pm #

    INSERT also installs on USB thumb drives, though not very easily. I ordered one pre-installed from http://linuxusb.nfshost.com/ and it works great (though not on some of the older computers I’ve tried). Great for quickly bypassing security on computers. -Janel

  2. AF-Geek March 15, 2006 at 1:18 am #

    I also like “Auditor” at http://www.remote-exploit.org/index.php/Auditor

    Thanks for the great listing. Time to use up some downloading bandwidth!


  3. Darknet March 15, 2006 at 2:44 am #

    Janel: Thanks I might edit that in, haven’t tried it on USB.

    AF-Geek: Auditor is there at number 4 :) Even though it’s merged with WHax they are still both great on their own.

  4. JB March 15, 2006 at 6:13 am #

    I have used both Auditor and Helix, with great results from both. I will have to check out the rest of these recommendations, especially BackTrack.

  5. Ivan Minic March 15, 2006 at 8:01 am #

    Wow… Thanks for this :)

  6. TP March 15, 2006 at 9:45 am #

    Where is OpenBSD???

  7. freak March 15, 2006 at 9:55 am #

    my e-penis is bigger/better than yours!! thats all this article is. its like comparing vi to emacs, or slackware to redhat. there is no ‘better’ they all have/lack something that the others do not. just list the pros/cons and let the end user decide which best suites his/her needs. then there is less likely a chance of a flame way.

  8. piercedfreak March 15, 2006 at 9:57 am #

    why not just roll your own. the scripts are everywhere, and you can be sure there isnt a hidden rootkit in the installer, or apps, plus you can make sure it has the tools you know how to use, and will need, instead of having to deal with pico, if you are a emacs person, or vi, and what not.

  9. Fred March 15, 2006 at 11:10 am #

    OpenBSD live cd =


  10. Joe March 15, 2006 at 11:24 am #

    Great synopsis of these tools. Thanks for gathering it all together.

  11. John Doe March 15, 2006 at 11:39 am #

    Most certainly not the top 10, but here’s one which should have been added…


  12. John Smith March 15, 2006 at 12:40 pm #


  13. JD March 15, 2006 at 12:45 pm #

    To all the people asking why the OpenBSD Live CD isn’t included :

    Does using OpenBSD damage your eyes or something? Look at the big bold letters at the top of this page – this is about Live CDs used for security testing and not about how secure the Live CDs are. I checked out OliveBSD and I didn’t see a single security auditing package included.

    Thank you wasting my time – keep up the excellent advocacy work.

  14. obaid March 15, 2006 at 3:36 pm #


  15. tankgrrl March 15, 2006 at 4:30 pm #

    Not for pentesting, but good for investigations:

    Anonym.OS BSD Live CD

  16. antifreak March 15, 2006 at 5:26 pm #

    Yeah, freak(s)…just shut it. Darknet put this all together for people who appreciate it. If you don’t…then ‘roll your own’ e-penis. Many of us don’t have time to track down all the scripts, compare versions, and put it all together.

    Thanks, Dark, mucho appreciated from this side…

  17. Hackbird March 16, 2006 at 7:18 am #

    I tested BackTrack in and out. The basic idea and concept is really great. Since it’s just a beta version it’s not too stable. But anyway, a terrific toolset one couldn’t avoid!

  18. Rubén March 16, 2006 at 4:25 pm #

    OpenBSD is not GNU/Linux.

    So, the term ‘distro’ is usually used to GNU/Linux.

  19. SiD3WiNDR March 19, 2006 at 10:27 am #

    You may also want to check out lnx4n6 (Linux Forensics) created by the Belgian Federal Computer Crime Unit.

  20. SwordlessSamuri March 27, 2006 at 4:54 am #

    BackTrack Rocks, altough there is some wireless bug’s… but all else is A-ok… Knoppix STD is out of date, and PHLAK has old packages…

  21. Paul May 15, 2006 at 11:53 am #

    All 10 distros are available on one DVD:
    http://www.securedvd.org/ sdfsdfasd

  22. jac0b July 6, 2006 at 6:02 pm #

    just bump into your site. its a good article. a well compiled reference.

  23. Joe July 22, 2006 at 8:08 pm #

    Becareful. Backtrak is great, but on some laptops it does not control the fans well and will burn them up. Compaq/HP NW and NC series especially.

  24. ozgur January 12, 2007 at 4:41 am #

    I tried SecureDVD. It is great…but…
    4th and 8th distros don’t work!

  25. Steve March 5, 2007 at 8:38 pm #

    Great write up. I really like BackTrack myself. You’ll have to update this in a year when other distros have been created!


  26. SiD3WiNDR March 7, 2007 at 8:38 pm #

    Heh, it’s actually been just about a year since this was posted ;-)

  27. kolli March 11, 2007 at 1:55 pm #

    Great write up. I really like BackTrack myself. You’ll have to update this in a year when other distros have been created!

  28. Oyun July 13, 2007 at 8:47 pm #

    Good document.thanks

  29. tek se7en December 12, 2007 at 9:58 am #

    pen-test live cd’s + crappy old laptop = easily disposable evidence…

  30. Sir Henry December 15, 2007 at 6:22 pm #

    I would be interested to see your updated list for this year. After the bumps in the road for the guys developing nUbuntu, I would wonder where it would end up on your list now.

  31. Nick January 29, 2008 at 6:09 pm #

    Very usefull article.Wait for new things!!!

  32. Mada R Perdhana March 31, 2008 at 3:02 am #

    May be you might see my forensic distro Stagos FSE (Forensics Suite Edition) on my site.

    See you, there!

  33. James C March 31, 2008 at 7:38 pm #

    @ Mada R Perdhana
    Your site seem’s down?

  34. Pantagruel March 31, 2008 at 9:02 pm #

    @James C

    The site was up this afternoon, perhaps he’s doing some updates, slashdotted seems unlikely.

  35. Mada R Perdhana April 3, 2008 at 3:37 am #

    @James C

    I’m sorry for the inconvenience, the hosting server looks like have a trouble with their server.

    if you like you could download Stagos FSE from http://www.forensicfocus.com or
    download directly from my campus server

    best regards,
    Mada R Perdhana

  36. Allan May 6, 2008 at 10:16 pm #

    I’ve become a big big big fan of grml (http://grml.org/). Based on Debian, it has the hardware detection capability of Knoppix without the extra weight of OpenOffice, KDE, etc. It’s “for sysadmins / texttool-users / geeks” but X is included (and runs great).

  37. travesti May 28, 2008 at 11:22 pm #

    I have used both Auditor and Helix, with great results from both. I will have to check out the rest of these recommendations, especially BackTrack
    yes …

  38. razta May 29, 2008 at 9:45 am #

    Ive tried knoppix and backtrack, both great live cds! Theres a good windows boot cd, more of a recovery cd than security, however still a mint cd to have! “UBCD for Win” http://www.ubcd4win.com

  39. Giuseppe June 1, 2008 at 5:31 pm #

    I need to crack a Wifi with a Wep Key. I tried Russix but it seems to not work with my Laptop that is: Fujitsu Siemens Amilo Pro V3205.. Somebody knows a Live cd or a software suitable for that Laptop?

  40. zupakomputer July 6, 2008 at 10:09 pm #

    Anyone know a boot code / cheat code (or method) to get Knoppix ‘orrible name STD to boot from a SATA optical drive?

    It doesn’t scan at boot for SATA opticals, and I get the ‘can’t find filesystem’ error –

    gave the codes to look for files directly a go & also to ignore hardware at bootup, just in case they worked, but nah they don’t.

    Can I mount the optical drive from the limited shell (which is probably as cumbersome anyway as looking at the contents directly from within another OS)? Or do I just have to plug in an IDE optical and use that (ie – there’s just no SATA optical support)?

    1….2….3…..4 pingu’s!

  41. zupakomputer July 7, 2008 at 3:17 pm #

    Nobody knows yet………

    I’m using it justnow, on my older PC! Boots fine there, & I can use dialup to get online. This is so cool. I didn’t know these distros were like full OSs I thought they were just disk lists of tools.

    When it works, there is but one pingu.

  42. _a13x_ July 29, 2008 at 5:58 am #

    how about hex http://www.rawpacket.org

  43. lyz August 15, 2008 at 9:24 am #

    @ _a13x_

    Darknet highlighted this tool on the latest post.

    Look –> https://www.darknet.org.uk/2008/08/rawpacket-hex-network-security-monitoring-analysis-livecd/

  44. Morgan Storey August 16, 2008 at 10:03 am #

    @zukakomputer: Unfortunately the base that STD was built on is simply too old. Pre the large emergence of SATA. You will have to wait as the rest of have for a new version… whenever that is.

  45. Nic November 5, 2008 at 9:03 am #

    Very usefull article.Wait for new things!!!

  46. SUPREMO March 6, 2009 at 12:47 am #

    These are great tools but I have found that ophcrack which can be downloaded from sourceforge is easy to use and very effective for recovering windows xp and vista usernames+passwords or even rainbow crack is good too.

  47. XXX April 6, 2009 at 9:40 am #

    there are backtrack Virtual image available………

    contact me if u want…..