Operating systems for hacking

11 min readMar 31, 2021


Collecting your collection of hacker tools is excellent, but now it is customary to take one of the specialized distributions as a basis. Usually it is Kali Linux, but we will consider not only it, but also other operating systems for hacking (pentest), sometimes no less effective, and in some areas more useful.

There are many operating systems for hacking. Some are popular, others are not very, but they all aim to give the hacker a convenient, universal and reliable tool for all occasions. Most of the programs in such castomized assemblies will never be used by the average hacker, but they are added for status ponts.

Best operating systems for hacking

Today we will try to review most interesting distributions for hackers, both popular and undeservedly forgotten.


First release: 2003

Based on: Fedora

Platforms: x64

Graphics Shell: MATE

Let’s start with a little-known, but therefore no less interesting distribution. NST (Network Security Toolkit) is based on Fedora and is designed for network attacks. The interface is based on MATE, which causes a feeling of beginning zero.

The kit includes several dozen of the most important tools, mainly network scanners, customers for all kinds of services and various kinds of traffic interceptors. But there is not enough utility, such as masscan, and even banal aircrack, although airsnort is available.

Most of the tools are in the Internet folder

You can find the most goodies in the Applications → Internet folder. Here we have Angry IP Scanner, written, by the way, in Java, and Ettercap, and even OWASP ZAP.

There is a good collection of modules for all kinds of spoofing and scanning at the netwag package. In fact, he showed himself well, it’s a pity only, not very convenient and terribly outdated.

In general, everyone who misses the ancient interface and familiar tools is recommended.


First release: 2013

Based on: Debian

Platforms: x86, x64, ARM, VirtualBox

Graphics Shell: Xfce

As you certainly know, Kali Linux is one of the most distributed distributions for hackers, and it would be strange if we did not write about it. Even schoolchildren know about it, and since relatively recently it has been available as an application directly from the Microsoft Store.

Of course, accessibility is an undeniable plus, but the system is slightly overloaded with a set of tools (although not as much as BlackArch), moreover, some of them from the box work crooked or do not work at all.

Fool protection in Kali is also not provided. As practice shows, not all users understand that you should not make this system the main one. From the core to the shell, it was created and optimized for combat missions on the fronts of the IB and is poorly suited for calm daily work. Many mechanisms needed in everyday life are simply absent there, and an attempt to install them will most likely cause failures in the normal operation of the OS if it does not completely disable it.

In short, Kali as matches is a powerful thing in skillful hands, it is easy to get, but children are better not to give. It is not possible to cover all possible official and unofficial utilities at once (and for a moment, more than 600 of them) of this system, if only because new and new modules, frameworks, utilities and other pribambas are constantly appearing.

Kali is designed for a wide range of tasks, but the main one is attacks in a network environment, for example, finding vulnerabilities in web applications and gaining access to wireless networks. As an heir to BackTrack, Kali is generally well suited for working with wireless communication channels, especially WiFi.

Testing for the strength of remote hosts is also possible using, for example, Metasploit, but it is the core and a significant part of the tools that focus on working with WiFi.

Of the advantages, I note the presence in the regular supply of a large number of dictionaries for various attacks, not only on WiFi, but also on accounts on the Internet and on network services.

For even greater usability, the official website offers a version of the distribution for virtual machines, because when hacking it is much more reasonable to use the system without installation — few people will later dig into your company!

The verdict is this: if you can use it — a cool thing, but do not think to show it to the child.


First release: 2005

Based on: Ubuntu

Platforms: x86

Graphics Shell: LXDE

The homeland of DEFT is sunny Italy, and it is generously, like pizza cheese, sprinkled with a variety of tools for exploration and hacking. At the same time, they are not attached to the distribution with blue insulation, but are quite harmoniously built into it. All together resembles an interesting and useful Swiss knife in life.

Developed DEFT on the Lubuntu platform and is equipped with a convenient graphical interface. The product includes a set of profile utilities, starting with antiviruses, browser cache search systems, network scanners and other utilities, and ending with computer forensics tools that are necessary when searching for hidden information on disk.

Using this OS, it will not be difficult to access erased, encrypted or corrupted data on various types of physical media.

The main tools are hidden in the DEFT section, which, in turn, is in some kind of Start menu.

Initially, this distribution was intended for the needs of the network police and specialists in responding to incidents in the field of IB, so another strength of DEFT is competitive intelligence, including an analysis of the relationships of social networks accounts.

There is even an interesting utility for detecting the geolocation of a given LinkedIn or Twitter account. I could not check how effectively it works at the moment, but it manages to determine the affiliation of the account with the country and the city.

Unlike Kali Linux, DEFT has fool protection built in. Without proper training, almost no tool can simply be launched, and without a deep understanding of the work of protective mechanisms, there is nothing to do at all.

Literally every application or option requires root rights, so do not rush to start all in a row or create a non-privileged user.

I also discovered a “gift”: several repositories from which DEFT takes updates are closed with keys. For a couple of days I rumbled through the forums until I found where to request the data, and the keys themselves were also found.

As a result, this system is good for forensics (computer forensics) and incident investigation, especially if there is physical access to information media — be it a disk, flash drive or smartphone (hacker, boss, employee, competitor, wife, mistress, her father — the need to emphasize).


First release: 2018

Based on: Ubuntu

Platforms: x86 (partially), x64

Graphics Shell: MATE

This distribution is not very well known in the circles of IB specialists at all — perhaps because of its youth. However, Tsurugi is a brainchild born by the joint efforts of the creators of DEFT and Kali. What came of it? Let’s find out!

Tsurugi (this word means two-handed Japanese sword) is based on Ubuntu, MATE is used as the GUI. It is designed more for forensics or OSINT than for pentest, but its tools, like some features, allow you to use it in this direction. Initially, the system is delivered in live image mode, but if desired, you can perform a permanent installation.

Once logged in, we see a simple GUI, prudently hung on all sides by widgets of processor load rates, hard drives, RAM, network speed, and more.

Yes, the hand of the creators of Kali is quite noticeable here. The abundance of pre-installed tools, which are not always needed, is immediately striking. At the same time, the system interface looks more than minimalistic and compact. But the logic of the security system, like working with the web or protecting against tracking, is based on the best practices of DEFT.

The entire main arsenal is located in Applications → TSURUGI.

Here are both image work, malware analysis, and data recovery, and, as mentioned, a set of utilities for OSINT.

It is worth bearing in mind that this OS, like Kali, does not have protection against hand curves. It is suitable for those who have good Linux skills and act prudently and thoughtfully. Like the sharp Japanese sword!

Extensive tools allow you to use the system as a multitool for a wide range of tasks. Although Tsurugi smacks a little on Kali, there are still serious differences. Despite the fact that some of the utilities, like Kali, work incorrectly or do not work at all, the percentage of problematic tools here is much less, and it is clear that someone cares about it.

If for some reason you do not want to use Kali, then Tsurugi will become a worthy tool in your set of the best hacker operating systems.


First release: 2013

Based on: Debian

Platforms: x86, x64, ARM

Graphics Shell: MATE

This beautiful Linux hacker distribution is based on Debian and developed by the Frozenbox team specifically for computer system security tests, search and assessment of various vulnerabilities.

What’s inside? The same MATE is here as the desktop environment. The experience of using (subjectively) is pleasant.

From the top, in the Application section, you will find the Anon Surf utility. One of the features of Parrot is that some anonymization tools are pre-installed in it, and when Anonsurf Start is selected, all system traffic will be redirected through Tor. In the same section, it is possible to use the DNS of the OpenNIC project — this is a non-national alternative to top-level domain registers. You can also check the current external IP by selecting Check IP.

The second section is Cryptography. Here you should pay attention to the GPA utility — this is the graphical interface of the GnuPG program, designed to encrypt information and create electronic digital signatures. This is essentially an alternative to PGP encryption. And if you need GPG, then at hand will be the utility zuluCrypt — an analogue of VeraCrypt, which allows you to encrypt folders, partitions, flash drives, etc.

The next (and most interesting) section is Parrot. It contains exactly those utilities for testing the security of computer systems, because of which this OS was included in the review “Best operating systems for a hacker.” Many of the utilities presented are already known to us by Kali Linux, but there are also unique ones.

For more information, see the Internet tab. Here we see the pre-installed Tor Browser and the Electrum bitcoin wallet, as well as the XSSer utility, a framework for detecting and operating XSS vulnerabilities in web applications. There is a Claws Mail mail client, it is a full-fledged mail client with GPG encryption support. The bonus is Ricochet IM — a decentralized anonymous messenger working through the Tor network.

This is perhaps all the features of Parrot Security OS that I would like to talk about. As you can see, Parrot OS is not only suitable for penetration tests, it can also serve as an OS for daily use by those who know why they need it.

Parrot seemed to me to be a high-quality and convenient hacker operating system. It’s nice to work with a system where you don’t have to fix tools first.


First release: unknown

Based on: Arch

Platforms: x64

Graphics shell: missing, there are several desktop managers

BlackArch is the largest distribution in terms of image volume. The current version takes more than 14 GB! By the way, you can load, if desired, through a torrent, and there are always a lot of seats.

Appreciate the friendliness of the interface: if you managed to pump out this monster and start it, you need to enter a login and password, which you must read on the site in the installation instructions (this is root/blackarch, if anything). Apparently, they forgot about live users.

All applications are conveniently categorized in the blackarch submenu of the main menu. There are 49 categories in which there are tools for any case of life. Navigate the menu using the mouse, as in Windows? Oh, no, you can safely forget about the mouse in this distribution. Only keyboard, only hardcore! On the other hand, since you decided to contact * nix-systems and hacking, it’s foolish to count on something else.

As for the tools themselves, all popular and not very tools for hacking are presented here, including, of course, such iconic ones as Metasploit and BeEF XSS. To review all the tools of this truly huge set — the occupation is even more hopeless than in the case of Kali and Parrot. So I will walk along the top, and if you are interested, you will be able to delve into reading the documentation as much as you think necessary.

BlackArch does not hesitate to use Wine to run some “non-native” applications. As an example, mft2csv (in the screenshot above), which parses the NTFS file system MFT for further analysis. Java is also available (OpenJDK 14.0.1).

The terminal, as well as the overall graphical shell of the system, looks dull, but the versions of the software are relevant. On the one hand, it seems that they wanted to do as in a movie about hackers, on the other hand, the system is still quite humble, although it requires serious skills.

In general, if you are not ready to make your way through the minefield of configurations, arguments at the launch of software, googling for everyone and other charms of this cartoon — look towards Kali and Parrot, at least something can be done there without a desktop directory. To beginners BlackArch is more than unfriendly. And, clear stump, do not think to put it as the main one.


First release: 2010

Based on: Ubuntu

Platforms: x64

Graphics Shell: Xfce

And in the end, the last didstributive for hacking, standing apart from the rest. BackBox does not claim to be the best hacker cartoon, but it is the best fit for everyday use. The graphical shell here is Xfce, which minimizes the consumption of system resources. Two options are available from the site for download — ISO and Torrent. There is no image for virtual machines.

BackBox based on Ubuntu (more precisely, Xubuntu), which makes it convenient to use it as a home OS, in addition, a bunch of documentation and forums with answers to common questions are available on Ubuntu. There are no tweaks of the core, so no fraud will spoil anything. Such features make this duster an excellent choice for a novice pentester.

Not many tools are supplied from the box, only about 200 pieces, but for the first steps in information security is enough. Otherwise, BackBox is just Xubuntu with all its bugs fichas and features.

please everyone join my telegram channel :https://t.me/hackerwheel

please everyone join my youtube channel :https://www.youtube.com/channel/UCl10XUIb7Ka6fsq1Pl7m0Hg

Change the world




CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics