Hackers as portrayed on the big screen are usually sitting hooded in front of a monitor with sleek, shiny black hat tools laid out on the screen. Though in reality such tools in past years were mostly CLI-based, a new generation of penetration testing (pen testing) and ethical hacking tools feature both slick UIs and powerful functionality for testing cyber security controls and posture. In this comparison, we'll look at two of the best: the Kali Linux and BackBox Linux pen testing and ethical hacking distros.

Table of contents

Pen Testing and Ethical Hacking 101

Pen testing should be a staple of every enterprise's ongoing security control validation measures. These activities use purpose-built tools to test systems, networks, and/or software/web applications for exploitable vulnerabilities. By using such tools for performing penetration tests and security assessments, admins and operators can effectively identify security weaknesses before cyber attackers do, using the same tools and methodologies.

Read our guide on penetration testing.

Kali Linux by Offensive Security

Maintained and funded by Offensive Security, Kali Linux is a Debian-based distro chock full of pre-installed security and pen testing tools—over 600 to date. Some examples include nmap, Wireshark, John The Ripper, BURP Suite, OWASP ZAP, and Aircrack-ng, among others. Check out our comparison of Netcat and Wireshark for protocol analysis —in this case, it comes packaged with Kali Linux.

Kali Linux desktop. Source: Offensive Security.



BackBox Linux

To both black and white-hat hackers alike, Ubuntu-based BackBox needs little introduction; the popular network and systems security analysis toolkit includes a suite of ethical hacking and security testing tools for a wide array of purposes: web application analysis, network analysis, stress testing, vulnerability assessment, computer forensic analysis and exploitation, and more.

BackBox Linux toolset. Source: Wikipedia.org.

A nifty feature of BackBox Linux is the Launchpad repository core. This integration updates the packages constantly to the latest versions of the most known/used ethical hacking tools from the open source community.

Side-By-Side Scoring: Kali Linux vs. BackBox Linux

1. Capability Set

Both distros come pre-loaded with a heap of powerful tools for performing security assessments. Kali Linux is preinstalled with over 600 penetration-testing programs, while BackBox Linux ships with over 70 powerful programs such as Wireshark, Metasploit/Armitage, and Crunch, among others. BackBox's Launchpad repository core is especially compelling, as it constantly updates to the latest stable versions of major pentesting/ethical hacking tools.

Capability Set Kali Linux BackBox Linux

2. Ease Of Use

Kali and BackBox both feature sleek GUIs, but Kali's distro takes the cake here for sheer coolness. There's no harm or foul in looking the part, and Kali definitely feels more l33t in this category.

Ease Of Use Kali Linux BackBox Linux

3. Community Support

Both distros are well-supported, with vast volumes of community support materials available online. Support from Kali Linux via Offensive Security is available for Kali Linux operating system and packaging issues, while donation-based BackBox offers a blog, forum, and wiki of its main site.

Community Support Kali Linux BackBox Linux

4. Security and Surface Attack Probability

Per the CVE database, Kali's Debian has 85 documented vulnerabilities in contrast to BackBox Ubuntu's whopping 422. Both are based on popular Linux distros, with Debian being the grandfather of the lot, and Ubuntu being Debian-based itself.

Security and Surface Attack Probability Kali Linux BackBox Linux

5. Release Rate

Both Kali and BackBox have excellent track records for updating their distros. Kali is currently at 2.0, released 2 months ago, while BackBox's 4.4 release was made available on October 12, 2015.

Release Rate Kali Linux BackBox Linux

6. Pricing And Support

BackBox is free and made available through community-based efforts. As such, no commercial support can be had. Kali is also free, but is developed and maintained by Offensive Security, through which support for OS and packaging issues can be obtained.

Pricing and Support Kali Linux BackBox Linux

7. API and Extensibility

Both Kali and BackBox are based on Ubuntu and Debian Linux distros, respectively; additional extensibility can be easily built in at the operator's discretion.

API and Extensibility Kali Linux BackBox Linux

8. 3rd Party Integrations

3rd party integrations are indeed what define these two toolsets. Kali ships with over 600 pen testing programs, while BackBox comes with full-features tools like Wireshark integrated into the solution.

3rd Party Integrations Kali Linux BackBox Linux

9. Bug Bounty Program

Offensive Security's official Bug Bounty program lives here; BackBox has none to speak of. This one goes to Kali Linux.

Bug Bounty Programs Kali Linux BackBox Linux

10. Companies That Use It

Kali Linux is immensely popular, even making its way onto TV screens in shows like Mr. Robot. This has much to do with the distro's slick GUI (which makes for a pretty screen presence), but beyond looks—its comprehensive toolset makes for a formidable set of instruments for testing IT security. BackBox is also a widely-used Linux distro for pen testing and ethical hacking and utilizes many longstanding security application favorites in its toolset.

Companies That Use It Kali Linux BackBox Linux

11. Age Of Platform Used

Kali Linux is based on Debian, while BackBox is based on Ubuntu. Two mature Linux distros, with plenty of water under the bridge.

Age of Language Developed In/Used Kali Linux BackBox Linux

12. Learning Curve

Despite the easy-to-use GUIs offered in both distros, some experience with *nix and the command line is required to get the most out of either offering. That said, this is pen testing and ethical hacking we're talking about—not Linux for n00bs—so a certain level of proficiency with scripting, the shell, and network administration is expected.

Learning Curve Kali Linux BackBox Linux

Scoreboard and Summary

The following is the scoreboard for Kali Linux vs. BackBox Linux based on the 12 criteria listed above:

Kali Linux BackBox Linux Capability Set Ease Of Use Community Support Security and Surface Attack Probability Release Rate Pricing And Support API and Extensibility 3rd Party Integrations Bug Bounty Program Companies That Use It Age Of Language Developed In/Used Learning Curve Total 55 46 Average Score

Both solutions are excellent distros for pen testing and white hacking use cases, and both are free and open-source, so cost will never be an issue. Those that require commercial support and other perks that a for-profit-backed project enjoys (e.g., a bug bounty program) should probably go with Kali. And for continuous security monitoring and vulnerability assessment, UpGuard is the platform to beat.

Sources

https://www.pcmag.com/review/248520/wireshark-1-2-6

https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/

https://www.wireshark.org/about.html

https://www.cvedetails.com/product/4047/Netcat-Netcat.html?vendor_id=2310

https://www.cvedetails.com/product/8292/Wireshark-Wireshark.html?vendor_id=4861

https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

https://www.pcworld.com/article/186871/track_down_network_problems_with_wireshark.html

http://www.admin-magazine.com/Articles/Netcat-The-Admin-s-Best-Friend