Neat. Haven't heard of blackarch before.
From their site:
$ curl -s http://blackarch.org/strap.sh | sudo sh
ಠ_ಠ
Well I know they're just maintaining packages and not writing the security software, but you'd think a security focused distro would know better than to tell its users to do something that stupid.
I would personally use OpenVAS, (which is the *forked OpenSource version of Nessus), along with other equally FLOSS tools (eg. OWASP has some lovely tools if you are looking at web-app security).
Most, if not all, of these tools can be either downloaded and installed individually or can be found in penetration testing linux distributions such as Kali or BlackArch, for example.
EDIT: *free = forked OSS version.
From their official blog:
> Today we released new BlackArch Linux ISOs. The new ISOs include over 1500 tools. For more details see the ChangeLog below. > > Here's the ChangeLog : > > * include linux kernel 4.7.1 > * updated BlackArch Linux installer > * added more than 100 new tools > * updated all blackarch tools > * updated all system packages > * updated menu entries for window managers (awesome, fluxbox, openbox) > * We wish to thank all of BlackArch's users, mirrors, and supporters. Thanks for your help.
The blog entry dates back to 29 July so it's not news news. I thought I might share it anyways, in case anyone is interested.
I do not use this distro myself, nor do I use Kali Linux.
>I pentest a lot too, but I always use live booting or a VM. I mean, aside from the amazing netsec tools, it's kind of meh in terms of configuration.
>I'm an Arch fan myself [...]
have you tried Black Arch?
It's not just Kali. There is also BlackArch, BackBox, Fedora Security lab and probably others.
So, OP if by security you mean forensics and/or penetration testing then yeah, your teacher is right, you need to learn linux.
I've had horrible problems with Kali 2.0. Both the laptops I'm using won't even recognize the live version. I had to go back to using BT5R3 because freakin' Kali 1.0 wouldn't update and kept getting 404's whenever I did apt-get commands.
You may be interested in Black Arch if you want the best of both worlds. I'm going to be testing this distro after I'm done with this current project.
Link to more info (seeing as the link is just a picture....)
I prefer the stability of Kali of BlackArch, but they're both pretty much just a different breed of the same type of workhorse.
First of all, Parrot OS looks outdated and their website is very sparse. For instance, their tools page has been deleted.
I honestly can't figure much out about Parrot without downloading and installing the whole thing.
Kali is good for pen-testing and Tails is good for anonymity. There is also BlackArch as an alternative to Kali. It's built on Arch Linux as opposed to Debian/Ubuntu and comes with more tools initially. Also, Arch offers cutting edge software where the Ubuntu/Debian repositories are always a bit out of date as they aren't updated as frequently.
well for 2) you want to look into the blackarch repository for arch. http://blackarch.org/
You can add it to an existing arch install or install it separate. It's to Arch what Kali is to Debian.
I've no experience in the area but I'd be doubtful you could get much done unless you were pretty comfortable working your way around both a linux and windows system. Not much point managing to brute force a server password if you don't know how to change the root password after you get in etc. I guess for this end you could work through LPI or RHCSA material, even if you don't take the exams.
I also assume if you want to actually get really good at it you're gunna need to know how to code; to produce code designed against specific exploits, not just using metasploit etc.
The big difference is Arch vs Debain, so keep that in mind. I tried to use Kali, but I figured it'd be better if I stuck with one OS, so I searched for Arch penetration testing distros and found Black Arch. To my knowledge, it seems to have the most tools out of any around.
I'm currently using Arch Manjaro i3 with the BlackArch repo's with over 2000 tools. It works nicely.
http://sourceforge.net/projects/manjarolinux/files/community/i3/2015.06/ http://blackarch.org/downloads.html#install-repo
Some people have set up their own package repositories, which provides binary packages that may also be available from the AUR. Here are two (a bit random) examples:
It should be possible to automate the setup of such a repository, given a list of AUR package names. I'm pretty sure Arch Linux ARM (a completely different project and distro from Arch Linux) uses some sort of automated system in order to compile the i686/x86_64 packages from Arch Linux for ARM.