BackBox, a better alternative to Kali Linux?

I recently wrote about Kali Linux as being an ideal distribution of Linux for “hacking”, or security-related things like penetration testing or computer forensics. Well, another popular distribution is BackBox, which is also well-worth looking at!

image

There are some pros and cons to this. The con is that this seems to be maintained by one guy, basically. The pros though, are significant!

Wait, what is this?
BackBox Linux is a distribution of Linux based off of the very-refined Ubuntu distribution. It comes pre-packaged with “cybersecurity” tools pre-installed, just like Kali Linux – but also has some other cool features like the ability to “anonymize” your workstation before an “attack”, and other UI goodies.

If you do penetration testing or computer forensics, this is another very good option for the operating system to use. At the very least, it’s a nicer UI from which to work – as the underlying tooling and OS are pretty much the same.

Look and Feel:
One thing that is obvious right off the bat, is the look and feel of everything – the website, the logo, the UI, is all very refined. I mean, you shouldn’t judge a book by it’s cover – but they did put some thought and effort into that cover!

The install is very Ubuntu-like, as you might expect:

image

Once installed, all of the built-in tools are under the “Auditing” menu in the main menu:

image

and under that “Services” menu, it has nice shortcuts for start/stop/restart/status for common services – which pop open a terminal window, thusly:

image

another cool feature is this shortcut to turn anonymization on and off:

image

When you turn it on, it turns off network services, changes the MAC address of your network card, and changes your hostname, and then starts routing traffic through Tor. When you turn this off, it reverses all of that!

What can you run it on?
Since this is basically Ubuntu+security tools, it runs on what Ubuntu 14 runs on – which is basically 32 and 64 bit computers. So, no ARM support for this at the moment. So, if you want to do that botnet idea with a bunch of Raspberry Pi’s – those Pi’s would still need to run Kali Linux.

Even that isn’t horrible, because honestly the biggest way that these diverge is in the UI. At it’s core both Kali and BackBox are Debian-based. That means that any scripts you write, where config files are, etc – are all the same.

What about that Dell laptop?
As you might recall, I could install Kali on my cheapy laptop, but when I went to log into X11, the computer hangs. With BackBox, it installed fine with no issues. It recognizes the onboard WiFi, Bluetooth, and the USB 3.0 dongle with an Ethernet port AND if I plug one of those Wi-Fi dongles in.

Everything just works without issue!

Bottom Line:
Well, to me, this decision really comes down to the UI. For your “workstation”, BackBox seems significantly more refined and much more modern. Just having simple “control panel” type functionality that is found in modern-era Ubuntu is great. However, the guts; the tooling is pretty much the same as Kali. I don’t have a finite list but it looks like pretty much everything that comes bundled with Kali is bundled with BackBox.

So, if you like the security tools but don’t really like the look/feel of Kali, BackBox seems to be a pretty great alternative.

Posted in Computers and Internet, General, Infrastructure, Linux, Security, Uncategorized
22 comments on “BackBox, a better alternative to Kali Linux?
  1. SunnyD says:

    Did you review it at my suggestion?!? Oh my gosh… 😉

    Like

  2. Chris says:

    I have used both. I like the anonymize option. Of course you can set that up in Kali if you want. I also have used parrot which has a 2.0 in beta now. I only have 2 faults with BackBox. Menus vs no menus. Just like Kali Backbox has a well organized menu making it easy to find tools by type using a drill down method. The draw back is this is apparently only available in XFCE which I really do not care for. Yea I know, Aesthetics are not what pentesting is about but It would be nice to have those same menu items in Standard XDG format so I can export them without having to create some custom script. The other thing is as of 4.3 and I think Kali 2.0 is going this route as well is No Menu. So for me maybe I am old school but typing in application names or tool names is a horrible Idea iMO. Who in the hell is going to remember every name every tool. And only so much will fit on the desktop before it becomes a scrolling screen like your phone. I have never understood the logic and that approach for a PC. Kali is missing out by going halfway with, Ok here it is you configure the rest. Why not include the anonymize option? This is a really nice to have and again I know their answer is “your free to install and and set up , grab script XYZ and just do it. Thing is if your going to kid glove the tools then why leave that out? Also neither of these install the full tool set, which is not really a bad idea. The vitals are there but there are meta-packages that grab the full tools, some you may never need. Kali 2 is due on the 8th so I am waiting to see what that brings. I am not sure where Backbox on the dev side being 4.3 was just released a while back. Parrot is really worth a look but I would wait until 2.0 comes out I have totally trashed my install due to the dev’s changing repo’s in the course of a hosting change (my fault not theirs). It is a really sharp looking Distro. On top of all that one could just roll your own. It is however nice to have a platform to start from. I do not think any of them are bad. Kali just has a lot of backing and is on a roll with training and other support. Be great to see what the 2.x series brings.

    Like

    • Robert Seder says:

      Chris – wow, thanks for that reply! I wasn’t familiar with http://www.parrotsec.org/ Parrot OS, I’ll check it out. And I agree, the menus are good because you can “browse” your options and run across some tool you don’t use that often “Oh, I forgot about that!”. If you are just staring at a console prompt, you are likely to just keep using your small set of tools which are used-to, skipping the others because they aren’t “in your face”.

      In my case, Kali is a showstopper because it hangs my pentesting laptop but BackBox works great (and is visually nicer). But I imagine though that these sorts of things change over time. Since Kali and BackBox pretty much have the same tools, what you are really buying are the fringe things, and the UI, right? I mean, BackBox has the anonymize feature but like you said, you could really add that to any distribution.

      Anyhow – thanks for your thoughts on this and I’ll definitely check out Parrot OS!

      -Rob

      Like

    • Jack says:

      In the same sentence you claim to be old school, then claim you don’t like typing things at the command line. You are quite obviously not old school. Those of us that are old school menus and gui are new features, we used to type EVERYTHING and most of us still prefer to

      Like

  3. Chris says:

    Hey Thanks Rob! So I am trying out Archassault now which is actually pretty nice. I am a fan of the box series, OpenBox, FluxBox, Blackbox and so on. I think Having a thin lightweight distro is a good platform as it stays out of the way and it may be a bit more industrial but the menu layout is good. PLUS you can modify it as you please. It has been a while since I fooled with Arch but Archassault just dropped in the new Kitploit tool set. Does not seem to be much on their site about it but I saw a post on my phone and that got me thinking about testing it again.. So yea Parrot is really overlooked. The founder actually hooked up with me on Linkedin , I guess Because I was raising a ruckus lol, during the beta. The guy is a bit of under the Radar Legend and honestly I had no idea he started it. The forums are in Italian which make it a bit of a challenge but their FB page is active and they recently moved all hosting with what little funds they had. They guys are working really hard on it. 2.0 looks to be a really great choice IMO. Parrot has just about everything you would want from Kali and Backbox. The theme is cool but some hate it.That of course can be changed. Oddly I see a lot of Kali and Backbox setups with the Parrot all BLUE theme. I have high hopes for Kali 2.0 and I will run it. I am a bit confused if there is an upgrade path from 1.x to 2.x as Parrot faced an obstacle with this. Be interesting to see what they do. Really like your no nonsense approach here. You may want to do some video stuff! Mr Robot, if you have not watched it………. I HIGHLY Recommend the show! Very up to date , and a lot of focus on not just hacking but Social Engineering which is way cool!

    Like

    • Robert Seder says:

      How do you find these other distributions? Some googling on bing only led me to Kali and BackBox, really. Any recommendations on blogs to follows, sites to monitor, etc?

      For making videos, I like the idea, but it does take a lot more time to get the content together, then record it without mistakes, then edit it. I experimented by putting together some videos – see: http://youtube.com/user/sederrob the “Laptop Data Center” series for example. If I have a finite list of videos to do, I’d like to – but to do those instead of blog posts would be too time-consuming I think. For doing a specific set of videos for a project though, definitely. So, if you have ideas on a “series” that you think would be useful, let me know!

      And yes, I have been watching Mr Robot, it IS excellent!!

      Like

      • Sunnyd says:

        Well there’s your first problem… stop using Bing. 🙂

        Like

      • Robert Seder says:

        lol Jamie and I started using that expression when we were talking to Microsoft people – they would pretend it was totally normal to use Bing as the standard search engine (in the early days). So, we poked fun by saying it that way – to underscore how ubiquitous Google had become!

        No, in real life, I really try to use http://www.duckduckgo.com for search unless I simply can’t find something, then I will resort to Google in private/incognito mode. Yes, I dislike tracking THAT much!! haha

        Like

      • Sunnyd says:

        Well you can see why I’d think you did use Bing… fan boy 😉

        Although I am very proud that your interests have branched out recently.

        Like

  4. […] Sunnyd on BackBox, a better alternative to Kali Linux? […]

    Like

  5. reni says:

    I cannot change tha mac addy.
    Well, it changes but after (during) connecting to the router it changes back to the original.
    Do you know why?

    Like

  6. J says:

    https://www.concise-courses.com/linux-distros/
    List of various hacking distro’s for you.

    Like

  7. MdW says:

    This works on most linux distro’s:

    from file /etc/network/interfaces

    auto eth1
    iface eth1 inet dhcp
    pre-up if [ `macchanger -s eth1|grep Current|awk ‘{print $3}’` = xx:xx:xx:xx:xx:xx ]; then exit 0; else macchanger -m xx:xx:xx:xx:xx:xx eth1; fi

    What is does is verify is your mac address is the desired one. If not, change it to the desired one.

    Also, there is a macchanger daemon script one can use.

    Like

  8. Kain says:

    Now do a review about Parrot Sec. 🙂

    Like

  9. TomTom says:

    For more places to find out about ethical hacking and other distros of linux check out FOSSBYTES and Interesting Engineering.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2 other followers

%d bloggers like this: