Kali Linux vs Backbox: Pen Testing and Ethical Hacking Linux Distros

Posted by UpGuard

Kali Linux vs. BackBox

Hackers as portrayed on the big screen are usually sitting hooded in front of a monitor with sleek, shiny black hat tools laid out on the screen. Though in reality such tools in past years were mostly CLI-based, a new generation of penetration testing (pen testing) and ethical hacking tools feature both slick UIs and powerful functionality for testing cyber security controls and posture. In this comparison, we'll look at two of the best: the Kali Linux and BackBox Linux pen testing and ethical hacking distros.

Pen Testing and Ethical Hacking 101

Pen testing should be a staple of every enterprise's ongoing security control validation measures. These activities use purpose-built tools to test systems, networks, and/or software/web applications for exploitable vulnerabilities. By using such tools for performing penetration tests and security assessments, admins and operators can effectively identify security weaknesses before cyber attackers do, using the same tools and methodologies.

Kali Linux by Offensive Security

Maintained and funded by Offensive Security, Kali Linux is a Debian-based distro chock full of pre-installed security and pen testing tools—over 600 to date. Some examples include nmap, Wireshark, John The Ripper, BURP Suite, OWASP ZAP, and Aircrack-ng, among others. Check out our comparison of Netcat and Wireshark for protocol analysis  —in this case, it comes packaged with Kali Linux.

Kali Linux desktop. Source: Offensive Security.

BackBox Linux

To both black and white-hat hackers alike, Ubuntu-based BackBox needs little introduction; the popular network and systems security analysis toolkit includes a suite of ethical hacking and security testing tools for a wide array of purposes: web application analysis, network analysis, stress testing, vulnerability assessment, computer forensic analysis and exploitation, and more.

BackBox Linux toolset. Source: Wikipedia.org.

A nifty feature of BackBox Linux is the Launchpad repository core. This integration updates the packages constantly to the latest versions of the most known/used ethical hacking tools from the open source community.

Side-By-Side Scoring: Kali Linux vs. BackBox Linux

1. Capability Set

Both distros come pre-loaded with a heap of powerful tools for performing security assessments. Kali Linux is preinstalled with over 600 penetration-testing programs, while BackBox Linux ships with over 70 powerful programs such as Wireshark, Metasploit/Armitage, and Crunch, among others. BackBox's Launchpad repository core is especially compelling, as it constantly updates to the latest stable versions of major pentesting/ethical hacking tools.

Capability Set
Kali Linux
BackBox Linux

2. Ease Of Use

Kali and BackBox both feature sleek GUIs, but Kali's distro takes the cake here for sheer coolness. There's no harm or foul in looking the part, and Kali definitely feels more l33t in this category.

Ease Of Use
Kali Linux star5.png
BackBox Linux star2.png

3. Community Support

Both distros are well-supported, with vast volumes of community support materials available online. Support from Kali Linux via Offensive Security is available for Kali Linux operating system and packaging issues, while donation-based BackBox offers a blog, forum, and wiki of its main site.

Community Support
Kali Linux star5-1.png
BackBox Linux star5-2.png

4. Security and Surface Attack Probability

Per the CVE database, Kali's Debian has 85 documented vulnerabilities in contrast to BackBox Ubuntu's whopping 422. Both are based on popular Linux distros, with Debian being the grandfather of the lot, and Ubuntu being Debian-based itself.

Security and Surface Attack Probability
Kali Linux
BackBox Linux star2-1.png

5. Release Rate

Both Kali and BackBox have excellent track records for updating their distros. Kali is currently at 2.0, released 2 months ago, while BackBox's 4.4 release was made available on October 12, 2015.

Release Rate
Kali Linux
BackBox Linux star2-1.png

6. Pricing And Support

BackBox is free and made available through community-based efforts. As such, no commercial support can be had.  Kali is also free, but is developed and maintained by Offensive Security, through which support for OS and packaging issues can be obtained.

Pricing and Support
Kali Linux
BackBox Linux star4.png

7. API and Extensibility

Both Kali and BackBox are based on Ubuntu and Debian Linux distros, respectively; additional extensibility can be easily built in at the operator's discretion.

API and Extensibility
Kali Linux
BackBox Linux star2-1.png


7 Ways to Hack Ruby on Rails & Prevention Tips


8. 3rd Party Integrations

3rd party integrations are indeed what define these two toolsets. Kali ships with over 600 pen testing programs, while BackBox comes with full-features tools like Wireshark integrated into the solution.

3rd Party Integrations
Kali Linux
BackBox Linux star2-1.png

9. Bug Bounty Program

Offensive Security's official Bug Bounty program lives here; BackBox has none to speak of. This one goes to Kali Linux.

Bug Bounty Programs
Kali Linux star5png
BackBox Linux star2-1.png

10.  Companies That Use It

Kali Linux is immensely popular, even making its way onto TV screens in shows like Mr. Robot. This has much to do with the distro's slick GUI (which makes for a pretty screen presence), but beyond looksits comprehensive toolset makes for a formidable set of instruments for testing IT security. BackBox is also a widely-used Linux distro for pen testing and ethical hacking and utilizes many longstanding security application favorites in its toolset.

Companies That Use It
Kali Linux
BackBox Linux star5.png 

11.  Age Of Platform Used

Kali Linux is based on Debian, while BackBox is based on Ubuntu. Two mature Linux distros, with plenty of water under the bridge.

Age of Language Developed In/Used
Kali Linux
BackBox Linux star2-1.png

12.  Learning Curve

Despite the easy-to-use GUIs offered in both distros, some experience with *nix and the command line is required to get the most out of either offering. That said, this is pen testing and ethical hacking we're talking about—not Linux for n00bs—so a certain level of proficiency with scripting, the shell, and network administration is expected.

Learning Curve
Kali Linux
BackBox Linux star2-1.png

Scoreboard and Summary

The following is the scoreboard for Kali Linux vs. BackBox Linux based on the 12 criteria listed above:

            Kali Linux      BackBox Linux
Capability Set     
Ease Of Use    star5-1.png   star2-1.png
Community Support    star5-1.png   star5-1.png
Security and Surface Attack Probability     star2-1.png   star2-1.png
Release Rate      star2-1.png
Pricing And Support      star2-1.png
API and Extensibility      star2-1.png
3rd Party Integrations     star2-1.png
Bug Bounty Program      star2-1.png
Companies That Use It    
Age Of Language Developed In/Used    
Learning Curve     star2-1.png
Total   55   46
Average Score    

Both solutions are excellent distros for pen testing and white hacking use cases, and both are free and open-source, so cost will never be an issue. Those that require commercial support and other perks that a for-profit-backed project enjoys (e.g., a bug bounty program) should probably go with Kali. And for continuous security monitoring and vulnerability assessment, ScriptRock is the platform to beat. Try it today, the first 10 nodes are on us. 

Free ebook: Continuous Security Monitoring










UpGuard customers