Kali Linux vs Backbox: Pen Testing and Ethical Hacking Linux Distros

Last updated by UpGuard on July 24, 2019
scroll down

Kali Linux vs. BackBox

Hackers as portrayed on the big screen are usually sitting hooded in front of a monitor with sleek, shiny black hat tools laid out on the screen. Though in reality such tools in past years were mostly CLI-based, a new generation of penetration testing (pen testing) and ethical hacking tools feature both slick UIs and powerful functionality for testing cyber security controls and posture. In this comparison, we'll look at two of the best: the Kali Linux and BackBox Linux pen testing and ethical hacking distros.

Pen Testing and Ethical Hacking 101

Pen testing should be a staple of every enterprise's ongoing security control validation measures. These activities use purpose-built tools to test systems, networks, and/or software/web applications for exploitable vulnerabilities. By using such tools for performing penetration tests and security assessments, admins and operators can effectively identify security weaknesses before cyber attackers do, using the same tools and methodologies.

Kali Linux by Offensive Security

Maintained and funded by Offensive Security, Kali Linux is a Debian-based distro chock full of pre-installed security and pen testing tools—over 600 to date. Some examples include nmap, Wireshark, John The Ripper, BURP Suite, OWASP ZAP, and Aircrack-ng, among others. Check out our comparison of Netcat and Wireshark for protocol analysis  —in this case, it comes packaged with Kali Linux.

Kali Linux desktopKali Linux desktop. Source: Offensive Security.

BackBox Linux

To both black and white-hat hackers alike, Ubuntu-based BackBox needs little introduction; the popular network and systems security analysis toolkit includes a suite of ethical hacking and security testing tools for a wide array of purposes: web application analysis, network analysis, stress testing, vulnerability assessment, computer forensic analysis and exploitation, and more.

BackBox Linux toolset

BackBox Linux toolset. Source: Wikipedia.org.

A nifty feature of BackBox Linux is the Launchpad repository core. This integration updates the packages constantly to the latest versions of the most known/used ethical hacking tools from the open source community.

Side-By-Side Scoring: Kali Linux vs. BackBox Linux

1. Capability Set

Both distros come pre-loaded with a heap of powerful tools for performing security assessments. Kali Linux is preinstalled with over 600 penetration-testing programs, while BackBox Linux ships with over 70 powerful programs such as Wireshark, Metasploit/Armitage, and Crunch, among others. BackBox's Launchpad repository core is especially compelling, as it constantly updates to the latest stable versions of major pentesting/ethical hacking tools.

Capability Set
Kali Linux 5 stars
BackBox Linux 5 stars

2. Ease Of Use

Kali and BackBox both feature sleek GUIs, but Kali's distro takes the cake here for sheer coolness. There's no harm or foul in looking the part, and Kali definitely feels more l33t in this category.

Ease Of Use
Kali Linux 5 stars
BackBox Linux Four stars

3. Community Support

Both distros are well-supported, with vast volumes of community support materials available online. Support from Kali Linux via Offensive Security is available for Kali Linux operating system and packaging issues, while donation-based BackBox offers a blog, forum, and wiki of its main site.

Community Support
Kali Linux Four stars
BackBox Linux Three stars

4. Security and Surface Attack Probability

Per the CVE database, Kali's Debian has 85 documented vulnerabilities in contrast to BackBox Ubuntu's whopping 422. Both are based on popular Linux distros, with Debian being the grandfather of the lot, and Ubuntu being Debian-based itself.

Security and Surface Attack Probability
Kali Linux Three stars
BackBox Linux Three stars

5. Release Rate

Both Kali and BackBox have excellent track records for updating their distros. Kali is currently at 2.0, released 2 months ago, while BackBox's 4.4 release was made available on October 12, 2015.

Release Rate
Kali Linux Five stars
BackBox Linux Five stars

6. Pricing And Support

BackBox is free and made available through community-based efforts. As such, no commercial support can be had.  Kali is also free, but is developed and maintained by Offensive Security, through which support for OS and packaging issues can be obtained.

Pricing and Support
Kali Linux Four stars
BackBox Linux Four stars

7. API and Extensibility

Both Kali and BackBox are based on Ubuntu and Debian Linux distros, respectively; additional extensibility can be easily built in at the operator's discretion.

API and Extensibility
Kali Linux Five stars
BackBox Linux Five stars

 

Website Security Best Practices

 

8. 3rd Party Integrations

3rd party integrations are indeed what define these two toolsets. Kali ships with over 600 pen testing programs, while BackBox comes with full-features tools like Wireshark integrated into the solution.

3rd Party Integrations
Kali Linux Five stars
BackBox Linux Four stars

9. Bug Bounty Program

Offensive Security's official Bug Bounty program lives here; BackBox has none to speak of. This one goes to Kali Linux.

Bug Bounty Programs
Kali Linux Five stars
BackBox Linux 0 stars

10.  Companies That Use It

Kali Linux is immensely popular, even making its way onto TV screens in shows like Mr. Robot. This has much to do with the distro's slick GUI (which makes for a pretty screen presence), but beyond looksits comprehensive toolset makes for a formidable set of instruments for testing IT security. BackBox is also a widely-used Linux distro for pen testing and ethical hacking and utilizes many longstanding security application favorites in its toolset.

Companies That Use It
Kali Linux Five stars
BackBox Linux Five stars 

11.  Age Of Platform Used

Kali Linux is based on Debian, while BackBox is based on Ubuntu. Two mature Linux distros, with plenty of water under the bridge.

Age of Language Developed In/Used
Kali Linux Five stars
BackBox Linux Five stars

12.  Learning Curve

Despite the easy-to-use GUIs offered in both distros, some experience with *nix and the command line is required to get the most out of either offering. That said, this is pen testing and ethical hacking we're talking about—not Linux for n00bs—so a certain level of proficiency with scripting, the shell, and network administration is expected.

Learning Curve
Kali Linux Four stars
BackBox Linux Three stars

Scoreboard and Summary

The following is the scoreboard for Kali Linux vs. BackBox Linux based on the 12 criteria listed above:

            Kali Linux      BackBox Linux
Capability Set    Five stars   Five stars
Ease Of Use    Five stars   Four stars
Community Support    Four stars   Three stars
Security and Surface Attack Probability     Three stars   Three stars
Release Rate    Five stars   Five stars
Pricing And Support    Four stars   Four stars
API and Extensibility    Five stars   Five stars
3rd Party Integrations   Five stars   Four stars
Bug Bounty Program    Five stars   Zero stars
Companies That Use It   Five stars   Five stars
Age Of Language Developed In/Used   Five stars   Five stars
Learning Curve   Four stars   Three stars
Total   55   46
Average Score   Five stars   Four stars

Both solutions are excellent distros for pen testing and white hacking use cases, and both are free and open-source, so cost will never be an issue. Those that require commercial support and other perks that a for-profit-backed project enjoys (e.g., a bug bounty program) should probably go with Kali. And for continuous security monitoring and vulnerability assessment, UpGuard is the platform to beat. 

Four Pragmatic Steps for Continuous Security

Sources

https://www.pcmag.com/review/248520/wireshark-1-2-6

https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/

https://www.wireshark.org/about.html

https://www.cvedetails.com/product/4047/Netcat-Netcat.html?vendor_id=2310

https://www.cvedetails.com/product/8292/Wireshark-Wireshark.html?vendor_id=4861

https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

https://www.pcworld.com/article/186871/track_down_network_problems_with_wireshark.html

http://www.admin-magazine.com/Articles/Netcat-The-Admin-s-Best-Friend


Related posts

Learn more about the latest issues in cybersecurity