Linux distributions for cybersecurity professionals
Here is the complete list of all secure Linux distributions that are developed for protecting systems against security attacks. If you are a cybersecurity professional, you need to review and bookmark this page as you will need it in your future projects.
- BackBox Linux
BackBox is an Ubuntu-based penetration testing and security assessment oriented distribution. It provides a network and systems analysis toolkit and includes some of the most commonly known/used security and analysis tools. BackBox Linux 2 was released September 3, 2011. BackBox Linux 6.0 was released June 11, 2019.
- BlackArch Linux
BlackArch Linux is a lightweight expansion to Arch Linux for penetration testers and security researchers. Early ISOs were released July 1, 2014. BlackArch 2019.09.01 is out.
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. CAINE joined the list with the release of v2.0 "NewLight" dated September 14, 2010. CAINE and NBCAINE 4.0 "Pulsar" were released March 18, 2013. CAINE 8.0 "blazar" was released October 30, 2016. CAINE 9.0 "Quantum" was released October 25, 2017. CAINE 10.0 "Infinity" was released November 9, 2018.
CensorNet is a Debian-based Linux distribution must be installed on a dedicated machine with a minimum of two Ethernet adapters. The Console Configuration Tool is used to configure system settings and perform system maintenance, and the Web Administration Tool designed for day to day control of users, workstations and filtering rules. CensorNet 3.3 was the current version in April 2005. CensorNet Professional was available as Linux based software for self-installation, on a Dell powered hardware appliance or as a fully certified VMware virtual appliance as July 2009.
- CLIP OS
The CLIP OS project is maintained by the ANSSI (National Cybersecurity Agency of France) that aims to build a hardened, multi-level operating system, based on the Linux kernel and a lot of free and open source software. The source code and documentation for CLIP OS 5 alpha (based on Hardened Gentoo) was released September 18, 2018 in French and English.
CopperheadOS is a hardened open-source system based on the Android Open Source Project (AOSP) release. The first beta was released February 8, 2016. CopperheadOS Android 9 Pie was released March 26, 2019.
- Cyborg Hawk
Cyborg Hawk is an advanced and powerful penetration testing distribution, based on Ubuntu. It includes more than 700+ penetration testing tools, various wireless devices support, and much more. Cyborg Hawk joined the list shortly after its November 2014 version 1.0 release. Cyborg Hawk 1.1 was the latest version as of March 2016.
Debian Hardened is a custom Debian distribution aimed at bringing high security to Debian GNU/Linux, with hardening features such as a hardened kernels and packages (Stack Smashing Protector + PIE compiled), the DHKP and linux entropy pool enhancements (and the LTRNG) for strong cryptography. Ubuntu Hardened is a related project.
DEFT is an Italian distribution that aims to be a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics. DEFT is meant to be used by: police, investigators, system administrator, individuals, and all the people who need to use forensic tools but don't know the open source operative systems and the Forensic techniques. DEFT 6.1 was released April 15, 2011. DEFT Linux 7.2 was released October 23, 2012. DEFT Linux 8.2 was released August 10, 2014. DEFT Zero 2017.1 was released February 13, 2017.
- Discreete Linux
Discreete Linux start out as the Ubuntu Privacy Remix. It is meant to be run from a USB drive and is not intended for permanent installation on hard disk. Its goal is to provide an isolated, working environment where private data can be dealt with safely. In August 2016 the distribution was renamed and rebased to Debian. The first stable version, UPR 8.04r1, was released December 4, 2008. UPR 12.04r1 was released May 7, 2014. Discreete Linux Beta 1 was released December 8, 2016.
Endian Firewall Community
Endian Firewall Community is a "turn-key" Linux security distribution that turns every system into a full featured security appliance. The software has been designed with "usablity in mind" and is very easy to install, use and manage, without losing its flexibility. This distribution was added to the list at version 2.1, released January 9, 2007. Endian Firewall Community 2.1.2 was released July 10, 2007. Version 2.2 was released May 28, 2009. Endian Firewall Community 2.5.2 was released August 23, 2013. Endian Firewall Community 3.2.5 was released February 27, 2018.
Engarde Secure Linux
EnGarde is a secure distribution of Linux engineered from the ground-up to provide organizations with the level of security required to create a corporate Web presence or even conduct e-business on the Web. It can be used as a Web, DNS, e-mail, database, e-commerce, and general Internet server where security is a primary concern. Version 1.2 (Professional) was released June 28, 2002. Version 1.3 (Community Edition) was released April 28, 2003. EnGarde Secure Community 3.0.22 was released December 9, 2008.
The Euronode Project provides a set of distributions, originally based on Debian GNU/Linux Woody Release 2. Three distributions are available: Euronode Minimal Woody, Euronode Simple Firewall, and Euronode Advanced Firewall. The Debian Sarge based Euronode 6.1, with 2.6.13 Linux kernel, was released January 10, 2006. Euronode sells "Instant Software Appliances" as of July 2009.
Heads is much like Tails (listed below). Like Tails, it is intended to be used as a live CD/USB and uses Tor to help you be anonymous. However Devuan-based heads uses only free software and has applied for inclusion to the FSF's list of free distributions. heads 0.4, released March 26, 2018, was based on Devuan Beowulf (Testing).
Helix is a customized version of the Knoppix Live Linux CD with many applications dedicated to Incident Response and Forensics. Helix 1.7 was released March 7, 2006. Helix 1.9E was released July 31, 2007. Helix 2008R1 (2.0) was released September 22, 2008. Helix 2008 is based on Ubuntu.
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. It aims for ease of use, high performance in any scenario, and extensibility. The project uses Linux From Scratch as its base. IPFire 2.7 was released July 2, 2010. IPFire 2.21 Core Update 130 was released April 16, 2019. IPFire 2.23 Core Update 134 was released July 3, 2019.
JonDo/Tor-Secure-Live-DVD offers a secure, pre-configured environment for anonymous surfing and more. It is based on Debian GNU/Linux. The live system contains proxy clients for JonDonym, Tor Onion Router and Mixmaster remailer. JonDoFox is a pre-configured browser for anonymous web surfing and TorBrowser is installed too. JonDo 0.9.88.2 was released January 8, 2016.
- Kali Linux
Kali Linux is the successor of the BackTrack distribution, funded and developed by Offensive Security. It's aimed at penetration testing and related tasks. Debian-based Kali Linux was announced March 13, 2013. Kali 2.0 was released August 11, 2015. Kali Linux 2018.4 was released October 29, 2018. Kali Linux 2019.2 was released May 21, 2019.
- Liberté Linux
Liberté Linux is a secure, reliable, lightweight, and easy to use Gentoo-based LiveUSB Linux distribution intended as a communication aid in hostile environments. Liberté installs as a regular directory on a USB/SD key, and after a single-click setup, boots on any desktop computer or laptop. Available internet connection is then used to set up a Tor circuit which handles all network communication. Liberté joined the list with the release of 2010.1, dated November 22, 2010. Liberté Linux 2012.2 was released June 17, 2012. Liberté Linux 2012.3 was released September 1, 2012.
- Lightweight Portable Security
Lightweight Portable Security (LPS) was designed by the US Department of Defense to function as a secure end node. LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive and runs in RAM, providing a trusted network environment on an untrusted computer. LPS joined the list with the release of LPS-Public ISO 1.1.1, dated November 15, 2010. LPS 1.5.5 was released October 24, 2014. LPS 1.6.4 was released January 30, 2016.
- Linux Kodachi
Linux Kodachi based on Debian. It will provide you with a secure, anti- forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. Kodachi aims to be easy to use. It is a live system, intended to run from a USB drive and provides an established VPN connection + Tor Connection + DNScrypt service running. It runs in RAM so once you shut it down no trace is left behind. The first release of Kodachi was on October 20, 2013. Debian 8.6-based Kodachi 3.7 was released January 8, 2017. Linux Kodachi 4.0, based on Debian 9.5, was released October 3, 2018. Kodachi 6.1, based on Xubuntu 18.04, was released June 27, 2019.
Live Hacking CD
The Live Hacking CD is packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this live CD/DVD runs directly from the CD/DVD and doesn't require installation on your hard-drive. Once booted you can use the included tools to test, check, ethically hack and perform penetration tests on your own network to make sure that it is secure from outside intruders. Live Hacking CD was added to the list February 16, 2010. Live Hacking Penetration Testing DVD V1.3 was released April 21, 2011.
Matriux is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. Matriux 1.2 was released February 16, 2012. Matriux v3 RC1 "Leandros" was released September 26, 2013.
NetSecL is a Slackware based distribution with Grsecurity, chroot hardening, /tmp race prevention, extensive auditing and many other security features. Many scanners and sniffers are included to help keep your system secure. NetSecL joins the list with v2.1, released July 16, 2007. NetSecL 2.6 was released February 27, 2010. NetSecL 3.0 was released August 23, 2010. NetSecL 3.2 was released July 14, 2011. NetSecL OS 4.0 was released August 7, 2012. NetSecL 5.0, with XFCE and an openSUSE 12.3 base, was released November 26, 2013.
- Network Security Toolkit (NST)
The Network Security Toolkit (NST), is a live CD based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. NST also makes an excellent tool to help one with all sorts of crash recovery troubleshooting scenarios and situations. Version 1.2.3 was released September 5, 2005. Fedora 28 based NST 28 SVN:10234 was released July 1, 2018. NST 30 SVN:11210, based on Fedora 30, was released July 16, 2019.
- Openwall GNU/Linux
Owl (Openwall GNU/*/Linux) is a small security-enhanced distribution for servers. Owl also makes a good base system for customized virtual machine images and embedded systems, and Owl live CDs with remote SSH access are good for recovering or installing systems (whether with Owl or not). A single Owl CD includes the full live system, installable packages, the installer program, as well as full source code and the build environment capable of rebuilding the entire system from source. Owl supports multiple architectures (x86, x86-64, SPARC, and Alpha) and offers some compatibility for packages developed for other Linux distributions. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults, and "hardening" to reduce the likelihood of successful exploitation of security flaws. The Owl 0.1-prerelease was released on May 11, 2001. Owl 3.1 was released January 5, 2015.
- Parrot Security OS
Parrot Security OS is a Debian-based distribution aimed at cloud oriented pentesting. It has a number of security tools for penetration testing, information gathering, vulnerability assessment, anonymity, cryptography, and more. Parrot joined the list February 2, 2016 when the current version was 2.1 "Murdock". Parrot 3.11 was released January 28, 2018. Parrot 4.0 was released May 21, 2018. Parrot 4.6 was released April 26, 2019.
PureOS is a Debian derivative with added emphasis on privacy protection. Privacy-protecting software applications are preinstalled and you may easily encrypt your hard drive. PureOS is used in Purism computers and it is endorsed by the Free Software Foundation. PureOS 8.0 "Prometheus" beta 1 was the current version in December 2017.
Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. The first alpha version was released April 7, 2010. Qubes 1.0 was released September 3, 2012. Qubes OS 4.0 was released March 28, 2018. Qubes OS 3.2.1 was released November 12, 2018. Qubes OS 4.0.1 was released January 9, 2019. Qubes OS 4.0.2-rc1 was released July 9, 2019.
- Redcore Linux
Redcore Linux is based on Gentoo (stable + some unstable). It aims to be a very quick way to install Gentoo. Redcore provides a repository with prebuilt binary packages which receive continuous updates (rolling release model). Redcore 1801 was released January 28, 2018. In February 2018 the project announced that they will be rebasing to Gentoo Hardened, using many hardening techniques to help secure the distribution. Redcore Hardened 1803 was released April 1, 2018. Redcore Hardened 1806 was released July 1, 2018. Redcore 1908 Mira was released August 17, 2019.
REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser. REMnux 1.0 was made available as a VMWare virtual machine image, released July 8, 2010. REMnux 6 was released June 7, 2015.
Santoku is dedicated to mobile forensics, analysis, and security. It is based on Lubuntu and comes with a wide range of useful tools to analyze and mobile applications. Santoku joined the list at version 0.4.
- Security Onion
Security Onion is an Ubuntu-based distribution aimed at intrusion detection, network security monitoring, and log management. Security Onion 14.04.3.1 was the current version as of February 2, 2016.
SmoothWall was first released to the world in July 2000 as a hardened internet firewall device. Products include Smoothwall Server and Smoothwall GPL, renamed Smoothwall Express. Smoothwall GPL 1.0 was released December 10, 2002. Smoothwall Express 2.0 was released December 17, 2003. SmoothWall Express 2.0 SP1 (stable update) was released December 22, 2006. SmoothWall Express 3.0 "Polar" was released August 22, 2007. Update 5 for Express 3.0 was released September 2, 2009. Smoothwall Express 3.1 Update9 was released April 21, 2018.
- Sophos UTM
When this entry joined the list in 2003 the distribution was called Astaro Security Linux and it was a firewall and VPN product. Version 2.033 was released April 25, 2003. In 2007 the distribution was renamed to Astaro Security Gateway, an all-in-one product with a firewall, intrusion protection, antivirus, spam protection, URL filtering, and a VPN gateway. ASG 8.300 was released January 10, 2012. The distribution was renamed again, to Sophos UTM (Unified Threat Management) and v9 was released July 15, 2012. Sophos UTM 9.1 was released May 13, 2013.
- Subgraph OS
Subgraph believes that the best way to empower people to communicate and live freely is to develop technology that is secure, free, open-source, and verifiably trustworthy. Subgraph OS was designed from the ground-up to reduce the risks in endpoint systems so that individuals and organizations around the world can communicate, share, and collaborate without fear of surveillance or interference by sophisticated adversaries through network borne attacks. Subgraph OS is designed to be difficult to attack. This is accomplished through system hardening and a proactive, ongoing focus on security and attack resistance. Subgraph OS also places emphasis on the integrity of installable software packages. Supgraph joined the list February 24, 2016 when the project was in the pre-alpha stage. Subgraph OS Alpha 4 was released September 22, 2017.
The Amnesic Incognito Live System (Tails) is a Debian based live CD/USB aimed at preserving your privacy and anonymity by forcing all outgoing connections to the Internet to go through the Tor network and by leaving no trace on local storage devices unless explicitly asked. Tails 0.7, based on Debian 6.0 squeeze, was released April 15, 2011. Debian 9 (stretch)-based Tails 3.15 was released July 9, 2019. Debian 10 (buster)-based Tails 4.0~beta1 was released August 7, 2019.
Whonix (called TorBOX or aos in the past) is an anonymous general purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location. This is because Whonix consists of two virtual machines. One machine solely runs Tor and acts as a gateway, called the Whonix-Gateway. The other machine, called Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. Whonix joined the list with the release of Alpha 0.4.5, dated October 9, 2012. Whonix VirtualBox 18.104.22.168.6 was released February 6, 2018. Whonix 14 was released August 7, 2018. Whonix KVM 22.214.171.124.6 XFCE was released December 12, 2018. Whonix VirtualBox 126.96.36.199.4 was released March 17, 2019. Whonix KVM 188.8.131.52.9, released April 16, 2019, updates the Whonix base to Debian buster (testing). Whonix 15 was released July 1, 2019.
Wifislax is a Slackware-based live CD with a collection of utilities designed to perform various security and forensics tasks. Wifislax joined the list with the release of version 4.7 (based on Slackware 14.1 - released November 10, 2013). Wifislax 4.11.1 was released July 29, 2015. Wifislax 4.12 was released August 6, 2016.
See Comprehensive list of all Linux OS distributions and Comprehensive list of all special purpose Linux distributions to learn more about other Linux distributions.