For penetration testing and security why not mint [SOLVED]

[confusious]

Why do hackers, black or white hat, choose to use Kali or Parrot over other linux os' like mint? Most of the built in open source security orientated packages built into Kali are available to most linux users I have noticed in most used repositories. Why not just choose the os that is easiest to use?

Cheers,
Thanx in advance

[phd21]

Hi confusious,

There are other posts on this in this forum.

You can install most if not all of the "penetration testing and security" apps in the various Linux Mint editions. Newer versions of some of these packages may require compiling them from their source code though.

[Hoser Rob]

If you can actually USE the hacking tools that come with Kali etc you don't need a newbie oriented distro.

[confusious]

You can install most if not all of the "penetration testing and security" apps in the various Linux Mint editions. Newer versions of some of these packages may require compiling them from their source code though.

So the only real difference when it comes to security systems are the apps that come pre-installed? Kali has nothing built in to anonymize the user or added security advantages over a non-security linux os?

[gm10]

If you can actually USE the hacking tools that come with Kali etc you don't need a newbie oriented distro.

/thread

So the only real difference when it comes to security systems are the apps that come pre-installed? Kali has nothing built in to anonymize the user or added security advantages over a non-security linux os?

Are you confusing Kali with Tails? Kali is the one that defaults you into a root account, it's not built for security (although the default network/service setup is rather tight) because that's not its role.

[confusious]

If you can actually USE the hacking tools that come with Kali etc you don't need a newbie oriented distro.

I agree with that only these tools are easier to learn on a user friendly distro. I wanted to check for things such as open ports (vulnerability) and packages like wireshark to check out networks. These programs just require time to learn hands on, have enough info on them to learn, and are just fun to play around with I find. My idea is to avoid learning kali and expert packages together because the learning curve would be much steeper. So these programs are fun to use and can be interesting to learn. I also like the way Mint works. It's just a crisp interface and it can and is used by newbies and pros alike using terminal or graphical programs. I don't produce movies but use movie making software (which can be difficult to learn) just for fun and learn new things. Learning Kali and the programs used with it all together would be overwhelming and time consuming in my opinion.

[gm10]

I agree with that only these tools are easier to learn on a user friendly distro. I wanted to check for things such as open ports (vulnerability) and packages like wireshark to check out networks.

If you want to check your own open ports, then you don't need anything special for that:

Code: Select all

netstat -l

If you want to check other people's open ports (port scanning) on a network that's not yours, then that gets you into a grey area where you'll start triggering security alarms (and if you go further, law enforcement). Not the thing to do from your regular IP with your user friendly distro.

[confusious]

If you can actually USE the hacking tools that come with Kali etc you don't need a newbie oriented distro.

/thread

So the only real difference when it comes to security systems are the apps that come pre-installed? Kali has nothing built in to anonymize the user or added security advantages over a non-security linux os?

Are you confusing Kali with Tails? Kali is the one that defaults you into a root account, it's not built for security (although the default network/service setup is rather tight) because that's not its role.

No. I understand what makes Tails security setup using tor and persistence etc. and Whonix which keep different programs and system seperate to reduce chances of a virus getting to sensitive parts of the computer. I was under the impression that Kali was security based from different material I have read on it and Parrot. So I could play around with security and pen-testing software just as securely on mint as kali. That's good news if you see my comments in my last post. Thanx

[gm10]

I was under the impression that Kali was security based from different material I have read on it and Parrot.

It is from a network perspective (no listening services by default, for example), but it is very insecure if you start using it as a desktop OS, because that's not its (narrow) role.

[confusious]

If you want to check your own open ports, then you don't need anything special for that:

Code: Select all

netstat -l

If you want to check other people's open ports (port scanning) on a network that's not yours, then that gets you into a grey area where you'll start triggering security alarms (and if you go further, law enforcement). Not the thing to do from your regular IP with your user friendly distro.

So how is Kali used? Sounds just as unsafe as using any os. We won't get into hacking but I guess they know how to protect their ip and identity. I always use a vpn when surfing but their are many extra steps to take to keep vpn from leaking real ip also. ipleak.com is a great site for checking known ip leaking reasons and how to fix by the way.

I know I shouldn't but I like to play around with the tools like I said. I'm not doing it for malicious purposes but just as a way to learn more. This wouldn't technically be hacking in my view. Hows the law look at it?

Oh yeah. Does that mean hackers use the security distros like Tails when they do their thing?

[confusious]

I was under the impression that Kali was security based from different material I have read on it and Parrot.

It is from a network perspective (no listening services by default, for example), but it is very insecure if you start using it as a desktop OS, because that's not its (narrow) role.

Thats cool. Thanx gm.

[gm10]

I know I shouldn't but I like to play around with the tools like I said. I'm not doing it for malicious purposes but just as a way to learn more. This wouldn't technically be hacking in my view. Hows the law look at it?

That's a loaded question and ultimately depends both on your local laws and your ISP's terms of service. I'll link you here to get you started, even though it's a bit dated these days: https://nmap.org/book/legal-issues.html.

[phd21]

Hi confusious,

I just read your post and more good replies to it. Here are more of my thoughts on this as well.

You can install most if not all of the "penetration testing and security" apps in the various Linux Mint editions. Newer versions of some of these packages may require compiling them from their source code though.

I have a few of these type of applications already installed in my Linux Mint system for learning purposes.

So the only real difference when it comes to security systems are the apps that come pre-installed? Kali has nothing built in to anonymize the user or added security advantages over a non-security linux os?

Linux Mint is a secure operating system. But, you can make it more secure by using an anonymous (non-identifying) computer hostname (can be changed after installation) and user name(s) which I recommend anyway. Although I have tested Kali before, I do not know enough about Kali to answer this question well.

It is only appropriate to use these type of tools on your own hardware including your own hardware router unless you have specific permission from others to test these tools against their computer hardware.

These are some of the apps I installed regarding this topic using the links below for their newer versions. You also need to have one or more wireless WiFi adapters with certain features that are usable by these apps, information is in the links.

Install aircrack-ng on ubuntu 16.04 LTS - Bitfix! tutorials - IT Solutions
https://bitfix.be/installeer-aircrack-n ... s/?lang=en

downloads [Aircrack-ng]
https://www.aircrack-ng.org/doku.php?id=downloads


GitHub - wiire-a/pixiewps: An offline Wi-Fi Protected Setup brute-force utility
https://github.com/wiire-a/pixiewps

GitHub - t6x/reaver-wps-fork-t6x
https://github.com/t6x/reaver-wps-fork-t6x


How to install airgeddon on Linux Mint or Ubuntu – Ethical hacking and penetration testing
- This combines other tools and is not necessary to install, but it is interesting. I would backup or take a "snapshot" before installing this.
https://miloserdov.org/?p=1

Hope this helps ...

[confusious]

I'm pretty sure obtaining access to another computer system is technically illegal. The United States is the biggest hacker of the world, including spying on it's own citizens. This info is accurate and shows that our government hates competition. I don't see why the government thinks they can just make it illegal for other countries to hack us. They act shocked when a hack on us is discovered. We can't write laws for other countries either. If they didn't hack us I would be worried. Hacking by our citizens is illegal also but most hacks aren't worth time and resources to persecute and punishment is almost non-existent. I did read some articles and laws related to hacking to discover this info.

Anyways, thanx for the resources. I haven't had much time to fool around with the software much yet but the links should help when needed. Finding help with computer projects is not easy in my opinion. Good books on focused computer subjects are scarce and even online help can be difficult to find especially for less popular systems. The difficult thing is that each system works a little different and a narrow search often get no results.

I didn't mean to ramble.

You have now been confused by confusious..

[gm10]

Hacking by our citizens is illegal also but most hacks aren't worth time and resources to persecute and punishment is almost non-existent.

Well, most hacks are probably not even getting discovered, even if they are they still need to get reported, etc. Still, be aware of the risks. Your country is still the one with the highest incarceration rate on this planet, no other regime on the planet deprives such a high ratio of their citizens of their freedom - do keep that in mind. You'd be safer to do your hacking virtually anywhere else.

But if you're interested in hacking but don't want to get in trouble with the law, then do it legally. Try to hack your own systems. After you've got some experience with that, do it to other people with their consent - the legal side of penetration testing is about testing and improving computer security. That's even a profession.

[confusious]

Well, most hacks are probably not even getting discovered, even if they are they still need to get reported, etc. Still, be aware of the risks. Your country is still the one with the highest incarceration rate on this planet, no other regime on the planet deprives such a high ratio of their citizens of their freedom - do keep that in mind. You'd be safer to do your hacking virtually anywhere else.

But if you're interested in hacking but don't want to get in trouble with the law, then do it legally. Try to hack your own systems. After you've got some experience with that, do it to other people with their consent - the legal side of penetration testing is about testing and improving computer security. That's even a profession.

Your right. I like to try to test my own system because I honestly don't think I'm smart enough to be a professional hacker. I just love to try to figure things out and always trying to learn more, and push myself to the limit.

I actually don't like black hat hackers because I know on Windows I was a target living in such a large living facility. Condo's basically. Thats one of the reasons I will only use linux now. Windows was like the black plague.

If I think I ever know enough (this forum teaches me a lot) I might think about penetration testing.

Good to hear from you!