BackBox Linux 2.01 review – turning heads in the pen testing scene
A relative newcomer to the forensic and penetration testing live CD scene, Italian project BackBox is already turning heads as it hits version 2.01. Gareth Halfacree explains why…
Pros: A fast GUI provides quick access to a range of tools, with a PPA option for existing Ubuntu users
Cons: Some tools need a bit of tweaking, while there’s little to differentiate the package from other live CDs
It’s fair to say that there’s no shortage of penetration testing and forensic analysis toolkits – often characterised as ‘hacking toolkits’ – available today. Since the launch of classics including the Auditor Security Collection, a Knoppix-based distribution that would eventually morph into the popular BackTrack, almost every mainstream distribution has gained its own spin-off forensic kit; but what makes BackBox different?
A relative newcomer to the scene, the first release of BackBox was back in September as a project of the Italian Open Soluzioni web community founded by Raffaele Forte. Now on its second major release, BackBox has grown rapidly and offers plenty of scope for both amateur and professional use.
Based on Canonical’s Ubuntu distribution, itself derived from Debian, the latest build of BackBox isn’t exactly bleeding-edge – it’s still using the 2.6 kernel tree in both the x86 and AMD64 flavours – but it does contain an impressive collection of tools. It’s also surprisingly slick; from its lightweight yet attractive Xfce desktop environment to its multi-language live CD boot menu – which includes a ‘forensic’ mode that works to prevent accidental writes to a host system’s drive that could jeopardise evidence gathering activities – BackBox exudes professionalism in an area that all too often goes for glitz and glamour in an effort to attract the ‘script kiddies.’
That’s not to say BackBox is without fault: some of the tools, such as the collaborative documentation web app Dradis, require a daemon to be started before they will operate; if you’re not familiar with the apps you’d be forgiven for overlooking the entries in the ‘Services’ menu, which will leave you staring at error messages wondering where you went wrong.
Despite this, the general experience of using BackBox is pleasurable; there’s a wealth of utilities on hand covering a range of activities – split into Information Gathering, Vulnerability Assessment, Exploitation, Privilege Escalation, Maintaining Access, Documentation & Reporting, Reverse Engineering, Social Engineering, Forensic Analysis, VoIP Analysis, Wireless Analysis and Miscellaneous categories – but it never feels as though anything has been crammed in without aforethought.
It’s also good to see some general-purpose software making the grade; while many forensic live CDs offer only the tools needed for the job, BackBox includes IRC chat software, the AbiWord word processor, Gnumeric spreadsheet, several web browsers, a media player, and even a tool for addressing a scanner connected to the host system.
As with rival forensic and penetration testing toolkits – and we’re specifically thinking of BackTrack here, from which BackBox gets its name – the CD contains tools for analysing both wired and wireless networks, and utilities for recovering or modifying passwords from both POSIX-compliant systems and Microsoft Windows for those who work in a heterogeneous environment.
Impressively, the BackBox team has thought to create a Personal Package Archive – PPA – containing the tools and utilities distributed with the BackBox live CD; as a result, it’s possible to add the exact same tools to an existing Ubuntu-based system without having to replace your day-to-day OS with BackBox. It’s a good idea, and one we’d like to see other specialist distributions copy where possible.
While some of the tools are sadly restricted – such as the open source intelligence gathering package Maltego, which is provided as the free Community Edition with limits on the number of results it will offer – these are few and far between.
It’s true that BackBox is a new project, and currently suffers from a somewhat erratic release schedule, but the distribution is quickly shaping up to be a serious alternative to established forensic distributions like BackTrack.
BackBox isn’t perfect: beginners may find themselves puzzled over tools that require daemons not automatically started on bootup, but it holds a wealth of power for those willing to learn. The inclusion of general purpose software is also welcome, and the existence of a PPA for adding the live CD’s tools to a desktop Ubuntu install seals the deal.