Editing Penetration test (section)

=== Specialized OS distributions ===

Several operating system distributions are geared towards penetration testing.<ref>{{cite book |last=Faircloth |first=Jeremy |title=Penetration Tester's Open Source Toolkit |edition=Third |year=2011 |publisher=[[Elsevier]] |isbn=978-1597496278 |chapter=Chapter 1:Tools of the Trade |chapter-url= http://zempirians.com/ebooks/Jeremy%20Faircloth-Penetration%20Tester's%20Open%20Source%20Toolkit,%20Third%20Edition%20%20-Elsevier%20Science%20(2011).pdf |access-date=4 January 2018}}{{Request quotation |date=May 2013 |reason=It would be good to know what this is referencing since this statement is not a concern. The next ones are.}}</ref> Such distributions typically contain a pre-packaged and pre-configured set of tools. The penetration tester does not have to hunt down each individual tool, which might increase the risk of complications—such as compile errors, dependency issues, and configuration errors. Also, acquiring additional tools may not be practical in the tester's context.

Notable penetration testing OS examples include:

* [[BlackArch]] based on [[Arch Linux]]
* [[BackBox]] based on [[Ubuntu (operating system)|Ubuntu]]
* [[Kali Linux]] (replaced [[BackTrack]] December 2012) based on [[Debian]]
* [[Parrot Security OS]] based on [[Debian]]
* [[Pentoo]] based on [[Gentoo Linux|Gentoo]]
* [[WHAX]] based on [[Slackware]]

Many other specialized operating systems facilitate penetration testing—each more or less dedicated to a specific field of penetration testing.

A number of Linux distributions include known OS and application vulnerabilities, and can be deployed as ''targets'' to practice against. Such systems help new security professionals try the latest security tools in a lab environment. Examples include Damn Vulnerable Linux (DVL), the OWASP Web Testing Environment (WTW), and Metasploitable.