Starting Out with BackBox Linux

Exclusive offer: get 50% off this eBook here
Penetration Testing with BackBox

Penetration Testing with BackBox — Save 50%

An introductory guide to performing crucial penetration testing operations using Backbox with this book and ebook

$17.99    $9.00
by Stefan Umit Uygur | February 2014 | Open Source

This article, by Stefan Umit Uygur, the author of Penetration Testing with BackBox, is based on full penetration testing methodologies using BackBox. We will acquire in-depth knowledge of BackBox by familiarizing ourselves with its various tools and functions. It is highly recommended that readers have a prior general understanding of Linux systems and an average level of knowledge concerning shell environments.

(For more resources related to this topic, see here.)

A flexible penetration testing distribution

BackBox Linux is a very young project designed for penetration testing, vulnerability assessment and management. The key focus in using BackBox is to provide an independent security testing platform that can be easily customized with increased performance and stability. BackBox uses a very light desktop manager called XFCE. It includes the most popular security auditing tools that are essential for penetration testers and security advisers. The suite of tools includes web application analysis, network analysis, stress tests, computer sniffing forensic analysis, exploitation, documentation, and reporting.

The BackBox repository is hosted on Launchpad and is constantly updated to the latest stable version of its tools. Adding and developing new tools inside the distribution requires it to be compliant with the open source community and particularly the Debian Free Software Guidelines criteria. IT security and penetration testing are dedicated sectors and quite new in the global market. There are a lot of Linux distributions dedicated to security; but if we do some research, we can see that only a couple of distributions are constantly updated. Many newly born projects stop at the first release without continuity and very few of them are updated.

BackBox is one of the new players in this field and even though it is only a few years old, it has acquired an enormous user base and now holds the second place in worldwide rankings. It is a lightweight, community-built penetration testing distribution capable of running live in USB mode or as a permanent installation. BackBox now operates on release 3.09 as of September 2013, with a significant increase in users, thus becoming a stable community. BackBox is also significantly used in the professional world.

BackBox is built on top of Ubuntu LTS and the 3.09 release uses 12.04 as its core. The desktop manager environment with XFCE and the ISO images are provided for 32-bit and 64-bit platforms (with the availability on Torrents and HTTP downloads from the project's website). The following screenshot shows the main view of the desktop manager, XFCE:

The choice of desktop manager, XFCE, plays a very important role in BackBox. It is not only designed to serve the slender environment with medium and low level of resources, but also designed for very low memory. In case of very low memory and other resources (such as CPU, HD, and video), BackBox has an alternative way of booting the system without graphical user interface (GUI) and using command-line only, which requires really minimal amount of resources. With this aim in mind, BackBox is designed to function with pretty old and obsolete hardware to be used as a normal auditing platform. However, BackBox can be used on more powerful systems to perform actions that require the modern multicore processors to reduce ETA of the task such as brute-force attacks, data/password decryption, and password-cracking. Of course, the BackBox team aims to minimize overhead for the aforementioned cases through continuous research and development. Luckily, the majority of the tools included in BackBox can be performed in a shell/console environment and for the ones which require less resource. However, we always have our XFCE interface where we can access user-friendly GUI tools (in particular network analysis tools), which do not require many resources.

Relatively, newcomer into the IT security and penetration testing environment, the first release of BackBox was back in September 09, 2010, as a project of the Italian web community. Now on its third major release and close to the next minor release (BackBox Linux 3.13 is planned for the end of January 2014), BackBox has grown rapidly and offers a wide scope for both amateur and professional use.

The minimum requirements for BackBox are as follows:

  • A 32-bit or 64-bit processor
  • 512 MB of system memory RAM (256 MB in case there will be no desktop manager usage and only the console)
  • 4.4 GB of disk space for installation
  • Graphics card capable of 800 × 600 resolution (less resolution in case there will be no desktop manager usage)
  • DVD-ROM drive or USB port

The following screenshot shows the main view of BackBox with a toolbar at the bottom:

The suite of auditing tools in BackBox makes the system complete and ready to use for security professionals of penetration testing.

The organization of tools in BackBox.

The entire set of BackBox security tools are populated into a single menu called Audit and structured into different subtasks as follows:

  • Information Gathering
  • Vulnerability Assessment
  • Exploitation
  • Privilege Escalation
  • Maintaining Access
  • Documentation & Reporting
  • Social Engineering
  • Stress Testing
  • Forensic Analysis
  • VoIP Analysis
  • Wireless Analysis
  • Miscellaneous

We have to run through all the tools in BackBox by giving a short description of each single tool in the Auditing menu. The following screenshot shows the Auditing menu of BackBox:

Information Gathering

Information Gathering is the first absolute step of any security engineer and/or penetration tester. It is about collecting information on target systems, which can be very useful to start the assessment. Without this step, it will be quite difficult and hard to assess any system.

Vulnerability Assessment

After you've gathered information by performing the first step, the next step will be to analyze that information and its evaluation. Vulnerability Assessment is the process of identifying the vulnerabilities present in the system and prioritizing them.


Exploitation is the process where the weakness or bug in the software is used to penetrate the system. This can be done through the usage of an exploit, which is nothing but an automated script that is designed to perform a malicious attack on target systems.

Privilege Escalation

Privilege Escalation occurs when we have already gained access to the system but with low privileges. It can also be that we have legitimate access but not enough to make effective changes on the system, so we will need to elevate our privileges or gain access to another account with higher privileges.

Maintaining Access

Maintaining Access is about setting up an environment that will allow us to access the system again without repeating the tasks that we performed to gain access initially.

Documentation & Reporting

The Documentation & Reporting menu contains the tools that will allow us to collect the information during our assessment and generate a human readable report from them.

Reverse Engineering

The Reverse Engineering menu contains the suite of tools aimed to reverse the system by analyzing its structure for both hardware and software.

Social Engineering

Social Engineering is based on a nontechnical intrusion method, mainly on human interaction. It is the ability to manipulate the person and obtain his/her access credentials or the information that can introduce us to such parameters.

Stress Testing

The Stress Testing menu contains a group of tools aimed to test the stress level of applications and servers. Stress testing is the action where a massive amount of requests (for example, ICMP request) are performed against the target machine to create heavy traffic to overload the system. In this case, the target server is under severe stress and can be taken advantage of. For instance, the running services such as the web server, database or application server (for example, DDoS attack) can be taken down.

Forensic Analysis

The Forensic Analysis menu contains a great amount of useful tools to perform a forensic analysis on any system. Forensic analysis is the act of carrying out an investigation to obtain evidence from devices. It is a structured examination that aims to rebuild the user's history in a computer device or a server system.

VoIP Analysis

The voice over IP (VoIP) is a very commonly used protocol today in every part of the world. VoIP analysis is the act of monitoring and analyzing the network traffic with a specific analysis of VoIP calls. So in this section, we have a single tool dedicated to the analysis of VoIP systems.

Wireless Analysis

The Wireless Analysis menu contains a suite of tools dedicated to the security analysis of wireless protocols. Wireless analysis is the act of analyzing wireless devices to check their safety level.


The Miscellaneous menu contains tools that have different functionalities and can be placed in any section that we mentioned earlier, or in none of them.


Apart from the Auditing menu, BackBox also has a Services menu. This menu is designed to populate the daemons of the tools, those which need to be manually initialized as a service.


We have the Update menu that can be found in the main menu, just next to the Services menu. The Update menu contains the automated scripts to allow the users to update the tools that are out of APT automated system.


BackBox 3.13 has a new menu voice called Anonymous in the main menu. This menu contains a script that makes the user invisible to the network once started. The script populates a set of tools that anonymize the system while navigating, and connects to the global network, Internet.


Apart from the security-auditing tools, BackBox also has several privacy-protection tools. The suite of privacy-protection tools includes Tor, Polipo, and the Firefox safe mode that have been configured with a default profile in the private-browsing mode. There are many other useful tools recommended by the team but they are not included in the default ISO image. Therefore, the recommended tools are available in the BackBox repository and can be easily installed with apt-get (automated package installation tool for Debian-like systems).

Completeness, accuracy, and support

It is obvious that there are many alternatives when it comes to the choice of penetration testing tools for any particular auditing process. The BackBox team is mainly focused on the size of the tool library, performance, and the inclusion of the tools for security and auditing. The amount of tools included in BackBox is subject to accurate selection and testing by a team.

Most of the security and penetration testing tools are implemented to perform identical functions. The BackBox team is very careful in the selection process in order to avoid duplicate applications and redundancies.

Besides the wiki-based documentation provided for its set of tools, the repository of BackBox can also be imported into any of existing Ubuntu installation (or any of Debian derivative distro) by simply importing the project's Launchpad repository to the source list.

Another point that the BackBox team focus their attention on is the size issue. BackBox may not offer the largest number of tools and utilities, but numbers are not equal to the quality. It has the essential tools installed by default that are sufficient to a penetration tester.

However, BackBox is not a perfect penetration testing distribution. It is a very young project and aims to offer the best solution to the global community.

Links and contacts

BackBox is an open community where everybody's help is greatly welcomed. Here is a list of useful links to BackBox information on the Web:


In this article, we became more familiar with the BackBox environment by analyzing its menu structure and the way its tools are organized. We also provided a quick comment on each tool in BackBox. This is the only theoretical information regarding the introduction of BackBox.

Resources for Article:

Further resources on this subject:

Penetration Testing with BackBox An introductory guide to performing crucial penetration testing operations using Backbox with this book and ebook
Published: February 2014
eBook Price: $17.99
Book Price: $29.99
See more
Select your format and quantity:

About the Author :

Stefan Umit Uygur

Stefan Umit Uygur has been an IT System and Security engineer for 14 years. He is an extremely motivated open source software evangelist with a passion for sharing knowledge and working in a community environment. He is highly experienced in Penetration Testing and Vulnerability Analysis, Management, and Assessment. He has been involved in many open source software projects, for example BackBox, where he is part of the core team. He has helped to promote the free software culture around the world by participating and organizing international conferences. He significantly contributes to shedding the false and negative perceptions around hacking and hackers by promoting the hacker world in a positive light. He explains in detail the real world of hacking, hackers' motivations, and their philosophy, ethics, and freedom. These activities are promoted mainly through national and international magazines, and in particular, during the conferences that he participates. Along with his professional activities, he has contributed to the Linux magazine, the  PenTest magazine, and a few other small, periodic, technical publications.

However, his main passion is continuous collaboration with the community as he believes in the community more than anything else. He strongly feels that knowledge shouldn't be owned by a few people, but should be the heritage of the entire collective. He is always grateful to the community for the skills and the knowledge he possesses. One of the definitions he gives to the community is that it is the real school and university where one truly learns.

Books From Packt

Instant Penetration Testing: Setting Up a Test Lab How-to [Instant]
Instant Penetration Testing: Setting Up a Test Lab How-to [Instant]

Metasploit Penetration Testing Cookbook, Second Edition
Metasploit Penetration Testing Cookbook, Second Edition

Kali Linux: Assuring Security By Penetration Testing
Kali Linux: Assuring Security By Penetration Testing

Learning Nessus for Penetration Testing
Learning Nessus for Penetration Testing

Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook

BackTrack 4: Assuring Security by Penetration Testing
BackTrack 4: Assuring Security by Penetration Testing

Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux

 BackTrack 5 Wireless Penetration Testing Beginner’s Guide
BackTrack 5 Wireless Penetration Testing Beginner’s Guide

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software