Ubuntu derivative BackBox Linux for security analysis

© Lead Image © Andrea De Martin, 123RF.com

© Lead Image © Andrea De Martin, 123RF.com

Article from Issue 208/2018

Specializing in security and forensics, BackBox Linux is not only good for a vulnerability assessment, but thanks to its lean substructure, it is also suitable as a desktop distribution.

Many security-related Linux derivatives focus on a specific area of IT security and only take other problems into account marginally, or not at all. In contrast, the Italian Ubuntu derivative BackBox Linux, which has been in continuously development for several years, addresses most of the security-relevant issues faced by administrators of small and medium-sized networks.

You can pick up the approximately 2.5GB ISO image from the BackBox project page [1] for both 32- and 64-bit architectures. Here, you can choose whether you want to download the image directly or via BitTorrent. You can either specify a donation amount or enter 0 in the corresponding field.

As the minimum system requirements, the developers specify a computer with 1GB of RAM and 10GB of free space on mass storage. The screen resolution should be at least 800x600 pixels; both a USB memory stick and a DVD can be used as boot drives.

Much like Ubuntu, the system starts up automatically without intervention on booting. If you press a key in the first five seconds, a selection menu appears in which you can specify the localization, if needed. After a short time, an Xfce v4.11 desktop appears in a conventional design with a horizontal panel at the top of the screen (Figure 1).

Figure 1: The Xfce desktop does has no surprises; only a couple of entries in the start menu indicate the distribution's peculiarities.

At first glance, three unusual categories stand out in the start menu: the Anonymous, Auditing, and Services submenus indicate the distribution's universal applicability for security-related tasks. On the desktop itself, in addition to the obligatory recycle bin and some icons for existing drives and folders, there is also a launcher to install the system on the mass storage device.

Clicking on the launcher activates Ubiquity, Ubuntu's default installation wizard, which appears in brighter colors on BackBox than on the original Ubuntu.


BackBox Linux is based on Ubuntu 14.04, with kernel 4.4 underpinnings and systemd. The distribution comes with many popular preinstalled programs, including LibreOffice 4.2.8, Firefox 50.0.2, Gimp 2.8.10, and Thunderbird 45.5.1. However, multimedia programs such as VLC and Audacity are missing, and you won't find a Games submenu.

For this purpose, in the Services folder, BackBox offers the option to start or stop various services and processes with a mouse click. These include the Apache web server, the Tor anonymization network, the PostgreSQL database, and the SSH daemon. The status of these services can be easily determined with a mouse click (Figure 2).

Figure 2: Preconfigured services can be launched by clicking in BackBox's start menu.

You can use the BleachBit delete tool to remove unnecessary and obsolete data, which mainly includes rotating logfiles, but also temporary storage or histories that show a user's behavior on the computer. BackBox offers two starters: one for users and one for administrators with extended permissions.

In the Anonymous menu, you can start, stop, or determine the current status of the anonymous service by clicking the like-named scripts (e.g., anonymous start). The anonymous script lets you generate an incorrect MAC address for one of the network interfaces integrated into the system. The service also lets you modify the hostname and finally starts the Tor anonymizing service.

The entire script runs interactively in the terminal. To open an Internet connection secured by a Tor network, click on Vidalia in the Internet menu. The graphical Vidalia control panel, which provides a great deal of interesting information about Tor in a visual format, automatically establishes the connection to the service (Figure 3).

Figure 3: The Tor anonymization service can be conveniently managed with Vidalia.

In the Anonymous menu you will also find a launcher that calls a script to erase the memory before switching off. Switch this function on or off in the terminal after entering your authentication data.

Unlike other IT security distributions, BackBox does not provide the Firefox web browser with add-ons by default. You will therefore want to reinstall and configure uBlock Origin, Ghostery, or HTTPS Everywhere to stop unmanageable tracking by advertising agencies.

Pidgin, the preinstalled chat client, optionally supports encrypted communication using the OTR plugin, but you have to install this extension manually. In the Thunderbird email client, I also recommend setting up add-ons such as Enigmail, which allow messages to be simply encrypted with OpenPGP or GnuPG.


The core of BackBox is the Auditing menu, with 16 groups of security-related applications. In addition to tools for penetration tests, you will also find many programs for network and web app analysis, as well as forensic tasks. It also contains well-known sniffers and vulnerability analysis programs.

The developers also incorporated some unusual tools into the system: For example, tools from the Automotive Analysis submenu can be used to read the CAN bus of motor vehicles, whereas Mobile Analysis deals with smartphones and tablet PCs. The Android and iPhone submenus group the respective applications by system type.

The Wireless Analysis submenu, which distinguishes between Bluetooth and WiFi applications, is similarly laid out. Under WiFi | Cracking, you will find programs for checking WiFi encryption, such as Aircrack-ng. The Scanning submenu combines applications for detecting WiFi networks, including the Kismet program.

Various applications for LAN analysis offer significant benefits: Password crackers, some of which can be used for specific file types, make it possible to trace password strength. With network sniffers such as Ettercap and Wireshark, you can also quickly identify weak points in the intranet by recording data transfer (Figure 4).

Figure 4: BackBox has the right software for many problems.

In addition to software that exclusively deals with computer and data security, you will find tools for reconstructing data in various subgroups in the Forensic Analysis menu. This includes – especially in the Data Recovery submenu – applications such as PhotoRec, TestDisk, Scalpel, and Foremost. The same menu also has applications for file and partition analysis.


Thanks to the lean Xfce desktop, BackBox is already very efficient with resources by nature. For example, with its graphical desktop and all commonly started services, the system only occupies about 500MB of RAM, which means that it runs smoothly, even on poorly equipped computers. Because most of the supplied tools start in the terminal, they do not require any additional memory.

Thanks to the low hardware requirements, BackBox is also suitable as a solid all-rounder for daily desktop use. For this reason, the developers implemented the graphical Synaptic front end for package management, which also makes it easy to install updates.

Package management already specifies all package sources, including those from third-party providers and the Tor Project, so you can keep your security-relevant software up to date at all times. Therefore, Synaptic lists more than 48,000 packages for the BackBox system (Figure 5).

Figure 5: Thanks to Synaptic package management, BackBox can be easily updated and extended with additional software.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • BackTrack

    The BackTrack live distribution lets you act like an intruder to test your network’s security.

  • The State of Secure Boot

    Opinions differ on the UEFI boot security system, but one thing is certain: Secure Boot is here to stay. We thought it was time to ask, "How hard is it to boot a popular Linux distribution in a UEFI Secure Boot environment?"

  • SystemRescueCd

    If you accidentally delete data or format a disk, good advice can be expensive. Or maybe not: You can undo many data losses with SystemRescueCd.

  • Network Security Toolkit

    Securing networks against attackers is not a trivial task. The Network Security Toolkit is a convenient solution for users who want to keep a collection of security tools in easy reach.

  • Tuning WLAN Routers

    Learn how to take control of your home routing device with OpenWrt.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More