There’s no doubt Kali has established itself as the most common penetration distribution available. However, just because This particular’s the fan favorite of beginners in addition to security researchers doesn’t make This particular right for everyone. Manjaro Linux is actually a beginner-friendly Arch-based distribution which can be easily weaponized with the Black Arch expansion, creating a friendlier first-time Arch experience.
The battle of the best penetration distribution is actually a conversation I’ve seen discussed in forums in addition to IRC channels for several years. Hackers in addition to pentesters will frequently debate which operating system is actually the most intuitive in addition to easy to use, as well as which has the superior collection of curated hacking tools.
Beginners often are left wondering which hacking distro is actually right for them, asking themselves if choosing between ParrotSec in addition to Kali are the best options to get began. yet while Arch Linux is actually commonly thought of as powerful yet not particularly beginner-friendly, there is actually a way for novices to easily get began hacking on an Arch-based system called Manjaro Linux.
What is actually Manjaro?
Manjaro is actually an easy-to-use, beginner-friendly Linux distribution based on Arch Linux, a cutting-edge, lightweight distribution which has a “keep This particular simple” philosophy. Setting up Arch can be intimidating as This particular requires a deeper understanding of building Linux systems than some other distributions, yet Manjaro takes the hassle in addition to complexity out of the Arch installation. Manjaro also has an excellent community of experienced Arch users who are very receptive to beginner questions.
What is actually BlackArch?
BlackArch Linux is actually also an Arch Linux-based distribution, yet focuses on penetration testing in addition to is actually geared toward security researchers in addition to independent hackers alike.
BlackArch has an impressive 1,900+ tools indexed on its website. Kali, on the some other hand, currently has about 360 tools. This particular’s fair to say BlackArch provides a greater collection of software for curious penetration testers to experiment with. One could spend an entire weekend sampling hundreds of interesting tools in addition to still not scratch the surface of what BlackArch has to offer.
The Road to BlackArch
We’ll be installing Manjaro, then manually importing the BlackArch repositories which contain all of the fun hacking tools. This particular will allow us to install Wi-Fi hacking tools in addition to use exploit frameworks like Metasploit coming from our inconspicuous Manjaro distribution.
This particular article will be a quick guide for anyone who wants to weaponize their user-friendly Manjaro distribution by adding some penetration testing applications to their operating system. This particular will be a great experience for anyone looking to step out of their comfort zone in addition to experiment with BlackArch tools.
Step 1: Downloading Manjaro
The first thing we’ll need to do is actually head over to the Manjaro website to view the available download options. We’ll be presented with several desktop environment options. This particular includes XFCE, KDE, in addition to GNOME.
- XFCE is actually a lightweight desktop environment. This particular aims to be fast in addition to low on system resources, while still being visually appealing in addition to user-friendly, which will create a comfortable experience for users who are brand new to BlackArch. This particular also means our CPU in addition to RAM won’t work as hard to render applications in addition to processes when using XFCE.
- KDE is actually a feature-rich in addition to versatile desktop environment in which provides an advanced graphical desktop in addition to a wide variety of applications. While very user-friendly in addition to certainly flashy, KDE is actually also quite resource-heavy in addition to noticeably slower than a desktop environment like XFCE.
- GNOME, which is actually also the default Kali desktop environment, aims to be simple in addition to easy to use. While the appearance is actually unique, This particular remains very customizable which has a variety of available extensions. Like KDE, This particular uses more system resources than XFCE.
Generally, I prefer the desktop environments in which utilize as little system resources as possible. This particular allows me to focus on the task at hand in addition to not worry about my laptop fan spinning out of control because I have 7 terminals, 2 browsers, 3 messengers, in addition to Minesweeper open all at the same time.
XFCE is actually the clear choice for anyone who prefers efficiency over flashiness in addition to likes to keep a dozen applications running inside background. On the some other hand, if you contain the fastest CPU on the market in addition to 128 GB of RAM, This particular’s probably safe to use KDE without consequence.
On Unix-like operating systems, we can use wget to download the ISO by entering the below command into a terminal. Make sure to substitute the proper download link for the one you choose.
Readers are encouraged to verify the ISO Sha1sums, which can be found on the Manjaro download page.
Isn’t There a Simpler Way?
Before we begin, I’d like to point out in which my below guide is actually one of several ways of building a BlackArch box. Another method would certainly be to download the BlackArch OVA image. OVA (Open Virtual Appliance) files are often used to distribute pre-configured virtual machines (VMs) of a particular operating system. We can literally double-click on the BlackArch .ova file to open This particular in Oracle’s VirtualBox in addition to be done with installation.
The major downside to the BlackArch OVA is actually the 18 GB file size. I’m not sure security researchers interested in sampling BlackArch for the very first time will be excited to download a massive 18 GB file. Another potential downside is actually BlackArch doesn’t use XFCE, KDE, or GNOME by default. This particular uses Fluxbox, a much more DIY desktop environment than GNOME. Native Kali users probably won’t find a Fluxbox desktop environment intuitive or comfortable their first time around.
Step 2: Installing Manjaro
I’ll be using the latest Manjaro XFCE ISO in addition to installing This particular in VirtualBox. We’re only sampling BlackArch today, so using a virtual machine seems appropriate.
Start VirtualBox in addition to click “brand new” to create a brand new VM. VirtualBox will ask you to name the VM in addition to select a type in addition to type. Be sure to use “Linux” as the Type in addition to “Arch Linux” as the type. Then click “Next” to continue.
Here, we’ll need to allocate memory (RAM) to the BlackArch VM. 2048 MB is actually the equivalent of 2 GB of memory. Allocating 2048 MB is actually generally enough to run a VM without noticing any hardware limitations. If you have 16 GB (or more) of memory on your machine, This particular’s probably safe to allocate 4096 MB or more.
When you’ve decided how much Memory to allocate to the BlackArch VM, click “Next” to continue.
Click “Create” to create our brand new virtual hard disk.
Next, set the hard disk file type as “VDI (VirtualBox Disk Image).” This particular will allow us to use our brand new BlackArch VM on some other computers using VirtualBox if we decide to move VMs around inside future. Simply click “Next” to continue.
today set the storage on the physical hard disk to “Dynamically allocated.” This particular is actually a great feature of VirtualBox. This particular allows the BlackArch VM to allocate space on the hard disk drive (HDD) on an as-needed basis. Dynamically allocated disks will only use space on your physical HDD as This particular fills up. So if our BlackArch VM initially requires 5 GB of space in addition to later grows to 15 GB after installing more tools, in which’s okay. A dynamically allocated disk will grow as needed. Click “Next” to continue.
Next, set the maximum size we’ll allow the BlackArch VM to grow. Depending on how much space you have available on your physical HDD, This particular setting might be trivial — 256 GB is actually probably more than we’ll ever need for a BlackArch VM. Be sure to enhance or decrease This particular number as This particular fits your needs, then click “Create” to finish.
today highlight the newly created BlackArch VM inside VirtualBox Manager window in addition to click the “Settings” button to view the BlackArch VM settings.
Click the “Storage” tab, then click the “Empty” storage device to add the Manjaro ISO we downloaded earlier. Then click the CD/DVD icon to show the available ISOs. You will need to click “Choose Virtual Optical Disk File” to location the Manjaro ISO on your computer.
When you’ve done in which, click “OK” inside bottom-right corner to save the alterations.
Step 3: Configuring Manjaro
today, all we have to do today is actually click “Start” to power on the Manjaro VM. If all went well, you’ll be greeted with the Manjaro bootloader. Press the down arrow key on your keyboard to highlight the “Boot: Manjaro …” option in addition to press enter.
After a few seconds, we’ll be greeted with the installer menu. Click on the “Launch installer” button to begin.
This particular will walk you through selecting your preferred language, keyboard setup, hard drive partitioning, in addition to more. Be sure to set a strong password when creating your account. in addition to remember the “name” of This particular computer is actually the name in which will appear on routers when you connect to them.
When the installer is actually completed, you’ll be greeted with the below screen. Check the “Restart today” option in addition to click “Done” to complete the installation.
Step 4: Getting Used to XFCE
The first thing I recommend users do after installing Manjaro is actually to go through all of the settings in addition to tweak minor features to your preference. Anyone familiar with GNOME or macOS will feel comfortable using the XFCE “Settings” menu.
BlackArch provides a handy installer script designed for manually importing BlackArch tool repositories. Open a terminal in addition to type the below command to download the strap.sh installer script.
curl -Os https://blackarch.org/strap.sh
The .sh file extension means This particular is actually a Shell script in addition to we’ll need to give the file permissions to execute commands on our machine. Type the This particular chmod command into your terminal to give the strap.sh script permissions to run.
chmod +x strap.sh
today run the strap.sh installer script by typing This particular into your terminal:
When the installer prompts you to enter a BlackArch mirror, just press enter to use the default mirror. If all goes well, the script should report “BlackArch Linux is actually ready!”
APT (Advanced Packaging Tool), which is actually used for installing packages in addition to tools in Kali in addition to Debian, is actually not used in Arch-based operating systems. BlackArch doesn’t use APT, as most Kali natives are used to.
The Pacman package manager is actually one of the major distinguishing features of Arch Linux. The goal of Pacman is actually to easily manage packages, whether they are coming from the official Arch repositories or third-party repositories like BlackArch.
Below is actually a tiny list of APT-to-Pacman equivalent commands to help brand new BlackArch users get familiar with installing packages in addition to tools.
apt-get install <package name>
pacman -S <package name>
apt-get remove <package name>
pacman -Rs <package name>
apt-cache search <package name>
pacman -Ss <package name>
apt-get update && apt-get upgrade
- Removing old in addition to unneeded dependencies:
- Displaying package information:
apt-cache show <package name>
pacman -Si <package name>
For a complete list of corresponding APT-to-Pacman commands, check out the full list curated by the Arch community.
BlackArch Tool Categories
As mentioned previously, BlackArch has an incredible repository of tools. Depending on your network speed, installing every single tool may take an incredibly long time to download. All of the tools can be installed individually or in bulk by category. Below is actually a list of a few available categories.
- webapp: A collection of tools designed for exploiting web servers in addition to enumerating vulnerabilities in web applications.
- fuzzer: A collection of tools designed for fuzzing, which is actually often defined as automated bug finding or “throwing” random input data at an application to invoke interesting or unwanted responses.
- scanner: A collection of scanners in which includes SSL scanners, SQL Injection scanners, CMS scanners, in addition to much more.
- cracker: A collection of tools designed for cracking cryptographic functions, as well as brute-forcing tools.
- forensic: A collection of tools designed to find data on physical disks in addition to embedded memory.
- proxy: A collection of tools designed to act as a proxy or redirect traffic to another server on the internet.
- mobile: A collection of tools designed to manipulate mobile platforms.
- code-audit: A collection of tools designed to audit existing source code for vulnerabilities.
- fingerprint: A collection of tools designed to exploit fingerprint biometric equipment.
We can install entire categories by typing the below command into a terminal. Substitute <category> for the category name above in which you want.
sudo pacman -S blackarch-<category>
For a complete list of BlackArch categories, run the below command.
sudo pacman -Sg | grep blackarch
Alternately, we can view the offical BlackArch guide for more details. We can also install all 1,900+ available tools with one particular command. This particular would certainly take a considerable amount of time. If you’re feeling patient, use the below command to install everything BlackArch has to offer.
sudo pacman -S blackarch
Which Distribution is actually Right for You?
The debate of which penetration distribution is actually the best may never be settled. The truth is actually, there probably isn’t one particular perfect distribution capable of satisfying the individual needs of every security researcher out there. We all have different standards, preferences, areas of expertise, in addition to varying degrees of experience. All of these things factor into how we use our penetration-testing distributions.
If you’re looking to explore brand new in addition to interesting tools, coupling Manjaro’s intuitive interface with BlackArch’s repository of tools will have Kali Linux natives feeling at home.
So you have a brand new Manjaro VM equipped with hundreds of brand new hacking tools, what next? How about connecting a wireless network adapter to the VM in addition to installing some fun Wi-Fi hacking tools we wouldn’t find in Kali.
Thanks for reading. If you have any questions, be sure to leave a comment below or ask me on Twitter @tokyoneon_. in addition to don’t forget to stay connected in addition to check out our social accounts!