Lately I have been wanting to learn more about pentesting. I am between Kali, Black Arch, and Pentoo for my choice of template. I have used Kali, so I am familiar with that, but I use gentoo as my daily, so familiarity is good, but Black Arch has so many tools built into it (most I probably won’t use ultimately), so it seems good for learning.
I heard from some people more knowledgable that Black Arch is compromised. I guess what I am wondering is what would work best on qubes and be most secure/undetectable.
My plan for each is to install the pentesting tools on their respective templates. Any advice?
I recommend Kali or any of the other pre-made for pentesters choices if you’re truly just learning penetration testing. Especially so if you’re not experienced building software from source and managing a Linux system
Personally, I would use debian-12-minimal, but this is because I’m experienced enough to know which tools I need as well as how to install them efficiently (through notes, scripts and ansible) in such a way that they are useful to me. I also know how to quickly configure things manually that Kali may do for you (monitor mode for a wlan interface maybe, or customizing a reverse proxy configuration for some use-case only used by weird pentester types, for example)
Really, like most things that touch at all on security or productivity, the answer is “it depends”
To hit the ground running by having most of the tools you’ll find in any “howto” guide available, choose Kali or similar
If security (less attack surface, less risk of supply chain compromise*) is a concern and/or resource consumption is a concern and you have expertise and time available, it’s reasonable to choose Debian minimal. However, be prepared to spend time being a Linux sysadmin to get what you need for some tasks. Also be prepared to build some applications from source, etc. Also expect to curate and download things like wordlists, something that Kali has packages for
I don’t use Kali, for a bunch of reasons. But for many beginners, with “loose” threat profiles, it’s probably the best place to start unless your interest lies in identifying and building some of the tools used
I should mention, there are plenty of tools that have easy to install apt packages on both Kali and Debian. But it’s far from all of them - Kali includes a ton of stuff (though many are of dubious value in my opinion)
I’ve decided that Kali is significantly higher risk as a target of supply chain attackthan Debian, due to the trends of certain nation states very deliberately targeting security researchers. Also due to Debian being (in my unsupported opinion) more well-equipped to prevent and detect spiked packages when compared with Kali. Just my opinion, hard to support with evidence