KaliLinux and ParrotOS got a new Cousin: SnoopGod

Kali and Parrot are not the only Linux distributions for red teams, they are certainly the most popular ones. Now, there is a new kid in the playground SnoopGod! (I know what you think about the name, kinda familiar, right?)

SnoopGod v24.04 (formerly known as Blackbuntu) is based on Ubuntu 24.04 LTS, which is also based on Debian upstream. What does it mean? It is natural to distro-hop and continue to feel familiar with the system and the tools, mainly for those who use Ubuntu as their daily drive distro.

What does SnoopGod bring that distinguishes it from Kali or Parrot?

Based on Ubuntu LTS
- Long-term support (LTS) is especially important to those who need stability and security, it has support for at least 5 years.
- Arguably, Ubuntu has the larger community, and source of information online. (I am not open to discussing this, just my opinion)
KDE Plasma
- Historically KDE is the heaviest when compared to Xfce (used by Kali) and Gnome (used by Parrot) but KDE Plasma improved so much its performance that does not feel any different than Xfce (designed to be lightweight).
- It is beautiful and highly customizable.

FIRST IMPRESSIONS

Quick to start the live CD and apparently fully compatible (drivers) on a KVM hypervisor.

Smooth and uncomplicated installation. Did not take too long either.

Out of the box, the guest screen resizes with a beautiful animation as the hypervisor window is resized.

Reflection
- Low bar for new users.
- Pleasant experience.
- Eye candy!

UNDER THE HOOD OBSERVATIONS

While Kali pulls ALL packages from its own repository, SnoopGod pulls most of its packages from Ubuntu’s repository, including the security patches, and only the specific purpose set of applications comes from SnoopGod’s repository. Except for Metasploit which comes with its repository pre-installed.

Rationale
- The fact that SnoopGod pulls all the system fundamental packages from Ubuntu is a great strategy because it allows the distro maintainers to focus on the specialized tools.
- Security patches are directly pushed downstream by a much bigger team of specialists (Canonical).
- Arguably Kali and Parrot should not be used as daily driver OS but a dedicated instance or in a VM or container. SnoopGod on the other hand, is a set of tools on top of an enterprise-level desktop system designed to be one’s daily driver.

PACKAGES ON TOP OF UBUNTU

Cracking

crowbar
gpp-decrypt
rainbowcrack
rsmangler

Exploitation

beef
burpsuite
cge
exe2hex
exploitdb
gophish
jexboss *
- A tool for testing and exploiting vulnerabilities in JBoss Application Server and other Java Platforms.
libenom *
- Makes easier and faster the creation of payloads with MSFvenom.
metasploit
routersploit
sharp meter *
shellnoob

Forensics

ddrescue
dumpzilla
pdf-parser
pdfid

Hardening

dex2jar

Information Gathering

enum4linux
gnmap *
lbd
linenum *
- A script for local Linux enumeration and potential privilege escalation.
maltego
phoneinfoga *
- An advanced tools to scan international phone numbers.
smtp-user-enum
subfinder
sublist3r
trufflehog

Networking

cymothoa
netexec
nishang
powersploit
pwnat
reverser *
- Helps to create a reverse shell using the method of your choice.

Reverse Engineering

ghidra
jad
javasnoop

Scripts and Utilities

dracnmap *
- This tool performs fast scanning by utilizing the script engine of Nmap.
ngrok
portmapper *
- manages the port mappings (port forwarding) of a router if UPnP is enabled.
ridenum
subbrute *
- Sub-directories brute-force discovery tool.
torbridge *
- Tunnels all traffic through the Tor Network.
webtrace *

Sniffing & Spoofing

mitmdump
mitmproxy
mitmweb
sniffjoke
webscarab
zaproxy

Stress Testing

goldeneye
iaxflood
rtpflood
thc-ssl-dos
udpflood *
- Doers what is says on the tin.

Vulnerability Analysis

bed
jsql-injection
nuclei
sfuzz
sidguesser
tnscmd10g
unix-privesc
xsser

Web Applications

cmsmap *
- A CMS scanner that automates the process of detecting security flaws.
dirbuster
hurl
wpscan

Wireless

blueranger
fluxion *
- A security auditing and social-engineering research tool.
wifi-honey
wps-breaker *
- Help you to extract the wps pin of many vulnerable routers and get the password.

Note: the tools marked with * are not present in Kali.

REFLECTIONS

This distribution was not meant to replace any of the traditional red teaming-focused distributions but it adds up to the arsenal of builds to the cyber security community.

I went through the painful process of comparing the list of tools of SnoopGod and Kali and it has 16 packet packets that I could not find in Kali.

My recommendation for the maintainers of this distribution is to increase transparency regarding their identity and the goals of the project. This will help build public trust. While there is nothing inherently wrong with the project, cybersecurity professionals need a high level of trust before they feel comfortable running it on their systems

BONUS

How to install the SnoopGod’s repository to empower Ubuntu 24.04 LTS.

sudo nano /etc/apt/sources.list.d/snoopgod.list

Add the following line.

deb [signed-by=/etc/apt/keyrings/snoopgod-pubkey.asc arch=amd64] https://packages.snoopgod.com noble main

Create the public key file.

sudo nano /etc/apt/keyrings/snoopgod-pubkey.asc

Add the following content. It is the public key used to check the signature of the content of SnoopGod’s repository.

Pull the list of packages from the newly added repository.

sudo apt update

To install one of those exclusive tools:

sudo apt install <PACKAGE_NAME>

Check out another Ubuntu LTS-based distro that claims to have a toolset tailored to Cybersecurity and Forensics users. It is called CSI Linux [Link]. If nothing else, I can guarantee you, it is a very nice-looking environment!