Kali and Parrot are not the only Linux distributions for red teams, but they are certainly the most popular ones. Now, there is a new kid on the playground: SnoopGod! (I know what you’re thinking about the name, kinda familiar, right?)

SnoopGod v24.04 (formerly known as Blackbuntu) is based on Ubuntu 24.04 LTS, which is itself based on Debian upstream. What does this mean? It is easy to distro-hop and still feel familiar with the system and tools, especially for those who use Ubuntu as their daily driver.

What does SnoopGod bring that distinguishes it from Kali or Parrot?

  • Based on Ubuntu LTS
    • Long-term support (LTS) matters to those who need stability and security, as it provides support for at least 5 years.
    • Arguably, Ubuntu has a larger community and more information available online. (Not open to debating this, just my opinion.)
  • KDE Plasma
    • Historically, KDE has been the heaviest desktop environment compared to Xfce (used by Kali) and GNOME (used by Parrot), but KDE Plasma has improved so much that its performance now feels comparable to Xfce, which was designed to be lightweight.
    • It is beautiful and highly customizable.

Note: In late 2025, Parrot OS 7.0 was released with KDE Plasma 6 and Wayland by default, on top of Debian 13.


FIRST IMPRESSIONS

  • Quick to boot from the live CD and fully compatible (drivers) on a KVM hypervisor.

 

  • Smooth and straightforward installation, and it did not take long either.

  • Out of the box, the guest screen resizes with a smooth animation as the hypervisor window is resized.

  • Reflection
    • Low barrier for new users.
    • Pleasant experience.
    • Eye candy!

UNDER THE HOOD OBSERVATIONS

While Kali pulls all packages from its own repository, SnoopGod pulls most of its packages from Ubuntu’s repository, including security patches. Only the specialized tools come from SnoopGod’s own repository, except for Metasploit, which comes with its own repository pre-configured.

  • Rationale
    • Pulling core system packages from Ubuntu is a smart strategy as it allows the distro maintainers to focus on the specialized tools.
    • Security patches are pushed downstream directly by a much larger team of specialists at Canonical.
    • Kali and Parrot are arguably not suited as daily driver operating systems and are better used as dedicated instances, in a VM, or in a container. SnoopGod, on the other hand, is a set of security tools built on top of an enterprise-level desktop system designed to be a daily driver.

PACKAGES ON TOP OF UBUNTU

Cracking

  • crowbar
  • gpp-decrypt
  • rainbowcrack
  • rsmangler

Exploitation

  • beef
  • burpsuite
  • cge
  • exe2hex
  • exploitdb
  • gophish
  • jexboss *
    • A tool for testing and exploiting vulnerabilities in JBoss Application Server and other Java platforms.
  • libenom *
    • Simplifies and speeds up payload creation with MSFvenom.
  • metasploit
  • routersploit
  • sharp meter *
  • shellnoob

Forensics

  • ddrescue
  • dumpzilla
  • pdf-parser
  • pdfid

Hardening

  • dex2jar

Information Gathering

  • enum4linux
  • gnmap *
  • lbd
  • linenum *
    • A script for local Linux enumeration and potential privilege escalation.
  • maltego
  • phoneinfoga *
    • An advanced tool for scanning international phone numbers.
  • smtp-user-enum
  • subfinder
  • sublist3r
  • trufflehog

Networking

  • cymothoa
  • netexec
  • nishang
  • powersploit
  • pwnat
  • reverser *
    • Helps create a reverse shell using the method of your choice.

Reverse Engineering

  • ghidra
  • jad
  • javasnoop

Scripts and Utilities

  • dracnmap *
    • Performs fast scanning by leveraging Nmap’s scripting engine.
  • ngrok
  • portmapper *
    • Manages port mappings (port forwarding) on a router if UPnP is enabled.
  • ridenum
  • subbrute *
    • Sub-directory brute-force discovery tool.
  • torbridge *
    • Tunnels all traffic through the Tor network.
  • webtrace *

Sniffing & Spoofing

  • mitmdump
  • mitmproxy
  • mitmweb
  • sniffjoke
  • webscarab
  • zaproxy

Stress Testing

  • goldeneye
  • iaxflood
  • rtpflood
  • thc-ssl-dos
  • udpflood *
    • Does what it says on the tin.

Vulnerability Analysis

  • bed
  • jsql-injection
  • nuclei
  • sfuzz
  • sidguesser
  • tnscmd10g
  • unix-privesc
  • xsser

Web Applications

  • cmsmap *
    • A CMS scanner that automates the detection of security flaws.
  • dirbuster
  • hurl
  • wpscan

Wireless

  • blueranger
  • fluxion *
    • A security auditing and social engineering research tool.
  • wifi-honey
  • wps-breaker *
    • Extracts the WPS PIN from vulnerable routers to retrieve the password.

Note: Tools marked with * are not present in Kali.


REFLECTIONS

This distribution was not meant to replace any of the traditional red teaming-focused distributions, but it is a welcome addition to the cybersecurity community’s toolkit.

I went through the tedious process of comparing the tool lists of SnoopGod and Kali, and found 16 packages in SnoopGod that are not available in Kali.

My recommendation to the maintainers is to increase transparency regarding their identity and the goals of the project. This will help build public trust. While there is nothing inherently wrong with the project, cybersecurity professionals need a high level of trust before they feel comfortable running an unfamiliar OS on their systems.


BONUS

How to add SnoopGod’s repository to Ubuntu 24.04 LTS.

sudo nano /etc/apt/sources.list.d/snoopgod.list

Add the following line.

deb [signed-by=/etc/apt/keyrings/snoopgod-pubkey.asc arch=amd64] https://packages.snoopgod.com noble main

Create the public key file.

sudo nano /etc/apt/keyrings/snoopgod-pubkey.asc

Add the following content. This is the public key used to verify the signature of SnoopGod’s repository.

-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEZnIsOxYJKwYBBAHaRw8BAQdAXf/+0qTAXhtceN+++R+kugh69Jw5fWtov04g
aLvzKrS0OVNub29wR29kIExpbnV4ICh3d3cuc25vb3Bnb2QuY29tKSA8cGFja2Fn
ZXNAc25vb3Bnb2QuY29tPoiTBBMWCgA7FiEEoSm+geJsv9eMZA5h/4oakU2SPqIF
AmZyLDsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQ/4oakU2SPqKM
+gD/aNCFF5rRWPA1EUj4AhLUMaehoPOzw1PN0U2tXpgZhbEA/2oCDiCMqRYX4zgv
dSI7QJgO45hZF7TYwZD3dYASCDULuDgEZnIsOxIKKwYBBAGXVQEFAQEHQNCfttgj
eXkH3INdOFH9REhVNX0fJ8kpXs2QbChcchxMAwEIB4h4BBgWCgAgFiEEoSm+geJs
v9eMZA5h/4oakU2SPqIFAmZyLDsCGwwACgkQ/4oakU2SPqK19AD/dIWpWpD0VV5k
7rTSGf8t7tGDvWuTtI3TS5j3hI8jtlQBALRxrgRIezH8rPyGLeIeWZYnLQQu32jk
V6rvhAR+CxoP
=+hep
-----END PGP PUBLIC KEY BLOCK-----

Update the package list from the newly added repository.

sudo apt update

To install one of the exclusive tools:

sudo apt install <PACKAGE_NAME>

Also worth checking out is another Ubuntu LTS-based distro with a toolset tailored to cybersecurity and forensics users: CSI Linux [Link]. If nothing else, it is a very nice-looking environment!