How To: Exploring Kali Linux Alternatives: Getting Started with Pentoo for Advanced Software Installations

Exploring Kali Linux Alternatives: Getting Started with Pentoo for Advanced Software Installations

Kali Linux is probably the most well-known hacking distribution among penetration testers. However, there are alternative distros which offer versatility and advanced package management systems that are absolutely worth considering.

One such distribution is Pentoo, a Gentoo-based operating system created by Grimmlin and maintained by Zero_Chaos, a seasoned developer and penetration tester, as well as Anton Bolshakov. Before we get to explaining Pentoo itself, it's necessary to talk about the underlying Gentoo OS first.

What Is Gentoo?

Gentoo is Linux distribution centered around compiling packages from source. If you've installed software in this way, you know it can be incredibly time-consuming to compile just one application.

While it might seem counter-productive for a penetration tester who needs new software in the middle of a CTF or red team engagement to compile a package fully, there are several benefits to compiling packages in this way, outlined in later parts of the article. Additionally, to simplify the compiling process, the Pentoo developers offer precompiled binaries which can be quickly installed with a single command.

What Is Pentoo?

Pentoo is an overlay for Gentoo, similar to how BlackArch imports custom tool repositories into the Arch operating system. Pentoo is Gentoo, with a curated repository of hacking software that can be compiled with a great degree of customization.

Based on its outdated, almost '90s-looking website (sorry, Zero!), some may falsely believe Pentoo is no longer under development. A closer look at the GitHub commits show consistent, daily updates to the repository over the last twelve months.

Pentoo has no marketing department or web developers on its team, unlike Kali Linux. Rather than exhaust time and resources on the advertising and website maintenance, the Pentoo developers focus heavily on improving the inner-workings and stability of the operating system, installer, and supported tools.

Not only do users benefit from Pentoo's dozens of commits a week, they also directly benefit from Gentoo's hundreds of commits a week. Development has been very active for 13 years and shows no sign of slowing down any time soon. We really shine on the "actually making the distribution" and the "keeping all the packages up to date, tested, and working," but we fall down badly on the "maintain a website" piece.

— Zero_Chaos in an email with Null Byte

The Pentoo project is an excellent hacking distro and very much alive and well.

Should I Use Pentoo Instead of Kali Linux?

Well, the short answer is: If Kali is working for you as a penetration testing distro, then use that. Gentoo doesn't have the most beginner-friendly package manager and may be a challenge for some absolute beginners.

On the other hand, if you find there's a need for greater control over how your hacking software is installed, Pentoo will likely satisfy that itch. Gentoo-based operating systems really shine when it comes to installing software from source with very specific support for libraries, chipsets, desktop environments, protocols, scripting languages, databases, and much more.

Step 1: Download the Pentoo ISO

I'm using Debian 9 for the duration of this installation process, but readers using Ubuntu, Kali, or macOS can follow along as well.

The first step is to grab a copy of the "full" Pentoo ISO. The download mirrors and version numbers may change in the near future so I won't directly link to an ISO. Instead, you should navigate to Pentoo's website to download the latest "hardened" ISO. Don't download the "default" ISOs as the Pentoo team is in the process of deprecating those images. The "hardened" ISOs offer more stability and security, without negatively impacting the RAM or CPU.

Step 2: Verify the Pentoo ISO (Optional)

Once the download is complete, it's important to verify the ISO file integrity as large files may become corrupt when downloaded over the internet. Later, when booting the live USB, the Pentoo ISO will actually verify itself — still, it doesn't hurt to do this manually as well.

The ISO hashes can be found in the "pentoo-full-*.iso.DIGESTS" file, also available using the provided download mirrors. After downloading the DIGESTS file, use sha512sum to generate the ISOs sha512 hash.

sha512sum /path/to/pentoo-full-*.iso

Then, copy the hash to your clipboard, and paste it into the below grep command to compare the hash to the DIGESTS file.

grep 'YOUR HASH HERE' pentoo-full-*.iso.DIGESTS

If grep returns the hash, then the ISO is verified and can be used. A blank response from grep means the hashes do not match, and you should try downloading the ISO again.

Step 3: Create a Live USB of Pentoo

As an alternative to installing Pentoo directly to your laptop's hard drive, it can be set up in a virtual machine (VM). However, the Pentoo developers don't exactly recommend using pentesting distros in VM software primarily because most distros benefit greatly from accessing the device's hardware directly.

For example, port scanning with masscan, GPU password cracking, and using your laptop's built-in radios will perform more efficiently when the OS has direct contact with the hardware.

Installing Pentoo directly to your laptop will provide the best experience, so I'll show how to get started setting it up. There are several ways of creating a live USB, and below are two options.

Option 1: Use the Command Line Like a Wizard

First, insert a USB flash drive into the laptop. The flash drive will be formatted and have its contents destroyed, so make sure there isn't any sensitive data on the drive before performing the following commands.

After inserting the USB flash drive, open a terminal, and use the dmesg command (as root, in macOS) to find the USB flash drive letter.


[56084.482131] usb 2-5.1: new SuperSpeed USB device number 12 using xhci_hcd
[56084.502882] usb 2-5.1: New USB device found, idVendor=0781, idProduct=5581
[56084.502884] usb 2-5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[56084.502885] usb 2-5.1: Product: Ultra
[56084.502885] usb 2-5.1: Manufacturer: SanDisk
[56084.502886] usb 2-5.1: SerialNumber: XXXXXXXXXXXXXXXXXXXX
[56084.503313] usb-storage 2-5.1:1.0: USB Mass Storage device detected
[56084.503466] scsi host7: usb-storage 2-5.1:1.0
[56085.507205] scsi 7:0:0:0: Direct-Access     SanDisk  Ultra            1.00 PQ: 0 ANSI: 6
[56085.508028] sd 7:0:0:0: Attached scsi generic sg4 type 0
[56085.508112] sd 7:0:0:0: [sde] 60063744 512-byte logical blocks: (30.8 GB/28.6 GiB)
[56085.509001] sd 7:0:0:0: [sde] Write Protect is off
[56085.509005] sd 7:0:0:0: [sde] Mode Sense: 43 00 00 00
[56085.509303] sd 7:0:0:0: [sde] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[56085.515111]  sde: sde1 sde2
[56085.516038] sd 7:0:0:0: [sde] Attached SCSI removable disk

The flash drive's manufacturer, name, storage capacity, and the assigned drive letter will appear in the output. In my case, that's SanDisk, SanDisk Ultra, 30.8 GB, and sde, respectively.

Take note of the drive letter as it's required in the next command and is not the same every time. My flash drive was assigned "sde," but it may appear as "sdc" or "sdf" in some cases. Also, be sure not to use the wrong drive letter as dd is capable of completely wiping an entire hard drive in seconds.

The below dd command can be used to create the live USB. In it, dd is instructed to use the Pentoo ISO (if=) and write data (of=) to the flash drive (sde). The status=progress argument is a lesser-known feature of dd that prints the status and write speed of the command in progress. Don't forget, replace th IOS file and flash drive letter with the ones that you are using.

sudo dd if=pentoo-full-<VERSION INFO HERE>.iso of=/dev/sde bs=8M status=progress

2927624192 bytes (2.9 GB, 2.7 GiB) copied, 19.0038 s, 154 MB/s
351+1 records in
351+1 records out
2949644288 bytes (2.9 GB, 2.7 GiB) copied, 153.675 s, 19.2 MB/s

After about three minutes, the dd command will finish, and the new Pentoo live USB can be safely ejected.

Option 2: Use Third-Party Software

Alternatively, Etcher, a cross-platform live USB creator, can be used in macOS, Windows, and Linux operating systems. In some ways, it's an easier method for beginners but requires installing third-party software.

After installing Etcher, insert the USB flash drive into your computer. Open Etcher, choose "Select image," and choose the Pentoo ISO. Next, select "Connect a drive" or just "Select drive," and choose your flash drive. Click the "Flash!" button, and wait a few minutes for it to complete.

Image via GitHub

With that done, we can now boot our laptop using the new Pentoo live USB.

Step 4: Boot Using the Live USB

Make sure to shut down your laptop or desktop completely. Then, insert the Pentoo live USB, and power on the computer.

The key(s) required to boot into the live USB varies depending on the computer manufacturer. A lot of OEMs use F12, such as Dell and Lenovo. ASUS uses the Esc key. Consult your OEM's online documentation if you're unsure.

After booting, select the "Pentoo Defaults (verify)" option.

It will then request a keymap. If no keymap is selected after a few seconds, it will default to US English.

>> Hint: Use scandelay[=seconds] if your live medium is slow and boot fails
>> Loading keymaps
Please select a keymap from the following list by typing in the appropriate name or number. Hit Enter for the default "us/41" US English keymap.

 1 azerty  8 croat   15 fi  22 jp  29 pt    36 slovene  43 sf
 2 be      9 cz      16 fr  23 la  30 ro    37 trf
 3 bg     10 de      17 gr  24 lt  31 ru    38 --
 4 br-a   11 dk      18 hu  25 mk  32 se    39 ua
 5 br-l   12 dvorak  19 il  26 nl  33 sg    40 uk
 6 by     13 es      20 is  27 no  34 sk-y  41 us
 7 cf     14 et      21 it  28 pl  35 sk-z  42 wangbe
<< Load keymap (Enter for default):

When that's done, a new password will be required. If you plan to spend a lot of time with this OS, be sure to create a strong password.

Welcome to Pentoo powered by Gentoo linux...

This is pentoo.0 (Linux x86_64 4.17.11-pentoo) 06:45:00

pentoo login: pentoo (automatic login)
*                                                                           *
* All network interfaces are now down at boot.                              *
* For gui network manager, type "/etc/init.d/NetworkManager start" as root  *
* Or you can type "dhcpcd ethX" as root to setup your network interface.    *
*                                                                           *
* If you are running live usb there are many ways to save changes:          *
* You can run "flushchanges" as root to automatically save any              *
*     changes made since boot.                                              *
* You can run "makemo category/package" as root to install a new package    *
*     which will be available now and after reboot.                         *
*                                                                           *
* Pentoo Bug Tracker        *
* Update using "pentoo-updater" command as root.                            *
*                                                                           *
* Type startx to launch XFCE window manager                                 *
*                                                                           *

For your security, Pentoo does not come with a default password.
To protect your session you must set a password now.
Do not forget your password.
New password:

Then, to start the XFCE4 desktop environment, use the startx command.

Step 5: Configure Your Internet

By default, the network manager will be disabled. Internet access is required to install Pentoo, so click on the "Start NetworkManager" icon on the desktop to enable it. Then, proceed to configure your internet connection as needed.

Step 6: Install Pentoo

To install Pentoo, double-click the "pentoo-installer" icon on the desktop. The installation program will launch to help guide you through the process.

Set the time zone and clock, then click "OK" to proceed to the next Prepare Hard Drive step. For a standard, guided partitioning, use the "0" option at the top, and select the disk to overwrite.

The installer will request boot, swap, and root partition sizes, but the default values are generally fine if Pentoo is the only OS on the hard drive. Continue to press Enter to select the default values.

When that's done, highlight and select option "3" to complete the hard drive preparation step. If you need a more advanced partitioning scheme, check out Gentoo's handbook and disk partitioning guide for more information.

Next, select option "2" to "Copy the Distribution." The installer will begin coping over the core system, which can take several minutes depending on the flash drive's read/write speed and the computer's CPU.

After it's done, slect option "3" to select a profile. You'll be presented with three profile options.

  • amd64: Software will compile and update from source locally. The software versions used with this profile are believed to be stable and will rarely break or crash when used. If you're familiar with compiling software from source, this option will likely provide the best Pentoo experience.
  • binary: Unlike the amd64 option, precompiled binaries, created by the Pentoo developers, will be pulled from the Pentoo repositories. If you are migrating from Kali, this might be the best option as software installations will require less time and user input to complete.
  • bleeding_edge: Similar to the amd64 option, software is compiled from source locally. However, the provided software versions are unstable and may be more prone to breakage during the installation or usage of software. This option is only recommended for experienced Gentoo users who will not be greatly inconvenienced by unstable software.

After choosing a profile, select option "4" to configure default text editor, network hosts, root password, username, and hostname. If you don't wish to change the defaults, simply click "OK" to proceed to the next "Install Bootloader" step. Select the "GRUB2" bootloader option, then "Yes" to continue.

The installer will open a text editor to give us an opportunity to customize the GRUB2 config file. If you don't wish to make changes to the file, simply exit the text editor, and the installer will continue.

Finally, select option "6" to exit the installer. You can now shutdown the computer, remove the live USB, and reboot to access the new Pentoo OS.

Step 7: Perform System Maintenance

Before proceeding, readers are encouraged to check out the Gentoo cheat sheet and emerge manual (man emerge) for comprehensive descriptions and argument details.

The first thing to do is open a terminal and sync the system as it will be outdated and behind the current Gentoo repository. Use the emerge --sync command to do so; It may take several minutes to complete.

emerge --sync

>>> Syncing repository 'gentoo' into '/usr/portage'...
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys from keyserver ...

At this point, if you're receiving a "Your current profile is deprecated and not supported anymore" error, use the below eselect command, which is used to administrate system configurations and should be used with caution.

sudo eselect profile set pentoo:pentoo/hardened/linux/amd64/binary

Then, update (-u) packages and its entire dependency (-D) tree to the most stable versions available using emerge -uD @world. The process took about 10 minutes to complete my first time.

sudo emerge -uD @world

These are the packages that would be merged, in reverse order:

Calculating dependencies... done!
[binary   R    ] virtual/package-manager-1::gentoo  8 KiB
[ebuild     U  ] sys-apps/elfix-0.9.3::gentoo [0.9.2::gentoo] USE="xtpax -ptpax*" 391 KiB
[binary     U  ] virtual/dev-manager-0-r2::gentoo [0-r1::gentoo] 8 KiB
[binary   R    ] virtual/ssh-0::gentoo  USE="-minimal" 6 KiB
[binary   R    ] sys-process/procps-3.3.15-r1:0/6::gentoo  USE="kill ncurses nls unicode -elogind -modern-top (-selinux) -static-libs (-systemd) {-test}" 903 KiB
[binary     U  ] sys-apps/grep-3.1::gentoo [3.0::gentoo] USE="nls pcre -static" 525 KiB
[binary   R    ] sys-apps/kbd-2.0.4::gentoo  USE="nls pam {-test}" 1,647 KiB
[binary   R    ] virtual/service-manager-0::gentoo  USE="(-prefix%)" 6 KiB
[binary   R    ] virtual/modutils-0::gentoo  7 KiB
[binary     U  ] net-misc/wget-1.19.5-r1::gentoo [1.19.5::gentoo] USE="ipv6 nls pcre (ssl) zlib -debug -gnutls -idn -libressl -ntlm -static {-test} -uuid" 1,167 KiB
[binary     U  ] sys-apps/man-pages-4.16::gentoo [4.15::gentoo] USE="nls" L10N="-da -de -fr -it -ja -nl -pl -ru -zh-CN" 1,819 KiB
[binary   R    ] sys-apps/gawk-4.1.4::gentoo  USE="nls readline -mpfr" 1,678 KiB
[binary   R    ] sys-boot/grub-2.02-r1:2/2.02-r1::gentoo  USE="device-mapper fonts mount multislot nls sdl themes truetype -debug -doc -efiemu -libzfs -static {-test}" GRUB_PLATFORMS="coreboot efi-32 efi-64 emu multiboot pc qemu -ieee1275 -loongson -qemu-mips -uboot -xen -xen-32" 58,175 KiB
[binary   R    ] virtual/man-0-r1::gentoo  7 KiB
[nomerge       ] sys-apps/elfix-0.9.3::gentoo [0.9.2::gentoo] USE="xtpax -ptpax*"
[ebuild     U  ]  dev-python/pypax-0.9.3::gentoo [0.9.2::gentoo] USE="xtpax -ptpax*" PYTHON_TARGETS="python2_7 python3_6 (-pypy) -python3_4 -python3_5" 0 KiB
[binary     U  ] sys-apps/iproute2-4.17.0-r1::gentoo [4.14.1-r2::gentoo] USE="caps%* iptables ipv6 -atm -berkdb* -elf% -minimal (-selinux)" 2,941 KiB
[binary   R    ] net-misc/iputils-20171016_pre::gentoo  USE="arping caps filecaps ipv6 openssl ssl -SECURITY_HAZARD -clockdiff -doc -gcrypt -idn -libressl -nettle -rarpd -rdisc -static -tftpd -tracepath -traceroute" 149 KiB
[binary   R    ] sys-apps/util-linux-2.32-r4::gentoo  USE="caps cramfs ncurses nls pam python readline static-libs suid udev unicode -build -fdformat -kill (-selinux) -slang (-systemd) {-test} -tty-helpers" ABI_X86="32 (64) (-x32)" PYTHON_TARGETS="python2_7" 15,763 KiB
[binary     U  ]  dev-lang/python-2.7.15:2.7::gentoo [2.7.14-r1:2.7::gentoo] USE="bluetooth%* gdbm hardened* ipv6 ncurses readline sqlite ssl (threads) tk (wide-unicode) xml (-berkdb) -build -doc -examples -libressl -wininst" 22,237 KiB
[ebuild     U  ] virtual/editor-0-r2::gentoo [0-r1::gentoo] 0 KiB
[binary   R    ] sys-process/psmisc-23.1-r1::gentoo  USE="X ipv6 nls (-selinux)" 226 KiB
[binary   R    ] virtual/pager-0::gentoo  9 KiB
[binary     U  ]  sys-apps/less-531::gentoo [529::gentoo] USE="pcre unicode" 285 KiB
[binary   R    ] app-shells/bash-4.4_p12::gentoo  USE="net nls (readline) -afs -bashlogger -examples -mem-scramble -plugins" 2,555 KiB
[binary     U  ] sys-apps/diffutils-3.6-r1::gentoo [3.5::gentoo] USE="nls -static" 704 KiB
[binary   R    ] app-arch/tar-1.30::gentoo  USE="acl nls (xattr) -minimal (-selinux) -static" 1,515 KiB
[binary   R    ] net-misc/rsync-3.1.3::gentoo  USE="acl iconv ipv6 xattr -examples -static -stunnel" 761 KiB
[binary   R    ] sys-apps/findutils-4.6.0-r1::gentoo  USE="nls (-selinux) -static {-test}" 937 KiB
[binary     U  ] sys-devel/binutils-2.30-r4:2.30::gentoo [2.30-r2:2.30::gentoo] USE="cxx multitarget nls -doc -static-libs {-test}" 50,948 KiB
[binary   R    ] sys-devel/gcc-7.3.0-r3:7.3.0::gentoo  USE="cxx fortran hardened* (multilib) nls nptl openmp pgo (pie) (ssp) vtv (-altivec) -cilk -debug -doc (-fixed-point) -go -graphite (-jit) (-libssp) -mpx -objc -objc++ -objc-gc (-pch*) -regression-test (-sanitize*) -vanilla" 324,277 KiB
[binary   R    ]  sys-apps/sed-4.5::gentoo  USE="acl nls -forced-sandbox (-selinux) -static" 383 KiB
[binary     U  ] sys-devel/patch-2.7.6-r2::gentoo [2.7.6-r1::gentoo] USE="xattr -static {-test}" 327 KiB
[ebuild     U  ] sys-apps/busybox-1.29.3::gentoo [1.28.0::gentoo] USE="ipv6 static -debug (-livecd) -make-symlinks -math -mdev -pam -savedconfig (-selinux) -sep-usr -syslog (-systemd)" 2,252 KiB
[binary     U  ] sys-devel/make-4.2.1-r4::gentoo [4.2.1-r3::gentoo] USE="nls -guile -static" 711 KiB
[binary     U  ] sys-apps/file-5.34::gentoo [5.33-r4::gentoo] USE="zlib -python -static-libs" ABI_X86="32 (64) (-x32)" PYTHON_TARGETS="python2_7 python3_6 (-pypy) -python3_4 -python3_5 (-python3_7)" 921 KiB
[ebuild     U  ] sys-apps/net-tools-1.60_p20180626073013::gentoo [1.60_p20161110235919::gentoo] USE="arp hostname ipv6 nls -nis -plipconfig (-selinux) -slattach -static" 223 KiB
[ebuild     U  ] sys-apps/baselayout-2.6-r1::gentoo [2.4.1-r2::gentoo] USE="split-usr%* -build" 32 KiB
[binary   R    ] app-arch/gzip-1.8::gentoo  USE="-pic -static" 218 KiB
[ebuild     U  ] app-arch/bzip2-1.0.6-r10:0/1::gentoo [1.0.6-r9:0/1::gentoo] USE="-static -static-libs" ABI_X86="32 (64) (-x32)" 764 KiB
[nomerge       ] sys-apps/iproute2-4.17.0-r1::gentoo [4.14.1-r2::gentoo] USE="caps%* iptables ipv6 -atm -berkdb* -elf% -minimal (-selinux)"
[binary     U  ]  sys-libs/glibc-2.27-r6:2.2::gentoo [2.26-r7:2.2::gentoo] USE="caps hardened* multiarch%* (multilib) -audit (-compile-locales) -doc -gd -headers-only -nscd (-profile) (-selinux) -suid -systemtap (-vanilla) (-debug%)" 77,269 KiB

Total: 40 packages (20 upgrades, 20 reinstalls, 33 binaries), Size of downloads: 572,734 KiB

When that's done, it's important to clean the system of old and obsolete packages with emerge -v --depclean.

sudo emerge -v --depclean

Step 8: Get Started with Gentoo's Package Manager

Gentoo's package manager, emerge, has a short learning curve. For you Debian/Ubuntu readers, below is an APT-to-Emerge cheat sheet to hopefully make the transition seamless.


apt-get install <package>
emerge -a <package>


apt-get remove <package>
emerge -C <package>


apt-cache search <package>
emerge -S <package>
eix -s <package>


apt-get update && apt-get upgrade
emerge -u world

Remove old dependencies:

apt-get autoremove
emerge -av --depclean

For a complete cheat sheet of package manager commands, check out the official Gentoo documentation.

Using Eix

Eix includes several utilities for searching and updating local repositories. Made to be more efficient than emerge, it features a colorized output that makes it easy to read and find package information. To get started, use the eix-update command to update the Gentoo and Pentoo caches.


Reading Portage settings...
Building database (/var/cache/eix/portage.eix)...
[0] "gentoo" /usr/portage/ (cache: metadata-md5-or-flat)
     Reading category 167|167 (100) Finished
[1] "pentoo" /var/db/repos/pentoo (cache: parse|ebuild*#metadata-md5#metadata-flat#assign)
     Reading category 167|167 (100) Finished
Applying masks...
Calculating hash tables...
Writing database file /var/cache/eix/portage.eix...
Database contains 20132 packages in 167 categories

Then, view the available Pentoo packages using the --in-overlay argument.

eix --in-overlay pentoo

The eix will limit the output by default. To remove this restriction, append the EIX_LIMIT=0 argument to the command (shown below).

EIX_LIMIT=0 eix --in-overlay pentoo

[I] app-admin/genmenu [1]
     Available versions:  (**)9999
     Installed versions:  9999(06:03:10 AM 08/09/2018)
     Description:         a tool for generating freedesktop-compliant menus

* app-antivirus/malheur [1]
     Available versions:  0.5.4 {openmp}
     Description:         Malware analysis tool

* app-antivirus/veil [1]
     Available versions:  (~)3.1.11 {tools PYTHON_SINGLE_TARGET="python3_5 python3_6" PYTHON_TARGETS="python3_5 python3_6"}
     Description:         A tool for payloads generation that bypass common anti-virus solutions

* app-antivirus/veil-evasion [1]
     Available versions:  (~)2.28.2-r1 {tools windows PYTHON_TARGETS="python2_7"}
     Description:         A tool for payloads generation that bypass common anti-virus solutions

[I] app-crypt/SIPcrack [1]
     Available versions:  (~)0.4-r1
     Installed versions:  0.4-r1(11:20:46 PM 08/29/2013)
     Homepage:   -gone
     Description:         SIPcrack is a SIP protocol login cracker

* app-crypt/acsccid [1]
     Available versions:  (~)1.1.5 ~1.1.6
     Description:         Generic driver for ACS (CCID and non-CCID) Smart Card Reader.

[I] app-crypt/asleap [1]
     Available versions:  2.2
     Installed versions:  2.2(11:38:56 PM 08/29/2013)
     Description:         exploiting cisco leap; As in asleap behind the wheel.

* app-crypt/bob-the-butcher [1]
     Available versions:  ~0.7.1 {sse2}
     Description:         A distributed password cracker

Use the --only-names argument to view available hacking tool categories.

eix --only-names --overlay pentoo


Then, search (grep) specific categories for available tools using the below command. At the time of this writing, there are 175 wireless hacking tools, hundreds of network analyzers, and dozens of forensics tools between the Pentoo and Gentoo repositories.

EIX_LIMIT=0 eix --only-names | grep 'net-wireless'


Performing Quick Installations

Installing popular software like Burp Suite is easy. Simply search for the application name using the -S argument.

eix -s burpsuite

[I] net-proxy/burpsuite [1]
     Available versions:  1.7.29 1.7.36{tbz2}
     Installed versions:  1.7.36{tbz2}(10:06:54 PM 11/06/2018)
     Description:         Interactive proxy for attacking and debugging web applications

[1] "pentoo" /var/db/repos/pentoo

Alternatively, emerge can be used to search as well.

emerge -S burpsuite

[ Results for search key : burpsuite ]

*  net-proxy/burpsuite
      Latest version available: 1.7.36
      Latest version installed: 1.7.36
      Size of files: 25,847 KiB
      Description:   Interactive proxy for attacking and debugging web applications
      License:       BURP

[ Applications found : 1 ]

Then, install the desired package (net-proxy/burpsuite).

emerge -a net-proxy/burpsuite

Calculating dependencies... done!
[binary     U  ] net-proxy/burpsuite-1.7.36::pentoo [1.7.29::pentoo] 25,173 KiB

Total: 1 package (1 upgrade, 1 binary), Size of downloads: 25,173 KiB

!!! The following installed packages are masked:
- dev-qt/qtwidgets-5.9.6-r1::gentoo (masked by: package.mask)
#force qt update

- dev-qt/qtbluetooth-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtnetwork-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtdbus-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtxmlpatterns-5.9.6::gentoo (masked by: package.mask)
- sys-devel/prelink-20130503::gentoo (masked by: package.mask)
# broken on hardened, use sys-apps/elfix to fix gnustack

- dev-qt/qtcharts-5.9.6::gentoo (masked by: package.mask)
- app-admin/localepurge-0.5.4-r2::gentoo (masked by: package.mask)
# Pacho Ramos <> (11 Nov 2018)
# Unmaintained for years, buggy (#183273, #491010, #605544). You can rely on
# INSTALL_MASK to skip unwanted locales and install only foo locale:
# INSTALL_MASK="/usr/share/locale -/usr/share/locale/foo"
# Removal in a month.

- dev-qt/qtgui-5.9.6::gentoo (masked by: package.mask)
- mail-client/thunderbird-bin-52.9.1::gentoo (masked by: package.mask)
# Ian Stakenvicius <> (07 Nov 2018)
# on behalf of Mozilla Project <>
# Mask old/vuln thunderbird for removal by 2019,
# see security bug 670102

- dev-qt/qtcore-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtopengl-5.9.6::gentoo (masked by: package.mask)
- net-analyzer/wireshark-2.6.2::gentoo (masked by: package.mask)
#mask old wireshark

- dev-qt/qtsvg-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtprintsupport-5.9.6::gentoo (masked by: package.mask)
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

Would you like to merge these packages? [Yes/No] yes
>>> Emerging binary (1 of 1) net-proxy/burpsuite-1.7.36::pentoo
>>> Jobs: 0 of 1 complete, 1 running                Load avg: 0.19, 0.13, 0.09

You can see I now have Burp working on my system:

We can do the same with bettercap, a fully-featured man-in-the-middle framework.

eix -s bettercap

[I] net-analyzer/bettercap [1]
     Available versions:  (~)2.9 (~)2.10 (~)2.11{tbz2}
     Installed versions:  2.11{tbz2}(02:00:43 PM 11/21/2018)
     Description:         A complete, modular, portable and easily extensible MITM framework

[1] "pentoo" /var/db/repos/pentoo
emerge -a net-analyzer/bettercap

Calculating dependencies... done!
[binary     U ~] net-analyzer/bettercap-2.11::pentoo [2.7::pentoo] 6,380 KiB
[binary  N    ~]  dev-go/go-net-0_pre20180816:0/0_pre20180816::gentoo  2,479 KiB
[binary  N    ~]   dev-go/go-text-0.3.0:0/0.3.0::gentoo  19,366 KiB
[binary  N    ~]    dev-go/go-tools-0_pre20180817:0/0_pre20180817::gentoo  57,930 KiB
[binary  N    ~]   dev-go/go-crypto-0_pre20180816:0/0_pre20180816::gentoo  2,906 KiB
[binary  N    ~]    dev-go/go-sys-0_pre20180816:0/0_pre20180816::gentoo  625 KiB

Total: 6 packages (1 upgrade, 5 new, 6 binaries), Size of downloads: 89,684 KiB

!!! The following installed packages are masked:
- dev-qt/qtgui-5.9.6::gentoo (masked by: package.mask)
#force qt update

- dev-qt/qtsvg-5.9.6::gentoo (masked by: package.mask)
- app-admin/localepurge-0.5.4-r2::gentoo (masked by: package.mask)
# Pacho Ramos <> (11 Nov 2018)
# Unmaintained for years, buggy (#183273, #491010, #605544). You can rely on
# INSTALL_MASK to skip unwanted locales and install only foo locale:
# INSTALL_MASK="/usr/share/locale -/usr/share/locale/foo"
# Removal in a month.

- dev-qt/qtwidgets-5.9.6-r1::gentoo (masked by: package.mask)
- net-analyzer/wireshark-2.6.2::gentoo (masked by: package.mask)
#mask old wireshark

- dev-qt/qtdbus-5.9.6::gentoo (masked by: package.mask)
- mail-client/thunderbird-bin-52.9.1::gentoo (masked by: package.mask)
# Ian Stakenvicius <> (07 Nov 2018)
# on behalf of Mozilla Project <>
# Mask old/vuln thunderbird for removal by 2019,
# see security bug 670102

- dev-qt/qtprintsupport-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtcharts-5.9.6::gentoo (masked by: package.mask)
- sys-devel/prelink-20130503::gentoo (masked by: package.mask)
# broken on hardened, use sys-apps/elfix to fix gnustack

- dev-qt/qtxmlpatterns-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtopengl-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtbluetooth-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtnetwork-5.9.6::gentoo (masked by: package.mask)
- dev-qt/qtcore-5.9.6::gentoo (masked by: package.mask)
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

Would you like to merge these packages? [Yes/No] yes

>>> Emerging binary (1 of 6) dev-go/go-sys-0_pre20180816::gentoo
>>> Emerging binary (2 of 6) dev-go/go-tools-0_pre20180817::gentoo
>>> Installing (1 of 6) dev-go/go-sys-0_pre20180816::gentoo
>>> Emerging binary (3 of 6) dev-go/go-crypto-0_pre20180816::gentoo
>>> Installing (3 of 6) dev-go/go-crypto-0_pre20180816::gentoo
>>> Installing (2 of 6) dev-go/go-tools-0_pre20180817::gentoo
>>> Emerging binary (4 of 6) dev-go/go-text-0.3.0::gentoo
>>> Installing (4 of 6) dev-go/go-text-0.3.0::gentoo
>>> Emerging binary (5 of 6) dev-go/go-net-0_pre20180816::gentoo
>>> Installing (5 of 6) dev-go/go-net-0_pre20180816::gentoo
>>> Emerging binary (6 of 6) net-analyzer/bettercap-2.11::pentoo
>>> Installing (6 of 6) net-analyzer/bettercap-2.11::pentoo
>>> Recording net-analyzer/bettercap in "world" favorites file...
>>> Jobs: 6 of 6 complete                           Load avg: 0.44, 0.27, 0.16
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.

Performing USE Flag Installations

USE flags are one of the biggest perks of Gentoo-based operating systems. They allow users to define the features a package should support, before compiling it. Support for a particular graphics library or desktop environment can be completely omitted to make an application run with more stability and efficiency.

If there is no need for OpenGL, why would someone bother to install and maintain OpenGL and build OpenGL support in most of the packages? If someone doesn't want to use KDE, why would they bother compiling packages with KDE support if those packages work flawlessly without?

USE flags are a bit beyond the scope of this article. For more on the subject, check out Gentoo's excellent documentation.

Step 9: Customize the Desktop Environment (Optional)

Like most Linux distributions, the desktop environment theme, icon set, and color scheme are highly customizable. I'll quickly walk through how to give Pentoo a modern look and feel.

Option 1: Theme Installation

Arc is a popular theme with support for many desktop environments like GNOME, XFCE, MATE, and Budgie. It's available in the Gentoo repositories and can be installed using the below command.

sudo emerge -a x11-themes/arc-theme

These are the packages that would be merged, in reverse order:

Calculating dependencies... done!
[ebuild  N     ] x11-themes/arc-theme-20181022::gentoo  USE="gtk2 gtk3 pre-rendered -cinnamon -gnome-shell -mate -xfce" 308 KiB
[nomerge       ]  x11-themes/gtk-engines-murrine-0.98.2-r1::gentoo  USE="themes -animation-rtl" ABI_X86="32 (64) (-x32)"
[ebuild  N     ]   x11-themes/murrine-themes-0.98.0-r1::gentoo  38 KiB
[ebuild  N     ]    x11-themes/gtk-engines-murrine-0.98.2-r1::gentoo  USE="themes -animation-rtl" ABI_X86="32 (64) (-x32)" 290 KiB
[ebuild  N     ]  dev-lang/sassc-3.5.0::gentoo  26 KiB
[ebuild  N     ]   dev-libs/libsass-3.5.2:0/1::gentoo  USE="-static-libs" ABI_X86="32 (64) (-x32)" 320 KiB

Total: 5 packages (5 new), Size of downloads: 980 KiB

Would you like to merge these packages? [Yes/No]

Option 2: Icon Installation

Similarly, the Arc icon theme can be installed to match.

sudo emerge -a x11-themes/arc-icon-theme

Calculating dependencies... done!
[ebuild  N     ] x11-themes/arc-icon-theme-20161122::gentoo  4,916 KiB

Total: 1 package (1 new), Size of downloads: 4,916 KiB

Would you like to merge these packages? [Yes/No] yes
>>> Verifying ebuild manifests
>>> Emerging (1 of 1) x11-themes/arc-icon-theme-20161122::gentoo
>>> Installing (1 of 1) x11-themes/arc-icon-theme-20161122::gentoo
>>> Recording x11-themes/arc-icon-theme in "world" favorites file...
>>> Jobs: 1 of 1 complete                           Load avg: 0.18, 0.13, 0.17
>>> Auto-cleaning packages...

>>> No outdated packages were found on your system.

Option 3: Multiplexer Installation

Tilix is the Null Byte terminal multiplexer of choice but isn't available in the Gentoo/Pentoo repositories. Instead, we'll install it from source. Head over to the Tilix GitHub to download the latest Tilix release.

wget ''                                       100%[===================================>]   3.32M   674KB/s    in 11s

2018-12-10 04:11:16 (299 KB/s) - ‘’ saved [3485622/3485622]

Then, decompress(unzip) the Tilix ZIP file.

sudo unzip -d /
  inflating: /usr/bin/tilix
  inflating: /usr/share/metainfo/com.gexperts.Tilix.appdata.xml
  inflating: /usr/share/applications/com.gexperts.Tilix.desktop
  inflating: /usr/share/icons/hicolor/scalable/apps/com.gexperts.Tilix-symbolic.svg


  inflating: /usr/share/tilix/schemes/material.json
  inflating: /usr/share/tilix/schemes/linux.json
  inflating: /usr/share/tilix/schemes/base16-twilight-dark.json
   creating: /usr/share/tilix/resources/
  inflating: /usr/share/tilix/resources/tilix.gresource
  inflating: /usr/share/glib-2.0/schemas/com.gexperts.Tilix.gschema.xml

And compile using the glib-compile-schemas command.

sudo glib-compile-schemas /usr/share/glib-2.0/schemas/

It would also be possible to add more color schemes to Tilix. While not recommended by the developer's, Git can be installed and used to quickly clone the Tilix theme GitHub repository. Alternatively, the Tilix schemes can be fetched from GitHub using wget.

sudo emerge dev-vcs/git && git clone /tmp/themes

Cloning into '/tmp/themes'...
remote: Enumerating objects: 395, done.
Receiving objects: 100% (395/395), 1.34 MiB | 213.00 KiB/s, done.
remote: Total 395 (delta 0), reused 0 (delta 0), pack-reused 395
Resolving deltas: 100% (50/50), done.

Make a directory in your home directory to store the new themes using the mkdir command.

mkdir -p ~/.config/tilix/schemes/

Finally, move (mv) the Tilix themes into the new schemes directory. Close all instances of Tilix and restart it for the new themes to become available in the settings.

mv /tmp/themes/Themes/*.json ~/.config/tilix/schemes/

That's all there is to it.

Step 10: Join the Gentoo/Pentoo Communities (Optional)

There are a number of ways to contribute to the Pentoo project and get help when you need it. Below is a list of available forums, wikis, official documentation, and mailing lists for those of you who want to get involved.

Final Thoughts

Pentoo was created by command-line enthusiasts and hackers who required greater control over how packages are installed. It offers an intuitive package manager and profiles that make compiling packages easy.

After a decade of development, Pentoo is constantly receiving updates and shows no sign of slowing down. While the developers may not have an interest in web design, they know how to spend time where it counts: ensuring Pentoo is as stable, up-to-date, and reliable as possible. This goes to show, we can't judge a distribution by its website.

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

Cover photo and screenshots by distortion/Null Byte


Does this separate hacking tools into topics like Kali does?

Yup, see step 8 for more on that.

eix --only-names --overlay pentoo

Holy s$@&!!! Somebody actually posted something about Gentoo on Null-Byte? Gentoo is by far one of the "harder" distros due to the fact that's it's well, a bitch to install. The main reason is the fact that you have to manually compile the kernel yourself, but you can also customize the kernel to your needs. Nice post. :D

Hello, I have spotted tree major common mistakes which people usually do while using Gentoo:

  1. Never ever run ACCEPT_KEYWORDS="~amd64" emerge <bla>. It is a run time change which will be ignored next time you run "emerge -DNua world". It will also install the latest version of all dependencies which may be necessary required. Instead, the package.accept_keywords file need to be adjusted properly.
  2. Never ever install anything manually (git; make; make install) or go back to Kali ;-). That pollute your system with random snapshot of the software: it would install the tool into a default (usr/local or not FHS path) location, you will also not be able to upgrade or uninstall it smoothly. Instead, an ebuild should be written (just few lines which will run these commands automatically). You can file a bug report if you can't do it yourself.
  3. I noticed several warnings (QT-related packages) in your output. It is recommended to update the entire system after syncing tree and before you proceed to install other packages (using pentoo-updater or emerge -DNua world)

I have also spotted two Pentoo related unanswered questions:

  1. We provide pentoo-updater which can be used to update everything automatically
  2. @DIANA L. : we provide binaries so you can install and upgrade Pentoo without compiling everything (with some pros and cons as always)

I realize that, but I was talking about pure Gentoo. ;)

This. This is Awesome.
I've been wanting this since I couldn't handle Ubuntu's Bloatware.
I was scared it would be too hard to maintain, but this motivates me to install Gentoo once and for all.

Share Your Thoughts

  • Hot
  • Latest