There are several Linux/BSD distributions focused on different aspects of Computer Security, from Pen-testing to Mobile Forensics. To cite just a few that I have used, here is a small list (please suggest any interesting additions in the comments):
- BackTrack - Pentesting
- Metasploitable - Vulnerable Linux
- Security Onion - Network Security (IDS / NSM)
- pfSense - Network Security (Firewall / Router) - BSD Distro
- SIFT / CAINE / DEFT - Computer Forensics
- Santoku - Security/Malware Analysis/Forensics for Mobile Devices
- REMnux - Malware analysis
The newcomer is an interesting project based on the increasingly popular idea of active protection borrowed from the military, callled "Active Defense":
- ADHD - Active Defense Harbinger Distribution
"Developed by Ethan Robish, it´s based on Ubuntu 12.04 LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys.
ADHD has tools whose functions range from interfering with the attackers' reconnaissance to compromising the attackers' systems. Innocent bystanders will never notice anything out of the ordinary as the active defense mechanisms are triggered by malicious activity such as network scanning or connecting to restricted services."
Despite the initial stage of development (still in beta), it's a very interesting first attempt to do a computer security "counter-attack" distribution. A PDF describing the tools usage is available to download, but for some reason there's no links for the tools that are pre-installed on the ADHD distribution. Here is a quick list of what I've found online:
Artillery - Project Artillery is an advanced active response tool for detecting attackers before they have the chance to hit the rest of your network. The purpose of Artillery is to provide a combination of a honeypot, file-system monitoring, system hardening, real-time threat intelligence feeds, and overall health of a server to create a comprehensive way to secure a system.
Bear Trap - A portable network defense utility written entirely in Ruby. It opens "trigger" ports on the host that an attacker would connect to. When the attacker connects and/or performs some interactions with the trigger an alert is raised and the attacker's ip address is potentially blacklisted.
Decloak - Identifying the real IP address of a web user, regardless of proxy settings, using a combination of client-side technologies and custom services.
HoneyBadger - A framework for targeted geolocation.
Pushpin - Identify every tweet, flicker, instagram, shodan and Youtube video within an area of a specific Geo (lat/lon) address.
Spidertrap - A simple web server that serves up four random links, if you refresh it serves up four more. If you click on a link, it serves up 4 more. Why? Run a web crawler at it.
Weblabyrinth - It's main goal is to delay and occupy malicious scanners that scan websites in order for incident handlers to detected and respond to them before damage is done.
There are many other innovative tools on the ADHD distribution, download it here.