Interview with arch3y of the ArchAssault team


What is ArchAssault?

The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source. While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages strive to maintain the Arch Linux standards, methods and philosophies.

We aim to give you everything you love about Arch Linux but designed around the needs and wants of security professionals. We currently support packages optimized for the following architectures: i686, x86_64, and ARMv6h & ARMv7h.


Tweets by @ArchAssault
IRC: #archassault on freenode



ArchAssault is now 1 year old. How has the ride been so far?

Its been quite a ride. We have had our ups and downs, but I think we have pulled through and built a successful product. As far as stress on devs go we have been very busy keeping things running, but its not work its play for us. Its a lot of fun to develop a distro, its just a lot of late nights and many hours behind the keyboard.


How many are active in the team now?

We have 7 developers but only 3 are active on a daily basis.


It sounds like it’s a lot of work for a relatively small group. Say, how would a willing person be able to contribute?

As far as contributing we need people to help translate the wiki or if they have other content to add they can email (team[at] and we can add the content. We always accept PRs(Pull Requests) on our github. If people don’t want to contribute that way they can always use the OS and submit bugs to our bugtracker.

You can suggest new tools by emailing us or hop on IRC on freenode #ArchAssault. We are accepting donations as well to help keep up the infrastructure costs. Other ways to contribute can be blog posts or reviews about ArchAssault.


Quite recently you were at a Linux convention. How was the response for ArchAssault?

We have been to SELF and we were at DEF CON last year. I’d say the response at SELF was mixed its not exactly a security minded conference, so people were a little surprised and confused I think. But we made a bunch of contacts and we will be going back in June this year, hopefully to show off more of the OS and see if more people are interested in the OS. It also comes from a lot of people aren’t really comfortable with Arch Linux, as some deem it to be too much work or to difficult to use and we cant usually sway those users, but we do our best to show ArchAssault to as many people as we can.


How’s hosting a penetration test/security oriented repository in America? I read something about “hacking tools” about to become illegal?

Pretty good, most likely that wont affect anyone as if it did it would put a ton of people out of business. Companies like Offsec would go bankrupt. I see it as a posture statement that they are putting up as they are tired of people hitting them, but getting attacked is all about being on the internet. Boxes are scanned and automated bots attack servers hundreds to thousands of times a day.


Speaking off getting attacked. Do you get a lot of malicious traffic?

We do but its no different then having a server on the internet.


Can you tell us a little about the usage between the live iso and those who only add your repository onto an existing Arch Linux installation?

We have the live ISO because most people don’t like to try the cow before tasting the milk so they want to see what the ISO is like and the tools and such. But its not exactly correct because the ISO really is different then an existing install as the tools are updated more frequently in the repository.


What is the biggest difference between Arch Assault and the more mainstream Kali Linux? Perhaps some pro/cons?

Kali is aimed at the users that have never used linux before. We have spoken with some of the itsec community and our impression was that they customized kali so much that it wasn’t Kali anymore, they seemed impressed to find an OS that was fully customizable. ArchAssault is not tied to a specific desktop environment, where Kali has the user install an image of their ISO which installs the desktop environment. We have been rolling release since the very beginning whereas Kali is playing catch up. We have an expected level of knowledge as we don’t cater to the beginner user, we cater towards the more advanced user. In the end though we would like to point out that ArchLinux is not difficult, you just need to know and understand Linux at a basic level.


So, hacker hoodie or a suit?

hacker hoodie