Definition of Kali Linux
Kali Linux is the most widely used offensive-security-optimized Linux distribution in the world. Kali, which is maintained and managed by Offensive Security, was first released in 2006 as BackTrack Linux, but was renamed Kali following a major redesign in 2013. What is the meaning of the name? We’ll get to that later.
Kali, which is based on Debian Testing, offers over 300 security tools, including well-known tools like Metasploit, Nmap, and Aircrack-ng, as well as a wide range of more obscure and specialty tools.
Kali is a free-to-download and use Linux distribution optimized for penetration testing, not a general-purpose operating system for reading email, browsing the web, or sharing cat gifs on the Book of Faces.
How to Begin Using Kali
If you’re familiar with Linux, particularly a Debian variant such as Ubuntu (or, well, Debian), Kali will appear familiar at first. Open a terminal and have a look around. The Debian Project has officially recognized it as a compatible Debian version, and it looks and feels like you’d expect with a default GNOME desktop.
Fast forward to the scene in a World War II film where the dusty tarp covering the Big Guns is removed by a grizzled, cigar-chomping sergeant. That’s about how it feels when you pick up Kali and start messing around with it. You could feel like a toddler with a howitzer, especially since pointing most of these tools at targets without their permission is unlawful under the Computer Fraud and Abuse Act (CFAA) in the United States and comparable laws around the world. Aim carefully.
Kali is not intended to be used as a regular operating system, but rather for security testing. As a result, it’s usually installed on a laptop as a virtual machine with VMWare or VirtualBox on a Windows, Mac, or even Linux host. Kali works well as a Qubes VM as well. If you’re new to Kali, you may rapidly get up and running by downloading a preconfigured VMWare or VirtualBox VM.
What is Kali’s purpose?
Kali is a modified Linux distribution designed for advanced Linux users that require a platform for offensive security-focused penetration testing. If you or your use case don’t fit that description, try the user-friendly Ubuntu or Mint Linux variants instead.
[In this FREE CIO Roadmap Report, see how IT can embrace the power and promise of 5G. [Now available for download!]
The Kali maintainers aren’t shy about saying it:
“Kali Linux is probably not what you are looking for if you are unfamiliar with Linux in general, if you do not have at least a basic level of competence in system administration, if you are looking for a Linux distribution to use as a learning tool to get to know your way around Linux, or if you want a distro that you can use as a general purpose desktop installation.”
Kali is the best solution for most offensive security jobs once you’ve entered the realm of penetration testing. Advanced users may have preferences for Kali alternatives, but newbies to penetration testing should gain a handle on Kali first.
Kali meta-packages installation
There are so many security solutions for Kali that they can’t all be downloaded in one go. Because many of those tools are tailored to unique hardware or edge use cases, Kali comes pre-installed with a collection of the most often used tools and allows users to install meta-packages, which are Debian packages that contain dozens or even hundreds of related packages.
Downloading Kali for a wireless pentesting engagement is an example given by the Kali team. Rather of waiting for everything to install, simply type apt-get install kali-tools-wireless to receive all of Kali’s wireless tools, and you’ll be off to the races in no time.
There are more than a dozen meta-packages to pick from in the whole list. Installing kali-linux-default and maybe kali-tools-top10 is a good place to start for new Kali users. If you want everything, kali-linux-everything is the way to go, but expect high download times and tool overload.
Kali’s most popular tools
Consider a Swiss Army knife with hundreds of gizmos, gewgaws, and whatnot. So, where do you begin? Neither the tweezers nor the toothpick are likely candidates. However, you’ll need the large knife, as well as a can opener and a screwdriver – the essentials, which is why you bought the knife in the first place.
Metasploit, a popular penetration testing framework, is what Kali is referring to. Of course, I’m referring to Nmap, the all-important port scanner. Wireshark, the ubiquitous network traffic analyzer, comes to mind. And, of course, Aircrack-ng, which can be used to evaluate WiFi security.
There’s a lot more to it than that. There’s a lot more. Do you want to intercept network communication as a man-in-the-middle attack? Mitmproxy and Burp (free version) are two options. Offline password cracking? The job will be done by Hashcat and John the Ripper. Is this SQL injection day? Sqlmap is an excellent place to begin. If you’re phishing emails as part of a project, social engineering tools like the Social-Engineer Toolkit (SET) can help you outsmart inattentive staff.
Use Kali as much as possible.
Newcomers to Kali should seek out a legal firing range where they may test their new armory of weapons. VulnHub and HacktheBox, for example, provide free/cheap VPN access to dozens of susceptible boxes where you can exercise your hacking talents.
The OSCP is waiting for you when you’re ready. The coveted Offensive Security Certified Professional certification, created and managed by the same people who maintain Kali Linux, includes hands-on instruction with Kali and a 24-hour exam in which candidates must hack into susceptible targets to pass.
The OSCP is not for those who are easily frightened. It’s no coincidence that their motto is “Try Harder.” If you decide to pursue the certification, be prepared to put in some effort.
Kali’s unique traits
Kali includes ARM support (slice of Raspberry Pi, anyone? ), a forensics mode for when the bits must be proven to be unmodified, a “Kali for Android” called NetHunter that appears to be the next big thing, Amazon EC2 AWS images, and even braille compatibility.
The most of these are advanced use cases that a novice is unlikely to need or even be aware of, although the Kali universe is huge and well-known. Its future expansion appears to have no end in sight.
What about the name? The term is “mum.” “Is there a Hindu Goddess of Change and Time? Is there a Filipino martial art? What’s a cool Swahili word? None of the preceding, “The founders put pen to paper. “We came up with the moniker ‘Kali’ for our new distribution.”