Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools.
It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM, incident response, intrusion detection and more should raise the profile of those defensive tools.
For now, Kali is primarily known for its roughly 600 open source pentesting tools, allowing pentesters to easily install a full range of offensive security tools.
In this article, we’ll focus primarily on how to use this powerful OS to run a pentest and mistakes to avoid. We’ll give you an overview of what can be achieved with Kali Linux using a short selection of pre-installed tools. While this guide serves as an introduction to common pentesting phases, with practical examples that highlight best practices, it’s not a substitution for a complete professional pentesting methodology.
If you’re interested in penetration testing and digital forensics, you know that Kali Linux is worth a try. And if you’re already doing it, chances are good you are already using it.
We talked to Jim O’Gorman, Chief Content and Strategy Officer at Offensive Security (OffSec), about the direction in which the development of the open-source distro is headed.
[The answers have been edited for clarity.]
Kali Linux keeps growing and improving. How much does user feedback influence where you want to go next? What do users want the most?
Two questions drive Kali’s development:
1. What needs to be done to ensure that Kali Linux is the best possible platform for professional and hobbyist information security work? 2. What needs to be done to ensure that Kali is the best possible platform for information security training?
There is a lot of overlap between those two questions, but realistically they are separate and distinct items. However, by getting them both right on a single platform, we create an environment where people can train, study, and learn, but also use the same platform for real-world efforts. In essence, it means that you train like you fight.
The answer to the first question is driven by input from the Kali and OffSec teams. As infosec professionals ourselves, what are the things we run into on a day-to-day basis and how do we make our life easier by ensuring the toolset is of the highest quality possible? We also work closely with OffSec’s pentesting team.
We also listen to input from other Kali users. Kali is a totally open-source project and anyone and everyone can pitch in and contribute. And they do! If you wish a tool to be included in Kali, package it and submit it! If you wish a configuration worked a certain way out of the box, modify the package and submit the change. It’s very direct and easy to do, and it is in our documentation. Anyone – regardless of their background – can play a part.
The second way users influence development is through bug reports, feature requests, and conversations on OffSec’s Discord and other social media. The Kali team is out there as part of the infosec community – talk to us and let us know what you are seeing. Also, when possible, we will set up private conversations with large organizations that use Kali to get a feel for their unique needs.
The answer the second question – How to make Kali the best possible platform for training? – we work very closely with the OffSec content development team to find out what tools they are using for training, what sort of default environment works best for learners, and what we can do in Kali to support general education efforts.
Surprisingly, even though Kali is built for advanced information security work, it is often the first Linux many users ever use. So we are careful with the design of Kali to ensure that it is approachable. We want to ensure that you don’t have to be a Linux professional to utilize Kali successfully in OffSec courses.
What’s your vision for Kali Linux in the next 12 months? What areas need polishing?
The changing of attack techniques over time does not impact Kali as much as you might think, as techniques are more often than not implemented in tools and scripts. While the tools and scripts change, Kali Linux as a platform to launch them does not have to change much. The closest item to this is expanding Kali to run everywhere. Our goal is to put the Kali toolset as close as possible to you no matter where you are.
Kali installed on bare metal, Kali in a VM, Kali in containers (Docker & LXC), Kali on WSL, Kali on various ARM devices such as Raspberry Pi, Kali in a cloud instance such as AWS and Azure, Kali on your Android phone or tablet – we even have Kali running on a watch! No matter where you are or what your needs are, we want Kali to be easy to access and run.
Kali is primarily gered towards pentesting and red teaming, but we are looking at expanding into other areas of information security as well.
Kali Linux comes with a myriad of tools. What’s the process for including or removing a piece of software? What tools are used the most?
What tools run in Kali is really a matter of input from the team, community, and OffSec. Our goal is to have the most frequently used and important tools installed and working out of the box. Other common tools are installed quickly and easily with a single command.
We add new tools based on the answers to a number of questions: What functionality does the tool provide and is it unique or different enough from functionalities of other tools? Is the tool going to be maintained and updated over a reasonable period of time? How functional is the tool? It is a wrapper for another tool? Does the developer have a positive reputation?
If a tool stops being updated and stops working, we’ll try to work with the author. If they are unresponsive and the effort of maintaining the tool becomes too complex, we document this and then often remove it.
We get a lot of input from the OffSec pentesting team on what tools they are using in the field today, as well as the OffSec content developers on what tools are being used as part of the courseware. The idea is to have all the tools used in OffSec coursework out of the box to keep things easy for students.
Do major software development trends influence your approach to enhancing Kali Linux? How do you prioritize features?
When prioritizing features, we look at what is needed at the current time. We release Kali in quarterly updates so that dictates our development cycle. Each cycle we look at what is happening in the industry, where the gaps are, and determine what to prioritize.
On this front, there is a lot to balance. Everything from the distribution of Kali, installation, user experience, tools, stability, so on and so forth. It’s a full operating system and a small team so we have to pick and choose what goes into it, we can’t do everything each cycle. Again, input from the community and OffSec sets the priorities.
There’s been a lot of buzz around AI lately. Do you expect AI to play a role in future Kali Linux versions?
As Kali is a base OS, not right now. For tools that run in Kali, perhaps in time. As soon as the tools are there we will add them into Kali if they are any good. But there are also always fad trends so we tend not to get over-excited about them until they start to actually deliver results.
We have seen demonstrations of tools being developed with some of the PoC which have been creating some buzz, but as they are not ready to be released we are a ways off from this yet.
Kali Linux is a specialized Linux distribution developed by Offensive Security, designed for experienced Linux users who need a customized platform for penetration testing.
Kali Linux also comes with several hundred specialized tools for carrying out penetration testing, security research, computer forensics, reverse engineering, vulnerability management, and red team testing. Here are 5 you should learn how to use.
Aircrack-ng
Aircrack-ng is a complete suite of tools to assess Wi-Fi network security, focusing on:
Monitoring: Packet capture and export of data to text files for further processing by third-party tools
Attacking: Replay attacks, deauthentication, fake access points and others via packet injection
Testing: Checking WiFi cards and driver capabilities (capture and injection)
Cracking: WEP and WPA PSK (WPA 1 and 2)
John the Ripper
John the Ripper is an open-source password security auditing and password recovery tool. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in “-jumbo” versions.
Lynis
Lynis performs an extensive health scan of your systems to support system hardening and compliance testing. Lynis is open-source and flexible, and used for several different purposes. Typical use cases include:
Security auditing
Compliance testing (e.g. PCI, HIPAA, SOx)
Penetration testing
Vulnerability detection
System hardening
Metasploit
Metasploit is the world’s most used penetration testing framework. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.
For more information about the past, present and future of Metasploit, watch our video with Spencer McIntyre, Lead Security Researcher at Rapid7.
Nmap
Nmap is a free and open-source utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
This book is the hands-on and methodology guide for pentesting with Kali Linux. You’ll discover everything you need to know about the tools and techniques hackers use to gain access to systems like yours so you can erect reliable defenses for your virtual assets. Whether you’re new to the field or an established pentester, you’ll find what you need in this comprehensive guide.
Build a modern dockerized environment
Discover the fundamentals of the bash language in Linux
Use a variety of effective techniques to find vulnerabilities (OSINT, Network Scan, and more)
Analyze your findings and identify false positives and uncover advanced subjects, like buffer overflow, lateral movement, and privilege escalation
Apply practical and efficient pentesting workflows
Learn about Modern Web Application Security Secure SDLC
If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for Hackers is an excellent first step. Using Kali Linux, an advanced penetration testing distribution of Linux, you’ll learn the basics of using the Linux operating system and acquire the tools and techniques you’ll need to take control of a Linux environment.
First, you’ll learn how to install Kali on a virtual machine and get an introduction to basic Linux concepts. Next, you’ll tackle broader Linux topics like manipulating text, controlling file and directory permissions, and managing user environment variables. You’ll then focus in on foundational hacking concepts like security and anonymity and learn scripting skills with bash and Python. Practical tutorials and exercises throughout will reinforce and test your skills as you learn how to:
Cover your tracks by changing your network information and manipulating the rsyslog logging utility
Write a tool to scan for network connections, and connect and listen to wireless networks
Keep your internet activity stealthy using Tor, proxy servers, VPNs, and encrypted email
Write a bash script to scan open ports for potential targets
Use and abuse services like MySQL, Apache web server, and OpenSSH
Build your own hacking tools, such as a remote video spy camera and a password cracker
In this book you’ll learn an offensive approach to enhance your penetration testing skills by testing the sophisticated tactics employed by real hackers. You’ll go through laboratory integration to cloud services so that you learn another dimension of exploitation that is typically forgotten during a penetration test. You’ll explore different ways of installing and running Kali Linux in a VM and containerized environment and deploying vulnerable cloud services on AWS using containers, exploiting misconfigured S3 buckets to gain access to EC2 instances.
This book delves into passive and active reconnaissance, from obtaining user information to large-scale port scanning. Building on this, different vulnerability assessments are explored, including threat modeling. See how hackers use lateral movement, privilege escalation, and command and control (C2) on compromised systems. By the end of this book, you’ll have explored many advanced pentesting approaches and hacking techniques employed on networks, IoT, embedded peripheral devices, and radio frequencies.
For more information about this book, we have a video with the author you can watch here.
This is a comprehensive guide for those who are new to Kali Linux and penetration testing that will have you up to speed in no time. Using real-world scenarios, you’ll understand how to set up a lab and explore core penetration testing concepts.
Throughout this book, you’ll focus on information gathering and even discover different vulnerability assessment tools bundled in Kali Linux. You’ll learn to discover target systems on a network, identify security flaws on devices, exploit security weaknesses and gain access to networks, set up Command and Control (C2) operations, and perform web application penetration testing. In this updated second edition, you’ll be able to compromise Active Directory and exploit enterprise networks.
Finally, this book covers best practices for performing complex web penetration testing techniques in a highly secured environment.
Advanced Techniques like “Living off the Land”
AV Bypass Tools
Using IoT Devices in Security
and much, much more!!
Learning attacker Tactics, Techniques and Procedures (TTPs) are imperative in defending modern networks. This hands on guide will help guide you through these with step by step tutorials using numerous pictures for clarity.
Starting Kali Linux 2021.4, the Samba client is now configured for Wide Compatibility so that it can connect to pretty much every Samba server out there, regardless of the version of the protocol in use. This change should make it easier to discover vulnerable Samba servers “out of the box”, without having to configure Kali.
With the latest update of Kaboxer tools no longer look out of place, as it brings support for window themes and icon themes. This allows the program to properly integrate with the rest of the desktop and avoids the usage of ugly fallback themes.
Here is a comparison of how zenmap looks with the default Kali Dark theme, compared to the old appearance:
New Tools in Kali Linux 2021.4
Here’s a quick run down of what’s been added (to the network repositories):
Dufflebag – Search exposed EBS volumes for secrets
Forgot the Kali Linux root password? Stress not! This tutorial discusses the steps to reset Kali Linux system password. Follow the steps, and you will get it done within minutes.