Kali Linux

Kali Linux^[3] is a Debian-derived Linux distribution designed for digital forensics and penetration testing.^[4][5][6][7] It is maintained and funded by Offensive Security Ltd. It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. The third core developer, Raphaël Hertzog, joined them as a Debian expert.

Kali Linux has over 600^[13] preinstalled penetration-testing programs, including Armitage (a graphical cyber attack management tool), Nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper password cracker, Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP web application security scanners.^[14][15]Kali Linux can run natively when installed on a computer's hard disk, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.^[14]

It was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous information security testing Linux distribution based on Knoppix. The third core developer, Raphaël Hertzog, joined them as a Debian expert.

Kali Linux is based on Debian Testing. Most packages Kali uses are imported from the Debian repositories.^[18]

The Kali Linux project began quietly in 2012, when Offensive Security decided that they wanted to replace their venerable BackTrack Linux project, which was manually maintained, with something that could become a genuine Debian derivative, complete with all of the required infrastructure and improved packaging techniques. The decision was made to build Kali on top of the Debian distribution because it is well known for its quality, stability, and wide selection of available software.

The first release (version 1.0) happened one year later, in March 2013, and was based on Debian 7 “Wheezy”, Debian’s stable distribution at the time. In that first year of development, they packaged hundreds of pen-testing-related applications and built the infrastructure. Even though the number of applications is significant, the application list has been meticulously curated, dropping applications that no longer worked or that duplicated features already available in better programs.

During the two years following version 1.0, Kali released many incremental updates, expanding the range of available applications and improving hardware support, thanks to newer kernel releases. With some investment in continuous integration, they ensured that all important packages were kept in an installable state and that customized live images (a hallmark of the distribution) could always be created.^[19]

Kali Linux includes security tools, such as:^[13]

• Aircrack-ng
• Armitage
• Burp suite
• Cisco Global Exploiter, a hacking tool used to find and exploit vulnerabilities in Cisco Network systems
• Ettercap
• John the Ripper
• Kismet
• Maltego
• Metasploit framework
• Nmap
• OWASP ZAP
• Social engineering tools.
• Wireshark
• Hydra
• Reverse Engineering tools
• Binwalk
• Foremost
• Volatility

These tools can be used for a number of purposes, most of which involve exploiting a victim network or application, performing network discovery, or scanning a target IP address. Many tools from the previous version (BackTrack) were eliminated to focus on the most popular penetration testing applications.

Kali Linux has a dedicated project set aside for compatibility and porting to specific Android devices, called Kali Linux NetHunter.^[24]

It is the first Open Source Android penetration testing platform for Nexus devices, created as a joint effort between the Kali community member "BinkyBear" and Offensive Security. It supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well as Bad USB MITM attacks.

BackTrack (Kali's predecessor) contained a mode known as forensic mode, which was carried over to Kali via live boot. This mode is very popular for many reasons, partly because many Kali users already have a bootable Kali USB drive or CD, and this option makes it easy to apply Kali to a forensic job. When booted in forensic mode, the system doesn't touch the internal hard drive or swap space and auto mounting is disabled. However, the developers recommend that users test these features extensively before using Kali for real world forensics.