Kali Linux is an open source Linux distribution designed to support penetration testing and related security auditing. First released in 2013, Kali actually contains hundreds of tools to support activities such as penetration testing, computer forensics, reverse engineering and much more. Kali Linux is designed to support both information security professionals and even casual information security learners and students alike when used in the right environment. Kali Linux provides a competent and capable penetration testing experience and is attractive to all types of users. Kali Linux is based on the Debian development standards. Kali Linux users can also customize the operating system as required for special requirements and preferences.
Kali Linux is the endpoint of an evolution that happened over time. Kali Linux is based on years of knowledge and experience of building penetration testing solutions. One of the earliest projects was called Whoppix. Whoppix as some of you may recall stands for WhiteHat Knoppix. Knoppix was of course the underlying operating system. The next project was WHAX (WhiteHat Slax). WHAX started at version v3, and used the last state of Whoppix. The Auditor Security Collection (Auditor), once again using Knoppix, was combined with WHAX to produce BackTrack. BackTrack was based on Slackware but soon switched to Ubuntu. Kali Linux in the first release came after BackTrack in 2013 and ultimately moved to Debian testing. You can see that BackTrack was essentially a merger between three different Linux penetration testing codebase distributions which included Whoppix, Auditor, and WHAX.
Kali Linux has many features and 500+ penetration testing tools. There are many vulnerability scanners that are either part of the Kali Linux distribution, or are available for installation. A subset of the vulnerability scanners that work nicely with Kali include:
- Nikto. The Nikto scanner can execute a broad set of tests to check HTTP response, verify cookies for session hijacking, SSL inspection, guess subdomains for recursive inspection and more.
- OpenVAS. The creators of Nessus moved from just the open source version to a proprietary version. OpenVAS means Open Vulnerability Assessment System. OpenVAS includes additional important features in areas such as risk management.
- Nessus. Nessus is a free remote security scanner that can identify vulnerabilities, bad configurations (by software version), denial of service (DoS) vulnerabilities and probing passwords using external tools such as a dictionary attack.
- NMAP. NMAP also known as Network Mapper is a port scanner capable of scanning open ports, determining running services, operating system versions, and more. NMAP allows you to scan single hosts or entire networks. All the discovery data can be produced in well-designed reports which are part of NMAP. NMAP can also perform TCP/UDP scans, ICMP scans, protocol scanning, service/version, and OS identification.
- Lynis. Lynis is an open source tool used for testing Unix-based systems. Lynis allows you to scan entire networks, or just network-attached hosts. Lynis executes vulnerability scanning from the host. This enables Lynis to locate configuration flaws that might not be otherwise detected by other tools.
- WPScan. WPScan (WordPress Vulnerability Scanner) is designed to scan WordPress sites. WPScan can identify installed plugins, login into accounts, brute force passwords and more. WPScan functions as essentially a WordPress “black box” scanner and truly mimics the techniques of a real attacker. WPScan does not rely on access to your WordPress dashboard or source code for testing. This makes it quite effective—any vulnerabilities it can find can also be found by an attacker. WPScan uses the vulnerability database called wpvulndb.com to find known vulnerabilities.
- OWASP ZAP. OWASP ZAP is an open-source web application security scanner. It is an Open Web Application Security Project. ZAP is good for using a “man-in-the-middle” proxy. ZAP intercepts and inspect messages from traffic between the browser and web application, perhaps makes small modifications to these messages, and then forwards those messages on to their destination.
Other tools for Kali for vulnerability assessment include:
- Wapiti. Wapiti ia a penetration testing tool that utilizes GET ad POST methodologies, probes SQL injection, and Cross Site Scripting (CSS)
- XSSPY. XSSPY is a Python tool used to identify cross-site scripting vulnerabilities in both websites and web applications. XSSPY scans every element that it uncovered in search of possible XSS vulnerabilities.
- Skipfish. Skipfish performs reconnaissance tasks on web servers. Initially, Skipfish creates a sitemap and iteratively tests the website with penetration tests to identify new vulnerabilities.
- W3af: W3af is a web application framework that lets you probe, attack, and audit web applications. W3af uncovers and exploits web application vulnerabilities of all types. W3af comes as a GUI and console-based application. Broad support is available in more than 100 plugins that may be used for various tasks.
- Netcat. Netcat uses TCP and UDP connections to write data to and read data from networked devices. Netcat can be integrated with your scripts or utilized as a standalone tool.
- Unicornscan: Unicornscan is a pentesting tool. Unicornscan has many advanced options and parameters, which enables you to customize it for various applications.
Other important Kali Linux features include:
- Kali Linux is FHS (Filesystem Hierarchy Standard) compliant which facilitates Linux users’ activities to locate binaries, support various files, libraries, and more.
- Kali Linux has extensive wireless interface support. Kali Linux can run on a wide variety of hardware and is compatible with many wireless devices.
- Kali Linux supports an open source Git tree. All source code is available as required.
- Kali Linux provides GPG (Gnu Privacy Guard) encryption, which is essentially an enhanced upgrade of the old PGP (Pretty Good Privacy) encryption. Every package in Kali Linux is digitally signed by the developer that committed the code, and the repositories also sign the packages.
- Kali Linux provides support for multiple languages. Most of the penetration world uses English, but Kali Linux provides multilingual capability with all the obvious advantages.
- Kali Linux provides support for both ARMEL and ARMHF. Kali Linux supports the use of ARM devices (an ARM processor is a RISC architecture-based family of processors used in many consumer devices to include mobile, wearables, multimedia, pad computers, and smartphones.
Kali Linux is a great tool, but not a general purpose operating system release. Kali Linux is a specialized distribution designed solely to support penetration testers and security personnel with various capabilities. In order to use Kali Linux you need to have experience and a basic knowledge of what it takes to administer a Unix system. Kali Linux is designed to be customized. It is important to note that there is generally no support for the apt-add-repository command, LaunchPad, or PPAs.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.