Kali.org’s version of Linux is an advanced penetration testing tool that should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. What Kali has done is collect just about everything you’ll need in a single CD. It includes more than 300 different tools, all of which are open source and available on GitHub. It’s incredibly well done, especially considering that it’s completely free of charge.
A new version, 1.0.5, was released earlier in September and contains more goodies than ever before, including the ability to install it on just about any Android phone, various improvements to its wireless radio support, near field communications, and tons more. Let’s take a closer look.
Updates in 1.0.5
First, the Kali Linux team completely rebuilt the earlier version of the tool, BackTrack, in standard Debian Linux. And they didn’t stop there: they also stream and synchronize with the Debian Linux code repositories four times a day, constantly providing you with the latest package updates and security fixes available. By moving to Debian, they have insured a solid OS base for their tool kit, using a version of Linux that is also very popular and well understood.
You can customize your own builds of Kali too, or install it from a network drive more readily. “We completely understand that not everyone will agree with our design decisions, so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel,” it states in the documentation.
In addition, they have improved the ARM chipset support (think Chromebook, Raspberry Pi, and Samsung Galaxy), making it easier to take Kali on the road. They claim it can be installed on almost any Android-based phone or tablet. Another boon for mobile testers: “Software Defined Radio researchers will be especially pleased to know that we have made some significant tool additions … and added new drivers to our arsenal,” it states on its blog. There are also hacking tools for near field communications chipsets, which are now being included in newer cell phones.
There are tools for vulnerability analysis, for Web applications testing, for brute force password attacks, for networking sniffing and IP spoofing, and digital forensics, just to name a few of the larger categories. Realistically, there is probably more software on this CD than anyone can learn in a lifetime of security testing, but it’s nice that they have taken the time to collect and organize everything, and also to make sure that it all runs under their version of Debian Linux. That is more than most security tools that you can download from the Internet can claim.
To get an idea of what you can do with Kali, check out their blog post here where they give you several different scenarios, such as running a vulnerability scan across your office network, cloning an RFID card, or running Metasploit from your tablet computer. It’s a very rich collection and a worthy tool in your security toolbox.