part0006

Kali is a flavor of Linux distributions that is Debian-based and was created specifically for its application in the security domain, which focused primarily on Security Auditing and Penetration Testing. Kali comes equipped with hundreds of tools that are aimed at various tasks used for information security. These include Security Research, Penetration Testing, Reverse Engineering, Computer Forensics, etc. Offensive Security, a company that is a world leader in information security training, is the company that developed Kali Linux and now funds its maintenance.

Kali Linux is a successor of BackTrack Linux. BackTrack Linux was a Linux distribution which was developed for security tasks and was aimed at penetration testing and digital forensics. After the deprecation of BackTrack Linux in 2013, Kali Linux was released in March 2013 as a complete reboot of BackTrack Linux from top to bottom in compliance with all the Debian development standards.

Kali Linux comes with more than 600 tools for penetration testing. If one were to go through the number of tools available in the predecessor that is BackTrack, there were a lot of tools which were not functional or were just duplicates of functions that were already available in other tools. These have been eliminated from the Kali Linux releases.

BackTrack Linux was completely free of cost to use, and this has been continued with Kali Linux as well. As a Kali Linux user, you will never have to pay for the operating system or the tools it comes equipped with.

Kali Linus is committed to the model of Open Source, and therefore the Kali Linux development tree is available to everyone on the Internet. The source code for Kali Linux is available on gitlab and is available to anyone who wants to make customizations to it and rebuild the packages to suit their specific needs.

Kali complies with the Filesystem Hierarchy Standard, which is followed by all Linux flavors. This will make it easy for the system to locate binaries, libraries, support files, etc.

One of the concerns with Linux systems in the past has been its support for wireless devices. Kali Linux has been developed and built in such a way that it will support a wide range of wireless devices, and it will be compatible with the hardware of a vast variety and therefore will support USB and most wireless devices.

Kali Linux kernel comes equipped with the latest injection patches. As penetration testers, this helps the development team to conduct wireless assessments with ease.

They are developed in a secure environment. The development team of Kali Linux includes a very small group of individuals, and they are trusted to make commits to the repositories and packages for Kali Linux, all of which is achieved using secure protocols via multiple channels.

Penetration tools are usually written in English. However, Kali Linux developers have ensured that Kali includes language support for users from around the world so that more users can work in their native language and find tools on Kali that they can use to complete their tasks.

Kali developers understand enough to know that not all users can accept their interface design. Therefore, they have made it very easy for the adventurous users to customize the system as per their requirement right from the top till the kernel.

Support for ARMEL and ARMHF: ARM-based single-board devices such as the BeagleBone Black and Raspberry Pi are popular among the users, mainly because they are so inexpensive. Therefore, Kali Linux has been built in a way such that it is as robust as possible and has a fully functional installation that will support both ARMHF and ARMEL systems. A wide range of ARM devices are supported by Kali Linux and tools for ARM are kept up to date and at par with the rest of the distributions.

Kali Linux is developed specifically to meet the needs of professionals who are looking for tools related to security auditing and penetration testing. There are several tools integrated with Kali Linux, which help meet these needs.

Linux operating system usually practices operating systems that have a root user and other users with fewer privileges than the root user. Kali Linux, however, practices a single user concept that is the root with all access. This has been done because most of the tools that are required for penetration testing using Kali required high access. Thus, although most Linux flavors practice the policy to enable root access only when essential, Kali Linux use cases use the approach of using root user to decrease the burden of additional users.

By default, network services are disabled on Kali Linux. Kali uses a system service that disables all network services. This helps in the installation of various applications on Kali Linux in a secure environment irrespective of the packages that are installed. Bluetooth is also blacklisted by default.

Kali Linux has minimal and trusted repositories only. Given the motive with which Kali Linux was developed, it makes absolute sense to maintain the integrity of the system. Therefore, third-party applications for Kali are kept at a bare minimum to achieve the goal of security. While many users are tempted to add third-party repositories to their sources and lists, doing so increases the risk of breaking your Kali installation.

Given that we are authoring a book about Kali Linux, one might expect that we recommend it to everyone in our client base to use Kali Linux. Kali Linux, however, is developed specifically for testers who are into penetration testing and those who are security specialists. Therefore, if you are just beginning to start as a Linus user, is NOT recommended at all as a system which you are looking to use as a general desktop operating system for your day to day activities such as gaming, development, web design, etc.

Kali Linux can pose as a challenge even for veteran users in the Linux domain. Kali, unlike other open source Linux projects, is not a wide-open source project, mainly because of security concerns. The development team consists of a very small number of users, and the packages that are developed for Kali Linux and committed to repositories are signed by the individual developer first and then by the entire team. Also, the upstream or third-party repository from which the packages are updated, or new packages are pulled is very small. Adding software from repositories to your Kali operating system from third party sources that are not tested and verified by the Kali Linux team can cause harm to your system.

While the architecture of Kali Linux is highly customizable, adding random and unrelated packages that do not fit in the Kali Linux domain and are not downloaded from the regular sources will not work on Kali. Kali Linux will not support commands such as apt-add-repository, PPAs, or LaunchPad. Also, if you are trying to install Steam on your Kali Linux OS, it will end up being a disaster. Installing mainstream packages like NodeJS on your Kali Linux system can also take a lot of research, time and patience. You should not begin working on the Kali Linux operating system:

- If you do not have the basic knowledge or competence to administer a system, if you are just looking for your first Linux system to start learning Linux

- If you are just looking for an operating system to do your daily activities, Kali Linux is not the operating system that you may want to begin with

Over and above, the misuse of penetration testing tools and security within a computer network, without any authorization, may result in irreversible damage and the consequences of such damage may get you into personal or legal trouble. The excuse that “You did not know what you were doing” will not work in such cases.

In contrast, if you are aiming at becoming a professional in penetration testing with the sole goal of becoming a certified professional, there is no better operating system that you can find than Kali Linux, at any price and especially for free.

So, to summarize and answer the question we asked when we started this chapter, if you are looking to just start with the basics of Linux on Linux operating system, Kali Linux is not the deal for you. You should first begin with the simple versions of Linux such as Ubuntu, Debian, or Mint instead.