Performing vulnerability assessment or a penetration test involves a series of tasks that need to be performed with the help of multiple tools and utilities. For every task involved in the process, there are tools available, both commercial as well as freeware and open source. It all depends on our choice of tool that suits best as per the context.
For performing an end-to-end assessment, we can either have individual tools downloaded as and when required or we can use a distribution such as Kali Linux that comes with all required tools pre-installed. Kali Linux is a stable, flexible, powerful, and proven platform for penetration testing. It has a baseline of tools that are required to perform various tasks across all phases of penetration testing. It also allows you to easily add tools and utilities that aren't part of the default installation.
Hence, Kali Linux is really a good choice of platform to get started with vulnerability assessments and penetration tests.
Kali Linux is available for download at
Once downloaded, you can either install it directly on your system or you can install it in a virtual machine. The advantage of installing it in a virtual machine is it keeps your existing operating system setup undisturbed. Also, it becomes very easy to take configuration backups using snapshots and restore them whenever required.
While Kali Linux is available for download in the form of an ISO file, it can also be downloaded as a complete virtual machine. You can download the correct setup based on the virtualization software you use (VMware/ VirtualBox /Hyper-V). The Kali virtual machine setup file is available for download at
The following screenshot shows Kali Linux in VMware. You can configure the machine settings by selecting the Edit virtual machine settings option, allocate memory, and select the network adapter type. Once done, you can simply play the machine: