What is Kali Linux and Do You Need It?

Install Kali Linux 00 Featured Image

If you have heard a young would-be hacker talking about penetration testing, chances are, you would inevitably hear what Kali Linux is. It is a Debian-based Linux distribution that aims to be a complete toolkit for security professionals.

Kali Linux includes a lot of penetration testing and security auditing tools by default. In that regard, Kali delivers, too. Many of the best open-source tools for conducting security tests are in here and ready to use.

Why Use Kali Linux?

One of the biggest selling points of Kali Linux is that it is a convenient all-in-one solution. For the most part, Kali doesn’t require you to maintain a Linux machine and collect your own software. All of the set-up work is out of the way, and you can fully focus on testing the system you’ve set out to audit.

Install Kali Linux 01 Default Desktop

Aside from that, Kali is also being developed and maintained by Offensive Security. They’re a well-known and trusted institution in cybersecurity. You can be confident that the tools that Kali Linux provides are both trustworthy and highly effective.

What Tools Are Available in Kali Linux?

Kali Linux has many security tools. It has classic information-gathering tools, like NMap, Wireshark and dig.

Install Kali Linux 02 Zenmap Sample
Install Kali Linux 03 Wireshark Sample

Kali also has WiFi-centered tools like Aircrack-ng, Kismet, and Pixie.

For attacking passwords, there are tools like Hydra, Crunch, Hashcat, and John the Ripper.

Install Kali Linux 04 Metasploit Sample

Then there are more complete suites of tools. For example, you can use the Metasploit Framework and Burp Suite out of the box.

That’s only a small percentage of the security tools available in Kali. It would take a long time to go through all of them, but you can clearly see that many of the more popular tools are represented.

Installing Kali Linux

Kali is a Linux distribution. Like any other, you can install it permanently on a hard drive or virtual machine. That works fine, but you don’t want to use Kali as a daily driver operating system. It’s purposely built for penetration testing, and that’s about all that you should use it for.

Note: you can also install Kali Linux on your Android phone.

Kali’s System Requirements

Before you can install Kali Linux, have the following resources available:

  • Ample amount of disk space in your machine. In most cases, Kali should work well on a 32 GB flash disk.
  • 64-bit processor and 2 to 4 GB of onboard memory, as Kali Linux uses a number of resource-intensive programs in its toolkit.
  • Your machine needs to have the ability to either do virtualization or external media booting.

It is important to note that Kali works best as a live distribution. You can either burn it to a USB driver or run it off of a virtual machine. You don’t need to install anything on Kali or save any files, so spinning it up on the occasion where you need to test a system is great. It also affords the flexibility to get a Kali machine running anywhere on whichever network you’re looking to test.

This article focuses on installing Kali Linux on VirtualBox as a live system in Ubuntu 22.04 LTS.

Install Kali Linux 05 Ubuntu Neofetch

Installing Kali Linux on VirtualBox

To install Kali Linux, obtain the virtualization client you want to use. In this case, I am installing VirtualBox:

sudo apt install virtualbox p7zip
Install Kali Linux 06 Install Virtualbox

Obtain a copy of Kali Linux from its official website. For example, you can run the following command to download it from the terminal:

wget https://kali.download/virtual-images/kali-2022.3/kali-linux-2022.3-virtualbox-amd64.7z
p7zip -d ./kali-linux-2022.3-virtualbox-amd64.7z
Install Kali Linux 07 Extract Kali Files

Install Kali Linux as a virtual machine by pressing Win, then typing “virtualbox.”

Install Kali Linux 08 Virtualbox Run

Once VirtualBox is up and running, import the Kali Linux virtual machine to the client by either clicking “Add” or pressing Ctrl + A.

Install Kali Linux 09 Virtualbox Add Vm

VirtualBox will open a small file browser where you can look for the virtual machine definition for Kali. In my case, I am saving this file to my Downloads folder.

Install Kali Linux 10 File Browser Select

Using Kali Linux

Run Kali as a virtual environment in your machine. Double-click on the Kali Linux entry on VirtualBox’s left sidebar.

Install Kali Linux 11 Run Kali Vm

A small window will open and immediately boot the virtual machine in your system.

Install Kali Linux 12 Bootloader Menu

Kali will load to a simple login screen. By default, the username and password for the system should be “kali.”

Install Kali Linux 13 Logging In

Tips: learn how you can access an Android phone using Kali Linux.

Finding and Running Tools in Kali

Once you are logged in, use the tools available in Kali to conduct security auditing. For example, press the Kali logo on the desktop’s upper-left corner to get an organized list of programs in the system.

Install Kali Linux 14 Main Menu

One of the most basic tools you will use in Kali is nmap (more details on using nmap here). This is a small utility that allows you to do a comprehensive scan of machines in a network. To use this, click the “Terminal Emulator” entry in the Kali menu.

Install Kali Linux 15 Run Terminal Emulator

Run nmap -h to print a brief overview of the available options and flags for the program. Knowing that, run the following command to scan the entire subnet for any online clients:

nmap -sP
Install Kali Linux 16 Run Nmap Sample

Lastly, Kali Linux also provides powerful data processing tools, such as Hashcat, that you can use to crack hashes. For example, you can run hashcat -h to look at some of the program’s options.

Install Kali Linux 17 Run Hashcat Sample

Aside from that, you can also run the following command to test whether your machine can run Hashcat on a reasonable speed:

hashcat -b

Is Kali Linux For You?

Kali is not for everyone. It’s not a regular Linux distribution to run on your laptop to think you’re cool for running a “hacker OS.” If you do so, you’re running a potentially insecure system. Kali is designed to run as root. It’s not secured and configured like a regular Linux distribution. It’s an offensive tool, not a defensive one.

Kali isn’t a joke, either. You can do some real damage with the tools that it comes bundled with and can get you into real trouble. It’s all too easy for an uneducated user to do something seriously illegal and find themselves in a situation no one wants to be in.

With all that having been said, Kali is a great tool for professional use. If you’re a network admin and want to conduct real-world tests on your network, Kali might be just what you need. Kali also has some excellent tools for developers (especially web devs) to audit their applications before they go live.

Of course, if you want to learn more about security the right way, you can certainly use Kali in a virtual environment to teach yourself or follow any number of great courses.

Kali Linux is a bundle of many of the best security tools. It’s an incredible asset for professionals, but it can also be a big problem in the hands of the uninitiated. Use Kali with care and take advantage of its awesome potential. If you don’t, you’re going to end up having a really bad time.

Frequently Asked Questions

Is it safe to browse the internet using Kali Linux?

While you can use the Internet in Kali, the developers of the distribution did not design the system for casual Web browsing, so there are many missing multimedia tools and codecs in the default install, and some websites may not function properly when viewed in Kali Linux.

Is it possible to install third-party programs in Kali?

Similar to a regular Debian installation, you can install any third-party application through the apt program.

Aside from that, you can also use both snap and flatpak packages in Kali.

Are there any disadvantages to installing Kali Linux on a virtual machine?

One of the biggest issues with running Kali on a virtual machine is that it will not have any direct hardware access. Any program that depends on hardware acceleration will either run poorly or not work at all. For example, both Hashcat and John the Ripper are tools that heavily rely on direct hardware access.

Image credit: Unsplash. All alterations and screenshots by Ramces Red.

Ramces Red
Ramces Red

Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox