If you’ve heard a 13-year-old would-be hacker talking about how 1337 they are, chances are, Kali Linux came up. Despite it’s script kiddie reputation, Kali is actually a real tool (or set of tools) for security professionals.
Kali is a Linux distribution based on Debian. Its goal is simple; include as many penetration and security audit tools as possible in one convenient package. Kali delivers, too. Many of the best open-source tools for conducting security tests are collected and ready to use.
Kali is developed and maintained by Offensive Security. They’re a well-known and trusted presence in the security world, even certifying security professionals with some of the most highly respected certifications available.
It’s a convenient solution, too. Kali doesn’t require that you maintain a Linux install or collect your own software and dependencies. It’s turn-key. All the work is out of the way, so you can focus on the real work of auditing whichever system you’ve set out to test.
How Do You Use It?
Kali is a Linux distribution. Like any other, you can install it permanently on a hard drive. That works fine, but you don’t want to use Kali as a daily driver operating system. Its purposely built for penetration testing, and that’s about all that you should use it for.
Kali is best as a live distribution. You can burn Kali to a DVD or run it off of a USB drive. You don’t ever need to install anything on Kali or save any files, so spinning it up on the occasion where you need to test a system is great. It also affords the flexibility to get a Kali machine running anywhere on whichever network you’re looking to test.
What Does Kali Have?
Kali has security tools and not a whole lot else. It does, however, have a lot of security tools.
It has classic information gathering tools like NMap and Wireshark.
Kali also has WiFi-centered tools like Aircrack-ng, Kismet, and Pixie.
For attacking passwords, there are tools like Hydra, Crunch, Hashcat, and John the Ripper.
Then there are more complete suites of tools, including Metasploit and Burp Suite.
That’s only a small percentage of the security tools available by default with Kali. It would take a long time to go through all of them, but you can clearly see that many of the more popular tools are represented.
Is Kali For You?
Kali is not for everyone. It’s not a regular Linux distribution to run on your laptop and think that you’re cool for running a “hacker OS.” If you do so, you’re running a potentially insecure system. Kali is designed to run as root. It’s not secured and configured like a regular Linux distribution. It’s an offensive tool, not a defensive one.
Kali isn’t a joke either. You can do some real damage with the tools that it comes bundled with, and you can get yourself into real trouble. It’s all too easy for an uneducated user to do something seriously illegal and find themselves in a situation no one wants to be in.
With all that having been said, Kali is a great tool for professional use. If you’re a network admin and want to conduct real-world tests on your network, Kali might be just what you need. Kali also has some excellent tools for developers (especially web devs) to audit their applications before they go live.
Of course, if you’re interested in learning about security the right way, you can certainly use Kali in a controlled environment to teach yourself or follow any number of great courses.
Kali Linux is a bundle of many of the best security tools. It’s an incredible asset for professionals, but it can also be a big problem in the hands of the uninitiated. Use Kali with care and take advantage of its awesome potential. If you don’t, you’re going to end up having a really bad time.