Why is Kali Linux popular among hackers?

Kali is a popular distro among the security community due to its design, it incorporates tools oriented towards penetration testing, security research, computer forensics and reverse engineering. Kali Linux became mainstream popular thanks to the TV Series Mr. Robot.

How many tools does Kali Linux include?

Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners).

How secure is Kali Linux?

Kali Linux is developed in a secure location with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Is Kali Linux portable?

Kali Linux can run natively when installed on a PC, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

What Linux distribution is Kali Linux based on?

Kali Linux is based on Debian Wheezy. Most packages Kali uses are imported from the Debian repositories.

What version of Kali Linux should I download?

Each version of Kali Linux is optimized for a specific purpose or platform. First, you have to establish your system's architecture. If your system is 64-bit and you want to have a permanent installation, the Kali Linux ISO 64-bit is your choice. If you want to try Kali Linux without having to install it, the portable versions are the way to go.

Kali Linux was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu. The third core developer Raphaël Hertzog joined them as Debian expert.

What's New

Today we are releasing Kali 2023.2 (and on our 10th anniversary)! It will be ready for immediate download or updating by the time you have finished reading this post.

Quick off the mark from previous 10 year anniversary, Kali Linux 2023.2 is now here. It is ready for immediate download or upgrading if you have an existing Kali Linux installation.

The changelog highlights over the last few weeks since March's release of 2023.1 is:

  • New VM image for Hyper-V - With "Enhanced Session Mode" out of the box
  • Xfce audio stack update: enters PipeWire - Better audio for Kali's default desktop
  • i3 desktop overhaul - i3-gaps merged with i3
  • Desktop updates - Easy hashing in Xfce
  • GNOME 44 - Gnome Shell version bump
  • Icons & menus updates - New apps and icons in menu
  • New tools - As always, various new packages added

Kali Purple

Over the years, we have perfected what we have specialized in, offensive security. We are now starting to branch into a new area, defensive security! We are doing an initial technical preview pre-launch of "Kali Purple". This is still in its infancy and is going to need time to mature. But you can start to see the direction Kali is expanding into. You can also be a part of helping to shape the direction!

What is Kali Purple?

The one stop shop for blue and purple Teams.

Remember what we did a decade ago with Kali Linux? Or with BackTrack before that? We made offensive security accessible to everyone. No expensive licenses required, no need for commercial grade infrastructure, no writing code or compiling tools to make it all work... Just download Kali Linux and do your thing.

We are excited to start a new journey with the mission to do exactly the same for defensive security: Just download Kali Purple and do your thing.

Kali Purple is starting out as a Proof of Concept, evolving into a framework, then a platform (just like how Kali is today). The goal is to make enterprise grade security accessible to everyone.

On a higher level, Kali Purple consists of:

  • A reference architecture for the ultimate SOC In-A-Box; perfect for:
  • Learning
  • Practicing SOC analysis and threat hunting
  • Security control design and testing
  • Blue / Red / Purple teaming exercises
  • Kali spy vs. spy competitions ( bare knuckle Blue vs. Red )
  • Protection of small to medium size environments
  • Over 100 defensive tools, such as:
  • Arkime - Full packet capture and analysis
  • CyberChef - The cyber swiss army knife
  • Elastic Security - Security Information and Event Management
  • GVM - Vulnerability scanner
  • TheHive - Incident response platform
  • Malcolm - Network traffic analysis tool suite
  • Suricata - Intrusion Detection System
  • Zeek - (another) Intrusion Detection System (both have their use-cases!)
  • ...and of course all the usual Kali tools
  • Defensive tools documentations
  • Pre-generated image
  • Kali Autopilot - an attack script builder / framework for automated attacks
  • Kali Purple Hub for the community to share:
  • Practice pcaps
  • Kali Autopilot scripts for blue teaming exercises
  • Community Wiki
  • A defensive menu structure according to NIST CSF (National Institute of Standards and Technology Critical Infrastructure Cybersecurity):
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
  • Kali Purple Discord channels for community collaboration and fun
  • And theme: installer, menu entries & Xfce!

Previous release notes

Before the year is over, we thought it was best to get the final 2022 release out. Today we are publishing Kali Linux 2022.4. This is ready for immediate download or updating existing installations.

A summary of the changelog since August's 2022.3 release:

  • Microsoft Azure - We are back on the Microsoft Azure store
  • More Platforms - Generic Cloud, QEMU VM image & Vagrant libvirt
  • Social Networks - New homes, keeping in touch & press packs
  • Kali NetHunter Pro - Announcing the first release of a "true" Kali Linux on the mobile phone (PinePhone / Pro)
  • Kali NetHunter - Internal Bluetooth support, kernel porting video, firmware updates & other improvements
  • Desktop Updates - GNOME 43 & KDE 5.26
  • New Tools - As always, various new packages added

Microsoft Azure

Its been a long time coming, but we are very happy to announce that Kali has been added to Microsoft Azure (again - and this time to stay)! Following in the foot steps of our Amazon AWS image, we are using the same kali-cloud build-scripts now to automate publishing to Microsoft Azure store.

Out of the box, currently, there is no graphical user interface, or any tools pre-installed. Should you want the default toolset (kali-linux-default) or any other combination of metapackages, it should be like any other Kali platform. For installing a desktop environment, we have the following kali-docs page: Setting up RDP with Xfce

We hope in 2023 we can revisit this again and are looking at doing ARM64 architecture, as well as different variations of images, allowing you to choose from a mixture of headless bare-bones install, the traditional environment, and a mixture of everything in-between.

More Platforms

We are now including a QEMU image with our pre-generated images. We hope this makes it easier for the people who use self-hosted Proxmox Virtual Environments (VE), virt-manager, or libvirt!

On that subject, elrey (alex) from the community has added libvirt support to our kali-vagrant build-script.

In Kali 2022.3, we have produced a Generic Cloud image. The idea of this image is that it should work in "most" cloud providers This is coming from our kali-cloud build-scripts. So if you are self-hosting OpenStack, this is a great way of getting Kali loaded up!

Social Networks

We have expanded the social networks which we post on, as well as refreshing the current ones. As a recap:

  • Facebook: facebook.com/KaliLinux
  • NEW Instagram: instagram.com/KaliLinux
  • NEW Mastodon: @kalilinux@infosec.exchange
  • Twitter: twitter.com/KaliLinux

As a reminder, we don't use social networks for technical support - you can receive community support via discord or our forums and bug reports should go to the bug tracker! Instead, we automatically post blog posts thus these accounts are mostly unmonitored!

Previous release notes

In light of "Hacker Summer Camp 2022" (BlackHat USA, BSides LV, and DEFCON) occurring right now, we wanted to push out Kali Linux 2022.3 as a nice surprise for everyone to enjoy! With the publishing of this blog post, we have the download links ready for immediate access, or you can update any existing installation.

The highlights for Kali's 2022.3's release:

  • Discord Server - Kali's new community real-time chat option has launched!
  • Test Lab Environment - Quickly create a test bed to learn, practice, and benchmark tools and compare their results
  • Opening Kali-Tools Repo - We have opened up the Kali tools repository & are accepting your submissions!
  • Help Wanted - We are looking for a Go developer to help us on an open-source project
  • Kali NetHunter Updates - New releases in our NetHunter store
  • Virtual Machines Updates - New VirtualBox image format, weekly images, and build-scripts to build your own
  • New Tools In Kali - Would not be a release without some new tools!

Kali is on Discord

We have started up a new discord server, Kali Linux & Friends. This is our new place for the Kali community to get together and chat in real-time all about Kali Linux (as well as other community projects that OffSec has to offer).

This is a community server, all with common interests. We do not have the goal to get as many users as possible, instead, we are growing a place for each other to help one another. We are focusing on quality not quantity. Please bear in mind, if you are looking for help, first search for your problem, ask questions, then wait for the community support from your peers. Remember no one is under obligation to help you, and you are more likely to get assistance if you are polite and show you have put some effort into solving your own issue.

Speaking of "real-time chatting", we are going to be starting a new tradition. We will be doing an hour long session after every Kali release where various Kali developers will come and voice chat on Discord, answer questions about Kali and its direction, take your input, and so on. We will be sure to add details about this in every blog post release going forwards.

The first one is on Tuesday, 16th August 2022 16:00 -> 17:00 UTC/+0 GMT.

Feel free to be a fly on the wall, come by to say a hello, or ask questions! This is a great opportunity to ask questions, provide your input on what can help improve Kali, or get involved and contribute!

Please note, we will not be recording these sessions. These are live sessions only.

New Tools in Kali

It would not be a Kali release if there were not any new tools added! A quick run down of what has been added (to the network repositories):

  • BruteShark - Network Analysis Tool
  • DefectDojo - Open-source application vulnerability correlation and security orchestration tool
  • phpsploit - Stealth post-exploitation framework
  • shellfire - Exploiting LFI/RFI and command injection vulnerabilities
  • SprayingToolkit - Password spraying attacks against Lync/S4B, OWA and O365

Other Kali updates

  • For people who use Xrdp (like Win-KeX), there is a new look to the login
  • We have fixed up some confusion between fuse and fuse3
  • We did some maintenance to our network repository, and shrank /kali from 1.7Tb to 520Gb!

Test Lab Environment

"A craftsman is only as good as their tools."

This is true, even outside of Information Security field, you need to understand your tools to master your craft. You can read their code to understand how they work (or a very detailed REAME at times), help screens and their manuals (if they have one) will give you a starting point on how to use them. But where do you use them especially when they are security tools? What output should the tool give? What is a successful run? How long does the tool take? What is its baseline? How can I get experience with it? All valid questions which need answers.

To try and achieve these answers, most seasoned professionals will practice first (hopefully in a known, controlled environment!). This is where a "Test Bed/Laboratory" comes into play. Theory is different to practical (You may remember this the first time you were tasked of something new to accomplish). You can take the static theory-based output from help screens, READMEs, and manual pages and hands-on enter the data into programs and monitor the dynamic output and practical response. Its one thing to read something, its another to do it. The result often gives people a deeper understanding.

Practice makes ~perfect~ permanent. So practice, practice, practice! Inquisitive minds can then start to experiment with new configurations, options, commands and flags. Then start to chain items together, or compare similar and alternative solutions, then compare the results, to become more educated and build up a benchmark of knowledge. This grows experience.

We are trying to make it a bit easier to build up your test lab. So we have packaged up:

  • DVWA - Damn Vulnerable Web Application
  • Juice Shop - OWASP Juice Shop

Kali for Virtual Machines

We have already provided Kali Linux images for VMware and VirtualBox since the start. For this release, there's been a few changes worth noting.

We now distribute the VirtualBox image as a VDI disk and a .vbox metadata file, or to say it short: the native format for VirtualBox images. It should be a bit faster to download, as those images have a better compression ratio compared to the OVA images that we used to provide. It should also be a bit more straightforward to use it, you just need to unpack the image in your VirtualBox folder and run it. In case you need help, refer to our documentation: Import Pre-Made Kali VirtualBox VM.

Additionally, we just started to provide weekly builds of our VM images. These images are built from the kali-rolling branch, meaning that they have the most up-to-date packages, but on the other hand they don't receive as much testing as our quarterly releases.

Last but not least, the scripts that we use to build those images are now available on GitLab. If you need to build custom Kali VM images, this is the place to go!

Previous release notes

Added Net Installer Mirror. With the Net Installer all packages are downloaded during the installation. The Net Installer ISO file is 415MB.

It's that time of year again, time for another Kali Linux release! Quarter #2 - Kali Linux 2022.2. This release has various impressive updates, all of which are ready for immediate download or updating.

The summary of the changelog since the 2022.1 release from February 2022 is:

  • GNOME 42 - Major release update of the popular desktop environment
  • KDE Plasma 5.24 - Version bump with a more polished experience
  • Multiple desktop enhancements - Disabled motherboard beep on Xfce, alternative panel layout for ARM, better support for VirtualBox shared folders, and lots more
  • Tweaks for the terminal - Enhanced Zsh syntax-highlighting, inclusion of Python3-pip and Python3-virtualenv by default
  • April fools - Hollywood mode - Awesome screensaver
  • Kali Unkaputtbar - BTRFS snapshot support for Kali
  • Win-KeX 3.1 - sudo support for GUI apps
  • New tools - Various new tools added
  • WPS attacks in Kali NetHunter - Added WPS attacks tab to the NetHunter app


Like for every (almost) half-year, there is a new version bump for the GNOME desktop environment. Kali 2022.2 brings the new version, GNOME 42, which is a more polished experienced following the work previously introduced in versions 40 and 41.

The shell theme now includes a more modern look, removing the arrows from the pop-up menus and using more rounded edges. In addition, we've upgraded and tweaked the dash-to-dock extension, making it integrate better with the new look and fixing some bugs.

Here is a preview of the upgraded Kali themes for gnome-shell:



GNOME 42's Built-In Screenshot and Screencast Tool

With GNOME 42, there is one new feature that is brighter than all of the others: the screenshot and screen-recording tool. It's an enormous improvement in terms of user experience. Screenshots are, at the same time, saved to the ~/Pictures/Screenshots/ folder and copied to the clipboard, so the user does not need to find them.

Quick shortcuts to skip the On Screen Display (OSD) dialog:

  • Window screenshot: Alt + PtrScr
  • Full-screen screenshot: Shift + PtrScr

KDE Plasma 5.24

This new Plasma release focuses on smoothing out wrinkles, evolving the design, and improving the overall feel and usability of the environment:

Other Desktop Enhancements

Xfce Tweaks

  • Disable noisy motherboard beep when clicking the logout dialog! Thank you @DavidAlvesWeb!
  • Configure mousepad (text editor) to add the missing newline at the end of the file (POSIX standard): It was especially problematic if you used the text file in the terminal. Printing two files would show their respective last and first lines joined.
  • Set the default wallpaper for multi-monitor setups
  • Fix mouse pointer size to prevent auto-scaling in large displays
  • New simplified panel layout for arm devices: The layout we generally use for Xfce works perfectly, but it could not fit in undersized displays. This issue was common on ARM devices like the Raspberry Pi, which can use a screen the size of the board. Therefore, we have created an alternative panel layout that gets automatically applied for all ARM-based images. Here is an example of a display with a 800x480 resolution:

This modification also removes the CPU graph widget, not only due to the horizontal space it required, but also because it had a performance hit in low spec ARM devices.

App Icons

It has been some time since the last update of the kali menu. This time the icons for nmap, ffuf, and edb-debugger were improved and updated, and new ones were added for evil-winrm and bloodhound.

Another improvement for the app dashboard is that the programs that include a user interface will now respect the custom icon provided by Kali. Previously, the icon in the app drawer showed the proper image, but once you launched it, the icon hardcoded to the program took preference, usually using a lower quality and pixelated image. This change will only affect KDE and GNOME desktops and, unfortunately, does not work on Xfce. Thankfully, this issue was more noticeable in these desktops, as icons in Xfce's panel are tiny.



Previous release notes

With the end of 2021 just around the corner, we are pushing out the last release of the year with Kali Linux 2021.4, which is ready for immediate download or updating.

The summary of the changelog since the 2021.3 release from September 2021 is:

  • Improved Apple M1 support
  • Wide compatibility for Samba
  • Switching package manager mirrors
  • Kaboxer theming
  • Updates to Xfce, GNOME and KDE
  • Raspberry Pi Zero 2 W + USBArmory MkII ARM images
  • More tools

Kali on the Apple M1

As we announced in Kali 2021.1 we supported installing Kali Linux on Parallels on Apple Silicon Macs, well with 2021.4, we now also support it on the VMware Fusion Public Tech Preview thanks to the 5.14 kernel having the modules needed for the virtual GPU used. We also have updated the open-vm-tools package, and Kali's installer will automatically detect if you are installing under VMware and install the open-vm-tools-desktop package, which should allow you to change the resolution out of the box. As a reminder, this is still a preview from VMware, so there may be some rough edges. There is no extra documentation for this because the installation process is the same as VMWare on 64-bit and 32-bit Intel systems, just using the arm64 ISO.

As a reminder, virtual machines on Apple Silicon are still limited to arm64 architecture only.

Extended Compatibility for the Samba Client

Starting Kali Linux 2021.4, the Samba client is now configured for Wide Compatibility so that it can connect to pretty much every Samba server out there, regardless of the version of the protocol in use. This change should make it easier to discover vulnerable Samba servers "out of the box", without having to configure Kali.

This setting can be changed easily via the command-line tool kali-tweaks. In the Hardening section, one can choose the value Default instead, which reverts back to Samba's usual default, and only allow using modern versions of the Samba protocol.

New Tools in Kali

It would not be a Kali release if there were not any new tools added! A quick run down of what's been added (to the network repositories):

  • Dufflebag - Search exposed EBS volumes for secrets
  • Maryam - Open-source Intelligence (OSINT) Framework
  • Name-That-Hash - Do not know what type of hash it is? Name That Hash will name that hash type!
  • Proxmark3 - if you are into Proxmark3 and RFID hacking
  • Reverse Proxy Grapher - graphviz graph illustrating your reverse proxy flow
  • S3Scanner - Scan for open S3 buckets and dump the contents
  • Spraykatz - Credentials gathering tool automating remote procdump and parse of lsass process.
  • truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
  • Web of trust grapher (wotmate) - reimplement the defunct PGP pathfinder without needing anything other than your own keyring

Desktop & Theme Enhancement

This release brings updates for all the 3 main desktops (Xfce, GNOME, and KDE), but one that is common to all of them is the new window buttons design. Previous buttons were designed to fit the window theme of Xfce but did not work well with the other desktops and lacked personality. The new design looks elegant on any of the desktops and makes it easier to spot the currently focused window.


The panel layout has been tweaked to optimize horizontal space and make room for 2 new widgets: the CPU usage widget and the VPN IP widget, which remains hidden unless a VPN connection is established.

Following the steps of other desktops, the task manager has been configured to "icons only", which, with the slight increase in the panel's height, makes the overall look cleaner and improves multitasking in smaller displays.

The workspaces overview has been configured to the "Buttons" appearance, as the previous configuration "Miniature view" was too wide and a bit confusing for some users. Now that each workspace button takes less space in the panel, we have increased the default number of workspaces to 4, as it's a usual arrangement in Linux desktops.

To finish with the modifications, a shortcut to PowerShell has been added to the terminals dropdown menu. With this addition, you can now choose between the regular terminal, root terminal, and PowerShell.