Why is Kali Linux popular among hackers?

Kali is a popular distro among the security community due to its design, it incorporates tools oriented towards penetration testing, security research, computer forensics and reverse engineering. Kali Linux became mainstream popular thanks to the TV Series Mr. Robot.

How many tools does Kali Linux include?

Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners).

How secure is Kali Linux?

Kali Linux is developed in a secure location with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Is Kali Linux portable?

Kali Linux can run natively when installed on a PC, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

What Linux distribution is Kali Linux based on?

Kali Linux is based on Debian Wheezy. Most packages Kali uses are imported from the Debian repositories.

What version of Kali Linux should I download?

Each version of Kali Linux is optimized for a specific purpose or platform. First, you have to establish your system's architecture. If your system is 64-bit and you want to have a permanent installation, the Kali Linux ISO 64-bit is your choice. If you want to try Kali Linux without having to install it, the portable versions are the way to go.

Kali Linux was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu. The third core developer Raphaël Hertzog joined them as Debian expert.

What's New

Hello 2024! Today we are unveiling Kali Linux 2024.1. As this is our the first release of the year, it does include new visual elements! Along with this we also have some exciting new mirrors to talk about, and of course some package changes - both new tools and upgrades to existing ones. If you want to see the new theme for yourself and maybe try out one of those new mirrors, download a new image or upgrade if you have an existing Kali Linux installation.

The summary of the changelog since the 2023.4 release from December is:

  • Micro Mirror Free Software CDN - FCIX Software Mirror reached out offering to host our images, and we said yes
  • 2024 Theme Refresh - Our yearly theme refresh with all new wallpapers and GRUB theme
  • Other Desktop Environment Changes - A few new tweaks to our default environments
  • NetHunter Updates - NetHunter Rootless for Android 14, Bad Bluetooth HID attacks, and other updates
  • New Tools - As always, various new shiny tools!

Introducing the Micro Mirror Free Software CDN

With this latest release of Kali Linux, our network of community mirrors grew much stronger, thanks to the help of the Micro Mirror CDN! Here's the story.

Last month we replied to a long-forgotten email from Kenneth Finnegan from the FCIX Software Mirror. The FCIX is a rather big mirror located in California, and they reached out to offer to host the Kali images on their mirror. To which we answered yes please, and that was it; shortly after, the Kali images were added to the FCIX mirror. So far so good, and it could have been the end of the story, but then Kenneth followed up:

We're now also operating another 32 other mirrors which are optimized for minimal storage and hosting only the highest traffic projects […] Would the Kali project be willing to accept ten additional mirrors from the FCIX organization?

Wow, 10 additional mirrors, that sounds very nice indeed! But, wait, 32 mirrors??? How come? Where do all those mirrors come from? That was intriguing. As it turns out, Kenneth operates a network of mirrors, which was officially announced back in May 2023 on his blog: Building the Micro Mirror Free Software CDN. For anyone interested in Internet infrastructure, we encourage you to read it, that's a well-written blog post right there, waiting for you.

So what is the Micro Mirror CDN exactly? One-liner: a network of mirrors dedicated to serving Linux and Free Software. Contrary to traditional mirrors that host around 50TB of project files, Micro Mirrors are machines with "only" a few TB of storage, that focus on hosting only the most high-demand projects. In other words: they provide additional bandwidth where it's needed the most. Another important difference with traditional mirrors is that those machines are not managed by the sponsor (the organization that funds the mirror). Usually, a sponsor provides the bandwidth, the mirror, and also administrates it. While here, the sponsor only provides the bandwidth, and it's the FCIX Micro Mirror team that does everything else: buy the hardware, ship it to the data-center, and then manage it remotely via their public Ansible playbook.

For anyone familiar with mirroring, it's quite exciting to see such a project taking shape. Free software and Linux distributions have been distributed thanks to community-supported mirrors for almost three decades now, it's a long tradition. It's true that we've seen some changes over the last years, and these days some of the biggest FOSS projects are entirely distributed via a CDN, leaving behind the mirroring system. For Kali Linux we use a mixed approach: it is distributed in part thanks to 50+ mirrors across the world, and in part thanks to the Cloudflare CDN that acts as a ubiquitous mirror. We are lucky to benefit from a very generous sponsorship from Cloudflare since 2019. But smaller or newer projects don't get this chance, thus community mirrors are still essential to free software distribution. That's why it's nice to see a project like the Micro Mirror CDN, it's a novel approach in the field of mirroring, and with Kali Linux we are very grateful to be part of the journey.

For any organization out there that has spare bandwidth and wants to support free software, the Micro Mirror project might be something you are interested in. You might want to look at their product brief for a more thorough description of the service, and email mirror at fcix dot net for more information. we'll just quote one line that summarize it really well:

From the hosting sponsor's perspective, the Micro Mirror is a turnkey appliance, where they only need to provide network connectivity and remote hands to install the hardware, where all sysadmin and monitor work is handled by the FCIX team with the economy of scale on our side.

A big thanks to the FCIX team, and Kenneth Finnegan in particular, for their generous offer. Thanks to their help, the Kali images are now served from ten additional mirrors: seven in the US, one in Colombia, one in the UK and one in Australia.

And while we are talking about mirrors: we also got plenty of new mirrors from various sponsors during this release cycle, check the dedicated section below for details.

2024 Theme Refresh

As for previous 20**.1 releases, this update brings with it our annual theme refresh, a tradition that keeps our interface as cutting-edge as our tools. This year marks the unveiling of our newest theme, meticulously crafted to enhance user experience from the moment you boot up. With significant updates to the boot menu, login display, and an array of captivating desktop wallpapers, for both our regular Kali and Kali Purple editions. We are dedicated to not only advancing our cybersecurity capabilities but also ensuring that the aesthetic appeal of our platform matches the power within.

Read the complete release notes here.

Previous Release Notes:

GNOME 45

With GNOME 45 hot off the press, Kali Linux is now supporting it! And is looking pretty in the process!

For people who opt to use GNOME as their desktop environment, GNOME 45 is now here! If you do not read their changelog, below is a quick summary mixed with some of our tweaks:

  • Full-height sidebars in many updated apps
  • Highly improved speed of search in nautilus file manager
  • Unfortunately the update for nautilus was not ready for this release, but it will arrive as a later update soon
  • Improved settings** app (gnome-control-center)
  • Updated color-schemes for gnome-text-editor
  • Updated themes for shell, libadwaita, gtk-3 and gtk-4
  • Updated gnome-shell extensions
  • Shell updates, including a new workspace indicator, replacing the previous "Activities" button
  • It is also possible to scroll your mouse wheel while hovering over the indicator to switch between workspaces

Internal Infrastructure

We are still undergoing big changes with our infrastructure, and as always, it is taking longer than planned! The wait has been worth it, and long standing items are getting fixed or replaced!

Enters Mirrorbits

One of the projects which is now complete is the migration of our "mirror redirector". This is our biggest user-facing service, as without this, all default Kali installations would not be able to use apt (aka http.kali.org), or being able to download Kali image (cdimage.kali.org). This service sits in-front of our mirrors (archive*.kali.org), community mirrors and Cloudflare (kali.download). It is responsible for redirecting every request to its nearest mirror, based on a few factors such as geographic location, mirror speed, and mirror "freshness".

Since Kali was launched back in March 2013, until November 2023 we had been using MirrorBrain. Unfortunately, the project has been unmaintained since 2015, and so after 10 years in production, it was really time to say good-bye. Today, we are now using Mirrorbits.

The first thing we can say is that, with Mirrorbits, we find ourselves lucky: this is a rock-solid piece of software, built on modern tech (Go and Redis), initially released 10 years ago, and running in production for just as long. It was initially developed by Ludovic Fauvet from VideoLAN in order to distribute the VLC media player. And over these years, it has been adopted by a growing number of FOSS projects such as GNOME, Jenkins, Lineage OS, and many others.

As it happens, our use-case of Mirrorbits is different to what it was originally created for: distributing VLC, or in other words, a rather small set of static files. Kali Linux being a complete Linux distribution, it means that we distribute a huge number of files (at times there can be millions of files in our repo). Being a rolling distribution means that Mirrorbits must cope with fast-changing metadata in the repository. We also need to distribute Kali over both HTTP and HTTPS, which was not well supported.

Thus, the transition to Mirrorbits was not trivial, it did not work "out-of-the-box" for us, and we had to rework some pieces here and there, and basically hammer at it until it does the job. But it was well worth it, and in the end our modifications were clean enough that we could submit it all upstream. We really hope that all of this work will be accepted, thus making it easier for Linux distributions in general to use Mirrorbits going forward. Oh, and we have created and are maintaining the Debian package!

Much more could be written on the topic, and we plan a longer blog post dedicated to it. But for now, enough's been said.

New Tools in Kali

It would not be a Kali release if there were not any new tools added! A quick run down of what has been added (to the network repositories):

  • cabby - TAXII client implementation
  • cti-taxii-client - TAXII 2 client library
  • enum4linux-ng - Next generation version of enum4linux with additional features (a Windows/Samba enumeration tool)
  • exiflooter - Finds geolocation on all image URLs and directories
  • h8mail - Email OSINT & Password breach hunting tool
  • Havoc - Modern and malleable post-exploitation command and control framework
  • OpenTAXII - TAXII server implementation
  • PassDetective - Scans shell command history to detect mistakenly written passwords, API keys, and secrets
  • Portspoof - All 65535 TCP ports are always open & emulates services
  • Raven - Lightweight HTTP file upload service
  • ReconSpider - Most Advanced Open Source Intelligence (OSINT) Framework
  • rling - RLI Next Gen (Rling), a faster multi-threaded, feature rich alternative to rli
  • Sigma-Cli - List and convert Sigma rules into query languages
  • sn0int - Semi-automatic OSINT framework and package manager
  • SPIRE - SPIFFE Runtime Environment is a toolchain of APIs for establishing trust between software systems

There have also been numerous packages updates and new libraries as well. We also bump the Kali kernel to 6.5.0!

Community Packages

There have been multiple tools submitted from the community, ready to be merged into Kali:

  • h8mail - Credit to: Jason "5nacks" Kregting & TraceLabs
  • PassDetective - Credit to: Yunus "aydinnyunus" AYDIN
  • sn0int - Credit to: kpcyrd

For more information about this, please see our blog post from previous release.

Miscellaneous

Below are a few other things which have been updated in Kali, which we are calling out which do not have as much detail on:

  • We have changed our newsletter provider to SubStack!
  • If you want our blog posts, and only that, in your inbox, sign up!
  • We have seen an issue with VMware currently (VMware workstation 17.5), where it appears input (keyboard/mouse) will freeze after a period of time
  • Check the above link for a workaround solution
  • If you use our pre-generated VMs, the patch has already been applied
  • There also appears to be an issue with KDE inside a virtual machine, where certain functions between host/guest not working, such as shared clipboard (copy/paste)
  • We have added support for QT6 themes
  • A friendly reminder about Python v3.12 PIP install change which will alter "soon"