What is Kali Linux?
The Linux distribution Kali Linux is based on Debian and uses Gnome as a desktop interface. It is specialized in the execution of penetration and security tests. A variety of tools and programs can be found in the distribution for this purpose. Kali Linux is an open-source project, operated and financed by Offensive Security and is aimed primarily at professional users, but can also be used by private individuals.
The first version of Kali Linux 1.0 was released in 2013 as the successor to BackTrack. Currently, the distribution is available in version 2017.2. In addition to running as a live Linux directly from a DVD, it is possible to start it in a virtual machine and install it on a 32bit or 64bit x86 system as well as on computers with ARM architecture.
The single-board computer Raspberry Pi can also be run with the Kali distribution. For some Android-based devices, there is the penetration testing platform NetHunter, which was created from Kali Linux.
Abuse possibilities of Kali Linux
Kali Linux can not only be used for legal security and penetration tests but can be abused and used illegally by hackers. Passwords can be cracked, server systems deliberately overloaded or wireless WLAN networks spied on. Anyone who uses the Kali distribution must be aware that tests and attacks on systems are only permitted if they have authorization from the owner or if they belong to you.
Service providers using the Linux distribution for their services need appropriate permission to perform tests from authorized persons or management. Since the Kali Linux distribution contains tools and software that fall under the so-called hacking paragraph, possession or distribution may be punishable if there is an intent to use them illegally.
The most important tools of the Kali distribution
The tools of Kali Linux are available to users through the desktop’s DeepL access. They are divided into different categories and sorted by popularity. Currently, several hundred tools and applications as well as numerous documentations are available in the distribution, which can be used to test and evaluate the security of IT systems and networks.
Since the programs are obtained at regular intervals from the Debian repository, it is ensured that the latest versions are available.
Popular tools for network diagnostics include the graphical network sniffer Wireshark and the network manipulation tool Ettercap. The Nmap network scanner can be used to explore and analyze a network. For wireless WLAN networks, the passive sniffer Kismet is available. Network packet forgery is made possible by the tool Nemesis.
Other tools include the Maltego program for collecting data on companies or individuals on the Internet, the Social-Engineer Toolkit (SET), John the Ripper, a program for testing and cracking passwords, and the Metasploit exploit framework. It allows the execution of various attack methods to test the vulnerability of systems via exploits.
The forensic capabilities of Kali Linux
Kali Linux not only specializes in examining network communications or penetrating computer systems but also comes with numerous forensic tools. These can be used to analyze data media or recover deleted data. Autopsy, for example, makes long-deleted data visible as long as it has not yet been overwritten. Even from a working memory image, information about executed applications and processed data can be obtained with the right tool.