Kali

Overview

Kali Linux is an open source, Debian-based Linux distribution designed for network security, penetration testing, digital forensics, and reverse engineering, developed and maintained by Offensive Security. It integrates more than 600 pre-installed security tools (such as Metasploit, Nmap, Wireshark), and is the preferred platform for ethical hackers, penetration testers, and network security professionals. Kali Linux provides live boot and forensics mode, supports multiple devices (x86_64, ARM, Android), and is popular around the world for its flexibility and professionalism, especially for appearing in the American TV series "Mr. Robot".

History and Development

• Origin:
  • Kali Linux was released by Mati Aharoni and Devon Kearns in March 2013 (Kali 1.0.0). It is a rewrite of its predecessor BackTrack (based on Knoppix), based on Debian to provide a more stable foundation.
  • BackTrack (2006-2012) is an early security testing distribution. Kali inherited its tool set and optimized the user experience.
• Development History:
  • 2013-2015: Kali 1.x series introduced 600+ security tools, supported Live Boot and forensic mode, and quickly gained community recognition.
  • 2020: Kali Linux introduced Kali Undercover (hidden mode, reduced conspicuity) and non-root default users to improve security.
  • 2023: Launched Kali Purple, focusing on defensive security and integrating NIST Cybersecurity Framework tools.
  • 2024-2025: Kali 2024.4 (November 2024) stops supporting the 32-bit i386 architecture, focuses on x86_64 and ARM, and adds support for more ARM devices (such as Raspberry Pi) and Android (Kali NetHunter).
• Community and support:
  • Maintained by Offensive Security, hosted on kali.org and GitHub.
  • Provides official documentation (docs.kali.org), forums, IRC channels and vulnerability tracking systems.
• Open source license:
  • Adopts GNU GPL (General Public License), allowing free use, modification and distribution, derivative works must be open source, in line with Debian's free software guidelines.
  • Compared with SQLite (public domain, no restrictions) and PostgreSQL (similar to MIT, copyright notices must be retained), GPL requirements are stricter.

Main Features

Kali Linux is known for its security toolset, flexible deployment, and professional use. Here are its main features:

1. Pre-installed security tools
   • Number of tools: 600+ penetration testing tools, classified into information collection, vulnerability analysis, wireless attacks, web application testing, password cracking, etc.
   • Core tools:
     • Metasploit: Penetration testing framework (such as SQL injection).
     • Nmap: Port scanner, check server network security.
     • Wireshark: Packet analyzer.
     • Burp Suite/OWASP ZAP: Web application security scanner.
     • Aircrack-ng: Wireless network testing tool, suitable for Wi-Fi security auditing.
     • John the Ripper: Password cracking tool, test user authentication strength.
2. Live boot and forensics mode
   • Live Boot:
     • Support booting from USB or CD, no installation required, suitable for temporary security testing.
     • Live Boot makes Kali available at any time.
   • Forensic mode:
     • Disable automatic mounting and swap space, protect original data, suitable for digital forensics.
3. Flexible deployment methods
   • Supported platforms:
     • x86_64 and ARM: support Raspberry Pi, BeagleBone Black, Samsung Chromebook, etc.
     • Kali NetHunter: Mobile penetration testing platform for Android devices, supporting Nexus and Samsung Galaxy.
     • WSL: Kali on Windows Subsystem for Linux, supporting Win-KeX desktop experience.
     • Cloud deployment: AWS, Azure, etc. provide pre-installed Kali images.
   • Containerization: Support Docker and LXD, fast deployment toolset.
4. Desktop environment
   • Default desktop: XFCE (lightweight, customizable), suitable for low-end devices and penetration testing.
   • Other options: support GNOME, KDE Plasma, LXDE, etc., installed through declarative configuration.
   • Kali Undercover: Hidden mode, simulating the Windows interface to reduce conspicuity.
5. Community and Documentation
   • Documentation: Detailed official documentation (docs.kali.org), covering installation, tool usage and cases.
   • Community: Active forums, IRC and X communities.
   • Training: Offensive Security provides OSCP certification and the book "Kali Linux Revealed".

Advantages and Limitations

Advantages

• Professional security tools:
  • 600+ pre-installed tools, covering penetration testing, forensics and reverse engineering, suitable for testing project security.
  • X post said "Kali is the Swiss Army Knife of penetration testing".
• Flexible deployment:
  • Supports Live Boot, containers, cloud deployment and ARM devices, suitable for mobile office in Hong Kong.
• Open source and free:
  • GNU GPL license, free to use, allows modification and distribution, suitable for open source contributions.
• Community support:
  • Active community and documentation, suitable for learning network security (such as OSCP certification).
• Kali Purple:
  • A defensive security version launched in 2023, suitable for data protection.

Limitations

• Not suitable for beginners:
  • Kali is aimed at professional users, and Linux beginners may find it difficult to get started.
  • Solution: Learn Linux basics in Ubuntu first.
• Resource usage:
  • XFCE is lightweight, but 600+ tools take up disk space (about 10GB+).
  • Solution: Run on VirtualBox or high-performance devices, and clean up unnecessary tools.
• Non-general use:
  • Not suitable for daily office or beginners learning Linux.
  • Solution: Use Ubuntu for daily use and Kali for security testing.
• GPL license restrictions:
  • Derivative works must be open source, which is stricter than SQLite (public domain) or PostgreSQL (similar to MIT).
  • Solution: Use Kali only for testing.
• Stability issues:
  • Rolling updates may cause tool instability and require testing.

Summary

Kali Linux is an open source Linux distribution based on Debian, designed for penetration testing, digital forensics and network security. It integrates 600+ tools (such as Metasploit, Burp Suite), supports Live Boot, forensics mode and multi-platform deployment (x86_64, ARM, Android). Its default XFCE desktop environment is lightweight and efficient, suitable for professional security testing.