Keywords

Linux distribution
Debian derivative
Purpose
Features
Policies
 Chapter

About Kali Linux 1

Contents

A Bit of History 2 Relationship with Debian 4 Purpose and Use Cases 5 Main Kali Linux Features 8
Kali Linux Policies 10 Summary 11
 Kali Linux1 is an enterprise-ready security auditing Linux distribution based on Debian
GNU/Linux. Kali is aimed at security professionals and IT administrators, enabling them to con-
duct advanced penetration testing, forensic analysis, and security auditing.

What is a Linux Although it is commonly used as a name for the entire operating system, Linux is
Distribution? just the name of the kernel, a piece of software that handles interactions between the
hardware and end-user applications.
The expression Linux distribution, on the other hand, refers to a complete operating
system (OS) built on top of the Linux kernel, usually including an installation pro-
gram and many applications, which are either pre-installed or packaged in an easily
installable way.
Debian GNU/Linux2 is a leading generic Linux distribution, known for its quality and
stability. Kali Linux builds on the work of the Debian project and adds over 400 special-
purpose packages of its own, all related to information security, particularly the field
of penetration testing.
Debian is a free software project providing multiple versions of its operating system
and we often use the term distribution to refer to a specific version of it, for exam-
ple the Debian Stable or Debian Testing distributions. The same also applies to Kali
Linux—with the Kali Rolling distribution, for example.

1.1. A Bit of History

The Kali Linux project began quietly in 2012, when Offensive Security decided that they wanted to
replace their venerable BackTrack Linux project, which was manually maintained, with something
that could become a genuine Debian derivative3 , complete with all of the required infrastructure
and improved packaging techniques. The decision was made to build Kali on top of the Debian dis-
tribution because it is well known for its quality, stability, and wide selection of available software.
That is why I (Raphaël) got involved in this project, as a Debian consultant.
The first release (version 1.0) happened one year later, in March 2013, and was based on Debian
7 “Wheezy”, Debian’s stable distribution at the time. In that first year of development, we pack-
aged hundreds of pen-testing-related applications and built the infrastructure. Even though the
number of applications is significant, the application list has been meticulously curated, drop-
ping applications that no longer worked or that duplicated features already available in better
programs.
During the two years following version 1.0, Kali released many incremental updates, expanding
the range of available applications and improving hardware support, thanks to newer kernel re-
leases. With some investment in continuous integration, we ensured that all important packages
1
[Link]
2
[Link]
3
[Link]

2 Kali Linux Revealed

were kept in an installable state and that customized live images (a hallmark of the distribution)
could always be created.
In 2015, when Debian 8 “Jessie” came out, we worked to rebase Kali Linux on top of it. While
Kali Linux 1.x avoided the GNOME Shell (relying on GNOME Fallback instead), in this version we
decided to embrace and enhance it: we added some GNOME Shell extensions to acquire missing
features, most notably the Applications menu. The result of that work became Kali Linux 2.0,
published in August 2015.

Xfce is Kali Linux’s A desktop environment is a collection of graphical applications that share a common
Default Desktop graphical toolkit and that are meant to be used together on user workstations. Desk-
Environment top environments are generally not used in servers. They usually provide an applica-
tion launcher, a file manager, a web browser, an email client, an office suite, etc.
Xfce4 is one of the most popular lightweight desktop environments, perfect for our
live ISO images and is included on the main installer ISO images provided by Kali
Linux (together with GNOME5 , KDE6 ). You can select a desktop environment of your
choosing during installation. Otherwise, post-installation you have the additional
options of; i37 , i3-gaps8 , MATE9 , Enlightenment10 , LXDE11 .

In parallel, we increased our efforts to ensure that Kali Linux always has the latest version of all
pen-testing applications. Unfortunately, that goal was a bit at odds with the use of Debian Stable12
as a base for the distribution, because it required us to backport many packages. This is due to the
fact that Debian Stable puts a priority on the stability of the software, often causing a long delay
from the release of an upstream update to when it is integrated into the distribution. Given our
investment in continuous integration, it was quite a natural move to rebase Kali Linux on top of
Debian Testing13 so that we could benefit from the latest version of all Debian packages as soon
as they were available. Debian Testing has a much more aggressive update cycle, which is more
compatible with the philosophy of Kali Linux.
This is, in essence, the concept of Kali Rolling. While the rolling distribution has been available
for quite a while, Kali 2016.1 was the first release to officially embrace the rolling nature of that
distribution: when you install the latest Kali release, your system actually tracks the Kali Rolling
distribution and every single day you get new updates. In the past, Kali releases were snapshots of
the underlying Debian distribution with Kali-specific packages injected into it.
4
[Link]
5
[Link]
6
[Link]
7
[Link]
8
[Link]
9
[Link]
10
[Link]
11
[Link]
12
[Link]
13
[Link]

Chapter 1 — About Kali Linux 3

 A rolling distribution has many benefits but it also comes with multiple challenges, both for those
of us who are building the distribution and for the users who have to cope with a never-ending
flow of updates and sometimes backwards-incompatible changes. This book aims to give you the
knowledge required to deal with everything you may encounter while managing your Kali Linux
installation.

1.2. Relationship with Debian

The Kali Linux distribution is based on Debian Testing14 . Therefore, most of the packages available
in Kali Linux come straight from this Debian repository.
While Kali Linux relies heavily on Debian, it is also entirely independent15 in the sense that we
have our own infrastructure and retain the freedom to make any changes we want.

1.2.1. The Flow of Packages

On the Debian side, the contributors are working every day on updating packages and uploading
them to the Debian Unstable distribution (Unstable is also known as sid16 ). From there, packages
migrate to the Debian Testing distribution once the most troublesome bugs have been taken out.
The migration process also ensures that no dependencies are broken in Debian Testing. The goal
is that Testing is always in a usable (or even releasable!) state.
Debian Testing’s goals align quite well with those of Kali Linux so we picked it as the base. To add
the Kali-specific packages in the distribution, we follow a two-step process.
First, we take Debian Testing and force-inject our own Kali packages (located in our kali-dev-only
repository) to build the kali-dev repository. This repository will break from time to time: for in-
stance, our Kali-specific packages might not be installable until they have been recompiled against
newer libraries. In other situations, packages that we have forked might also have to be updated,
either to become installable again, or to fix the installability of another package that depends on
a newer version of the forked package. In any case, kali-dev is not for end-users.
kali-rolling is the distribution that Kali Linux users are expected to track and is built out of kali-dev
in the same way that Debian Testing is built out of Debian Unstable. Packages migrate only when
all dependencies can be satisfied in the target distribution.

14
[Link]
15
[Link]
16
[Link]

4 Kali Linux Revealed

1.2.2. Managing the Difference with Debian

As a design decision, we try to minimize the number of forked packages as much as possible. How-
ever, in order to implement some of Kali’s unique features, some changes must be made. To limit
the impact of these changes, we strive to send them upstream, either by integrating the feature di-
rectly, or by adding the required hooks so that it is straightforward to enable the desired features
without further modifying the upstream packages themselves.
The Kali Package Tracker17 helps us to keep track of our divergence with Debian. At any time, we
can look up which package has been forked and whether it is in sync with Debian, or if an update
is required. All our packages are maintained in Git repositories18 hosting a Debian branch and a
Kali branch side-by-side. Thanks to this, updating a forked package is a simple two-step process:
update the Debian branch and then merge it into the Kali branch.
While the number of forked packages in Kali is relatively low, the number of additional packages
is rather high: in January 2021 there were almost 50019 . Most of these packages are free software
complying with the Debian Free Software Guidelines20 and our ultimate goal would be to maintain
those packages within Debian whenever possible. That is why we strive to comply with the Debian
Policy21 and to follow the good packaging practices used in Debian. Unfortunately, there are also
quite a few exceptions where proper packaging was nearly impossible to create. As a result of
time being scarce, few packages have been pushed to Debian.

1.3. Purpose and Use Cases

While Kali’s focus can be quickly summarized as “penetration testing and security auditing”, there
are many different tasks involved behind those activities. Kali Linux is built as a platform, because
it includes many tools covering very different use cases (though they may certainly be used in
combination during a penetration test).
For example, Kali Linux can be used on various types of computers: obviously on the laptops of
penetration testers, but also on servers of system administrators wishing to monitor their net-
work, on the workstations of forensic analysts, and more unexpectedly, on stealthy embedded de-
vices, typically with ARM CPUs, that can be dropped in the range of a wireless network or plugged
in the computer of target users. Many ARM devices are also perfect attack machines due to their
small form factors and low power requirements. Kali Linux can also be deployed in the cloud to
quickly build a farm of password-cracking machines and on mobile phones and tablets to allow
for truly portable penetration testing.

17
[Link]
18
[Link]
19
[Link]
20
[Link]
21
[Link]

Chapter 1 — About Kali Linux 5

 But that is not all; penetration testers also need servers: to use collaboration software within a
team of pen-testers, to set up a web server for use in phishing campaigns, to run vulnerability
scanning tools, and other related activities.
Once you have booted Kali, you will quickly discover that Kali Linux’s main menu is organized by
theme across the various kinds of tasks and activities that are relevant for pen-testers and other
information security professionals as shown in Figure 1.1, “Kali Linux’s Applications Menu” [page
6].

Figure 1.1 Kali Linux’s Applications Menu

These tasks and activities include:

• Information Gathering: Collecting data about the target network and its structure, identify-
ing computers, their operating systems, and the services that they run. Identifying poten-
tially sensitive parts of the information system. Extracting all sorts of listings from running
directory services.

• Vulnerability Analysis: Quickly testing whether a local or remote system is affected by a

number of known vulnerabilities or insecure configurations. Vulnerability scanners use
databases containing thousands of signatures to identify potential vulnerabilities.

• Web Application Analysis: Identifying misconfigurations and security weaknesses in web

applications. It is crucial to identify and mitigate these issues given that the public avail-
ability of these applications makes them ideal targets for attackers.

6 Kali Linux Revealed

• Database Assessment: From SQL injection to attacking credentials, database attacks are a
common vector for attackers. Tools that test for attack vectors ranging from SQL injection
to data extraction and analysis can be found here.
• Password Attacks: Authentication systems are always a go-to attack vector. Many useful
tools can be found here, from online password attack tools to offline attacks against the
encryption or hashing systems.
• Wireless Attacks: The pervasive nature of wireless networks means that they will always
be a commonly attacked vector. With its wide range of support for multiple wireless cards,
Kali is an obvious choice for attacks against multiple types of wireless networks.
• Reverse Engineering: Reverse engineering is an activity with many purposes. In support
of offensive activities, it is one of the primary methods for vulnerability identification and
exploit development. On the defensive side, it is used to analyze malware employed in tar-
geted attacks. In this capacity, the goal is to identify the capabilities of a given piece of
tradecraft.
• Exploitation Tools: Exploiting, or taking advantage of a (formerly identified) vulnerability,
allows you to gain control of a remote machine (or device). This access can then be used
for further privilege escalation attacks, either locally on the compromised machine, or on
other machines accessible on its local network. This category contains a number of tools
and utilities that simplify the process of writing your own exploits.
• Sniffing & Spoofing: Gaining access to the data as they travel across the network is often ad-
vantageous for an attacker. Here you can find spoofing tools that allow you to impersonate
a legitimate user as well as sniffing tools that allow you to capture and analyze data right
off the wire. When used together, these tools can be very powerful.
• Post Exploitation: Once you have gained access to a system, you will often want to maintain
that level of access or extend control by laterally moving across the network. Tools that
assist in these goals are found here.
• Forensics: Forensic Linux live boot environments have been very popular for years now.
Kali contains a large number of popular Linux-based forensic tools allowing you to do ev-
erything from initial triage, to data imaging, to full analysis and case management.
• Reporting Tools: A penetration test is only complete once the findings have been reported.
This category contains tools to help collate the data collected from information-gathering
tools, discover non-obvious relationships, and bring everything together in various reports.
• Social Engineering Tools: When the technical side is well-secured, there is often the possi-
bility of exploiting human behavior as an attack vector. Given the right influence, people
can frequently be induced to take actions that compromise the security of the environment.
Did the USB key that the secretary just plugged in contain a harmless PDF? Or was it also a
Trojan horse that installed a backdoor? Was the banking website the accountant just logged
into the expected website or a perfect copy used for phishing purposes? This category con-
tains tools that aid in these types of attacks.

Chapter 1 — About Kali Linux 7

 1.4. Main Kali Linux Features

Kali Linux is a Linux distribution that contains its own collection of hundreds of software tools
specifically tailored for their target users—penetration testers and other security professionals.
It also comes with an installation program to completely setup Kali Linux as the main operating
system on any computer.
This is pretty much like all other existing Linux distributions but there are other features that
differentiate Kali Linux, many of which are tailored to the specific needs of penetration testers.
Let’s have a look at some of those features.

1.4.1. A Live System

Alongside the main installer ISO images, Kali Linux offers a separate live ISO image to download.
This allows you to use Kali Linux as a bootable live system. In other words, you can use Kali Linux
without installing it, just by booting the ISO image (usually after having copied the image onto a
USB key).
The live system contains the tools most commonly used by penetration testers, so even if your day-
to-day system is not Kali Linux, you can simply insert the disk or USB key and reboot to run Kali.
However, keep in mind that the default configuration will not preserve changes between reboots.
If you configure persistence with a USB key (see section 9.4, “Adding Persistence to the Live ISO
with a USB Key” [page 246]), then you can tweak the system to your liking (modify config files,
save reports, upgrade software, and install additional packages, for example), and the changes
will be retained across reboots.

1.4.2. Forensics Mode

In general, when doing forensic work on a system, you want to avoid any activity that would alter
the data on the analyzed system in any way. Unfortunately, modern desktop environments tend
to interfere with this objective by trying to auto-mount any disk(s) they detect. To avoid this
behavior, Kali Linux has a forensics mode that can be enabled from the boot menu: it will disable
all such features.
The live system is particularly useful for forensics purposes, because it is possible to reboot any
computer into a Kali Linux system without accessing or modifying its hard disks.

8 Kali Linux Revealed

1.4.3. A Custom Linux Kernel

Kali Linux always provides a customized recent Linux kernel22 , based on the version in Debian
Unstable. This ensures solid hardware support, especially for a wide range of wireless devices.
The kernel is patched23 for wireless injection support since many wireless security assessment
tools rely on this feature.
Since many hardware devices require up-to-date firmware files (found in /lib/firmware/), Kali
installs them all by default—including the firmware available in Debian’s non-free section. Those
are not installed by default in Debian, because they are closed-source and thus not part of Debian
proper.

1.4.4. Completely Customizable

Kali Linux is built by penetration testers for penetration testers, but we understand that not ev-
eryone will agree with our design decisions or choice of tools to include by default. With this in
mind, we always ensure that Kali Linux is easy to customize based on your own needs and prefer-
ences. To this end, we publish the live-build24 configuration used to build the official Kali images
so you can customize it to your liking. It is very easy to start from this published configuration
and implement various changes based on your needs thanks to the versatility of live-build.
Live-build includes many features to modify the installed system, install supplementary files, in-
stall additional packages, run arbitrary commands, and change the values pre-seeded to debconf.

1.4.5. A Trustable Operating System

Users of a security distribution rightfully want to know that it can be trusted and that it has been
developed in plain sight, allowing anyone to inspect the source code. Kali Linux is developed by a
small team25 of knowledgeable developers working transparently and following the best security
practices: they upload signed source packages, which are then built on dedicated build daemons.
The packages are then checksummed and distributed as part of a signed repository.
The work done on the packages can be fully reviewed through the packaging Git repositories26
(which contain signed tags) that are used to build the Kali source packages. The evolution of each
package can also be followed through the Kali package tracker27 .

22
[Link]
23
[Link]
24
[Link]
25
[Link]
26
[Link]
27
[Link]

Chapter 1 — About Kali Linux 9

 1.4.6. Usable on a Wide Range of ARM Devices

Kali Linux provides binary packages for the armel, armhf, and arm64 ARM architectures. Thanks
to the easily installable images provided by Offensive Security, Kali Linux can be deployed on
many interesting devices, from smartphones and tablets to Wi-Fi routers and computers of various
shapes and sizes.

1.5. Kali Linux Policies

While Kali Linux strives to follow the Debian policy whenever possible, there are some areas where
we made significantly different design choices due to the particular needs of security profession-
als.

1.5.1. Network Services Disabled by Default

In contrast to Debian, Kali Linux disables any installed service that would listen on a public net-
work interface by default, such as HTTP and SSH.
The rationale behind this decision is to minimize exposure during a penetration test when it is
detrimental to announce your presence and risk detection because of unexpected network inter-
actions.
You can still manually enable any services of your choosing by running sudo systemctl enable
service. We will get back to this in chapter 5, “Configuring Kali Linux” [page 108] later in this
book.

1.5.2. A Curated Collection of Applications

Debian aims to be the universal operating system and puts very few limits on what gets packaged,
provided that each package has a maintainer.
By way of contrast, Kali Linux does not package every penetration testing tool available. Instead,
we aim to provide only the best freely-licensed tools covering most tasks that a penetration tester
might want to perform.
Kali developers working as penetration testers drive the selection process and we leverage their
experience and expertise to make enlightened choices. In some cases this is a matter of fact, but
there are other, more difficult choices that simply come down to personal preference.
Here are some of the points considered when a new application gets evaluated:
• The usefulness of the application in a penetration testing context
• The unique functionality of the application’s features

10 Kali Linux Revealed

 • The application’s license
• The application’s resource requirements
Maintaining an updated and useful penetration testing tool repository is a challenging task. We
welcome tool suggestions within a dedicated category (New Tool Requests) in the Kali Bug Tracker28 .
New tool requests are best received when the submission is well-presented, including an explana-
tion of why the tool is useful, how it compares to other similar applications, and so on.

1.6. Summary

In this chapter we have introduced you to Kali Linux, provided a bit of history, run through some
of the primary features, and presented several use cases. We have also discussed some of the
policies we have adopted when developing Kali Linux.
Summary Tips:
• Kali Linux29 is an enterprise-ready security auditing Linux distribution based on Debian
GNU/Linux. Kali is aimed at security professionals and IT administrators, enabling them
to conduct advanced penetration testing, forensic analysis, and security auditing.
• Unlike most mainstream operating systems, Kali Linux is a rolling distribution, which means
that you will receive updates every single day.
• The Kali Linux distribution is based on Debian Testing30 . Therefore, most of the packages
available in Kali Linux come straight from this Debian repository.
• While Kali’s focus can be quickly summarized with “penetration testing and security audit-
ing”, there are several use cases including system administrators wishing to monitor their
networks, forensic analysis, embedded device installations, wireless monitoring, installa-
tion on mobile platforms, and more.
• Kali’s menus make it easy to get to tools for various tasks and activities including: vulnera-
bility analysis, web application analysis, database assessment, password attacks, wireless at-
tacks, reverse engineering, exploitation tools, sniffing and spoofing, post exploitation tools,
forensics, reporting tools, and social engineering tools.
• Kali Linux has many advanced features including: use as a live (non-installed) system, a ro-
bust and safe forensics mode, a custom Linux kernel, ability to completely customize the
system, a trusted and secure base operating system, ARM installation capability, secure de-
fault network policies, and a curated set of applications.
In the next chapter (chapter 2, “Getting Started with Kali Linux” [page 14]), we will jump in and
try out Kali Linux thanks to its live mode.
28
[Link]
29
[Link]
30
[Link]

Chapter 1 — About Kali Linux 11

Keywords

Download
ISO image
Live boot
 Chapter

Getting Started with 2

Kali Linux
Contents

Downloading a Kali ISO Image 14 Booting a Kali ISO Image in Live Mode 24 Summary 44
 Unlike some other operating systems, Kali Linux makes getting started easy, thanks to the fact that
a live disk image is available, meaning that you can boot the downloaded image without following
any prior installation procedure. This means you can use the same image for testing, for use as
a bootable USB or DVD-ROM image in a forensics case, or for installing as a permanent operating
system on physical or virtual hardware.
Because of this simplicity, it is easy to forget that certain precautions must be taken. Kali users
are often the target of those with ill intentions, whether state sponsored groups, elements of orga-
nized crime, or individual hackers. The open-source nature of Kali Linux makes it relatively easy
to build and distribute fake versions, so it is essential that you get into the habit of downloading
from original sources and verifying the integrity and the authenticity of your download. This is
especially relevant to security professionals who often have access to sensitive networks and are
entrusted with client data.

2.1. Downloading a Kali ISO Image

2.1.1. Where to Download

The only official source of Kali Linux ISO images is the Downloads section of the Kali website. Due
to its popularity, numerous sites offer Kali images for download, but they should not be considered
trustworthy and indeed may be infected with malware or otherwise cause irreparable damage to
your system.
è [Link]
The website is available over HTTPS, making it difficult to impersonate. Being able to carry out
a man-in-the-middle attack is not sufficient as the attacker would also need a [Link] cer-
tificate signed by a Transport Layer Security (TLS) certificate authority that is trusted by the vic-
tim’s browser. Because certificate authorities exist precisely to prevent this type of problem, they
deliver certificates only to people whose identities have been verified and who have provided
evidence that they control the corresponding website.

[Link] The links found on the download page point to the [Link] domain, which
redirects to a mirror close to you, improving your transfer speed while reducing the
burden on Kali’s central servers.
A list of available mirrors can be found here:
è [Link]

2.1.2. What to Download

The official download page shows a short list of ISO images, as shown in Figure 2.1, “List of Images
Offered for Download” [page 15].

14 Kali Linux Revealed

Figure 2.1 List of Images Offered for Download

Chapter 2 — Getting Started with Kali Linux 15

 All disk images labeled 64-bit or 32-bit refer to images suitable for CPUs, found in most modern
desktop and laptop computers. If you are downloading for use on a fairly modern machine, it most
likely contains a 64-bit processor. If you are unsure, rest assured that all 64-bit processors can run
32-bit instructions. You can always download and run the 32-bit image. The reverse is not true,
however. Refer to the sidebar for more detailed information.
If you are planning to install Kali on an ARM-based device, you must refer to Offensive Security’s
download page1 for the list of available devices.

Is My CPU 64-bit or Under Microsoft Windows, you can find this information by running the System Infor-
32-bit? mation application (found in the Accessories > System Tools folder). On the System
Summary screen, you can inspect the System Type field: it will contain ”x64-based
PC” for a 64-bit CPU or “x86-based PC” for a 32-bit CPU.
Under OS X/macOS, there is no standard application showing this information but
you can still infer it from the output of the uname -m command run on the terminal.
It will return x86_64 on a system with a 64-bit kernel (which can only run on a 64-bit
CPU), systems with a 32-bit kernel, it will return i386 or something similar (i486,
i586, or i686), and on systems with an arm64 kernel, it will return arm64. Any 32-
bit kernel can run on a 64-bit CPU, but since Apple controls the hardware and the
software, it is unlikely you will find this configuration.
Under Linux, you can inspect the flags field in the /proc/cpuinfo virtual file. If it
contains the lm attribute, then your CPU is a 64-bit; otherwise, it is a 32-bit. The
following command line will tell you what kind of CPU you have:

$ grep -qP ’^flags\s*:.*\blm\b’ /proc/cpuinfo && echo 64-bit

å || echo 32-bit
64-bit

Now that you know whether you need a 64-bit or 32-bit image, there is only one step left: selecting
the kind of image. The available images differ in how they go about installation. The Installer
and NetInstaller images, specialized for a straightforward install featuring selectable installation
options, do not come with the ability to run the live system. The Live image, however, comes
with the ability to run the live system or start the installation process, although it does lack the
selectable options featured in the installation images. The selectable options include choices in
desktop environments as well as which collection of packages to install. We will be using the live
image throughout this book.
Once you have decided on the image you need, you can download the image by clicking on the
title in the respective row. Alternatively, you can download the image from the BitTorrent peer-
to-peer network by clicking on ”Torrent,” provided that you have a BitTorrent client associated
with the .torrent extension.
While your chosen ISO image is downloading, you should take note of the checksum written in
the sha256sum column. Once you have downloaded your image, use this checksum to verify that
1
[Link]

16 Kali Linux Revealed

the downloaded image matches the one the Kali development team put online (see section 2.1.3,
“Verifying Integrity and Authenticity” [page 17]).

2.1.3. Verifying Integrity and Authenticity

Security professionals must verify the integrity of their tools to not only protect their data and
networks but also those of their clients. While the Kali download page and links are TLS-protected,
Kali relies on a network of external mirrors to distribute the image means that you should not
blindly trust what you download. The mirror you were directed to may have been compromised,
or you might be the victim of an attack yourself.
To alleviate this, the Kali project always provides checksums of the images it distributes. But to
make such a check effective, you must be sure that the checksum you grabbed is effectively the
checksum published by the Kali Linux developers. You have different ways to ascertain this.

Relying on the TLS-Protected Website

When you retrieve the checksum from the TLS-protected download webpage, its origin is indi-
rectly guaranteed by the X.509 certificate security model: the content you see comes from a web
site that is effectively under the control of the person who requested the TLS certificate.
Now you should generate the checksum of your downloaded image and ensure that it matches
what you recorded from the Kali website:
$ sha256sum [Link]
1a0b2ea83f48861dd3f3babd5a2892a14b30a7234c8c9b5013a6507d1401874f [Link]

If your generated checksum matches the one on the Kali Linux download page, you have the cor-
rect file. If the checksums differ, there is a problem, although this does not always indicate a com-
promise or an attack; downloads occasionally get corrupted as they traverse the Internet. Try
your download again, from another official Kali mirror, if possible (see “[Link]” [page
14] for more information about available mirrors).

Relying on PGP’s Web of Trust

If you don’t trust HTTPS for authentication, you are a bit paranoid but rightfully so. There are
many examples of badly managed certificate authorities that issued rogue certificates, which
ended up being misused. You may also be the victim of a “friendly” man-in-the-middle at-
tack implemented on many corporate networks, using a custom, browser-implanted trust store
that presents fake certificates to encrypted websites, allowing corporate auditors to monitor en-
crypted traffic.

Chapter 2 — Getting Started with Kali Linux 17

 For cases like this, we also provide a GnuPG key that we use to sign the checksums of the images
we provide. The key’s identifiers and its fingerprints are shown here:
pub rsa4096 2012-03-05 [SC] [expires: 2023-01-16]
44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
uid Kali Linux Repository <devel@[Link]>
sub rsa4096 2012-03-05 [E] [expires: 2023-01-16]

This key is part of a global web of trust because it has been signed at least by me (Raphaël Hertzog)
and I am part of the web of trust due to my heavy GnuPG usage as a Debian developer.
The PGP/GPG security model is very unique. Anyone can generate any key with any identity, but
you would only trust that key if it has been signed by another key that you already trust. When you
sign a key, you certify that you met the holder of the key and that you know that the associated
identity is correct. And you define the initial set of keys that you trust, which obviously includes
your own key.
This model has its own limitations so you can opt to download Kali’s public key over HTTPS (or
from a keyserver) and just decide that you trust it because its fingerprint matches what we an-
nounced in multiple places, including just above in this book:
$ wget -q -O - [Link] | gpg --import
[ or ]
$ gpg --keyserver hkp://[Link] --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
gpg: key ED444FF07D8D0BF6: public key ”Kali Linux Repository <devel@[Link]>” imported
gpg: Total number processed: 1
gpg: imported: 1
[...]
$ gpg --fingerprint 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
[...]
44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6
[...]

After you have retrieved the key, you can use it to verify the checksums of the distributed im-
ages. Let’s download the file with the checksums (SHA256SUMS) and the associated signature file
([Link]) and verify the signature:
$ wget [Link]
[...]
$ wget [Link]
[...]
$ gpg --verify [Link] SHA256SUMS
gpg: Signature made Tue 18 Aug 2020 [Link] AM EDT
gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
gpg: Good signature from ”Kali Linux Repository <devel@[Link]>”

If you get that “Good signature” message, you can trust the content of the SHA256SUMS file and use
it to verify the files you downloaded. Otherwise, there is a problem. You should review whether
you downloaded the files from a legitimate Kali Linux mirror.

18 Kali Linux Revealed

Note that you can use the following command line to verify that the downloaded file has the same
checksum that is listed in SHA256SUMS, provided that the downloaded ISO file is in the same direc-
tory:
$ grep [Link] SHA256SUMS | sha256sum -c
[Link]: OK

If you don’t get OK in response, then the file you have downloaded is different from the one re-
leased by the Kali team. It cannot be trusted and should not be used.

2.1.4. Copying the Image on a DVD-ROM or USB Key

Unless you want to run Kali Linux in a virtual machine, the ISO image is of limited use in and of
itself. You must burn it on a DVD-ROM or copy it onto a USB key to be able to boot your machine
into Kali Linux. We have chosen the Kali live image as we wish to boot from a USB allowing us to
either use a live environment or install Kali Linux’s default configuration.
We won’t cover how to burn the ISO image onto a DVD-ROM, as the process varies widely by plat-
form and environment, but in most cases, right clicking on the .iso file will present a contextual
menu item that executes a DVD-ROM burning application. Try it out!

Warning

In this section, you will learn how to overwrite an arbitrary disk with a Kali
Linux ISO image. Always double-check the target disk before launching
the operation as a single mistake would likely cause complete data loss and
possibly damage your setup beyond repair.

Creating a Bootable Kali USB Drive on Windows

As a prerequisite, you should download and install Win32 Disk Imager:

è [Link]
Plug your USB key into your Microsoft Windows PC and note the drive designator associated to it
(for example, “E:\”).
Launch Win32 Disk Imager and choose the Kali Linux ISO file that you want to copy on the USB key.
Verify that the letter of the device selected corresponds with that assigned to the USB key. Once
you are certain that you have selected the correct drive, click the Write button and confirm that

Chapter 2 — Getting Started with Kali Linux 19

 you want to overwrite the contents of the USB key as shown in Figure 2.2, “Win32 Disk Imager in
action” [page 20].

Figure 2.2 Win32 Disk Imager in action

Once the copy is completed, safely eject the USB drive from your Microsoft Windows system. You
can now use the USB device to boot Kali Linux.

20 Kali Linux Revealed

Creating a Bootable Kali USB Drive on Linux

Creating a bootable Kali Linux USB key in a Linux environment is easy. The GNOME desktop envi-
ronment, which is installed by default in many Linux distributions, comes with a Disks utility (in
the gnome-disk-utility package). That program shows a list of disks, which refreshes dynamically
when you plug or unplug a disk. When you select your USB key in the list of disks, detailed infor-
mation will appear and will help you confirm that you selected the correct disk. Note that you can
find its device name in the title bar as shown in Figure 2.3, “GNOME Disks” [page 21].

Figure 2.3 GNOME Disks

Click on the menu button and select Restore Disk Image... in the displayed pop-up menu. Select
the ISO image that you formerly downloaded and click on Start Restoring... as shown in Figure 2.4,
“Restore Disk Image Dialog” [page 21].

Figure 2.4 Restore Disk Image Dialog

Chapter 2 — Getting Started with Kali Linux 21

 Enjoy a cup of coffee while it finishes copying the image on the USB key (Figure 2.5, “Progression
of the Image Restoration” [page 22]).

Figure 2.5 Progression of the Image Restoration

Create the Bootable USB Even though the graphical process is fairly straightforward, the operation is just as
Drive from the Command easy for command line users.
Line When you insert your USB key, the Linux kernel will detect it and assign it a name,
which is printed in the kernel logs. You can find its name by inspecting the logs
returned by dmesg.
$ dmesg
[...]
[ 2596.727036] usb 1-2.1: new high-speed USB device number 7 using uhci_hcd
[ 2597.023023] usb 1-2.1: New USB device found, idVendor=0781, idProduct=5575,
å bcdDevice= 1.26
[ 2597.023025] usb 1-2.1: New USB device strings: Mfr=1, Product=2,
å SerialNumber=3
[ 2597.023026] usb 1-2.1: Product: Cruzer Glide
[ 2597.023026] usb 1-2.1: Manufacturer: SanDisk
[ 2597.023026] usb 1-2.1: SerialNumber: 200533495211C0824E58
[ 2597.025989] usb-storage 1-2.1:1.0: USB Mass Storage device detected
[ 2597.026064] scsi host3: usb-storage 1-2.1:1.0
[ 2598.055632] scsi [Link] Direct-Access SanDisk Cruzer Glide 1.26
å PQ: 0 ANSI: 5
[ 2598.058596] sd [Link] Attached scsi generic sg2 type 0
[ 2598.063036] sd [Link] [sdb] 31266816 512-byte logical blocks: (16.0 GB
å /14.9 GiB)
[ 2598.067356] sd [Link] [sdb] Write Protect is off
[ 2598.067361] sd [Link] [sdb] Mode Sense: 43 00 00 00
[ 2598.074276] sd [Link] [sdb] Write cache: disabled, read cache: enabled,
å doesn’t support DPO or FUA
[ 2598.095976] sdb: sdb1
[ 2598.108225] sd [Link] [sdb] Attached SCSI removable disk

Now that you know that the USB key is available as /dev/sdb, you can proceed to
copy the image with the dd command:
# dd if=[Link] of=/dev/sdb
6129688+0 records in
6129688+0 records out
3138400256 bytes (3.1 GB, 2.9 GiB) copied, 678.758 s, 4.6 MB/s

22 Kali Linux Revealed

 Note that you need root permissions for this operation to succeed and you should
also ensure that the USB key is unused. That is, you should make sure that none
of its partitions are mounted. The command also assumes that it is run while in the
directory hosting the ISO image, otherwise the full path will need to be provided.
For reference, if stands for “input file” and of for “output file.” The dd command reads
data from the input file and writes it back to the output file. It does not show any
progress information so you must be patient while it is doing its work (It is not unusual
for the command to take more than half an hour!). Look at the write activity LED on
the USB key if you want to double check that the command is working. The statistics
shown above are displayed only when the command has completed. On OS X/macOS,
you can also press CTRL+T during the operation to get statistical information about
the copy including how much data has been copied.

Creating a Bootable Kali USB Drive on OS X/macOS

OS X/macOS is based on UNIX, so the process of creating a bootable Kali Linux USB drive is similar
to the Linux procedure. Once you have downloaded and verified your chosen Kali ISO file, use dd
to copy it over to your USB stick.
To identify the device name of the USB key, run diskutil list to list the disks available on
your system. Next, insert your USB key and run the diskutil list command again. The second
output should list an additional disk. You can determine the device name of the USB key by com-
paring the output from both commands. Look for a new line identifying your USB disk and note
the /dev/diskX where X represents the disk ID.
You should make sure that the USB key is not mounted, which can be accomplished with an explicit
unmount command (assuming /dev/disk6 is the device name of the USB key):
$ diskutil unmount /dev/disk6

Now proceed to execute the dd command. This time, add a supplementary parameter — bs for
block size. It defines the size of the block that is read from the input file and then written to the
output file. We will also utilize the raw disk path (signified by the r before disk) which will allow
faster write speeds.
# dd if=[Link] of=/dev/rdisk2 bs=4m
748+1 records in
748+1 records out
3138400256 bytes transferred in 713.156461 secs (4400718 bytes/sec)

That’s it. Your USB key is now ready and you can boot from it or use it to install Kali Linux.
Booting an Alternate Disk To boot from an alternate drive on an OS X/macOS system, bring up the boot menu by
on OS X/macOS pressing and holding the Option key immediately after powering on the device and
selecting the drive you want to use.
For more information, see Apple’s knowledge base2 .

Chapter 2 — Getting Started with Kali Linux 23

 2.2. Booting a Kali ISO Image in Live Mode

2.2.1. On a Real Computer

As a prerequisite, you need either a USB key prepared (as detailed in the previous section) or a
DVD-ROM burned with a Kali Linux ISO image.
The BIOS/UEFI is responsible for the early boot process and can be configured through a piece of
software called Setup. In particular, it allows users to choose which boot device is preferred. In
this case, you want to select either the DVD-ROM drive or USB drive, depending on which device
you have created. Depending on your BIOS/UEFI, you may have a one time boot menu option,
allowing to temporarily change the boot order.
Starting Setup usually involves pressing a particular key very soon after the computer is powered
on. This key is often Delete or Escape, and sometimes F2, F8, F10 or F12. Most of the time, the
choice is briefly flashed onscreen when the computer powers on, before the operating system
loads.
Once the BIOS/UEFI has been properly configured to boot from your device, booting Kali Linux
is simply a matter of inserting the DVD-ROM or plugging in the USB drive and powering on the
computer.

Disable Secure Boot While the Kali Linux images can be booted in UEFI mode, they do not support secure
boot. You should disable that feature in your machine’s Setup.

2.2.2. In a Virtual Machine

Virtual machines have multiple benefits for Kali Linux users. They are especially useful if you want
to try out Kali Linux but aren’t ready to commit to installing it permanently on your machine or if
you have a powerful system and want to run multiple operating systems simultaneously. This is a
popular choice for many penetration testers and security professionals who need to use the wide
range of tools available in Kali Linux but still want to have full access to their primary operating
system. This also provides them with the ability to archive or securely delete the virtual machine
and any client data it may contain rather than reinstalling their entire operating system.
The snapshot features of virtualization software also make it easy to experiment with potentially
dangerous operations, such as malware analysis, while allowing for an easy way out by restoring
a previous snapshot.
There are many virtualization tools available for all major operating systems, including VirtualBox®,
VMware Workstation®, Xen, KVM, and Hyper-V to name a few. Ultimately, you will use the one that
best suits you but we will cover the two most frequently-used in a desktop context: VirtualBox® and
2
[Link]

24 Kali Linux Revealed

VMware Workstation®, both running on Microsoft Windows 10. If you don’t have corporate policy
constraints or personal preference, our recommendation is that you try out VirtualBox first, as it
is free, works well, is (mostly) open-source, and is available for most operating systems.
For the next sections, we will assume that you have already installed the appropriate virtualization
tool and are familiar with its operation.

Preliminary Remarks

To fully benefit from virtualization, you should have a CPU with the appropriate virtualization
features and they should not be disabled by the BIOS/UEFI. Double check for any “Intel® Virtual-
ization Technology” and/or “Intel® VT-d Feature” options in the machine’s Setup screens.
You should also have a 64-bit host operating system, such as amd64 architecture for Debian-based
Linux distributions, x86_64 architecture for RedHat-based Linux distributions, and 64-bit for Mi-
crosoft Windows.
If you lack any of the prerequisites, either the virtualization tool will not work properly or it will
be restricted to running only 32-bit guest operating systems.
Since virtualization tools hook into the host operating system and hardware at a low level, there
are often incompatibilities between them. Do not expect these tools to run well at the same time.
Also, Microsoft Windows users beware that professional editions or higher come with Hyper-V
installed and enabled, which might interfere with your virtualization tool of choice. To turn it off,
execute “Turn Windows features on or off” from Windows Settings.

VirtualBox

After the initial installation, VirtualBox’s main screen looks something like Figure 2.6, “Virtual-
Box’s Start Screen” [page 26].

Chapter 2 — Getting Started with Kali Linux 25

 Figure 2.6 VirtualBox’s Start Screen

Click on New (Figure 2.7, “Name and Operating System” [page 27]) to start a wizard that will guide
you through the multiple steps required to input all the parameters of the new virtual machine.

26 Kali Linux Revealed

 Figure 2.7 Name and Operating System

In the first step, shown in Figure 2.7, “Name and Operating System” [page 27], you must assign a
name to your new virtual machine. We will use “Kali Linux.” You must also indicate what kind
of operating system will be used. Since Kali Linux is based on Debian GNU/Linux, select ”Linux”
for the type and ”Debian (32-bit)” or ”Debian (64-bit)” for the version. Although any other Linux
version will most likely work, this will help distinguish between the various virtual machines that
you might have installed.

Chapter 2 — Getting Started with Kali Linux 27

 Figure 2.8 Memory Size

In the second step, you must decide how much memory to allocate to the virtual machine. While
the recommended size of 1024 MB is acceptable for a Debian virtual machine acting as a server, it
is definitely not enough to run a Kali desktop system, especially not for a Kali Linux live system,
as the live system uses memory to store changes made to the file system. We recommend increas-
ing the value to 1500 MB (Figure 2.8, “Memory Size” [page 28]) and highly recommend that you
allocate no less than 2048 MB of RAM. For more information, see section 4.1, “Minimal Installation
Requirements” [page 66]

28 Kali Linux Revealed

 Figure 2.9 Hard disk

In the third step (shown in Figure 2.9, “Hard disk” [page 29]), you are prompted to choose a physi-
cal or virtual hard disk for your new virtual machine. Although a hard disk is not required to run
Kali Linux as a live system, add one for when we demonstrate the installation procedure later, in
chapter 4, “Installing Kali Linux” [page 66].

Chapter 2 — Getting Started with Kali Linux 29

 Figure 2.10 Hard Disk File Type

The content of the hard disk of the virtual machine is stored on the host machine as a file. Virtu-
alBox is able to store the contents of the hard disk using multiple formats (shown in Figure 2.10,
“Hard Disk File Type” [page 30]): the default (VDI) corresponds to VirtualBox’s native format;
VMDK is the format used by VMware. Keep the default value, because you don’t have any reason
to change it. The ability to use multiple formats is interesting mainly when you want to move a
virtual machine from one virtualization tool to another.

30 Kali Linux Revealed

 Figure 2.11 Storage on Physical Hard Disk

The explanation text in Figure 2.11, “Storage on Physical Hard Disk” [page 31] clearly describes
the advantages and drawbacks of dynamic and fixed disk allocation. In this example, we accept
the default selection (Dynamically allocated), since we are using a laptop with SSD disks. We don’t
want to waste space and won’t need the extra bit of performance as the machine is already quite
fast to begin with.

Chapter 2 — Getting Started with Kali Linux 31

 Figure 2.12 File Location and Size

The default hard disk size of 20 GB shown in Figure 2.12, “File Location and Size” [page 32] is
enough for a standard installation of Kali Linux, so we will not change it. For more information
about Kali’s requirements see section 4.1, “Minimal Installation Requirements” [page 66]. You can
also tweak the name and the location of the disk image. This can be handy when you don’t have
enough space on your hard disk, allowing you to store the disk image on an external drive.

32 Kali Linux Revealed

 Figure 2.13 The New Virtual Machine Appears in the List

The virtual machine has been created but you can’t really run it yet, because there is no operating
system installed. You also have some settings to tweak. Click on Settings on the VM Manager
screen and let’s review some of the most useful settings.

Chapter 2 — Getting Started with Kali Linux 33

 Figure 2.14 Storage Settings

In the Storage screen (Figure 2.14, “Storage Settings” [page 34]), you should associate the Kali
Linux ISO image with the virtual CD/DVD-ROM reader. First, select the CD-ROM drive in the Stor-
age Tree list and then click on the small CD-ROM icon on the right to display a contextual menu
where you can Choose Virtual Optical Disk File….

34 Kali Linux Revealed

 Figure 2.15 System Settings: Motherboard

In the System screen (Figure 2.15, “System Settings: Motherboard” [page 35]), you will find a Moth-
erboard tab. Make sure that the boot order indicates that the system will first try to boot from
any optical device before trying a hard disk. This is also the tab where you can alter the amount
of memory allocated to the virtual machine, should the need arise.

Chapter 2 — Getting Started with Kali Linux 35

 Figure 2.16 System Settings: Processor

In the same screen but on the “Processor” tab (Figure 2.16, “System Settings: Processor” [page
36]), you can adjust the number of processors assigned to the virtual machine. Most importantly,
if you use a 32-bit image, enable PAE/NX or the Kali image will not boot since the default kernel
variant used by Kali for i386 (aptly named “686-pae”) is compiled in a way that requires Physical
Address Extension (PAE) support in the CPU.
There are many other parameters that can be configured, like the network setup (defining how
the traffic on the network card is handled), but the above changes are sufficient to be able to boot
a working Kali Linux live system. Finally, click Boot and the virtual machine should boot properly,
as shown in Figure 2.17, “Kali Linux Boot Screen in VirtualBox” [page 37]. If not, carefully review
all settings and try again.

36 Kali Linux Revealed

 Figure 2.17 Kali Linux Boot Screen in VirtualBox

VMware Workstation

VMware Workstation is very similar to VirtualBox in terms of features and user interface, because
they are both designed primarily for desktop usage, but the setup process for a new virtual ma-
chine is a bit different. We will be using VMware Workstation Pro edition.

Chapter 2 — Getting Started with Kali Linux 37

 Figure 2.18 VMware Start Screen

The initial screen, shown in Figure 2.18, “VMware Start Screen” [page 38], displays a big Create a
New Virtual Machine button that starts a wizard to guide you through the creation of your virtual
machine.

Figure 2.19 New virtual Machine Wizard

38 Kali Linux Revealed

In the first step, you must decide whether you want to be presented with advanced settings dur-
ing the setup process. In this example, there are no special requirements so choose the typical
installation, as shown in Figure 2.19, “New virtual Machine Wizard” [page 38].

Figure 2.20 Guest Operating System Installation

The wizard assumes that you want to install the operating system immediately and asks you to
select the ISO image containing the installation program (Figure 2.20, “Guest Operating System
Installation” [page 39]). Select “Installer disc image file (iso)” and click on Browse to select the
image file.

Chapter 2 — Getting Started with Kali Linux 39

 Figure 2.21 Select a Guest Operating System

When the operating system cannot be detected from the selected ISO image, the wizard asks you
which guest OS type you intend to run. You should select “Linux” for the OS and “Debian 10.x
64-bit” for the version, as shown in Figure 2.21, “Select a Guest Operating System” [page 40]. We
select ”Debian 10.x” due to Kali Linux being constantly updated to the newest version of Debian.

40 Kali Linux Revealed

 Figure 2.22 Name the Virtual Machine

Choose ”Kali Linux” as the name of the new virtual machine (Figure 2.22, “Name the Virtual Ma-
chine” [page 41]). As with VirtualBox, you also have the option to store the virtual machine files
in an alternate location.

Figure 2.23 Specify Disk Capacity

Chapter 2 — Getting Started with Kali Linux 41

 The default hard disk size of 20 GB (Figure 2.23, “Specify Disk Capacity” [page 41]) is usually suf-
ficient but you can adjust it here depending on your expected needs. As opposed to VirtualBox,
which can use a single file of varying size, VMware has the ability to store the disk’s content over
multiple files. In both cases, the goal is to conserve the host’s disk space.

Figure 2.24 Ready to Create Virtual Machine

VMware Workstation is now configured to create the new virtual machine. It displays a summary
of the choices made so that you can double-check everything before creating the machine. Notice
that the wizard opted to allocate 2048 MB of RAM to the virtual machine, which is sufficient for
our needs. If the allocated value is lower, that is not enough so click on Customize Hardware... (Fig-
ure 2.24, “Ready to Create Virtual Machine” [page 42]) and tweak the Memory setting, as shown
in Figure 2.25, “Configure Hardware Window” [page 43].

42 Kali Linux Revealed

 Figure 2.25 Configure Hardware Window

After a last click on Finish (Figure 2.24, “Ready to Create Virtual Machine” [page 42]), the virtual
machine is now configured and can be started by clicking ”Power on this virtual machine” as
shown in Figure 2.26, “Kali Linux Virtual Machine Ready” [page 44].

Chapter 2 — Getting Started with Kali Linux 43

 Figure 2.26 Kali Linux Virtual Machine Ready

2.3. Summary

In this chapter, you learned about the various Kali Linux ISO images, learned how to verify and
download them, and learned how to create bootable USB disks from them on various operating sys-
tems. We also discussed how to boot the USB disks and reviewed how to configure the BIOS/UEFI
and startup settings on various hardware platforms so that the USB disks will boot.
Summary Tips:

• [Link] is the only official download site for Kali ISOs. Do not download them from
any other site, because those downloads could contain malware.
• Always validate the sha256sum of your downloads with the sha256sum command to ensure
the integrity of your ISO download. If it doesn’t match, try the download again or use a
different source.
• You must write the Kali Linux ISO image to a bootable media if you want to boot it on a
physical machine. Use Win32 Disk Imager on Microsoft Windows, the Disks utility on Linux
using GNOME, or the dd command on Mac OS X/macOS/Linux. Be very careful when writing
the image. Selecting the wrong disk could permanently damage data on your machine.
• Configure the BIOS/UEFI Setup screens on a PC or hold the Option key on OS X/macOS to
allow the machine to boot from the USB drive.
• Virtual machine programs like VirtualBox and VMware Workstation Pro are especially useful
if you want to try out Kali Linux but aren’t ready to commit to installing it permanently on

44 Kali Linux Revealed

 your machine or if you have a powerful system and want to run multiple operating systems
simultaneously.
Now that you have a working installation of Kali Linux, it is time to delve into some Linux funda-
mentals that are required for basic and advanced operation of Kali. If you are a moderate to ad-
vanced Linux user, consider skimming the next chapter (chapter 3, “Linux Fundamentals” [page
48]).

Chapter 2 — Getting Started with Kali Linux 45