Kali Linux Review: Not Everyone’s Cup of Tea

Brief: In this review of Kali Linux, we try to answer regular questions like what is Kali Linux, what is the use of Kali Linux and whether beginners should use Kali Linux or not?

Kali Linux has gained a lot of popularity recently. And there is a reason for that. Hacking is back as the cool-thing-to-do in popular culture and this can be attributed significantly to the TV series Mr. Robot.

Kali is one of the few hacking focused Linux distributions and quite obviously, Mr. Robot’s popularity helped Kali Linux in getting new users. The graph below validates this claim.

Kali Linux popularity rises with Mr. Robot TV Series
Kali Linux popularity rises with Mr. Robot TV Series

And with that, people with hardly any knowledge of Linux or anything related to computer security are now trying to use Kali as their main Linux distribution.

But Kali Linux was certainly not designed for that purpose.

Of course, I could easily write an article explaining why it’s wrong to use Kali as a first Linux distribution. In fact, you could find great arguments here and here to dissuade you from using Kali unless you really have specific needs.

But I wanted to do something different. So I setup a virtual machine and tried to put myself in the shoes of a ‘new user’ trying some basic tasks on his brand new Linux system. So, will I encounter some issues or will it be straightforward? Stay with me up until the end of this article to read my conclusions.

What is Kali Linux?

Kali Linux Review

Kali Linux was developed by the security firm Offensive Security. It’s a rewrite around Debian of their previous Knoppix-based digital forensics and penetration testing distribution BackTrack.

To quote the official web page title, Kali Linux is a “Penetration Testing and Ethical Hacking Linux Distribution”. Simply said, it’s a Linux distribution packed with security-related tools and targeted toward network and computer security experts.

A Linux Distribution is nothing more than a bundle containing the Linux kernel, a set of core utilities and applications and some default settings. So, Kali Linux does not offer something unique in that sense most of the provided tools could be installed on any Linux distribution.

The difference is Kali is pre-packaged with those tools and the default settings were chosen according to the intended use cases of that distribution, rather than, say, to fit the needs of the typical desktop user.

In other words, whatever is your goal, you don’t have to use Kali. It is just a special distributions making easier the tasks it is specifically designed for, while eventually making other tasks more difficult.

Downloading Kali Linux— and checking the image integrity

To download Kali Linux, I went to the official download page and followed the first download link on that page.

Kali Linux download page showing the ISO's SHA256 hash

Luckily enough, my computer is equipped with a 64bit Intel CPU, so the amd64 image was the right one for my architecture.

In addition, on the download page, there was a bunch of hexadecimal numbers. Doesn’t that already feel “hackish”?

No, seriously, those are not here for fun. Kali Linux is intended to be used for security-related tasks. The last thing you want is the tools you will use to be somehow compromised.

So, after having downloaded the Kali Image, you should check the SHA-256 fingerprint of the file and compare it with the one provided on the download site. You can read this tutorial on how to verify checksum in Linux.

Now, I am confident in installing Kali Linux on my VM from that ISO image.

Kali Linux boot screen

Kali Linux installation and first experience

Kali Linux being based on Debian, the installation process is rather straightforward. And it is well documented on the Kali website.

For this test, I stuck as much as possible with the default options.

And only a few minutes later, I was able to boot for the first time in Kali Linux, ending up with that screen:

Kali Linux login screen

A user accustomed to Unix-like systems might be surprised to learn “root” is the only user available after a default installation. But that’s because many pen-testing tools require super-user permissions.

Once again, this is a Kali-specific choice given its intended use case. But this is not the best choice for your everyday use of a computer (browsing the internet, using office applications, and so on). And it is possibly the worst choice if you have to share your computer with someone else (more on that later).

Speaking of applications, the only ones installed on a default Kali Linux system are clearly oriented toward security. In addition to that, there are a bunch of command line tools not visible from the menu, and few core utilities like a calculator, an image viewer or a couple of text editors. But you will not find heavyweight office applications or productivity tool.

Suggested read
5 Best Linux Distributions For Programmers

Kali Linux Review: Application Menu

To give a concrete example, there is no email reader as part of the standard installation. Of course, Kali Linux is based on Debian, and a lot of packages were ported. So you can install many extra software by yourself and it should work:

apt-get update && apt-get install thunderbird

Thunderbird in Kali Linux

And indeed, it will. But once again, is it really wise to check your mail as root on a machine you will use for security auditing?

What so “wrong” about working as root?

In a typical Unix-like system, users work as unprivileged users having access to their own files, but not able to tamper with the system or other users’ files. For the computer maintenance or to perform administrative tasks, some users may temporary endorse the privileged identity “root” that give them super-powers on the host.

On the opposite, on a default Kali Linux system, the only installed user is root and you have to work under that identity all the time. You have to understand that being root means there is basically no permissions checks on your machine. You can do everything you want. And even things you don’t want.

For example, by exploring your system you might inadvertently edit some critical files like /etc/passwd or some file in the directory /etc/grub.d/ in such way your system will become unusable. In some cases, you may alter your system without noticing any obvious change, until the next reboot or the next update— where it will suddenly break. And there are potentially hundreds of such critical files on a typical Linux system. The file permissions are set in such a way an “ordinary” user couldn’t endanger the system as a whole. But being root for your daily work on Kali (just like on any Linux system, by the way) will remove that safety net.

Of course, nothing prevents you from creating new unprivileged accounts on your system. But this is extra work you have to do on Kali you wouldn’t on another distribution. Simply because you’re trying to use Kali for something it was not designed for.

Know what you do!

Somewhat in the same spirit, Kali Linux is packed with penetration testing tools— some of them are GUI tools. Other are CLI tools. In both cases, it might be tempting to “toy” with them more or less at random.

But some commands may be potentially harmful to your home network. In addition, by not understanding the implications of what you are doing, you may put yourself in a difficult situation by using those tools at your work, school or on public networks. And in that case, ignorance will not be an excuse.

Here again, this is not a Kali specific issue: if you install penetration testing tools on Fedora or Linux Mint, and try random things with them, you may end up in the same trouble. Kali just makes that easier.

Kali is quiet— and it should stay like that

The first thing you can see on the Kali login screen is that motto: “The quieter you become, the more you are able to hear”. What does that mean?

If I listen on the network interface of my Debian system, I can see it being relatively noisy by sending network packets at more or less regular intervals. Some of them are sent by user applications. Other by background services. And if I run nmap to perform a port scan on my regular desktop, I can see several open ports. Including a never-used vnc port and a long forgotten HTTP server!

All of that because I have various services and user software installed. Some of them are part of my Debian default settings. Some other are here because “one day” I’ve installed a package and just didn’t remove it when I no longer needed it. This is the case for example of the HTTP server currently running on my laptop and which I didn’t need for weeks now.

On the other hand, Kali is designed to be as quiet as possible. This is required both to hide its presence on the network— and to harden itself against potential attacks. To achieve that goal, the default settings of Kali Linux disable many services that would be enabled on a genuine Debian system.

But, and still, because Kali Linux is based on Debian, provided you install the required packages you should be able to install the services you want. For example, if you want to practice web development, you might be tempted to install a web server on your Kali host:

apt-get install apache2

Apache server in Kali Linux

Apache server in Kali Linux

If you look closely the command output, despite being successful you may notice messages from insserv having some concerns about the “runlevels of script apache2”.

And indeed,

curl localhost
curl: (7) Failed to connect to localhost port 80: Connection refused

Once installed, the web server is not started. You have to do it manually.

systemctl start apache2

And you will have to do it after each reboot: “Kali Linux, as a standard policy, will disallow network services from persisting across reboots by default.” (http://docs.kali.org/policy/kali-linux-network-service-policies)

Suggested read
Manjaro-Architect: Install Manjaro the Way You Want

Another option would be to change the policy in the /usr/sbin/update-rc.d file to whitelist apache2 as a startup service. But in that case, just like in the case of my laptop, there are chances you will leave that door open, even when you will no longer need it. What could be a concern on my desktop system would be much more serious the day you will plug you Kali system on a compromised network.

Don’t forget, one thing that makes Kali “special” is it was specifically designed to work even when used in a very hostile environment. In that context, running a web server at startup on your Kali host defeats that purpose. In short, you broke Kali. Maybe not visibly. But in spirit at least.

I need the software $prog but it’s not in the Kali repository!

There is no guarantee for all Debian packages to be available on Kali. And there is no guarantee for all possible software to be available on Debian anyway.

So it could be tempting to add extra source repositories to your system to download more software than provided by the official distribution. Or to add a repository providing the latest cutting edge version of your favorite software. Here and there, you may even see “advice” suggesting to modify the /etc/apt/sources.list file for that purpose.

Let’s be clear. If you consider doing that, a PPA compatible distribution like Ubuntu might probably better suit your needs.

Not that I say you can’t add more source repositories to Kali Linux. But you shouldn’t: Debian warns us against what they call FrankenDebian as it can threaten the stability of your system.

And for Kali Linux it is even worst. Not only it could break your system, but adding packages from untrusted source to a security system is just a nonsense. Even in the case you trust the source, keep in mind Kali packages are hardened (you remember when I installed apache2 above?) which is not the case for most of the packages out in the wild.

Conclusion: Should you use Kali Linux?

And now, it’s time for my conclusion. But I didn’t want to end that long article with a simplistic and Manichean opinion. Especially as I don’t know you.

So here are three possible outcomes. Just pick the one that will match the best with your case:

1. If you jumped straight to that conclusion without reading the rest of the article, either you already have a strong opinion and I don’t have any chance to make you change that or Kali is not yet for you. In that case, you should consider at first a more mainstream distribution like a plain Debian system or Ubuntu. It will still be time later to install the tools you may need in a more case by case basis.

2. If you read the article but skipped the parts containing too much technical jargon, Kali is not for you. Kali Linux could be an amazing teaching tool. But if you go that way, you have to be prepared for a steep learning curve. If you’re a very new Linux user starting from zero or if you just want to use your computer without a headache, there are plenty of general purposes and user-friendly distributions to start with. Why not trying Linux Mint or Zorin-OS? Or maybe another Ubuntu-derivative?

3. If you read the article, tried the commands I used, followed the links and searched the terms you didn’t understand— well, congratulations. You’re not just one other “script kiddy”. On the opposite, you apparently are ready to spend countless hours and efforts to make your system work, to understand the fundamentals of computer science and to discover the networking internals. That makes you one of the few new Linux users that could benefit from using Kali. But instead of using it directly on your computer, I would suggest first to install some other Debian-based distribution and run Kali Linux in a virtual machine. That way you could practice your skills without sacrificing your other activities.

As the last word, maybe you disagree with me or didn’t recognize yourself in the three categories above— so don’t hesitate to use the comment section to give your opinion!

Comments

  1. Great read. Utilizing a comment following. One can always usb install said glock or chainsaw. Thus mitigating potential.

  2. This is a good post. Will you please write an article as how to use some of the tools in Kali Linux?

  3. Why is dual boot not suggested? i have dual boot kali alongside ubuntu as in a VM virtual box dosen’t recognise my alfanha or any wireless cards so dual booting with kali has seemed to work for me so far and is not my main Os.

    • Thank you for your comment Kek.

      In my mind, VM and dual boot are mostly the same for that purpose. In fact, you can install your system as double boot, boot “normally” on the first OS, and then run the second OS as a guest in a VM ;)

      But according to the questions I saw in the various social media groups I follow, dual boot in not that easy to setup for new users. VM, on the other hand, can be up and running with almost zero efforts. Let’s assume running Kali in a VM is for level 1 users. Running it from dual boot for level 2 users.

  4. The problem is that in order to learn and understand the purpose, workings, shortcomings and capabilities of the tools included in Kali – is almost like a full time job for the next 3 to 5 years. The nice thing about it is that it is accessible and available – and the limit is only your own commitment and time available. One also has to be a good system admin before you can begin with pentesting. Becoming a good sysadmin takes some time. becoming a good pentester takes some community. Kali on its own will not help at all. You need friends to prompt, guide and challenge you. And soon you will find that you need to be a programmer also. In short … it’s a rabbit’s hole.

  5. I have Kali Linux installed on a small, unobtrusive netbook. It’s been instrumental in a few security evaluation gigs I’ve had over the years.
    While, I’ve moved away from those functions and gravitated toward security engineering, it’s still handy to ensure that my home network remains secure and free of rogue devices.

  6. I also think that kali is not the best choice to start with linux but maybe later, as we go from basic user to advanced user.
    But the problem is that “advanced user” is a rather vague and subjective term… I mean, it is quite difficult to know WHEN exactly we are ready to start using it especially when you are self-learning.
    As a IT enthusiast and big fan of the series arrow, I would like to be as badass as Felicity Smoak (even if I know it’s fiction) but for that, I should start at a moment or another. But WHEN? That’s the big question.

  7. I got into the third category and thanks for the warnings, I’ll keep it in mind.I’m currently using dual boot with windows for my normal usage and kali linux for it’s intended purpose.

    • Congratulations for being part of the happy few, Lord Blessing.

      I hope you will keep us in touch with your progress in discovering Kali! That would be a great feedback for other users.

  8. Kali is like a gun without a safety or a chain saw with a locking trigger. I appreciate the thorough explanation and warning.

      • Hello, thanks for that article, is recommended to use Kali as main desktop or alongside Debian and Windows?

        • Kali Linux is a toolbox full of security tools, which are indispensable for evaluating the security posture of a network.
          As such, what Kali Linux is not, by design, configured to be useful as is a main desktop OS. While one could add packages to the OS that could add desktop functions, it’d be like using a fire engine to deliver newspapers. Which is to say, using the wrong tool set for the wrong job.

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

[i]
[i]