37 comments

[ 0.22 ms ] story [ 101 ms ] thread
What is about Kali that sets it apart from other Linux distributions?
It is a distro built specifically for pen testing.
What exactly do you mean by "built"? I mean if it's, like other users said, just a bundle of pre-installed tools, how does it differ from Ubuntu?
Kali includes a huge number of tools (some pre-installed, others in the repos) that aren't available via the package manager for most distros. Also things like wifi drivers that are patched to support monitor mode and default login as root, which is insecure for day-to-day computing but since most of the tools require root access, it's quite nice on Kali.
I believe every network protocol and outside connection is disabled by default. It's supposed to be setup so that it can be booted invisibly, on an existing system via live USB so that you can simulate a real intrusion.
You should doublecheck this with wireshark yourself before finding yourself in a potentially bad situation. Kali is not so silent as advertised.
I'd guess its focus on penetration testing.
It's a Debian-based distribution, with a lot of preinstalled penetration-testing tools.

Deployed as a live USB, it becomes the Swiss Army knife of pentesters.

You login as root. You don't use sudo.
`sudo -i` sort of solves the lack of su in Ubuntu and derivatives.
It comes with the most popular tools for penetration testing.

Personally, I try to steer people away from it until they've learned how to do things the hard way (i.e. you have Python and Bash installed, write your own simple tools and hack this network) and then Kali is easy mode.

It is uniquely bloated.
"Kali Linux is Now a Rolling Distribution" - finally!
I seriously thought that was the goal when they changed names from Backtrack to Kail in the first place. Oh well, good that it's now one at least.
kali.org's SSL cert shows as invalid due to a subject mismatch. Is that on purpose?
Kali is a pretty poor distro. Merely a fork of debian for no other purpose than to create clickable icons/menu items for cli applications that require sudo. So 99% of the security apps they install are presented in an unusable form. Nothing you can't do with debian and a few runs of apt-get.
They ship customized kernel and drivers for obvious reasons. That's the real deal.
What does their "customized kernel" do? (Besides having a few wifi drivers built in)
The point is that none of the menu items are worth anything as they spawn an xterm, which emits an error about requiring sudo, then exits. Having a metric ton list of installed tools that are displayed and are not usable seems pretty daft.
It's been a while since I used Kali so this might have changed, but the distro provides pentest-focused default configs and patchsets that can be a pain to set up yourself. Configuring your own systems can also leave behind revealing information that will allow others to trace your activities.

Kali is designed to allow you to quickly set up throwaway systems for particular projects. It's far from perfect, but represents a better starting point than a general-purpose distro.

Doesn't Kali default to having you login as "root", for pretty much this exact reason?
So run everything else as root. Real secure. "Make everything setuid 0!"
Running as root in a lot of ways is to further nail home that this is a tool that is not for your day to day computer usage. You'll pull it out for testing, use it, and then toss the environment. With the environment as disposable as it is, running as a regular user gains you nothing, except a potential case of carpal tunnel from typing sudo over and over again.
Kali is much less of a live CD than backtrack was.

Also, most of the people Kali is targeted towards would use it every day.

wireshark as root? Honestly? I've got thousands of lines in there, and I'd not trust it. And this is no longer a "live cd" as you claim it as. Installation is installation. You'll use it for more than a one time usage btw.
Actually that does not fix the issue with cli tools having links that expand to a rapidly closing xterm.
TL;DR Kali Linux is now a rolling distribution, which pulls packages from Debian testing.
It took awhile to figure out what happen to backtrack seeing this Kali Linux I was curious about Backtrack.

Kali Linux is the successor of Backtrack but on Debian.

Interesting, they should have kept the brand sheesh.

> At the request of Rapid7, we have removed the Metasploit Community / Pro package from Kali Linux and now host the open-source metasploit-framework package only...

> In addition, the Rapid7 team no longer maintains the Metasploit package in Kali...

Seems they had a problem with metasploit company.

Anyone else getting a weird sha1sum on the Torrent?

I've downloaded twice and I'm getting a34527e9178e7185eebbca0730d825a7c78fcca4

Kali's website (and sha1 file) says aaeb89a78f155377282f81a785aa1b38ee5f8ba0

I'm getting from http now, but its slow as sin.