So you’ve taken an interest in computer security and you’re looking for the right tools to get you going.
And that all starts with choosing the right OS.
It’s clear that Windows has too many vulnerabilities to be a viable OS option. And macOS, while more secure, requires special and expensive Apple hardware.
That leaves Linux — the free and open-source OS that’s typically associated with techies, hackers, and computer pros.
Of the many Linux variations or distros, you’ve seen one in particular pop up in security discussions: Kali Linux.
It’s supposedly the distro of choice for anyone serious about hacking and digital security. And that goes for both ethical (white-hat) hackers and malicious (black-hat) hackers.
Needless to say, you’re intrigued.
But just what makes Kali Linux so special? What security tools does it offer and how is it different from other OSes?
And is it the right OS for you?
Let’s take a closer look at Kali Linux and find out what sets it apart from the crowd.
What Is Kali Linux?
Kali Linux began in 2013 as a revival of BackTrack, another hacker-oriented Linux distro.
It’s currently maintained by Offensive Security, an infosec company that’s worked with the US Army, Amazon, and IBM.
Kali Linux is based on Debian, a popular Linux distro that’s focused more on average users. But it’s very different from Debian even at first glance.
You won’t get an office suite, email client or other basic software when you install Kali Linux.
Rather, you’ll get over 600 tools designed for penetration testing and cybersecurity research.
Penetration testing, aka ethical hacking, is the practice of simulating an attack on a computer system. This reveals security vulnerabilities and problem areas that malicious hackers could take advantage of.
Of course, those bad actors could use the same pen-testing tools to do their dirty deeds. But the idea behind Kali Linux is that it lets the good guys lock down their systems before that happens.
Kali Linux lets ethical hackers get right to work with a simple OS install. No more installing programs one by one — everything a pen-tester needs is included in the OS itself.
Who Is Kali Linux For?
If you’re new to Linux, or to computers in general, Kali Linux is not for you.
Many Kali Linux programs don’t have GUIs (graphical user interfaces) — no buttons, menus or tabs to work with. Rather, they’re run directly from the Terminal via command lines.
So you’ll need to be familiar with running programs exclusively from command lines. You’ll have to type instructions for the program one-by-one using a somewhat cryptic syntax.
If you don’t know what we’re talking about, or do but aren’t experienced with it, don’t install Kali Linux.
You’ll be in way over your head and it won’t have what you need, anyway.
Even if you do know your way around command lines, don’t use Kali Linux if you need an everyday OS.
Kali isn’t intended for typical web browsing, word processing and emailing.
It’s capable of these things if you install extra software, but that’s really not what it’s for. And Offensive Security strongly recommends against installing third-party software on Kali.
Kali Linux is intended specifically for pen-testing, digital forensics and other cybersecurity uses. It’s got all the utilities needed for those tasks and very few for any other.
And due to its default root access (which we’ll elaborate on shortly), it could actually be dangerous to use Kali Linux for non-hacking purposes.
So who should use Kali Linux?
If you’re a security researcher, pen-tester, or ethical hacker, Kali Linux was literally made for you.
And if you aspire to be one of those things (and have some Linux experience already), Kali will suit you well, too.
What’s So Different About Kali Linux?
Kali Linux doesn’t come with the usual software, but what else is so different about it?
The answer: it allows root access by default.
On a typical operating system — Windows, macOS, common Linux distros — you can only access so much of your computer.
Critical system files are protected by the OS and can’t be accessed without administrator or root privileges. This prevents them from being unintentionally or maliciously modified.
On most OSes, you can grant yourself temporary root privileges when the need arises. But you need to do it intentionally and it typically only applies to a specific file or program.
Kali Linux, on the other hand, allows root access by default.
Any system file can be accessed and modified just like any other file.
That’s good for pen-testers, whose work involves heavy system file access.
But it could spell trouble for the average user.
Any program you install on Kali Linux can modify any of your system files without warning. That includes malware that inadvertently makes it onto your computer.
And with root access, black-hat hackers could easily hack your computer, too.
Thus, it’s recommended to install Kali Linux on its own computer or in a sandboxed virtual machine. That way, none of your personal files can be impacted.
What Software Does Kali Linux Include?
If you understand the risks of using Kali Linux and want to try it, you’ll get access to hundreds of pen-testing tools. You can view them all on the official Kali Linux website, but we’ll go over a few standouts here.
Whether you’re investigating a prior attack or simulating a new one, Armitage can help.
It’s a powerful cyberattack visualization and management tool. With it, you can identify targets, get exploit recommendations and simulate many types of attacks.
Armitage lets you browse file systems, log keystrokes, grant privileges, scrape password hashes and more.
It’s invaluable in any hacker’s toolkit, and it comes preloaded on Kali Linux.
Wireshark makes it easy to trace network activity, inspect web traffic and analyze data packets. It lets you view nearby WiFi devices, identify traffic destinations and monitor your network.
When dealing with web-based attacks in Kali Linux, Wireshark is a must-have piece of software.
John the Ripper
This uniquely-named program is one of the most popular and powerful password crackers.
It can perform both dictionary and brute-force attacks to crack encrypted passwords. Additionally, it can extract password hashes from many types of databases.
Used for testing web applications, Burp Suite includes a proxy server, scanner, intruder, repeater, spider and more.
You can scan web apps for vulnerabilities, perform automated attacks, intercept traffic and perform many other security tests.
What Are Some Kali Linux Alternatives?
If Kali Linux sounds appealing but seems too complicated for you, good news!
There are alternatives that are more user-friendly and come with many of the same benefits.
If You’re Interested in Linux: Try a Different Distro
Linux is great: it’s free, it’s open-source and it’s highly customizable.
It’s generally far more secure and private than Windows. And, unlike Kali Linux, many distros are perfect for everyday use.
Ubuntu is the most popular Linux distro and is ideal for beginners. It combines the usability of Windows with the security of Kali, minus the hacking tools.
If You’re Interested in Security: Get a VPN
Kali can help you hunt a hacker down, or even become one yourself.
But if you’re just looking to protect yourself from hackers and other online dangers, try a VPN instead.
A VPN encrypts your web traffic, protecting you from all kinds of threats. WiFi hackers won’t be able to steal your data, your ISP can’t see what you’re doing and the government can’t monitor you.
Not even the tools that come with Kali Linux can crack a VPN’s military-grade encryption!
VPNs also let you change your IP address and location at will. Nosy website owners won’t be able to pin you down, and web trackers will be kept off your trail.
Plus, you’ll be able to unblock websites that have been censored by work, school, your ISP or the government. And geo-restricted content on Netflix and other sites will be unlocked as well.
For a few dollars a month, a VPN will open the full internet up to you — and protect you from the dangers within it.
Summary: Kali Linux is a must-have for serious cybersecurity enthusiasts, ethical hackers, and professional pen-testers. But for the average user, it’s probably overkill.