Frequently Asked Questions (FAQ)

Kali Linux is an open-source, multi-platform distribution geared towards various Information Security tasks, such as Penetration Testing, Security Research, Computer Forensics, Reverse Engineering, Vulnerability Management, and Red Team Testing.

As Kali Linux is multi-platform, it gives you a strong, stable, known baseline to operate from regardless of where you use it, such as:

• Bare metal - Desktops, laptops and netbooks, and servers
• Virtual machines - VMware, VirtualBox, Hyper-V, and QEMU
• Live environments - DVDs and USB drives
• Cloud - AWS, Azure, and Linode
• Containers - Docker, Podman, and LXC/LXD
• WSL - Windows Subsystem for Linux for Windows 10 and higher
• ARM SBC - Raspberry Pis and PineBook etc

Kali Linux is a professional penetration testing focused Linux distribution, and can be used for practice of offensive and defensive tactics, out-of-the-box.

You can learn even more about Kali Linux and its features, history, and initial release in our documentation.

If you are a security assessor then yes, as Kali Linux is a penetration testing focused Linux distribution. Kali Linux’s releases have been through various checks and tests to give as much of a stable environment as possible when working in isolated air-gap networks.

If you are trying to break into the information security industry then yes! Kali Linux can help you by giving access to a wide range of tools at your fingertips allowing you to learn and practice as much as possible.

If you are exploring or curious about security, then yes! Kali Linux can help you scratch that itch quickly and get your feet wet as everything you need is ready out-of-the-box.

If you are not doing frequent penetration assessments or not able to have a dedicated machine just for this, then you can still use Kali Linux. With some alterations, you can modify your setup to make it more of a “daily driver” OS, allowing you to do more transitional day-to-day activities such as “office work”, or playing video games.

Yes!

Should you choose to use Kali Linux in this way, you are able to make it more of a generic Linux system, as long as you are willing to learn and adapt your system to the various scenarios.

If this is case, we would recommend removing as many security tools as possible, which is easier during installation by not selecting packages. Afterwards, further modifications can be done utilizing kali-tweaks to harden:

• Kernel
• OpenSSL
• Samba
• SSH

You also may want to switch to the kali-last-snapshot branch, which will reduce the frequency of updates.

Yes!

Kali NetHunter is a free and open-source Mobile-Based Penetration Testing Platform for Android devices, with Kali Linux features built-in.

Kali NetHunter is made up of:

• A Kali Linux “container”, that includes all the tools and applications that Kali Linux would provide (utilizing a chroot)
• Kali NetHunter Desktop Experience (KeX), which fully runs a Kali Linux desktop session. This has support for screen mirroring via HDMI or wireless screen casting
• A Kali NetHunter App, which is a wrapper to quickly launch common commands, items, and attacks.
• A Kali NetHunter App Store and client in order to include even more purpose-built security apps.

Because Android is used as the base, you can install it on a wide range of mobile devices, such as smartphones, tablets, and even smartwatches! There are pre-created images, otherwise you can create one yourself for your device.

Kali NetHunter and Kali NetHunter Pro Both are free and open-source - Kali. Does. Not. Cost.

The difference between Kali NetHunter and Kali NetHunter Pro is what they are based on:

• Kali NetHunter is based on Android - As a result, most Android devices are supported.
• Kali NetHunter Pro is based on Linux - Which is only supported on a very limited number of devices.

Kali NetHunter Pro is more similar to Kali Linux, as they both are using Linux.

Kali NetHunter Pro is still being developed and quite early in its life cycle, for more information see our Kali NetHunter Pro announcement blog post.

Kali Linux is neither slow or bloated.

In general, Kali Linux:

• Competes with other distributions’ boot timing.
• Uses Xfce as the default desktop environment, and with only a limited amount of standard supported plug-ins, which makes it very light on resources.
• Has a default pre-installed tool selection that covers only what is required to complete most modern penetration assessments, without having many duplicate tool functionality and techniques.
  • We have also made it as simple as possible to remove every pre-installed tool by using “metapackages” to allow for fine granular control later, or expand from the default techniques offering to cover even more scenarios, reaching for edge-cases (perfect if you are doing air-gap work).

Slow

When saying that Kali is “slow”, do you mean Kali Linux is “slow” at starting up? Or do you mean when using Kali Linux, when inside the desktop, clicking about?

Over the years we have taken actions to reduce the footprint of Kali Linux to lower system requirements. This was mainly to benefit lower specification machines to gain better performance.

An example of this was switching from GNOME to Xfce in November 2019. We have always used either Xfce or headless for our ARM Single Board Computers (SBC), whereas our desktop images would use GNOME. We wanted to create the same experience regardless of the platform. As we also noticed a uptick trend in people using VMs more. This meant some of the more rich features, such as touch screen support, which GNOME offers, was not required thus Xfce was better suited. Summary: More features, required more resources - which most users did not require.

Another item is our default disallow network service policy. We have always had this in place, which means any externally-listening services do not come up by default. A side effect of this means, unless users configure them to, less daemons are running during start-up.

Bloated

With regards to being “bloated”:

• Commonly people mean the amount of default pre-installed packages are too many or not as relevant to them.
• Otherwise, it is the amount of services running is too high for them.

With what packages get installed by default, we are continuously fine-tuning our selection which makes sure that Kali Linux is able to adapt and be relevant for current networks and modern infrastructure. We understand that not every assessment has the same scope, as well as the age of the networks differing vastly. On top of that, users may specialize in certain sections. As a result, we need to cover as wide selection as possible, but yet still be relevant. We re-evaluated and reduced duplicate/overlapping features/functionality when multiple tools are able to achieve the same technique and at this stage, we migrate the tool out of the default pre-installed tool listing to our “legacy” option (kali-linux-large) which can be selected during installation. This option allows you to choose your preferred/familiar tool to achieve the same action, rather than how to complete the technique, rather than breaking users workflows.

With all of this, we did a big push in September 2019, to make it easier to choose during setup:

• Nothing - No pre-installed tools, just the core items to operate, allowing you to hand pick exactly what tools you want

• Default - Items required for common assessments.
• Large - This is to reach more un-common “edge cases” on assessments, with a choose of multiple tools.

If you are saying Kali Linux is bloated due to the amount of services running, like before, our default policy disallows network services. Local services, as Kali Linux is based on Debian, are also a talking point as there are some Linux users who believe this eco-system and approach is not required for them which is why they prefer even more fine grain control of packages by using OSs such as Arch Linux or Gentoo Linux. We feel that we have what is necessary for Kali Linux to operate in a modern penetration assessment, but should someone disagree they can create a custom ISO to disable these by default.

The pre-installed tools is a fine line. InfoSec is a fast moving, quick changing item. Many “common” or “hot trend” techniques being used now were not 5 years ago, and will not be in 5 years. As a result, the tools required change. So our pre-installed tools do too.

Out-of-the-box, we try and cover what you would “typically” see in a penetration assessment “today”. We also have an option to expand this with metapackages, such as kali-linux-large.

There are multiple tools which have overlapping features or techniques, and we are looking to cover technique coverage rather than “what tools”.

We cannot please everyone out-of-the-box, which is why we aim to make it as simple as possible to support as many users and use cases as possible. Depending on why you are using Kali, what you want to use Kali for, yes, there could be a percent of tools/packages that you may not need (only doing web tests? Don’t need Wi-Fi!)

Out-of-the-box we have selected only the essential tools to do a generic penetration test for a typical assessment. It is possible to install more, or less, tools by selecting which collection of tools you desire during installation. This can also be modified later by utilizing apt and installing or removing metapackages.

Not since January 2020!

Kali Linux (and BackTrack Linux before it) used to use root as the default user. This was primarily due to many of the tools which used to be included by default, requiring additional privileges to function. As Kali Linux adapts over time to match what is commonly found in modern penetration assessments, more tools today now operate in user-land rather than needing kernel access. As a result, we have introduced user-creation during installation and a standard user for our pre-made images.

There are still a limited amount of tools which do require these extra privileges. When selecting them through the menu, they will automatically be launched in a root terminal. Using the command line, a “helper script” will have been installed to act as a wrapper to get your attention. We will always recommend taking the time to get to know and understand the tools which you are running. A good example of this is Network Mapper (Nmap). It is able to perform a network port scan when in user-land. However, it will change its default scan method when there are elevated permissions.

Should you wish, you can still use the root account, by default, without logging into a personal account and then switching to it. We discourage doing this unless you know what you are doing and are using Kali Linux for generic activities, and not for penetration testing.

We would encourage daily activity, and generic usage, to be done as much through a non-root access as possible.

It lowers the security of your system.

If your machine gets compromised (either by an out-dated network service running, or 0-day client-side attack, or any other means), there is no privilege escalation required. The adversary would have complete control over your machine, data, and access.

Running as a non-root user helps to lower this risk, as it adds another layer of defense. Other steps can be done to further secure your machine such as using AppArmor or SELinux. You can also follow some other practices to increase security.

We have a