Kali Linux
The industry-standard penetration testing distribution.
Overview
| Based on | Debian (Testing) |
| Package manager | APT |
| Package format | .deb |
| Release model | Rolling release (based on Debian Testing) |
| Default DE | XFCE |
| Maintained by | OffSec (Offensive Security) |
| Website | kali.org |
What Kali Is (and Isn't)
Kali is a specialized tool for security professionals, penetration testers, and security researchers. It is not a general-purpose daily-driver desktop distribution.
Important: Kali is designed for authorized security testing only. Using these tools against systems you don't own or have explicit permission to test is illegal. Kali is a scalpel, not a sledgehammer.
- Kali IS for: Penetration testing, security auditing, forensics, vulnerability research, CTF competitions, security training
- Kali is NOT for: Your first Linux experience, daily desktop use, "becoming a hacker"
Pre-installed Tool Categories
Kali ships with 600+ security tools organized by category:
- Information Gathering - nmap, Recon-ng, Maltego, theHarvester, Shodan
- Vulnerability Analysis - Nikto, OpenVAS, Legion
- Web Application Testing - Burp Suite, OWASP ZAP, sqlmap, wfuzz, ffuf
- Password Attacks - John the Ripper, Hashcat, Hydra, CeWL
- Wireless Attacks - Aircrack-ng, Kismet, Wifite, Bettercap
- Exploitation - Metasploit Framework, SearchSploit, Social Engineering Toolkit
- Post-Exploitation - Empire, Mimikatz, BloodHound
- Forensics - Autopsy, Volatility, Binwalk, foremost
- Reverse Engineering - Ghidra, Radare2, GDB
- Sniffing & Spoofing - Wireshark, tcpdump, Responder, mitmproxy
Installation Options
- Bare metal - Full install on dedicated hardware
- Virtual Machine - Pre-built VM images for VirtualBox and VMware (recommended for learning)
- WSL - Available in the Microsoft Store for Windows users
- Docker -
docker pull kalilinux/kali-rolling - Live USB - Boot from USB without installing
- Raspberry Pi / ARM - ARM images available
Package Management
# Update and upgrade
sudo apt update && sudo apt full-upgrade
# Install a tool metapackage
sudo apt install kali-tools-web # Web testing tools
sudo apt install kali-tools-wireless # Wireless tools
sudo apt install kali-tools-forensics # Forensics tools
sudo apt install kali-linux-everything # All tools (large download)
# Install individual tools
sudo apt install metasploit-framework
sudo apt install burpsuite
# Search available tools
apt search kali-toolsTips
- Run in a VM for learning. VirtualBox or VMware with the pre-built images is the easiest path.
- Kali defaults to a non-root user (since 2020). Use
sudofor privileged operations. - Learn to use tools individually before relying on automated scanners
- Study for certifications like OSCP, CEH, or CompTIA PenTest+ to formalize your skills
- Practice on legal targets: HackTheBox, TryHackMe, VulnHub, DVWA
Alternatives
- Parrot OS - Similar tool set, lighter weight, has a Home edition for daily use
- BlackArch - Arch-based, 2800+ tools, can be added to existing Arch install
- Pentoo - Gentoo-based security distro