In recent years, the Debian-based Kali Linux has developed into one of the best Linux distributions for IT security audits and is therefore very popular with network and system administrators. In the recently released 2.0 version, the developers have not just redesigned and visually enhanced the main parts of the operating system but have also introduced some innovations under the hood.

With Kali Linux, you always have the option of live operations or installing on a local disk. Debian is still used as the base system – although this does not exclusively mean benefits – primarily for the reason that Debian doesn't inherently give you proprietary drivers and files. In a local installation, a routine launches to help you configure network access; this also means wireless network connections. If the computer has a wireless card that requires proprietary firmware, this is only available after the corresponding firmware files have been integrated. Problems therefore occasionally arise, particularly with cutting-edge hardware components.

Kali Linux is available in a variety of customized versions [1]. As well as the approximately 3.1GB full versions for 32- and 64-bit architectures, there are also significantly smaller light and mini versions, each for the common Intel processor architectures. However, they naturally come at the price of a scaled-down software configuration. It is therefore a good idea to use the full version on newer computer systems with corresponding storage capacities.

The conventional ISO images for standard PCs are suitable both for burning onto optical disks and for using USB flash drives. You can also use the latter with persistent storage areas if necessary, which significantly increases the system's flexibility [3]. The project offers ISO images for ARM computers for small computers like the Raspberry Pi and for Chromebooks [2]. Customized versions for operation on virtual machines like VMware and VirtualBox complete the offering.

Getting Started

Once the live version has booted to the Gnome desktop, a few visual changes really stand out compared with the previous version. For example, the developers have changed the entire menu structure. A total of 13 program groups, which can be accessed via the main menu, now bundle hardening applications (Figure 1).

Figure 1: An important aspect of the new design relates to the new menu, which provides significantly more order than before.

You will find all the conventional application programs in the Usual applications menu item. Visually speaking, the Gnome desktop has been enhanced by native support for 3D effects. This means that transparency effects and partly animated windows now also appear on less powerful graphics hardware. Fortunately, the desktop uses these effects so unobtrusively that they don't interfere with your work (Figure 2).

Figure 2: Kali Linux offers plenty of enhancements in the live version – both visually and functionally.

Software

Much has changed in terms of the actual software, too. Like before, all the relevant tools for identifying security problems in networks are included in the latest version. However, there are a few cutbacks with Metasploit. Although previous versions of Kali Linux provided Metasploit Pro and Community alongside the actual framework, these are both missing in the latest version. Any other variants need to be installed manually because the developer Rapid7 has not yet released its software for the new version of Kali Linux. Corresponding installation instructions can be found online [4].

The significantly reduced software inventory in the individual menus is very apparent. The developers systematically removed all multiple entries and some of the applications that are rarely used. The update cycles are also another major new feature: Version 2.0 of the distribution has adopted a rolling-release model, meaning that new versions of packages are constantly appearing in Kali Linux. This includes updates for individual tools – version leaps are a thing of the past.

Installation

Kali Linux still uses the Debian installer for the installation. You can either access it from the GRUB boot menu or start it in the live system via the Usual applications | System Tools | Install Kali . This routine copies the system to your mass storage device after prompting you for some parameters, such as the password and partitioning schema.

After restarting, a customized Gnome desktop appears with the full versions by default. There you will find a few frequently used tools such as the Metasploit framework, the Burp Suite for penetration tests for web applications, or Maltego – a tool for data mining in social networks – in the quick launch bar on the left running vertically on the screen. The Display Applications icon is at the bottom: This function lists all the installed applications and also provides a search function to help you quickly find programs.

Due to further customizations, such as the introduction of multi-level menus, the requirements for main memory in the minimum configuration increased with Gnome 3 to 768MB. Kali Linux offers full support for many other working environments for the first time, including Xfce, LXDE, and Enlightenment E17 so that the system will also run smoothly on older hardware.

Updates

Although the project already delivers the distribution with a 4.0 kernel and many up-to-date system programs, you should still look out for regular updates. You will need to update the system yourself because updates are not installed automatically. To do this, access the Package Update entry in the Applications | Usual Applications | System Tools menu. Then, update all the packages using a graphical tool (Figure 3). As is usual with Debian systems, command-line users can also use the apt-get option.

Figure 3: Kali relies on the user's cooperation when updating the system, but it offers an attractive graphical interface for doing so.

Range of Uses

Kali Linux, with its huge wealth of software, covers almost all hardening functions, and they aren't limited to either home network, company intranet, or specific access technology. The system is based on procedures used by professional administrators and makes light work of standard tasks. You will find several useful preconfigured tools such as DMitry, Ike-scan, Netdiscover, Nmap with the graphical front-end Zenmap and p0f that help give you an overview of any network. Maltego, which is used for data mining on the Internet, occupies a special position.

The Vulnerabilities Analysis menu bundles numerous tools that make it possible to locate problematic settings on the network using various test routines. Included is the most comprehensive tool for analyzing vulnerabilities, OpenVAS. The Kali developers have already customized this tool, which is usually complicated and time-consuming to install, to the extent that it is ready for use immediately after completing the initial setup by clicking on the openvas initial setup entry. You will find programs in the Web Applications submenu that you can use to check web applications for vulnerabilities. They include the usual suspects: Burp Suite, Paros, Skipfish, Vega, and w3af, which take care of problems such as SQL injection or cross-site scripting.

Kali Linux primarily lists tools in Database Assessment that you can use to test the security of SQL databases. The programs from the Password Attacks submenu generate attacks of various kinds on passwords and therefore reveal weak and thus insecure authentication credentials. The Wireless Attacks subgroup concerns wireless network security. As well as the legacy kings of the hill, Aircrack-ng and Kismet, the distribution also provides lesser-known programs such as the WiFi crackers Fern and PixieWPS, which try to guess WPS PIN numbers.

You will find other important tools for security audits in the Exploitation Tools and Sniffing and Spoofing submenus. It is possible to vulnerability check computers on a heterogeneous intranet using exploits with the tools offered here. Thanks to programs such as Ettercap and Wireshark you can also sniff network traffic – for example, to determine whether malware has been smuggled in through holes in the firewall. Kali keeps matching applications for remotely controlling Kali in the Establish Access submenu.

You will find appropriate programs in the Forensics group if you suspect that malware has found its way onto the network that you are examining, or if you need to document certain facts for legal evidence. Using these programs, you can both examine target computers for malware, such as rootkits, and also reconstruct data. Firmware files for operating certain hardware and the system's RAM can be examined using these programs, too.

Documented

Above all, forensics experts need to document each step in detail so that others can understand their work. Kali Linux provides a number of useful tools in the Generating Reports group to facilitate these often annoying documentation obligations. The choice is not limited to reporting software in the narrower sense: CutyCapt, for example, records the WebKit rendering of web pages and outputs it different graphics formats.

RecordMyDesktop also continuously records the whole screen on request, with audio content if necessary. CaseFile, much like its big brother Maltego, is a data-mining tool that links information from various sources and thus creates a detailed picture of a situation. Finally, you can analyze and document password security using Pipal from the Generating Reports menu (Figure 4).

Figure 4: Using CaseFile, Maltego's little brother, you can generate meaningful information through data mining.

Conclusions

Kali Linux 2.0 continues to expand the distribution's already excellent reputation as an indispensable tool for penetration testing and security checks. Although the developers conservatively developed the look, they also completely changed the system by switching to a rolling-release distribution. It is now possible to work more productively and in a more focused manner with the new version of Kali, thanks to major cleanup of the software and menus. Kali Linux should therefore be part of the daily toolset of any administrator entrusted with security tasks.