Why Kali Linux for Pentesting

                  Kali Linux For Pentesting

With a plathora of operating systems, there exists operating systems such as kali linux. Kali linux is an open source project that is maintained and funded by Offensive Security.

Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services.

Kali Linux is specifically geared to meet the requirements of professional penetration testing and security auditing. To achieve this, several core changes have been implemented in Kali Linux which reflect these needs:

1. Single user, root access by design: Due to the nature of security audits, Kali Linux is designed to be used in a “single, root user” scenario. Many of the tools used in penetration testing require escalated privileges, and while it’s generally sound policy to only enable root privileges when necessary, in the use cases that Kali Linux is aimed at, this approach would be a burden.
2. Network services disabled by default: Kali Linux contains sysvinit hooks which disable network services by default. These hooks allow us to install various services on Kali Linux, while ensuring that our distribution remains secure by default, no matter what packages are installed. Additional services such as Bluetooth are also blacklisted by default.
3. Custom Linux kernel: Kali Linux uses an upstream kernel, patched for wireless injection.
4. A minimal and trusted set of repositories: given the aims and goals of Kali Linux, maintaining the integrity of the system as a whole is absolutely key. With that goal in mind, the set of upstream software sources which Kali uses is kept to an absolute minimum. Many new Kali users are tempted to add additional repositories to their sources.list, but doing so runs a very serious risk of breaking your Kali Linux installation.

Is Kali Linux Right For You?

Kali is a Linux distribution specifically targated for professional penetration testers and security specialists, and is generally not recommanded distribution if you are unfamilliar with Linux or looking for a general purpose linux desktop distribution for development, web design, gaming, etc.

For security reasons the developement team behind the kali linux is small and trusted with packages signed by the individual committer and the team both. Further, the set of upstream repositories from which updates and new packages are drawn is very small. Adding repositories to your software sources which have not tested by the Kali Linux Development team can lead to a unstable system. Trying to install Steam on your Kali Linux desktop is an experiment that will not end well. Even getting a package as mainstream as NodeJS onto a Kali Linux installation can take a little extra effort and tinkering.
If you are unfamiliar with Linux generally, if you do not have at least a basic level of competence in administering a system, if you are looking for a Linux distribution to use as a learning tool to get to know your way around Linux, or if you want a distro that you can use as a general purpose desktop installation, Kali Linux is probably not what you are looking for.

In addition, misuse of security and penetration testing tools within a network, particularly without specific authorization, may cause irreparable damage and result in significant consequences, personal and/or legal. “Not understanding what you were doing” is not going to work as an excuse.

However, if you’re a professional penetration tester or are studying penetration testing with a goal of becoming a certified professional, there’s no better toolkit — at any price — than Kali Linux.

If you are looking for a Linux distribution to learn the basics of Linux and need a good starting point, Kali Linux is not the ideal distribution for you. You may want to begin with Ubuntu, Mint, or Debian instead. If you’re interested in getting hands-on with the internals of Linux, take a look the “Linux From Scratch” project.