Kali Linux is an interesting suite of programs (estimated at over 300 applications), which enables many different kinds of IT security tests to be carried out. This collection of software is designed to help testers and digital forensic science experts identify holes in company networks, exploits and much more.
The concept of Penetration testing is closely related to ethical hacking and in a similar way, it is usually requested from cyber security experts by large companies. In order to carry it out, specific applications are required, depending on the type of bugs that you are trying to find. The new Linux distribution gathers together all the best programs for the execution of a wide range of tests.
Kali Linux in detail
There are many reasons why Kali Linux is rapidly becoming the most popular suite with those working on security in Linux environments. First of all, it is based on Debian, a more recent and very stable version of the well-known open source operating system.
Furthermore, it is designed to operate from Live CD or Live USB, which means that this distribution can be launched from an external support (USB or CD), without needing to install it onto the PC for testing. This means that no trace of the running of the programs themselves is left.
Its other distinguishing feature is the possibility to personalise the installation of the programs. As already mentioned, Kali contains over 300 applications devoted to cyber security, each of which is suitable for a specific type of test.
It is not, however, always necessary to use all of them, so the technician can decide to create an installation package containing only those required to carry out specific tests. This characteristic adds considerable flexibility to the tasks that the suite can be used for.
Some interesting Kali Linux programs
Kali Linux developers based their creation on BackTrack, an application which featured similar but much more limited functionalities. With this new distribution, which is more dynamic and up to date, they aimed to provide the chance to adopt a single instrument containing all the most important tools for IT security testing.
Here are some examples of the programs to be found in Kali and their main functions:
Nmap, a port scanner used to identify anomalies;
Wireshark, a sniffer when enables monitoring of data flow, while collecting useful information such as IP addresses etc.;
John the ripper, a password decipherer which works both for system as well as network passwords;
Aircrack-ng, an excellent program for carrying out penetration tests on wireless networks.
These applications alone are sufficient to provide a clear picture of the enormous potential of Kali Linux. The broad spectrum of functionalities however, has become a source of concern for some, who believe that Kali is too powerful an instrument and could potentially be used for malicious purposes.
Is Kali Linux a quick way to become a hacker?
One of the biggest criticisms levelled at the Linux’s cyber security distribution is that it is an instrument which can be abused for the purpose of committing cyber-crime. This is a more than reasonable objection, considering the tools included in the suite, but also as a result of a lack of awareness.
It is not possible to become a hacker simply by using Kali Linux, as this would require a vast knowledge of the open source operating system. Certainly, many tools have a simplified graphic interface, but others are equipped with lines of command which you would need to be familiar with.
In brief, it is not possible to commit cyber-crime merely by installing Kali Linux on a USB pen-drive. You also need knowledge, ability and skills, which can only be honed through years of study and practice.
Translated by Joanne Beckwith