Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.
Kali Linux can be downloaded as a standalone base image, VM-based image, ARM based image (i.e. Raspberry images) or Nethunter image for Android mobile devices.
Official Kali Docker images are provided via the Docker Hub.
kalilinux/kali-rolling is the main image, tracking the continuously-updated kali-rolling package repository.
kalilinux/kali is built from the kali-last-snapshot repository, which tracks the last versioned release and will not get any update until the next release.
Assuming that Docker is installed, Kali can be installed and started like this:
docker pull kalilinux/kali-rolling
docker run -ti kalilinux/kali-rolling /bin/bashKali also provides various Metapackages to install only subsets of its tools.
apt-get install kali-linux (includes just the bare-bone installation of Kali ~1.5GB)
apt-get install kali-linux-top10 (includes the Top 10 Security Tools ~3.5GB)
apt-get install kali-linux-full (includes all of the tools which are part of the ISOs ~9GB)Install the Metasploit Framework
The Metasploit Framework is an open-source based penetration testing platform owned by the security company Rapid7. It contains a suite of tools which can be used to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.
The Metasploit Framework is already pre-installed in Kali Linux 2.0. Requirements, binaries and installation instructions can be found here.
Install Tulpar
Tulpar is an open source web vulnerability scanner providing powerful features.
git clone https://github.com/tulpar/tulpar.git
cd tulpar
pip install -r requirementsInstall Sublist3r
Sublist3r is a python based tool designed to enumerate subdomains of websites using Open Source Intelligence (OSINT).
git clone https://github.com/aboul3la/Sublist3r.git
cd Sublist3r
pip install -r requirements.txt
apt-get install python-requests
apt-get install python-argparse
chmod +x sublist3r.pyInstall Metagoofil
Metagoofil is a powerful tool to extract metadata of public documents (i.e. pdf,doc,xls) available on specific websites.
apt-get install metagoofil