Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kali Linux, Successor of the BackTrack Penetration Testing Distro, Launched

Posted by Unknown on from the no-one-is-safe dept.

mask.of.sanity writes "Kali, the sixth installment of the BackTrack operating system has been launched. The platform is a favorite of hackers and penetration testers and has been entirely rebuilt to become more secure, transparent and customizable. Metasploit too has been rebuilt to be more stable with an optional noob-friendly interface. Kali even works on ARM devices and comes ready to go for your Raspberry Pi." The big new feature is that it's been repackaged as a flavor of Debian, instead of using their own custom packaging magic.

59 comments

  1. IPX over Kali by tepples · · Score: 3, Funny

    The last time I checked, Kali was some sort of VPN to tunnel IPX (NetWare protocol) over IP. It appears to have been popular when Warcraft II was around. Oh well, there are only so many names for things.

    1. Re:IPX over Kali by Yannic · · Score: 2

      The last time I checked, Kali was some sort of VPN to tunnel IPX (NetWare protocol) over IP. It appears to have been popular when Warcraft II was around. Oh well, there are only so many names for things.

      Kali/Kahn. Sluggish over a modem, but incredibly fun, and much easier to set up than making Real Life friends with parents that would let them lug the computer around for a LAN party!

      \/\/\/

    2. Re:IPX over Kali by dAzED1 · · Score: 1
      last I checked, Kali was some sort of Hindu goddess with 4 arms, that likes to stick her tongue out. That might not be as old as a VPN tunnel though...

      (After googling "kali," why did you pick that of all things as prior-name?)

    3. Re:IPX over Kali by wbr1 · · Score: 1

      Kali was the succesor to iFrag. Before iFrag was iDoom. I was an iDoom beta tester. Am I dating myself? Sigh..

      --
      Silence is a state of mime.
    4. Re:IPX over Kali by Anonymous Coward · · Score: 4, Funny

      Am I dating myself? Sigh..

      It depends. Is one of your hands your new girlfriend? If yes, then you are dating yourself.

    5. Re:IPX over Kali by Anonymous Coward · · Score: 0

      The last time I checked, Kali was some sort of VPN to tunnel IPX (NetWare protocol) over IP. It appears to have been popular when Warcraft II was around. Oh well, there are only so many names for things.

      I used to play Decent on that program. Ahh the memories.

    6. Re:IPX over Kali by Anonymous Coward · · Score: 0

      last I checked, Kali was some sort of Hindu goddess with 4 arms, that likes to stick her tongue out. That might not be as old as a VPN tunnel though...

      (After googling "kali," why did you pick that of all things as prior-name?)

      Because he logs into Google to search, and/or accepts any and all cookies. So Google checked his personal use history, and bumped results related to slashdot articles and internet lingo to the top, and pushed the Hindu goddess onto page 2 or 3. Since he didn't bother reading past page 1 on his results, he never saw that one.

    7. Re:IPX over Kali by Anonymous Coward · · Score: 0

      Who else is dating you?

    8. Re:IPX over Kali by Anonymous Coward · · Score: 1

      I'm glad you were good at the game, but what game?

    9. Re:IPX over Kali by unixisc · · Score: 1

      So we have a BSD named after Shiva (Mahesha BSD) and a Linux named after Kali? Awesome ;-)

    10. Re:IPX over Kali by MillerHighLife21 · · Score: 1

      Used to play so much Duke Nukem over Kali on my 56k modem back in the day.

      --
      "Don't teach a man to fish, feed yourself. He's a grown man. Fishing's not that hard." - Ron Swanson
    11. Re:IPX over Kali by Aizenmyou · · Score: 1

      I actually still have my Kali reg codes to this day. (kali.net)

    12. Re:IPX over Kali by antdude · · Score: 1

      Yep, I thought this was about that old Kali program. I still have my serial number!

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    13. Re:IPX over Kali by rmstar · · Score: 1

      The last time I checked, Kali was some sort of VPN to tunnel IPX (NetWare protocol) over IP. It appears to have been popular when Warcraft II was around. Oh well, there are only so many names for things.

      They could have called it Cali Linux, which would have been a little more original and also fitting.

  2. FFS stick with one name. by ledow · · Score: 4, Insightful

    FFS stick with one name.

    Isn't this the distro that went through WHAX, Whoppix, etc. before becoming BackTrack?

    Pick one damn name and stick with it.

    1. Re:FFS stick with one name. by Anonymous Coward · · Score: 1

      and it was Auditor/remote-exploit before that. Max Moser was primary in that, it was very good (not that the successors were not).

    2. Re:FFS stick with one name. by Anonymous Coward · · Score: 0

      How dare you insult the name of Kali?!

      Kali ma! Kali ma! Kali ma shakti de!

      ...and now your heart is a paperweight.

    3. Re:FFS stick with one name. by Anonymous Coward · · Score: 5, Funny

      Pick one damn name and stick with it.

      Sounds like they need to stop backtracking on names.

    4. Re:FFS stick with one name. by Chris+Mattern · · Score: 2

      Prepare to meet Kali. In Hell!

    5. Re:FFS stick with one name. by Anonymous Coward · · Score: 0

      Aqua Teen Hunger Linux!

    6. Re:FFS stick with one name. by Zero__Kelvin · · Score: 1

      Right. If you are going to change things completely at least use the same name so I won't know it is different!

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    7. Re:FFS stick with one name. by game+kid · · Score: 1

      Don't worry. They'll eventually (air)crack the code for a proper name and find one they can (n)map their system to.

      --
      You can hold down the "B" button for continuous firing.
    8. Re:FFS stick with one name. by Anonymous Coward · · Score: 1

      *Snort* Yeah right, it seems their Kismet to be un-Able to find a name that no one has a BeEF with.

    9. Re:FFS stick with one name. by Jane+Q.+Public · · Score: 2

      You mean like Windows 8?

    10. Re:FFS stick with one name. by cbiltcliffe · · Score: 1

      This rename actually makes sense. Previously, with BackTrack, it was almost an LFS approach. Installing it on a hard disk was a complex, multi-step process that could go wrong as easily as it could go right. It involved booting the live CD, creating all the partitions/filesystems on your HD, mounting them, and then copying all files from the running live CD over to your HD manually. Manually, as in "cp -a". Then you had to configure the bootloader, again manually, to make sure it would boot from the HD after removing the live CD.
      Sometime along the way, somebody wrote a GUI script to do the install visually, but I never managed to get it to work properly, despite numerous attempts over numerous versions. It always either hung for hours, or finished up, but on reboot the installed system wouldn't come up, or whatever. Eventually I gave up, and just did all my installs manually from the get go.
      Now, not only were all these steps necessary for an initial install, but they were also necessary for upgrades, because there *was* no upgrade path from one version to the next. It was a clean install, or nothing.

      Kali, on the other hand, is a complete rebuild based on the Debian packaging system. You can install it over the network, like Debian, you can pick the packages you want, like Debian, and most importantly, you can upgrade from one version to the next seamlessly, simply by updating your apt sources, like Debian. You can also build your own custom live CD using Debian's live-build scripts, which was all but impossible with BackTrack.

      Its purpose is the same, and it was designed by the same group of people, but it really is a completely new distro.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
    11. Re:FFS stick with one name. by TuxWithoutPants · · Score: 1

      What's wrong with dictionary hacking your own name?

    12. Re:FFS stick with one name. by ledow · · Score: 1

      Heard the same for Whax (Let's base on Slax because it's easier to..... blah blah blah), Whoppix (let's base on Knoppix because it's easier to.... blah blah blah) and Backtrack (let's start again with LFS this time [I think, correct me if I'm wrong]... blah blah blah). And now they've gone around again. I've never seen one distro go through so many base distros in all the time I've been using Linux. It's just ridiculous.

      You know what? I just want to run the damn tools, whether from LiveCD or install. I couldn't care less what packaging they use because the point of the distro was to be a pen-testing distro, so it should all come pre-installed and I just update (in whatever manner) when necessary. What damn distro it's based on, I couldn't care less.

      But I *do* care about being able to find the damn thing or point over people to it when they need it and it changing name every year is just unnecessary hassle and hindrance. Why not just stick with a name, and change the underlying distro? Who would care? Who would even notice on a pre-packaged, single-purpose distro? It's not like you're going to be running your desktop apps on it, or using it on servers.

      Every year they basically wipe themselves off Google and it's not the sort of thing you download every day to keep up with it. And, to be honest, I have had no idea if they ARE the same people each time - and for a pen-testing distro that's not reassuring, and I shouldn't have to go verifying it.

      Pick a name, stick with it. What you do to the internals, I don't really care so long as I can use the tools you advertise to have pre-installed (and this latest distro? Doesn't tell you the list of tools it's got but the old BackTrack website does!). But if you jump around websites, change name, and change everything underneath all the time, then I question what exactly you're doing that for and - also - whether I can trust you to fix more important issues than might be lingering on a pen-testing machine than which command I use to update or what your package format is.

    13. Re:FFS stick with one name. by Zero__Kelvin · · Score: 1

      Exactly my point.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  3. Sounds like a movie by Bob+the+Super+Hamste · · Score: 3, Funny

    Penetration testing with a Raspberry pi, sounds like a movie to me.

    --
    Time to offend someone
    1. Re:Sounds like a movie by Anonymous Coward · · Score: 0

      But is it good enought for food for thought?

    2. Re:Sounds like a movie by vikingpower · · Score: 1

      Could even be a damn good movie. BTW, similar toolage already exists

      --
      Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
    3. Re:Sounds like a movie by sheehaje · · Score: 1

      or a youporn description

    4. Re:Sounds like a movie by Anonymous Coward · · Score: 0

      didn't the protag of the recent Tron movie hack a server with a nokia n900?

    5. Re:Sounds like a movie by OakDragon · · Score: 2

      Back track... penetration... dammit, Google, foogled again!

      --
      Dark Reflection
    6. Re:Sounds like a movie by Anonymous Coward · · Score: 0

      Eh, they're not the best to be running too much load on obviously, but their small size and low cost makes them fairly good for plugging in somewhere and hiding them as a pivot point into the network, providing you have it running a reverse ssh tunnel or otherwise connecting back out from behind the firewall. Having a lot of the Backtrack (or now, Kali) tools on said pivot point is certainly not without merit.

  4. dont care by Anonymous Coward · · Score: 0

    wys? raspberry? i hope for this distro, because i wanna crack wireless from my tv !

  5. kali? by bcong · · Score: 2

    kali /käl/ The most terrifying goddess, wife of Shiva. She is typically depicted as naked, old, and hideous. She is sometimes associated with empowerment. To be fair this is a great name, after all to most IA/security folks I have to deal with... backtrack truly is terrifying to them

    1. Re:kali? by Anonymous Coward · · Score: 0

      kali /käl/ The most terrifying goddess, wife of Shiva. She is typically depicted as naked, old, and hideous. She is sometimes associated with empowerment.

      To be fair this is a great name, after all to most IA/security folks I have to deal with... backtrack truly is terrifying to them

      kali /käl/ The most terrifying goddess, wife of Shiva.

      Apparently her terror is completely neutralized by magic rocks. I'd expect the same is true of the distro... rock smashes penetration tester.

  6. Works on Chromebook also, apparantly by Bearhouse · · Score: 2

    http://docs.kali.org/armel-armhf/install-kali-samsung-chromebook

    Alternatives here...

    http://www.concise-courses.com/security/top-ten-distros/

    1. Re:Works on Chromebook also, apparantly by Neuroelectronic · · Score: 0

      I wonder what precautions, if any Kali took when being ported to ARM Cortex? I guess you just have to accept the possiblity that your Hypervisor is interfering with your network data.

  7. The WHAT distro? by loonwings · · Score: 0

    Mmmm. Backtrack penetration.

  8. Kali motto: the quieter you become... by vikingpower · · Score: 1
    ...the more you are able to hear.

    Sounds like the best motto or quip a Linux distro ever had.

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
    1. Re:Kali motto: the quieter you become... by Anonymous Coward · · Score: 0

      The Backtrack (now Kali) group has had that motto for quite awhile now. When I first looked at it when Backtrack was version 4, they had that motto. But yea, that motto follows one of my personal motto's (maybe because I'm an introvert?).. "Say nothing, see and hear everything."

  9. Its a great project but... by DarkOx · · Score: 4, Interesting

    One thing that I have never understood is why is Backtrack/Kali a distro in the first place. Why not just release a set of packages with a meta package to require the others if you chose deb, or rpm, if you want to run on Ubuntu/Debian/RH/Centos or as like a Slackware diskset with tag files if you go that way?

    I can understand most users not wanted to plot the packages into their regular install they actively use. There are lots of tools that need setuid etc and specific versions of libraries you might not want around on the system for other reasons. Still if it was just a package set it would make it easy to install in a Linux container or chroot environment without having to run in a full VM. It would make it much easier to install a subset of the functionality if you have domain specific needs on your main install as well. At the same time it would make it no harder to install on a VM or dedicated portable, just install the distro than slap the packages on. Its not as if anyone doing anything useful with msf etc can't manage to do installpkg kali-*.tgz, or apt get kali or whatever.

    Don't take the is post as knocking the project; I really mean it as just asking a question and stating some reasons why I think a different approach might make some sense. This is an amazingly well put together tool. I am sure there is a ton of effort that went in continues to into getting all those packages built and playing nice with each other. Lots of the code and build scripts etc for those tools are not exactly what you would ordinarily call release ready. Having tried to package some of them myself along the way I fully aware of this. I know the maintainers also have to put lots of effort into making sure they don't package anything that really is malicious too; which is no small task.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    1. Re:Its a great project but... by Anonymous Coward · · Score: 1

      The reason for a completely different build is because they change the OS to be even more secure than what a standard distro would be. You can add the backtrack (kali) packages manually if you want to install them into a standard distro though.

      http://hacktalk.net/*nix-support/adding-backtrack-repositories-to-ubuntu/

    2. Re:Its a great project but... by Zero__Kelvin · · Score: 5, Informative

      "One thing that I have never understood is why is Backtrack/Kali a distro in the first place. Why not just release a set of packages with a meta package to require the others if you chose deb, or rpm, if you want to run on Ubuntu/Debian/RH/Centos or as like a Slackware diskset with tag files if you go that way?"

      Because they need a fully customized configuration with complete control over so many things in order for them to work properly. The kernel has to be configured "just so" or packages will not work. The network interfaces default to disabled at boot time. Almost everything needs root privileges to run. The goals for a secure server or desktop OS and Kali are so radically divergent that it makes absolutely no sense to try to mix the two.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    3. Re:Its a great project but... by Anonymous Coward · · Score: 1

      Additionally some of the custom drivers for things like packet injection are a right pain to switch back and forth on a daily use system.

    4. Re:Its a great project but... by 0100010001010011 · · Score: 1

      This. I had a problem with packet injection on my RTL wifi card on my 'normal' Debian distro. The solutions online were to revert to an older version of the driver, recompile drivers. But then that killed my ethernet card because it wasn't compatible with something.

      BackTrack has everything configured and setup so stuff like this just works(tm)

    5. Re:Its a great project but... by Anonymous Coward · · Score: 0

      How about a liveCD environment?

    6. Re:Its a great project but... by Anonymous Coward · · Score: 0

      I would say its a damn sight less secure by the nature of running everything as root with all sorts of custom drivers. :-)

      But it works for pen testing and that's the point.

    7. Re:Its a great project but... by Anonymous Coward · · Score: 0

      I don't really consider it a distro that is intended to be used for day-to-day work (unless of course you are a security auditor)

      I just fire it up in a VM for when I want to do any security work and then shut it down when I don't need it.

  10. Why? by endianx · · Score: 0

    Can someone please explain to me why one would use this distro instead of just installing packages with Debian? I've never understood the appeal.

    1. Re:Why? by Jane+Q.+Public · · Score: 4, Informative

      "Can someone please explain to me why one would use this distro instead of just installing packages with Debian? I've never understood the appeal"

      See the reply to a similar question further up.

      The short answer is: because all the privileges and configs have been pre-set-up so everything just works. You would have to do an awful lot of diddling a standard *nix distro in order to do the same thing. This way, you just install. Somebody else has already done the (considerable amount of) work.

    2. Re:Why? by Anonymous Coward · · Score: 0

      its ready made, supposedly wit hall the things you need right out of the box. now if you have it on a pen drive makes it even easier to use anywhere with little to no config. on the other hand, if you have Debian already loaded or any other distro on a machine, sure just load the packages you need/want and make your own.

    3. Re:Why? by Anonymous Coward · · Score: 0

      I haven't found it difficult at all to set up a system for security work.

      Slightly more difficult than setting up a distro for normal desktop work, but no more difficult than setting up a development machine.

      Certainly not so difficult that I have ever found even the slightest amount of value in using Backtrack

  11. Now that I have actually used Kali ... by Anonymous Coward · · Score: 0

    It is still rough around the edges. The older BackTrack seemed a better product. But my comments need to be tempered by perception bias, I am used to BackTrack and Kali is new. Comments about the naming are ridiculous, go use it and then comment about the good and bad of functionality .

    Kali has enormous potential and as it develops and has upgrades rather than a re-install it will no doubt shine and supercede BackTrack.

    The standard compliment of exploitation tools is available, with a couple that were dropped that I liked. Upon digging it was apparent that the switch from Ubuntu to Debian caused the loss of some applications. Tried adding them and that just broke other dependencies so it is a fragile system. And that to me is the way to describe it at the moment, as an operating system it is fragile, needs work and needs better tools just to manage the box it is running on.

    But in terms of exploits it is first rate with one exception. Metasploit now forces you to register even to use free version and it is always phoning home to Rapid7. When doing pentesting or pretending to be an evil doer, phoning home to see what hacks you are using and on what system is not desirable. Script kiddies using this will absolutely get caught.

    I suspect that was one of the motivations that white hats would register for legitimate use and black hats would unknowingly leave a trail of bread crumbs so they are caught. If you have experience it can be worked around but the crowd that loves a gui to cause mayhem my find out that they have been the subject not the attacker.