Penetration-Testing Distro Kali Linux 2016.2 Released (kali.org)

← Back to Stories (view on slashdot.org)

Penetration-Testing Distro Kali Linux 2016.2 Released (kali.org)

Posted by EditorDavid on Saturday September 3, 2016 @05:34AM from the Offensive-Security dept.

prisoninmate writes: What's Kali Linux 2016.2? Well, it's an updated Live ISO image of the popular GNU/Linux distribution designed for ethical hackers and security professionals who want to harden the security of their networks, which contains the latest software versions and enhancements for those who want to deploy the OS on new systems. It's been quite some time since the last update to the official Kali Linux Live ISOs and new software releases are announced each day, which means that the packages included in the previous Kali Linux images are very old, and bugs and improvements are always implemented in the most recent versions of the respective security tools. Best of all, the new Kali Linux 2016.2 release comes in KDE, MATE, Xfce, LXDE, and Enlightenment E17 flavors.
Their blog also points out that Kali recently appeared in an episode of Mr. Robot.

54 comments

Min score:

Reason:

Sort:

It would be a great pentest distro... by Anonymous Coward · 2016-09-03 05:46 · Score: 2, Insightful

If they removed all "call home" and other tracking features
1. Re: It would be a great pentest distro... by Anonymous Coward · 2016-09-03 06:06 · Score: 0
  
  ... instead of bloating it with kde and all other window managers.
2. Re:It would be a great pentest distro... by Anonymous Coward · 2016-09-03 07:20 · Score: 2, Insightful
  
  Would you kindly provide some relevant source/evidence about these alleged "call home" and "other tracking features"?
3. Re:It would be a great pentest distro... by Anonymous Coward · 2016-09-03 08:15 · Score: 0
  
  If they removed all "call home" and other tracking features
  Post some evidence, or you're just a troll.
4. Re: It would be a great pentest distro... by Anonymous Coward · 2016-09-03 10:24 · Score: 0
  
  Just make another ISO image without it. They posted an how-to on their website.
  I understand your point about window managers making it bloated. Not only can you exclude window managers but everything else you consider bloatware.
5. Re: It would be a great pentest distro... by Anonymous Coward · 2016-09-03 11:36 · Score: 0
  
  Talking about Windows 10, or..?
6. Re:It would be a great pentest distro... by Anonymous Coward · 2016-09-05 06:52 · Score: 0
  
  Yes would you kindly provide some relevant source/evidence about these alleged "call home" and "other tracking features"? I use Kali everyday pen testing and have NEVER!! seen any "call home" connections to the machine and have NEVER seen any tracking features and like I said I'm in it everyday. The only call home I have ever seen is for checking for updates to the repo servers that's it like any other Linux distro.
  Dude you are a liar and a fool.
Mr. Robot! by Anonymous Coward · 2016-09-03 05:58 · Score: 0

People keep talking about Mr. Robot like there's finally a show that captures some of the flavor of geek culture. Has anyone actually watched it?
1. Re:Mr. Robot! by Anonymous Coward · 2016-09-03 06:19 · Score: 1
  
  Yes.
2. Re:Mr. Robot! by jwymanm · 2016-09-03 06:46 · Score: 1
  
  I enjoy it. It's actually a nice feeling to see real commands (and parameters!) used and even one or two scenarios that don't have barf factors. It's more psychological than computer though. I'd give it 75%/25% psych/comp.
3. Re:Mr. Robot! by Anonymous Coward · 2016-09-03 07:00 · Score: 0
  
  Why not watch it and form your own opinion?
4. Re:Mr. Robot! by Anonymous Coward · 2016-09-03 09:06 · Score: 3, Funny
  
  Why not watch it and form your own opinion?
  How would we know what opinion to form if we don't have someone else's opinion first?
5. Re:Mr. Robot! by Lisandro · 2016-09-03 09:53 · Score: 2
  
  Mr Robot is very hit or miss, specially this last season, but it has overall very realistic depictions of modern hacking. They're not hacking the Gibson.
6. Re:Mr. Robot! by Rick+Zeman · 2016-09-03 12:10 · Score: 2
  
  I enjoy it. It's actually a nice feeling to see real commands (and parameters!) used and even one or two scenarios that don't have barf factors. It's more psychological than computer though. I'd give it 75%/25% psych/comp.
  I'm sure I'm not the only one who's hit pause to check out the commands and syntax for realism....
7. Re:Mr. Robot! by Anonymous Coward · 2016-09-03 23:35 · Score: 0
  
  Yeah, it's a pretty good show. Kali Linux is actually the distro of choice used by the main protagonist. The exploits they use are real. You can even pause the video when it's showing the commands they're using, and they're all very accurate, except for one ip address that was out of range in season 1.
Pentration Testing OS by Anonymous Coward · 2016-09-03 06:42 · Score: 4, Interesting

There are always destructive teenagers that get a hold of it and cause mayhem which is what I'd previously associated it with. Defcon videos (as beautiful for the mind as TED talks) has changed my perception of Kali from a script kiddie OS to a legitimate tool for penetration testers in a professional environment. I was surprised how many Defcon videos mention it or base their entire presentation around it. I've never used it nor have the desire to but I really like what the hacker community is doing with it legitimately. Defcon videos have gone a long way towards changing my opinion of Kali. Coincidentally, I've been watching them for the past couple of days (there are a LOT of videos), some really interesting stuff in there that feeds the creative mind. I'll never have a use for any of the info but it's cool to see them think out of the box. I mean anyone can appreciate creativity no matter what form it takes.
1. Re: Pentration Testing OS by TheMeuge · 2016-09-03 07:14 · Score: 0
  
  So if I use this tool that is designed to penetrate security, and don't commit a crime, then I haven't committed a crime. Yet if I pick up a firearm and don't shoot anyone I can be a criminal. Thought crime?
2. Re:Pentration Testing OS by Anonymous Coward · 2016-09-03 07:15 · Score: 0
  
  Just wait until Bubba is 'penetration testing' your ass in jail!
3. Re: Pentration Testing OS by Anonymous Coward · 2016-09-03 07:44 · Score: 0
  
  So if I use this tool that is designed to penetrate security, and don't commit a crime, then I haven't committed a crime. Yet if I pick up a firearm and don't shoot anyone I can be a criminal. Thought crime?
  It's like buying a chainsaw at home depot somehow makes you another leatherface.. the logic is fundamentally stupid.
  Let's ban all motor vehicles because they could be used to carry stolen goods or even used as getaway cars... yep, stupid.
4. Re: Pentration Testing OS by Anonymous Coward · 2016-09-03 07:51 · Score: 0
  
  So if I use this tool that is designed to penetrate security, and don't commit a crime, then I haven't committed a crime. Yet if I pick up a firearm and don't shoot anyone I can be a criminal. Thought crime?
  Seriously? The law is inconsistent? That's your glorious revelation? You don't even know the beginning of it. Live a few years and you might.
5. Re:Pentration Testing OS by Anonymous Coward · 2016-09-03 10:39 · Score: 0
  
  TED talks are beautiful for the mind? One point against for that language, and another point against for praise of TED talks.
6. Re: Pentration Testing OS by Anonymous Coward · 2016-09-03 11:06 · Score: 0
  
  Wait, what? No, you are not a criminal just for picking up a firearm. What would make you say such a thing?
  Well, you are not a criminal in my country. I live in the U.S. so I am using the applicable laws.
bugs [...] are always implemented in the most rece by Anonymous Coward · 2016-09-03 06:50 · Score: 0

hush! you're not supposed to tell everybody!
"Best of all..."? by WickedLilMonkies · 2016-09-03 07:08 · Score: 1

It is a sad state of affairs when the inclusion of a variety of window managers are the best part of a penetration testing tool, something that ought be used by someone with enough technical know-how to deal with a CLI.
1. Re:"Best of all..."? by Lisandro · 2016-09-03 09:55 · Score: 1
  
  Like it or not, WMs are pretty much a necessity for modern computers, even if you're to work mostly on the command line.
2. Re:"Best of all..."? by Anonymous Coward · 2016-09-03 10:26 · Score: 0
  
  there's that word again, modern. You really should define your terms. In many situations WMs are precisely the thing you don't want on your boxes and "modern" has nothing to do with it, just the tasks at hand.
3. Re:"Best of all..."? by Lisandro · 2016-09-03 10:49 · Score: 2
  
  On which situations, exactly? For workstations or laptops WMs increase productivity, even if you only use CLI tools. There's a good reason Kali is offering different WM flavors for a distro whose specialized tools are 90% command-line based.
4. Re:"Best of all..."? by Anonymous Coward · 2016-09-03 11:13 · Score: 0
  
  I've said it somewhere else: make your own iso without wm!
  It's on their website how to do exactly that.
5. Re:"Best of all..."? by WickedLilMonkies · 2016-09-03 11:21 · Score: 1
  
  My comment still stands: Fine; include a WM. Include all of them. That, however, should not be what's "best of all" about it. If that's the best improvement they've made to the distro, then I argue that their priorities are wrong.
6. Re:"Best of all..."? by Lisandro · 2016-09-03 11:23 · Score: 1
  
  Fair enough. Agreed.
7. Re:"Best of all..."? by Anonymous Coward · 2016-09-03 13:36 · Score: 0
  
  Yes, I agree, but the presence of window managers serves as a mere misdirection to throw off suspicion. So his laptop is a chromebook, but it runs Kali. Oh, look at all that eye candy, is that enlightenment? E17, you say? But if you look closely, the first thing he does is open a few terminology sessions, giving him CLI after all. Onlookers will never know what hit them.
8. Re:"Best of all..."? by Anonymous Coward · 2016-09-03 15:36 · Score: 0
  
  Most people run the variations on the classic WIMP interface like the "desktop". These environments are designed to be newbie friendly by featuring heavy reliance on spacial positioning and skeuomorphic training-wheels. It's a crutch... a handbrake on productivity for anything more complicated than web browsing.
  For pen testing you'd be a lot more productive using a terminal multiplexer.
9. Re:"Best of all..."? by Anonymous Coward · 2016-09-03 16:35 · Score: 0
  
  vtwm, baby! Roughly 25 years old, rock stable, and provides a very usable virtual interface to handle multiple virtual consoles. And it takes a *tiny* fraction of resources of Gnome or KDS, with *none* of the spew of irrelevant configuration utilities and libraries that you *do not need* to do real work.
10. Re:"Best of all..."? by Anonymous Coward · 2016-09-03 23:26 · Score: 0
  
  For pen testing you'd be a lot more productive using a terminal multiplexer.
  Until you need basic operations like copy & pasting.
11. Re:"Best of all..."? by Wolfrider · 2016-09-05 14:35 · Score: 1
  
  --Just fyi, you can copypasta in a Linux TTY using ' gpm ' + mouse, or GNU ' screen ' ( Ctrl-[ , space to mark beginning, arrows to move, space again to mark end, Ctrl-] to paste. )
  
  --
  .
  == WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
12. Re:"Best of all..."? by hoggoth · 2016-09-08 03:30 · Score: 1
  
  Why would you use arcane keystrokes like Ctrl-[ Ctrl-] when you could just boot straight into Emacs instead!
  
  --
  - For the complete works of Shakespeare: cat /dev/random (may take some time)
Function? by petes_PoV · 2016-09-03 07:23 · Score: 1

This is what I got from the announcement:
* It's been a long time since the last release
* We've put all the updates into a new version to save time updating old releases
* You can now download it from our website
* We fixed a load of bugs
* Auto installs are easier
* You can change the GUI
Is that it? What about new features? What would I be able to do with this release that I couldn't do with an old one? What new "super powers" will it give me?
If I was marketing a software tool intended for technical people, all the new functionality would be at the top of the list. Sure, techies want to download and install it easier, but if they were willing to jump through the hoops needed to install earlier versions, then making this faster doesn't sound like too big a deal. And as for different desktops ... we're all pretty much au fait with all of them now and you'd have to be rather "precious" to not use a tool because you didn't like the GUI.

--
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Re:But... systemd? by Anonymous Coward · 2016-09-03 07:34 · Score: 0

So what was the alpha like?
Re:But... systemd? by Anonymous Coward · 2016-09-03 08:11 · Score: 0

Ask the beta. -PCP
Captcha: carpets
Let's be honest by ravenspear · 2016-09-03 08:29 · Score: 4, Funny

How many of these testers have achieved penetration before?
1. Re:Let's be honest by Anonymous Coward · 2016-09-03 13:49 · Score: 0
  
  Rumor has it that they have nearly achieved it but that was before systemd
2. Re:Let's be honest by Anonymous Coward · 2016-09-03 16:38 · Score: 0
  
  Baby, they have *been* penetrated. They were just too busy watching videos of other people doing penetrations to notice.
forgot one....? by Anonymous Coward · 2016-09-03 09:58 · Score: 0

Where in the list is the Gnome desktop? Maybe Kali likes it so much they do not want to share it?
Just kidding, Gnome gsucks.
Also on phone! by JamesTRexx · 2016-09-03 10:22 · Score: 1

One of the new guys at the office has installed Kali on his phone and had a lot of fun checking out websites while being bored on vacation. He refrained from actually using holes to do someting, which shows I was right in saying we needed to hire him after graduation. :-)

So, you can even be more covert using Kali in public places without attracting attention with a laptop.

--
home
1. Re: Also on phone! by Anonymous Coward · 2016-09-05 10:24 · Score: 0
  
  Or flash kali nethunter to a nexus or htc, add a dual band wifi adapter and it is even more discreet. Everyone has their head in their phones
Greate by Anonymous Coward · 2016-09-03 13:02 · Score: 0

It has all the tools in one place nice to see the update.