Kali.org’s
version of Linux is an advanced penetration testing tool that should be
a part of every security professional’s toolbox. Penetration testing
involves using a variety of tools and techniques to test the limits of
security policies and procedures. What Kali has done is collect just
about everything you’ll need in a single CD. It includes more than 300
different tools, all of which are open source and available on GitHub.
It’s incredibly well done, especially considering that it’s completely
free of charge.
A new version, 1.0.5, was
released earlier in September and contains more goodies than ever
before, including the ability to install it on just about any Android
phone, various improvements to its wireless radio support, near field
communications, and tons more. Let’s take a closer look.
Updates in 1.0.5
First, the Kali Linux team
completely rebuilt the earlier version of the tool, BackTrack, in
standard Debian Linux. And they didn’t stop there: they also stream and
synchronize with the Debian
Linux code repositories four times a day, constantly providing you with
the latest package updates and security fixes available. By moving to
Debian, they have insured a solid OS base for their tool kit, using a
version of Linux that is also very popular and well understood.
You can customize your own
builds of Kali too, or install it from a network drive more readily. “We
completely understand that not everyone will agree with our design
decisions, so we have made it as easy as possible for our more
adventurous users to customize Kali Linux to their liking, all the way down to the kernel,” it states in the documentation.
In addition, they have
improved the ARM chipset support (think Chromebook, Raspberry Pi, and
Samsung Galaxy), making it easier to take Kali on the road. They claim
it can be installed on almost any Android-based phone or tablet. Another
boon for mobile testers: “Software Defined Radio researchers will be
especially pleased to know that we have made some significant tool
additions … and added new drivers to our arsenal,” it states on its
blog. There are also hacking tools for near field communications
chipsets, which are now being included in newer cell phones.
There are tools for
vulnerability analysis, for Web applications testing, for brute force
password attacks, for networking sniffing and IP spoofing, and digital
forensics, just to name a few of the larger categories. Realistically,
there is probably more software on this CD than anyone can learn in a
lifetime of security testing, but it’s nice that they have taken the
time to collect and organize everything, and also to make sure that it
all runs under their version of Debian Linux. That is more than most
security tools that you can download from the Internet can claim. (Source: Slashdot)
Post a Comment