Kali Linux version 2021.3 has been released with new tools, though its makers explain that some features which make it good for penetration testing also make it bad for general use.
The specialist Linux distribution, based on Debian, is designed for security professionals (and also handy for administrators confronted by problems such as a standalone Windows PC and a user with a lost password). It is sponsored by a US company called Offensive Security, who do information security training and penetration testing.
Kali Linux is a rolling release; that is, updates are released constantly, including feature updates. Nevertheless, there is also a quarterly release. Senior developer Ben Wilson, who works on Kali Linux at Offensive Security, explained in a video that "there's a trade-off between stability and bleeding edge".
The quarterly point release undergoes a more thorough Q&A process, he said. Kali states on its site: "For most users, we recommend the latest 'point release image, except in cases when a user requires a specific bug patch, in which case the weekly build may be best."
The reason for the recommendation for the latest code, Wilson explained, is that "in Infosec, having the latest code is essential. For an exploit, you need to have a vulnerability. It's a race against time. Being able to successfully create an exploit and then using it, versus someone coming along and applying a patch."
Nevertheless the point release is a good moment to catch up on what is new in Kali. One of the changes is that OpenSSL has been reconfigured for "wide compatibility by default... this means that legacy protocols (such as TLS 1.0 and TLS 1.1) and older ciphers are enabled by default. This is done to help increase Kali's ability to talk to older, obsolete systems and servers that are still using these older protocols."
Kali Linux has been improved for use in virtualised environments, with support for the extensions that make things like copy and paste between host and guest work in environments including VMware, VirtualBox, Hyper-V and QEMU. It may be necessary to run the management tool Kali Tweaks to configure this.
New tools in Kali include CALDERA, described as a scalable automated adversary emulation platform, and HostHunter, a reconnaissance tool for discovering hostnames using OSINT (Open Source Intelligence and Social Media Investigations) techniques. There are also new tools for attacking WiFi networks, including EAPHammer for "targeted evil twin attacks against WPA2-Enterprise wi-fi networks".
- UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting
- Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners
- Boffins find that over nine out of ten 'ethical' hackers are being a bit naughty when it comes to cloud services
- Call us immediately if your child uses Kali Linux, squawks West Mids Police
Kali Arm support has been improved, including for Raspberry Pi, with new build scripts and automatic resize of file system on first boot.
More on the cosmetic side, there is an improved GTK3 theme for Xfce – a lightweight Linux desktop which is the Kali default – and an option for an updated version of KDE plasma, now version 5.21.
The OpenSSL changes are perhaps a clue that Kali is not the best choice for use as a day-to-day operating system, though of course it is configurable and there is a specific "Hardening" option in Kali Tweaks. Wilson also noted: "There's a trade-off between security and privacy. You can't have an operating system that does both."
"On purpose we have done things to try and reduce anonymity online, by not using Tor or I2p networks, as this rarely comes up when actually doing a penetration test," he added.
Kali is as much a collection of tools as it is an operating system. According to Wilson, Offensive Security was founded because around 2007, security professional Mati Aharoni assembled his own collection of pen-test tools, shared them on the internet, and observed at security events that others had picked them up, were using them, and needed training. Aharoni left the board of Offensive Security in August 2019.
Kali Linux is 8 years old, having previously been called BackTrack Linux, while BackTrack Linux itself was created in 2006 by merging sets of tools called Auditor Security Collection and Whax.
The base operating system has changed over the years, Wilson said. It was once based on Slack, which was ideal for live boot, but (despite the above reservations): "We noted that people started to use us as their operating system, and they wouldn't do a reinstall with every release we pushed out. Their tools became dated... we made the decision to move to Ubuntu. Ubuntu was great for being a desktop."
Then the team found that Ubuntu was less suitable for alternative architectures such as Arm. "We made the decision to move on to alternative architectures. Debian was a better fit," said Wilson.
He added that two years ago, "we were in a place to start taking community input." This was a specific project direction, according to Wilson. "We want to make things even easier for the community to get help and be involved," he said.
Plans include a public bug tracker and roadmap, improved real-time chat and forums. "Our vision is to have Kali on anything and everything, hence the term 'Kali everywhere'. Our goal is to be as accessible as possible and ready out of the box."
Wilson said that: "Offsec gives us the space to handle things the right way. No tracking, no telemetry, no registration or giving up an email address, no newsletter, as all of this would be the wrong thing to do."
In today's environment, the ability to test system security has never been more important. Is it wise though to make these powerful and capable offensive tools so easily available? The short answer is that the tools would still exist even if Kali Linux did not.
Another aspect is that having a trusted set of open source tools is important for their many legitimate uses – such as helping a user get back into their own Windows PC. Searching for help with such things can easily lead users into dangerous territory.
Even so, there is a tension here with which the security industry is familiar: that publishing exploits helps those with ill intent as well as those trying to defend against them. ®