Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

Because Kali Linux is multi-platform, it gives you a strong, stable, known baseline to operate from regardless of where you use it: desktops, servers, virtual machines, live environments, cloud or containers.

Why is Kali Linux popular among hackers?

Kali is a popular distro among the security community due to its design, it incorporates tools oriented towards penetration testing, security research, computer forensics and reverse engineering. Kali Linux became mainstream popular thanks to the TV Series Mr. Robot.

How many tools does Kali Linux include?

Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners).

How secure is Kali Linux?

Kali Linux is developed in a secure location with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Is Kali Linux portable?

Kali Linux can run natively when installed on a PC, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

What Linux distribution is Kali Linux based on?

Kali Linux is based on Debian Wheezy. Most packages Kali uses are imported from the Debian repositories.

What version of Kali Linux should I download?

Each version of Kali Linux is optimized for a specific purpose or platform. First, you have to establish your system's architecture. If your system is 64-bit and you want to have a permanent installation, the Kali Linux ISO 64-bit is your choice. If you want to try Kali Linux without having to install it, the portable versions are the way to go.

Kali Linux was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu. The third core developer Raphaël Hertzog joined them as Debian expert.

What's New

A little later than usual, but Kali 2024.2 is here! The delay has been due to changes under the hood to make this happen, which is where a lot of focus has been. The community has helped out a huge amount, and this time they've not only been adding new packages, but updating and fixing bugs too! If you are reading this, Kali 2024.2 is finally ready to be downloaded or upgraded if you have an existing Kali Linux installation.

The summary of the changelog since the 2024.1 release from February is:

  • t64 - Future package compatibility for 32-bit platforms
  • Desktop Changes - GNOME 46 & Xfce improvements
  • New Tools - 18x new tools, and countless updates

The t64 transition is done in Kali

Kali Linux is a rolling distribution based on Debian testing, and as such, all the work done in Debian is incorporated in Kali pretty quickly after it lands in Debian testing. We have some solid QA and automation for that to happen, and usually most packages just "roll in" with minimal intervention from the Kali team. Our QA tells us when new packages from Debian break packages in Kali: in those cases packages are stuck in kali-dev (a development suite that is NOT meant to be used by end users), we fix it, and then they are allowed to roll in kali-rolling (which is what most end users use). This is part of what the Kali team does every day.

During the last cycle, this routine was interrupted by a major change in Debian: the t64 transition. What is that? In short: t64 refers to 64-bit time_t type. For those not familiar with C, time_t is the type to store a Unix timestamp (quantity of seconds relative to the Unix Epoch), and the size for this type depends on the architecture. For those architectures that have a 32-bit time_t type, there will be an issue in the year 2038, as the maximum value possible will be reached, and the value will roll over beyond +2147483647 into negative values. The glibc page has all the technical details, for those who want to read more.

To prevent the Year 2038 issue, the size for the time_t type had to be changed to be 64-bit, on those architectures where it was 32-bit. For Kali Linux, that means the two 32-bit ARM architectures that we support: armhf and armel. These architectures are used mainly for ARM images (eg. Raspberry Pi) and a few NetHunter images. Note that the i386 architecture (ie. legacy PC) didn't change: this architecture still will have a 32-bit time_t type, and that will not change. Kali has always treated ARM platform as a first-class citizen.

Changing the size of a widely used type provided by the C library is a big deal. It means that a huge number of packages need to be rebuilt, it is in fact the largest ABI transition ever done in Debian. And in a sense, it affects all architectures, as all libraries that expose a time_t type were rebuilt and renamed with a t64 suffix, even for those architectures where the type was already 64-bit (in this case, the only change is a package rename).

Enough background, now what does it mean for Kali users?

  • The transition was completed in kali-rolling on Monday 20th May, and is now released with Kali 2024.2. For users of Kali rolling who updated their system, the transition is behind them already.
  • The vast majority of Kali users are running on amd64 or arm64: the only visible change will be a lot of packages upgraded, and a lot of new packages with a t64 suffix in their name. Since there was no ABI change for those architectures, there should be no issue. Additionally, old packages (without t64 suffix) are co-installable with the new t64 packages, so upgrading should be no problem for APT.
  • The users that might be impacted are those running Kali on a armel or armhf ARM board. If you upgrade your system, make sure to use the command apt full-upgrade (do NOT use apt upgrade) , as documented already. After your system is upgraded, hopefully all goes well and works as usual, but if ever you notice issues, please report it on the Kali Linux bugtracker.

So just to repeat it again, for those who jumped straight to the last line: please upgrade your system as documented, using the pair of commands apt update && apt full-upgrade, and everything should be fine. Please report bugs in case of issues. Thank you!

Desktop changes

GNOME 46

Roughly every half-year, there is a new version bump for the GNOME desktop environment. Of which, Kali 2024.2 brings the latest version, GNOME 46. As you would expect, this is a more polished experience following the work introduced in previous versions.

All themes and extensions have been updated to support the new shell:

Xfce desktop changes

We are excited to announce updates to the Xfce desktop, specifically for Kali-Undercover and HiDPI modes. These updates enhance stability and include several minor bug fixes, ensuring better support for the latest desktop improvements.

New Tools in Kali

There has not been a single Kali release without any new shiny tools added, and this release is no exception. We are overjoyed that there have been multiple tools packaged up from the community, which are now in Kali too! It goes without saying that countless packages have been updated to the latest version, however the summary of new tools which have been added (to the network repositories):

  • autorecon - Multi-threaded network reconnaissance tool (Submitted by Arszilla)
  • coercer - Automatically coerce a Windows server to authenticate on an arbitrary machine (Submitted by Caster)
  • dploot - Python rewrite of SharpDPAPI (Submitted by Arszilla)
  • getsploit - Command line utility for searching and downloading exploits (Submitted by Arszilla)
  • gowitness - Web screenshot utility using Chrome Headless
  • horst - Highly Optimized Radio Scanning Tool
  • ligolo-ng - Advanced, yet simple, tunneling/pivoting tool that uses a TUN interface
  • mitm6 - pwning IPv4 via IPv6 (Submitted by Caster)
  • netexec - Network service exploitation tool that helps automate assessing the security of large networks. (Submitted by Arszilla)
  • pspy - Monitor Linux processes without root permissions
  • pyinstaller - Converts (packages) Python programs into stand-alone executables.
  • pyinstxtractor - PyInstalller Extractor (Submitted by Arszilla)
  • sharpshooter - Payload Generation Framework
  • sickle - Payload development tool (Submitted by Arszilla)
  • snort - Flexible Network Intrusion Detection System
  • sploitscan - Search for CVE information
  • vopono - Run applications through VPN tunnels with temporary network namespaces (Submitted by Arszilla)
  • waybackpy - Access Wayback Machine's API using Python (Submitted by Arszilla)

Miscellaneous

There have been a few mirror tweaks and changes to Kali which we are calling out below as they don't need much detail:

  • During testing, a bug was found in 6.6 kernel which could causes slow downs and system crashes when using certain virtualization software. This has been addressed in the upcoming 6.8 kernel.
  • nmap has been tweaked, allowing for users to run privileged TCP SYN (Stealth) scans (-sS) without using sudo or being root.