Kali Linux – The Most Advanced Penetration Testing Linux Distribution

Keep on Guard!


So Linux Live CDs based around hacking or penetration testing used to be a super big deal, they died down a bit in the last few years. The king of the hill back in 2011 used to be BackTrack and the last time we mentioned it was when BackTrack 5 came out.

This article is our second most viewed of ALL TIME – 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) – perhaps it’s time we do an updated list.

And we covered BackTrack since it first started in 2006, when it was a merger between 2 other distros – Whax and Auditor (anyone remember that far back?).

Kali Linux is the new generation of the industry-leading BackTrack penetration testing Linux distribution also good for security auditing. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards.

Kali Linux - The Most Advanced Penetration Testing Linux Distribution


Features in Kali Linux

  • More than 300 penetration testing tools: After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.
  • Free and always will be: Kali Linux, like its predecessor, is completely free and always will be. You will never, ever have to pay for Kali Linux.
  • Open source Git tree: We are huge proponents of open source software and our development tree is available for all to see and all sources are available for those who wish to tweak and rebuild packages.
  • FHS compliant: Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all Linux users to easily locate binaries, support files, libraries, etc.
  • Vast wireless device support: We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.
  • Custom kernel patched for injection: As penetration testers, the development team often needs to do wireless assessments so our kernel has the latest injection patches included.
  • Secure development environment: The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.
  • GPG signed packages and repos: All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well.
  • Multi-language: Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.
  • Completely customizable: We completely understand that not everyone will agree with our design decisions so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.
  • ARMEL and ARMHF support: Since ARM-based systems are becoming more and more prevalent and inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, resulting in working installations for both ARMEL and ARMHF systems. Kali Linux has ARM repositories integrated with the mainline distribution so tools for ARM will be updated in conjunction with the rest of the distribution.

You can download Kali Linux here:

Kali Linux 64-Bit ISO (Torrent)
Kali Linux 32-Bit ISO (Torrent)

Or read more here.

Learn about Hacking News



Posted in: Hacking News, Hacking Tools, Linux Hacking

, , , , , ,

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


8 Responses to Time Warner Hacked – AWS Config Exposes 4M Subscribers

  1. engineer September 7, 2017 at 9:36 pm #

    By default S3 buckets are not public.

    • Darknet September 7, 2017 at 9:59 pm #

      They used to be IIRC, but I could be wrong, well I guess more accurately the easiest way to get access to it programmatically is just to set it to public.

    • Engineer S September 10, 2017 at 10:09 pm #

      Yes, it had to be configured to be open to the web.  This story is not really about AWS.  It’s about bad IT controls and careless engineering.

      I wouldn’t even call this a hack, if it’s left open to the public.

  2. Alan M September 8, 2017 at 8:15 am #

    Broadsoft was responsible for exposing the Time Warner Cable (TWC) data. Time Warner (TC) is an entirely separate entity (TC does NOT = TWC).

    • Darknet September 8, 2017 at 3:48 pm #

      Hey thanks for that clarification Alan.

  3. Tracie September 8, 2017 at 8:17 pm #

    Also time Warner cable is no longer TWC . it is now spectrum.

  4. Ryan Dymek September 8, 2017 at 8:29 pm #

    Buckets have zero access beyond the creator. “Easiest way to grant access is to make it public”… that same statement applies to a cisco firewall in an onprem enterprise. And allow any rule is simple but terribly wrong. IAM or bucket policies are no more complex than any enterprise grade firewall. Lets not excuse the behavior of the admin due to ignorance.

    • Darknet September 8, 2017 at 9:22 pm #

      Not excusing it, just saying it happens that way, same reason by MongoDB worked out of the box with no auth and listening on every interface. Not ideal, but a lot of things are done in the name of ease and speed of deployment rather than looking at it with an eye on risk and the repercussions.

Leave a Reply