Kali Linux is a very popular penetration testing platform that provides a variety of security auditing tools used by security specialists and hackers in day-to-day encounters.
Tools available on Kali Linux enable the user to gather information, perform exploits, and prevent their devices from being exploited.
Installing Kali Linux
For beginners, it may seem complex having Kali Linux as your main operating system since you will mostly be running commands on a terminal rather than using the Graphical User Interface (GUI).
It is therefore advised to have your Kali Linux installed in a virtual box. This enables you to do your other operations in the main operating system.
You can have your Kali Linux in your favorite virtual box.
Available virtual boxes include:
For our tutorial, we will be using VMware virtual box (My favorite).
Download Kali Linux iso
Prior to installing the VMware you have to download the Kali Linux iso.
Use the link below to get to the download page:
Download Vmware virtual box
After successfully downloading the Kali Linux iso, you can now download the VMware virtual box using the link below:
Follow the installing Vmware tutorials to successfully install the VMware virtual box.
Installing Kali Linux in Vmware virtual box
You now have all the requirements to successfully set up Kali Linux inside the VMware virtual box.
Next, follow the guidelines in the “Installing Kali Linux in VMware” to successfully install Kali Linux.
Cheers! You have successfully installed Kali Linux and now ready to go on.
Starting Kali Linux
In your virtual box, select the Kali Linux option and click the play button to start your Kali Linux.
Enter your username and password when prompted.
Note: The default username is root and the default password is toor.
Updating Kali Linux
It is recommended to frequently update your Kali Linux and its tools to the latest versions to keep it up to date.
Follow the steps below to update and upgrade Kali Linux:
Start the terminal by:
- Holding the cltr+alt+T buttons simultaneously or
- Using the GUI (Graphical User Interface), go to the applications section and double click on the terminal option.
Now run the command below on the terminal to update and upgrade your Kali Linux.
$ apt-get update && upgrade -y
Note: If it fails to update, precede the command with the sudo keyword since the command requires root privileges.
To be able to efficiently operate on Kali Linux, you should be able to run some
You can also navigate through Kali Linux courtesy of the Graphical User Interface (GUI) feature. Despite that, it is recommended to
use the terminal to navigate through Kali Linux since it is super fast and not so hard to learn the commands.
So without much delay, let’s dive right in.
- Changing password
For security purposes, you are advised to change your password from the default password to a password of your choice. You can do so by running the command below:
Enter a new password and retype it to confirm it.
Note: Remember your password since you will require it whenever you log in.
- Present working directory
You can see your present working directory by simply running the command
- Listing directories
To list all the directories and files in the present working directory, run the
ls command below:
- Listing hidden files
For you to list all the hidden and non-hidden files in the directory, use the
ls -la command since the ’la’ command will now display the hidden files.
$ ls -la
You will notice that some file names are preceded with a dot, those are the hidden files.
They cannot be seen in the GUI.
- Changing directory
To navigate into a directory, type in the
cd keyword followed by the directory name.
An example is shown below.
$ cd Downloads
To move a step back from the present directory, just type the
cd .. command. Don’t forget to add the two full stops separated from the cd keyword by a space.
$ cd ..
Trick: If you are not sure of a command, you can type in half of the command and press the tab key to autocomplete the command. You can also double-tap the tab key to see the available options of the half command typed.
- Accessing the internet browser
To be able to access the internet browser, just type in the name of your favorite browser (eg.
chrome) and you will get a pop-up of the browser.
Running the command above will pop up a window of the browser stated.
- Creating a directory
To create a new directory (commonly known as a folder in Windows), run the
mkdir command followed by the preferred name of the directory and run the command as shown in the example below:
$ mkdir New
Note: The directory will be created on your present working directory.
To relatively remove a directory, simply run the
rmdir command before the directory name as shown below:
$ rmdir New
- Adding a text into a file
Before explaining, run the command below in your terminal.
$ echo 'Hello World' > new.txt
echo keyword adds the words quoted into the file stated or just displays the words if the file is not stated.
- Locate a file
To locate a file, simply type in the
locate keyword followed by the file name to locate.
$ locate new.txt
- Display content of a file
To see the contents of a file, use the
cat keyword followed by the name of the file to display the content.
$ cat renamefile.txt
- Find your IP
To find your IP address just type in the
ifconfig command. This is similar to the
ipconfig in Windows.
Remember to precede your command with the
sudokeyword since it requires root privileges
$ sudo ifconfig
Kali Linux provides a wide range of security auditing tools but for this tutorial, we will discuss some of the commonly used tools.
We will categorize the tools according to their functionality:
- Information gathering and vulnerability analysis
Let’s discuss Nmap since it is the commonly used information-gathering tool.
Nmap is a tool that gathers information by scanning the target’s IP address or URL. You can learn more about Nmap scanning and interpretation from the “Introduction to Nmap” tutorial linked below.
To access Nmap, type in the
Nmap command on the terminal followed by the target to scan as shown in the example below:
$ nmap scanme.nmap.org
To learn more on nmap, go through the tutorial linked.
- Password attacks
John the Ripper,
- John the Ripper
John the Ripper is a free password cracking tool originally made for Unix but now available on Kali Linux. It works by use of the dictionary method to perform brute force on the target.
You can access various tools available on John the Ripper by typing in the keywords eg
You can learn more about John the Ripper in the article linked.
- Reverse Engineering
- NASM tool
The NASM tool allows users to program an assembler. You can do so by saving the assembly code on the cherry tree with the .asm extension.
On the terminal run the commands depending on the code you are running.
You can learn more on nasm here.
- Metasploit Framework
Metasploit Framework is a powerful penetration tool that has numerous modules used to examine a system’s vulnerability and possibly exploit it.
To access Metasploit Framework on your terminal, run the
msfconsole command and the fancy Metasploit framework pops up with
msf 5 > shell to run commands.
You can learn more about metasploit framework in the article linked.
- Sniffing and Spoofing
This is the world’s popular network protocol analyzer. It lets users monitor what’s happening on the network from a microscopic perspective.
To learn more, check out this wireshark tutorial.
- Post Exploitation
This is a series of Powershell scripts that comes in handy during a post-exploitation scenario in an authorized penetration testing. They can be used in code execution, script modification, persistence, and bypass an anti-virus.
You can learn more about Powersploit in the article linked.
In this article, we have go over how to:
- Install Kali Linux in a Virtual Box.
- Update Kali Linux to the latest version and running some major commands.
- and some of the major tools used in Kali Linux.
From this article, we have learned that to comfortably use Kali Linux, you don’t need to know how to use all the tools. You just need to know how to use some major tools and run major commands from the terminal.
With continuous practice, you will comfortably use Kali Linux.
Peer Review Contributions by: Willies Ogola