Written by Aamir Lakhani, www.DrChaos.com and Joey Muniz www.thesecurityblogger.com. Article is cross posted.
BackTrack is a digital forensics and penetration testing arsenal used by many security professionals and malicious hackers. The last release of BackTrack was 5r3 and many expected a new release sometime in 2013. The creators of BackTrack decided to start from the ground up building a full-fledged operating system and release a next generation penetration distribution rather than updating the existing live CD release. The creators note “Kali Linux is a more mature, secure and enterprise-ready version of BackTrack Linux”.
Lifeline of BackTrack ending with Kali 1.0
Kali Linux has many advantages over Backtrack. Kali comes with more updated tools. The tools and streamlined with Debian repositories and synchronized four times a day. That means users have the latest package updates and security fixes. The new compliant file systems translate into running most tools from anywhere on the system. Kali has also made customization, unattended installation, and flexible desktop environments and strong feature in Kali Linux.
Kali Linux offers a number of customized tools designed for penetration testing. Tools are categorized in the following groups as seen in dropdown menu shown below.
Main Tool Categories in Kali Linux
Most of the useful tools from BackTrack made it into Kali with updated versions as well as some new stuff. For example, Vega and Proxy Strike are updated, while tools like Grendel-scan were removed. One interesting catalog is the separate Top 10 Security tools listing.
Top 10 Security Tools in Kali Catalog
Kali Linux does have some limitations to its predecessor BackTrack. Some tools do not operate correctly in the new environment or require customization to gain stability. Some of these limitations will probably be fixed in updates. Within a few minutes of using Kali, we realized that darkc0de.lst dictionary file wasn’t loaded with Kali, or get SET needed some reconfiguration for updates to work. Most of these gotchas are well documented and a simple Google search will get you to the right place.
Sticking with the last release of BackTrack 5 RC3 has some advantages such as having more streamlined installation options on various operating systems. One huge limitation for Kali is support in a large VMware ESXI server environment due to VMTools not running on the 64-bit version of Kali. There is a workaround using 32-bit images with VM Tools preinstalled that is downloadable from the Kali website. If you want to install VMware Tools natively on the Kali Linux ISO (including 64-bit versions of the ISO) than check out our HowTo Install VMware Tools On Kali Linux.
BackTrack also has much more content available online as a veteran to Kali’s 1.0 release.
So far I like the new platform and have been using it for multiple projects. I haven’t had issues running Kali on a MacBook Pro as a VMware fusion server as well as MACMINI hosting ESXI 5.1 (note the MACMINI operates like a desktop therefor avoiding issues found with ESXI server farms.). I recommend checking out the new release at http://www.kali.org/.
Aamir Lakhani (www.DrChaos.Com) and Joey Muniz (www.thesecurityblogger.com) are co-writing a new book on Kali for Web Penetration Testing. Stay tuned for details!
