Kali Linux is the industry’s leading Linux distribution in penetration testing and ethical hacking. It is a distribution that comes shipped with tons and tons of hacking and penetration tools and software by default, and is widely recognized in all parts of the world, even among Windows users who may not even know what Linux is.
Because of the latter, many people are trying to get alone with Kali Linux although they don’t even understand the basics of a Linux system. The reasons may vary from having fun, faking being a hacker to impress a girlfriend or simply trying to hack the neighbors’ WiFi network to get a free Internet, all of which is a bad thing to do if you are planning to use Kali Linux.
Here are some tips that you should know before even planning to use Kali Linux
Kali Linux is Not for Beginners
If you are someone who has just started to use Linux few months ago, or if you are don’t consider yourself to be above average in terms of knowledge, then Kali Linux is not for you. If you are going to ask stuff like “How do I install Steam on Kali? How do I make my printer work on Kali? How do I solve the APT sources error on Kali”? Then Kali Linux is not suitable for you.
Kali Linux is mainly made for professionals wanting to run penetration testing suits or people who want to learn ethical hacking and digital forensics. But even if you were from the latter, the average Kali Linux user is expected to face a lot of trouble while using Kali Linux for his day-to-day usage. He’s also expected to take a very careful approach to how he uses the tools and software, it’s not just “let’s install it and run everything”. Every tool must be carefully used, every software you install must be carefully examined.
Good Read: What are the components of a Linux system?
Stuff which the average Linux user can’t do normally. A better approach would be to spend few weeks learning about Linux and its daemons, services, software, distributions and the way it works, and then watch few dozens of videos and courses about ethical hacking, and only then, try to use Kali to apply what you learned.
it Can Get You Hacked
In a normal Linux system, there’s one account for normal user and one separate account for root. This is not the case in Kali Linux. Kali Linux uses the root account by default and doesn’t provide you with a normal user account. This is because almost all security tools available in Kali do require root privileges, and to avoid asking you for root password every minute, they designed it that way.
Of course, you could simply create a normal user account and start using it. Well, it’s still not recommended because that’s not how the Kali Linux system design is meant to work. You’ll face a lot of problems then in using programs, opening ports, debugging software, discovering why this thing doesn’t work only to discover that it was a weird privilege bug. You will also be annoyed by all the tools that will require you to enter the password each time you try to do anything on your system.
Now, since you are forced to use it in as a root user, all the software you run on your system will also run with root privileges. This is bad if you don’t know what you are doing, because if there’s a vulnerability in Firefox for example and you visit one of the infected dark web sites, the hacker will be able to get full root permissions on your PC and hack you, which would have been limited if you were using a normal user account. Also, some tools that you may install and use can open ports and leak information without your knowledge, so if you are not extremely careful, people can hack you in the same way you may try to hack them.
If you visit Facebook groups related to Kali Linux on few occasions, you’ll notice that almost a quarter of the posts in these groups are people calling for help because someone hacked them.
it Can Get You in Jail
Kali Linux provide the software as it is. Then, it is your own responsibility alone of how you use them.
In most advanced countries around the world, using penetration testing tools against public WiFi networks or the devices of others can easily get you in jail. Now don’t think that you can’t be tracked just because you are using Kali, many systems are configured to have complex logging devices to simply track whoever tries to listen or hack their networks, and you may stumble upon one of these, and it will destroy you life.
Don’t ever use Kali Linux tools against devices/networks which do not belong to you or given explicit permission to try hacking them. If you say that you didn’t know what you were doing, it won’t be accepted as an excuse in a court.
Modified Kernel and Software
Kali is based on Debian (Testing branch, which means that Kali Linux uses a rolling release model), so it uses most of the software architecture from there, and you will find most of the software in Kali Linux just as they are in Debian.
However, some packages were modified to harden security and fix some possible vulnerabilities. The Linux kernel that Kali uses for example is patched to allow wireless injection on various devices. These patches are not normally available in the vanilla kernel. Also, Kali Linux does not depend on Debian servers and mirrors, but builds the packages by its own servers. Here’s the default software sources in the latest release:
deb http://http.kali.org/kali kali-rolling main contrib non-free deb-src http://http.kali.org/kali kali-rolling main contrib non-free
That’s why, for some specific software, you will find a different behaviour when using the same program in Kali Linux or using it in Fedora, for example. You can see a full list of Kali Linux software from git.kali.org. You can also find our own generated list of installed packages on Kali Linux (GNOME).
More importantly, Kali Linux official documentation extremely suggests to NOT add any other 3rd-party software repositories, because since Kali Linux is a rolling release and depends on Debian Testing, you will most likely break your system by just adding a new repository source due to dependencies conflicts and package hooks.
Don’t Install Kali Linux
I use Kali Linux on rare occasions to test the software and servers I deploy. However, I will never dare to install it and use it as a primary system.
If you are going to use it as a primary system, then you will have to keep your own personal files, password, data and everything else on your system. You will also need to install tons of daily-use software in order to ease your life. But as we mentioned above, using Kali Linux is very risky and should be done very carefully, and if you get hacked, you will lose all your data and it may get exposed to a wider audience. Your personal information can also be used to track you if you are doing non-legal stuff. You may even destroy your data by yourself if you are not careful about how you use the tools.
Even professional white hackers don’t recommend installing it as a primary system, but rather, use it from USB to just do your penetration testing work and then leave back to your normal Linux distribution.
The Bottom Line
As you may see now, using Kali is not an easy decision to take lightly. If you are planning to be a whiter hacker and you need to use Kali to learn, then go for it after learning the basics and spending few months with a normal system. But be careful for what you are doing to avoid being in trouble.
If you are planning to use Kali or if you need any help, I’ll be happy to hear your thoughts in the comments.
Hanny is a computer science & engineering graduate with a master degree, and an open source software developer. He has created a lot of open source programs over the years, and maintains separate online platforms for promoting open source in his local communities.
Hanny is the founder of FOSS Post.
People reacted to this story.
Show comments Hide commentsI’ve never used linux in my life, but I want to learn.
Which version should I start first?
Bymrs, if you have never used Linux OS in your life, I would recommend starting with Ubuntu (GNOME) Linux OS.
I was using Windows 10 on an older laptop in the middle of my last quarter in college, and it crashed. My fiance has taught me a lot about other OS and he set me up with Ubuntu Linux on a desktop, until we could get a laptop built for me to use. I have learned so much about computers and technology, I amaze myself sometimes, LOL.
As far as doing research regarding Linux, take your time, don’t overwhelm yourself. It’s very interesting to many people, but it can also get kind of boring. I am a community college graduate (AA Business Administration) I know what its like to be up to my ears in homework, and spending hours in front of the computer and reading textbooks.
I hope this has been helpful.
M.HANNY.SABBAGH: I read this article and know that Kali Linux is not for beginners, I have approx 6 months experience with Ubuntu and know that I am not ready for Kali just yet. For someone brand new to Linux all together, they should start with a distribution that is NOT Kali!
haha, you are right. I have no idea how I didn’t see his “I never used Linux in my life” line.. Thought he was talking about Kali Linux and that he didn’t use it before. I deleted my comment.
Yes you are right, Ubuntu or Linux mint (https://linuxmint.com) are best for beginners.
for beginners is it suitable to go for Linux first |||
Really Really! Guys just download and start enjoying Kali Linux. This is just too exaggerated, to be honest. LOL!
I need to know how to hack Facebook completely without lying me. Hope you will tell me.
Answer: Don’t
It’s illegal and it’s way too hard.
Also Facebook has been getting leaked a lot recently so you don’t have to do it yourself.
I think the basic premise that a real nOOb ought not dive into Kali carelessly is very wise advice. However, with caution, and common sense, there is a LOT you can learn once you\’ve started tinkering with it. I would highly recommend working your way through the introduction course and book published by Offensive Security. It is mostly about getting grounded in Linux with a focus on deploying Kali in numerous ways. I have installed Kali on one of my Raspberry Pi\’s. With a change of an SD card I can go back to the setup I have for learning the GPIO. Learn everything you can from the tutorials on Offensive Security\’s site. Then start with the first scanning tools and Google info on each of them. There are playground sites that host hacking games. I started on Overthewire.org There is also one I found the other night that gives you three free hours to practice on a vulnerable system. My main interest in Pen-testing is to learn enough not to expose myself while pursuing my computer activities. If your goal is to be a bad___ hacker and mess with your neighbors or someone at Starbucks… well, you\’ll probably get what you deserve.