Why is Kali Linux popular among hackers?

Kali is a popular distro among the security community due to its design, it incorporates tools oriented towards penetration testing, security research, computer forensics and reverse engineering. Kali Linux became mainstream popular thanks to the TV Series Mr. Robot.

How many tools does Kali Linux include?

Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web application security scanners).

How secure is Kali Linux?

Kali Linux is developed in a secure location with only a small number of trusted people that are allowed to commit packages, with each package being signed by the developer. Kali also has a custom-built kernel that is patched for injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.

Is Kali Linux portable?

Kali Linux can run natively when installed on a PC, can be booted from a live CD or live USB, or it can run within a virtual machine. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.

What Linux distribution is Kali Linux based on?

Kali Linux is based on Debian Wheezy. Most packages Kali uses are imported from the Debian repositories.

What version of Kali Linux should I download?

Each version of Kali Linux is optimized for a specific purpose or platform. First, you have to establish your system's architecture. If your system is 64-bit and you want to have a permanent installation, the Kali Linux ISO 64-bit is your choice. If you want to try Kali Linux without having to install it, the portable versions are the way to go.

Kali Linux was developed by Mati Aharoni and Devon Kearns of Offensive Security through the rewrite of BackTrack, their previous forensics Linux distribution based on Ubuntu. The third core developer Raphaël Hertzog joined them as Debian expert.

What's New

Kali Linux 2023.4 Release (Cloud ARM64, Vagrant Hyper-V & Raspberry Pi 5)

With 2023 coming to an end and before the holiday season starts, we thought today would be a good time to release Kali 2023.4. Whilst this release may not have the most end-user features in it again, there are a number of new platform offerings and there still has been a lot of changes going on behind-the-scenes for us, which has a positive knock-on effect resulting in a benefit for everyone. News, platforms, and features aside, it would not be a Kali release if there was not a number of changes to our packages - both new tools and upgrades to existing ones. If you want to see what is new for yourself download a new image or upgrade if you already have a Kali Linux installation.

The summary of the changelog since the 2023.3 release from August is:

  • Cloud ARM64 - Now marketplaces on Amazon AWS and Microsoft Azure have ARM64 option
  • Vagrant Hyper-V - Our Vagrant offering now supports Hyper-V
  • Raspberry Pi 5 - Kali on the latest Raspberry Pi foundation device
  • GNOME 45 - Kali theme is on the latest versions
  • Internal Infrastructure - Peak at what is going on behind the scenes with mirrorbits
  • New Tools - As always, various new & updated packages

Cloud ARM64 Marketplaces

Starting from Kali 2023.4, we will now be offering both Kali Linux AMD64 and ARM64 on Amazon AWS and Microsoft Azure marketplaces.

The advantage that ARM64 brings to the table is more options and flexibility in instance offerings, which leads to improved price-to-performance ratio. The draw back is, even though Kali Linux has always treated ARM a first class citizen, not every package has an ARM64 offering - most do and we are working on improving this every day! Try setting up a lab in the cloud and performing your own benchmarks to compare performances.

If you need some help using Kali Linux in the cloud, be sure to check our documentation. Otherwise, if you want to see how we generate these images, see our cloud build-scripts.

Vagrant Hyper-V Support

With our recent work with adding support to our VM build-scripts to create Microsoft Hyper-V virtual machines, we have kept on going down the rabbit hole of development. Our Vagrant offering now includes a Hyper-V environment!

If you are not too familiar with Vagrant, think of it as a command-line interface for VMware, VirtualBox, and now Hyper-V.

At a higher level, in the same way that Docker uses Dockerfile, Vagrant uses Vagrantfile. These files go on to define how to create the virtual machine and further provisions, such as which operating system to use, CPU, RAM, storage, networking, and also any scripts or commands that the VM should execute to further install and configure.

If this is something you like the sound of, we have further reading on our documentation:

  • Customizing a Kali Vagrant Vagrantfile
  • Kali inside Vagrant (Guest VM)

We also have our vagrant build-scripts public if you want to see how it is done.

Raspberry Pi 5

If you have been lucky enough to get your hands on the newest Raspberry Pi, Kali Linux can now be used on a Raspberry Pi 5!

We have created a new dedicated image which can either be downloaded direct, or automated using Raspberry Pi Imager.

You can build the image yourself if you wish to tinker and customize any aspect of it, such as changing the default desktop environment, packages, settings etc.

Please note, Nexmon support is not yet working with the in-built Wi-Fi (so no monitor mode or frame injection without an external card).

You can keep an eye on progress by checking our documentation about it. Please keep in mind that while the image is now available for use, we would consider it to be in a BETA state. For the time being, the image is for ARM64 architecture, hopefully additional flavors will come later.

We want to give a huge shout-out as there was a lot of volunteers from the community who were willing to test and report issues with the image. There was one person who really stood out, and this image would not be possible without BakaValen's assistance, support, reporting of issues, and ideas.

Additionally, David Bombal's Raspberry Pi 5 Kali Linux install in 10 minutes came out to show off our initial work of Kali Linux on the Raspberry Pi 5.


With GNOME 45 hot off the press, Kali Linux is now supporting it! And is looking pretty in the process!

For people who opt to use GNOME as their desktop environment, GNOME 45 is now here! If you do not read their changelog, below is a quick summary mixed with some of our tweaks:

  • Full-height sidebars in many updated apps
  • Highly improved speed of search in nautilus file manager
  • Unfortunately the update for nautilus was not ready for this release, but it will arrive as a later update soon
  • Improved settings** app (gnome-control-center)
  • Updated color-schemes for gnome-text-editor
  • Updated themes for shell, libadwaita, gtk-3 and gtk-4
  • Updated gnome-shell extensions
  • Shell updates, including a new workspace indicator, replacing the previous "Activities" button
  • It is also possible to scroll your mouse wheel while hovering over the indicator to switch between workspaces

Internal Infrastructure

We are still undergoing big changes with our infrastructure, and as always, it is taking longer than planned! The wait has been worth it, and long standing items are getting fixed or replaced!

Enters Mirrorbits

One of the projects which is now complete is the migration of our "mirror redirector". This is our biggest user-facing service, as without this, all default Kali installations would not be able to use apt (aka http.kali.org), or being able to download Kali image (cdimage.kali.org). This service sits in-front of our mirrors (archive*.kali.org), community mirrors and Cloudflare (kali.download). It is responsible for redirecting every request to its nearest mirror, based on a few factors such as geographic location, mirror speed, and mirror "freshness".

Since Kali was launched back in March 2013, until November 2023 we had been using MirrorBrain. Unfortunately, the project has been unmaintained since 2015, and so after 10 years in production, it was really time to say good-bye. Today, we are now using Mirrorbits.

The first thing we can say is that, with Mirrorbits, we find ourselves lucky: this is a rock-solid piece of software, built on modern tech (Go and Redis), initially released 10 years ago, and running in production for just as long. It was initially developed by Ludovic Fauvet from VideoLAN in order to distribute the VLC media player. And over these years, it has been adopted by a growing number of FOSS projects such as GNOME, Jenkins, Lineage OS, and many others.

As it happens, our use-case of Mirrorbits is different to what it was originally created for: distributing VLC, or in other words, a rather small set of static files. Kali Linux being a complete Linux distribution, it means that we distribute a huge number of files (at times there can be millions of files in our repo). Being a rolling distribution means that Mirrorbits must cope with fast-changing metadata in the repository. We also need to distribute Kali over both HTTP and HTTPS, which was not well supported.

Thus, the transition to Mirrorbits was not trivial, it did not work "out-of-the-box" for us, and we had to rework some pieces here and there, and basically hammer at it until it does the job. But it was well worth it, and in the end our modifications were clean enough that we could submit it all upstream. We really hope that all of this work will be accepted, thus making it easier for Linux distributions in general to use Mirrorbits going forward. Oh, and we have created and are maintaining the Debian package!

Much more could be written on the topic, and we plan a longer blog post dedicated to it. But for now, enough's been said.

New Tools in Kali

It would not be a Kali release if there were not any new tools added! A quick run down of what has been added (to the network repositories):

  • cabby - TAXII client implementation
  • cti-taxii-client - TAXII 2 client library
  • enum4linux-ng - Next generation version of enum4linux with additional features (a Windows/Samba enumeration tool)
  • exiflooter - Finds geolocation on all image URLs and directories
  • h8mail - Email OSINT & Password breach hunting tool
  • Havoc - Modern and malleable post-exploitation command and control framework
  • OpenTAXII - TAXII server implementation
  • PassDetective - Scans shell command history to detect mistakenly written passwords, API keys, and secrets
  • Portspoof - All 65535 TCP ports are always open & emulates services
  • Raven - Lightweight HTTP file upload service
  • ReconSpider - Most Advanced Open Source Intelligence (OSINT) Framework
  • rling - RLI Next Gen (Rling), a faster multi-threaded, feature rich alternative to rli
  • Sigma-Cli - List and convert Sigma rules into query languages
  • sn0int - Semi-automatic OSINT framework and package manager
  • SPIRE - SPIFFE Runtime Environment is a toolchain of APIs for establishing trust between software systems

There have also been numerous packages updates and new libraries as well. We also bump the Kali kernel to 6.5.0!

Community Packages

There have been multiple tools submitted from the community, ready to be merged into Kali:

  • h8mail - Credit to: Jason "5nacks" Kregting & TraceLabs
  • PassDetective - Credit to: Yunus "aydinnyunus" AYDIN
  • sn0int - Credit to: kpcyrd

For more information about this, please see our blog post from previous release.


Below are a few other things which have been updated in Kali, which we are calling out which do not have as much detail on:

  • We have changed our newsletter provider to SubStack!
  • If you want our blog posts, and only that, in your inbox, sign up!
  • We have seen an issue with VMware currently (VMware workstation 17.5), where it appears input (keyboard/mouse) will freeze after a period of time
  • Check the above link for a workaround solution
  • If you use our pre-generated VMs, the patch has already been applied
  • There also appears to be an issue with KDE inside a virtual machine, where certain functions between host/guest not working, such as shared clipboard (copy/paste)
  • We have added support for QT6 themes
  • A friendly reminder about Python v3.12 PIP install change which will alter "soon"