Kali Linux

I use Kali Linux  for vulnerability testing, sandbox analysis, red team penetration testing, and checking vulnerabilities in the network, checking vulnerabilities with users, and red teaming proactive penetration testing.

For penetration testing or vulnerability analysis, we have a website, and for conducting vulnerability analysis of the website, we use Metasploit  and SQL injection to identify vulnerabilities. We also use Netmon and Nmap  to see network-related vulnerabilities. Additionally, we use John the Ripper for password-related issues. There are different tools that we use for different purposes.

Kali Linux  provides a secure environment for sandbox analysis and control testing, and most of the tools are free and open source, so we do not need to pay charges. It saves on costing, and because it is Linux-based, it provides a secure environment where we can conduct testing in our DMZ. If we are testing or analyzing malware, we need to use either Flare VM or Kali Linux. The testing is conducted in a controlled manner, and Kali Linux provides in-house tools for that. We do not need to go to the internet for the analysis.

Kali Linux is an operating system that has more than 30 plus tools that come as a package with Kali Linux. Those packages have their own purposes, such as Nmap , which is used for network testing. John the Ripper is used for passwords. Hydra is used for passwords and Wi-Fi. All tools have their own specific capabilities for the MITRE ATT&CK framework. Those are used for penetration, UABA analysis, and recent-related vulnerabilities. Most of the tools are a package with Linux and security-related tools, including those for spam and malicious emails.

Kali Linux is an operating system plus tool, and it is a Linux-based product, so if we need to do anything for Windows, we do not have an option to use the same type of tool. If Kali could provide a virtual environment where the base would be Linux and upon that there would be a player type functionality where we would have Windows, similar to ESX where we would have Windows and then upward, we could have a number of VMs and test that. If Kali could provide that type of functionality where we would be able to test Windows vulnerabilities, that would be very helpful.

Documentation is one of the major parts. It has more than 30 plus tools, and most of them are Linux-based. They do not have the GUI, so we have to go to the site and see the documentation. For our requirements, we have seen multiple times that the things which are not available and what tools will do what are not clear in Kali. We have to learn tools separately and learn Kali separately. That makes things complex. Documentation for Kali tools does not have a good directory level. If we want to create a folder, the folder structure is not clear for a Windows user. If anybody wants to pursue a career in security, the folder structure that Windows has is different in Kali. It is almost two different things. Documentation is one of the major problems, and training is also lacking. Kali needs to provide some training which is available publicly so users who are new to SOC and exposed to Windows only can grasp it and work quickly and more intelligently.

I have been using Kali Linux for the last 10 years.

It is a stable product because it is a Linux-based product, and it is scalable.

It is a quite scalable product. We can include the GitHub  repository, install Python code, and create our own machine learning model in Kali Linux.

It is an open-source tool, so we do not have the functionality to raise a case. However, it has a nice community. If we compare support from Microsoft, it is not the same because Kali Linux is open source and we are not paying any license cost. Customer support is there, but documentation and community have a strong base behind that.

Most often, we use Hydra, Nmap, John the Ripper, Metasploit , and Wireshark . Those are the tools that we use most.

Among the 30 plus tools, the most that we use are Nmap, Wireshark , John the Ripper, Hydra, Metasploit, and a few more for SQL injection and sandbox analysis. Each tool has their own capabilities. We can install tools if we want. We can use the GitHub  repo to install tools. There are a number of tools available.

We saved money, and it improved our security posture.

It is open source. We do not need to pay anything. Most of the tools are open source, so we do not need to pay for licensing. There is minimum cost we have to pay, and based on our expertise, we can use it.

Kali Linux is the only solution for cybersecurity if we are conducting pen testing or anything related to it. We cannot bypass Kali; we cannot ignore Kali. If we want a secure environment, we have to include Kali in our pen testing and all vulnerability analyses.

I give it a 10 because if we go in the market, we will not find any operating system with such a compact package. We will see Flare VM, but Flare VM is only for malware analysis. Every tool is based on the MITRE framework, and every tool is doing its own work. If we want to purchase something with the same functionality from other vendors which are not open source, we have to pay a high cost. It is cost-effective, highly secure, and it has proven its capabilities. I rate this product 10 out of 10 because it is the Bible for a cybersecurity expert. Without Kali Linux, we cannot do anything in cybersecurity. If we want to begin our career, Kali Linux is our first step.

The main use case for Kali Linux  is to test my own applications to ensure that they are secure, so I have pursued ethical hacking for my own applications.

I typically set up tests by using tools which are out of the box in Kali Linux  such as Nmap  for port scanning, and for the applications that I build, I am trying to identify the underlying hardware that they are running on, checking for any open ports which could introduce security vulnerabilities into my application. I also have sent packets to my web applications that I built previously, such as a website that I self-host, and I use Wireshark  for packet analysis to see if I can understand information about the request, such as where it is coming from.

From using Nmap  for port scanning, I have probably identified about 10% security improvements in my own applications just by closing ports which I did not realize were open but did not need to be.

The best features Kali Linux offers, in my opinion, include being maintained by a reputable group, Offensive Security, and it is very much seen as the industry standard OS for ethical hacking. Because of a large user base, there have been many developments to make Kali Linux an all-in-one solution. I understand that Kali Linux is preloaded with maybe 500 security tools, so for anything from web security, such as using Burp  Suite, to using Metasploit  for exploit frameworks, I can use Kali Linux for anything ethical hacking based, making it really an all-in-one solution.

Kali Linux has impacted my organization positively because it has allowed for the better security of my applications. The benefit here from security is multi-fold, including financial benefits because if the chance for exploitation is lower, then the chance to rack up server costs by being exploited is also lower, which is great, and also reputationally and from compliance perspectives, having that increased security benefits me.

The only real limitation I can see with Kali Linux is the steep learning curve of using it. Even though the tools are pre-installed, it is definitely not point and click. I need specialized knowledge of how to use it, and while the documentation is very good, I feel that for some users, it could be potentially overwhelming and also potentially dangerous as I could maybe damage networks if I do not know what I am doing. If there were video courses attached to how to safely use it, especially for absolute beginners with no previous experience using Linux operating systems, I think that could be very useful.

I have used Kali Linux for around one year.

Kali Linux is very stable. It is maintained very well by Offensive Security, and due to the huge user base that uses it, it is kept up to date regularly.

I would describe Kali Linux's scalability as very scalable because I can deploy it on a range of different machines, whether that is my laptop or using maybe Raspberry Pi or Android. I can deploy it on all these different types of devices, and with it being open source, it is very easy to download over the internet.

I have never interacted with customer support for Kali Linux before, but I imagine if support was needed, it would be very good because their documentation is good.

My experience with pricing, setup cost, and licensing has been very good. The cost is free to download, so that is very good.

I have seen a return on investment with security improvements since using Kali Linux, and money saved because it is an open-source tool and free to use. There are no financial costs needed upfront, other than maybe if I am booting it from a USB, I might potentially need to buy that USB. The money saved from using Kali Linux means if I am able to make my applications more secure, I could easily see financial improvements.

The cost is free to download, so that is very good.

Out of all those built-in tools and features, I find myself using Wireshark  quite a lot for packet analysis, and I have tried to bombard my web application with a large number of packets. I then use Wireshark to examine information regarding those packets, such as the geolocation of where they have come from and how many packets per second are trying to hit the application. I found that quite useful, especially when I am trying to understand the scalability and elasticity of my application. I also use cloud monitoring tools such as Grafana  and built-in tools with Google Cloud  in combination with Wireshark, which enables me to analyze packets and scalability from different angles.

My advice to others looking into using Kali Linux is to go ahead and use it because it is free. I can download it and give it a try, and there is a lot of advice online about how to use it. I rate this product a 10 out of 10.

My main use case for Kali Linux  is for reconnaissance and VAPT  purposes like ethical hacking, and when I have to go through long scripts running to scan the targets. For reconnaissance or VAPT , a quick specific example is that for subdomain enumeration, I use tools such as Subdomainer and Sublist3r in Kali. Sometimes I also use Nuclei templates for the automation purpose of the VAPT process.

Kali Linux  comes with pre-installed ethical hacking tools in the terminal that you can use directly. You do not need to separately install each tool and its dependencies. All of them come with the same OS, which makes it very useful.

The best features that Kali Linux offers are that it is faster, has a better response, and has fewer system requirements to utilize it. When I run a script on a GUI-based automation tool, it typically takes around ten to fifteen minutes. However, while using the CLI feature in Kali Linux, it gives me the output within one to two minutes. The performance is also better due to the ARM architecture that Kali comes with.

Kali Linux has positively impacted my organization by providing all the tools and many methodologies we need for ethical hacking or VAPT requirements in a combined bundle in one OS. We do not need to go to other platforms to download separate tools and waste a lot of time doing that. It basically shortens that period of time.

While Kali Linux has gotten better over the past years, it could be improved if it was bundled in a CLI-only pack. Currently, I use an ISO pack in a VM. A CLI version of Kali that comes with all dependencies pre-installed would be much better. I do not feel it requires anything else. I am currently satisfied with whatever is available.

I have been using Kali Linux for around two years.

In my experience, Kali Linux is quite stable. Sometimes dependency issues come up, but if you are a technical person, you can handle it. That is not much of a task.

Kali Linux is quite scalable. You can use it on cloud, VPS, and on-premises. I can say it is scalable. We can share the same VPS among peers using SSH. They can also work on that. It also has a good load balancing capability, so it is good in the scalability part.

I have not gone through customer support for Kali Linux, so I cannot give much of an idea about it. I never needed it.

I previously used Linux, but the tools which I required for the VAPT part did not get pre-installed in that. I switched back to Kali Linux, as it was also suggested by my peers to use it.

For licensing, we do not require any. For a small team, we do not need any licensing. We can directly install Kali Linux. It is open source. We can install it on our system and it is ready to use. All the tools come with it, so we do not need to do any complicated tasks. It is better.

I save around eight hundred to nine hundred dollars monthly by using Kali Linux. This is because the equivalent on-market tools have quite hefty charges. They are private and require a paid subscription to use. In Kali Linux, similar open-source tools are available for the same purpose.

Before choosing Kali Linux, I evaluated other options such as Arch Linux and Parrot  OS. I compared these three platforms and then chose Kali Linux. I think it is the best.

If you want to use Kali Linux, my advice is to explore other options, compare them, and then know your needs before choosing Kali Linux. If you are looking for faster, better performance or scalability, then Kali Linux is the best. If you want a better GUI or something else, then you can go for Arch or Parrot  OS. Those operating systems are also in the market. However, the benefit Kali Linux provides and its community is also good, so Kali Linux is far better than others. I have given this review a rating of eight point five out of ten.

I have been using Kali Linux  for almost three to four years now.

I use Kali Linux  for penetration testing purposes as well as red teaming activity. I also use it for solving machines in Hack The Box  or TryHackMe.

There is a particular machine in Hack The Box  which requires you to connect to their machines and perform reconnaissance as well as identify vulnerabilities in the system and exploit them in order to get the flags. That would be my recent use case.

For my coursework, which was a long time ago, I used Kali Linux for vulnerability scanning.

I think the plethora of tools that come built-in with Kali Linux is really helpful. There are a lot of categories which it provides, starting from reconnaissance to exploit. Since all of them are already built-in, I don't have the necessity to go and install every single one of them. Kali Linux has a really good suite of tools already built-in, which is one of the best features that comes to my mind.

I would definitely say the reconnaissance-based tools are my favorite in Kali Linux. There are a lot of reconnaissance tools available. Outside of that, I also use Metasploit  and other exploitation tools. However, it predominantly lies with reconnaissance and exploitation.

One feature I found cool was that you can disguise Kali Linux as just another operating system, such as Windows, when you are using it outside.

A good amount of time is saved when it comes to scanning and reconnoitering infrastructure with Kali Linux.

Kali Linux has a variety of tools and a variety of word lists present, which makes it a lot easier to choose between options. For example, for subdomains, there are a bunch of them. Particularly for finding the fields of requests, there are many options. All of this makes it easier rather than going to the web to search for a particular list and curating the list for a particular thing. In that case, I would say it is saving me a good amount of time.

I feel there is not much for me to say in this because as far as all the products that I have used within Kali Linux, it has never probably been hung up on me or it was pretty smooth overall. I do not really recollect any instance where I felt this could be improved or that could be improved.

The overall theme of Kali Linux seems pretty good. However, something about it might be improved, maybe the overall smoothness of it, because there are sometimes when I try to run a lot of applications, it tries to hang up on me. That might be an area for improvement.

I have been using Kali Linux for two and a half years.

To most parts, Kali Linux is stable in my experience nine out of ten times.

I have no scalability issues with Kali Linux.

I had worked with Parrot  OS, but I did not like the interface, so I switched to Kali Linux.

I cannot speak for the organization as a whole, but Kali Linux is used quite a lot in my team, and particularly by me. It does help me to increase my pace when it comes to the reconnaissance process and also while solving machines in Hack The Box.

Kali Linux is a very good tool and a good overall operating system to use when it comes to penetration testing, as it has a wonderful set of tools. You just need to search for the right tools within it because it offers a plethora of tools. It might be a good way to start identifying what the tools are best suited for your environment and what your needs are.

I have not had to get back to them anytime regarding support for Kali Linux. My overall rating for this product is nine out of ten.