Kali Linux with support by AskforCloud LLC

We have some entirely backend services that function as an integration layer, where multiple applications exchange data through it. For any frontend and API control such as Acunetix  or Qualys, they are not supported for those kinds of backend services. For that purpose, we are using Kali Linux . Kali Linux  has the capability of real-time data scanning for vulnerability assessment for backend services. That is actually very far more valuable.

For backend service, Kali Linux is a very good tool, so I can recommend it for that.

Kali Linux has the capability of real-time data scanning for vulnerability assessment for backend services. That is actually very far more valuable.

The toolset on the security framework in Kali Linux is fulfilling our purpose of doing the assessment. We are good with that.

Kali Linux has the capability to expand more.

We don't know if Kali Linux has the port scanning capability yet, but that is an area of improvement because we are working with DMZ zones and customized ports. If we can add featured customized port scanning and DMZ zone capability, then it will be a very great tool. It might be there, but we are not exploring it yet.

We are not exploring 100% of Kali Linux capabilities. If real-time customized port scanning can be added, for example, instead of a default port such as 8080 or 443, if we can use a customized port such as 9876, that capability would be great.

The only point that I didn't find on Kali Linux for now is the ability to customize port scanning.

It has been only five to six months, and the team is getting used to it now.

I should rate the stability of the product as average, good. I would rate it eight, minus two because I don't know about other capabilities.

Kali Linux has the capability to expand more, so I would rate it nine.

I won't compare Kali Linux with Linux from other vendors because we are installing it on top of Red Hat.

The initial setup of Kali Linux is okay—not pretty complex or very simple.

It could be simplified from Kali's side for a GUI user, but if we are doing it as command mode, it is okay. We don't find it very hard to install or pretty complex.

For a regular user, they might find it complex. For the technical staff, it's not very complex.

Our DevOps team is doing it, so it is somewhat customized.

I won't compare Kali Linux with Linux from other vendors because we are installing it on top of Red Hat. We can say the competitors of Acunetix , such as Burp  Suite and Qualys Guard, those are the real competitors. Kali Linux is good because Sysbench is one kind of tool that has the capability of port scanning, but we don't know much about Sysbench as of now.

We are not working with the multi-language support function as of now because we are very new to it, so we are exploring the stuff entirely.

We are not working with the resource constrainer system function. We just use scanning for incoming and outgoing data services as of now.

We are not exploring 100% of Kali Linux capabilities. If real-time customized port scanning can be added, for example, instead of a default port such as 8080 or 443, if we are able to use a customized port such as 9876, that capability would be great.

I prefer not to comment further because we are very new to the tool. We don't explore 100%, so I can't comment on it with my capacity right now.

I'm not sure about the pricing model because we got a community version of Kali Linux. The customer has purchased it, so I'm not sure about the pricing.

On a scale of one to ten, I rate Kali Linux an eight.

In general, Kali Linux is used for hosting applications, developing new applications, and operating systems. It's also used in containers and nodes. The tool offers a smaller footprint than Windows because it lacks the functionality of graphical user interfaces. One advantage of Kali Linux is its lower maintenance requirements than Windows, with slower update cycles and easier maintenance procedures.

The tool's most valuable features are low maintenance and stability. 

The tool is already stable and well-developed, so there's minimal feedback for enhancement or change. However, it should improve security, which is crucial, especially with the increasing use of Kali Linux in cloud environments.

I have been using the product for a few months. 

I rate the tool's stability a ten out of ten.

Kali Linux is scalable and has a smaller footprint. It can be run on multiple instances of your applications.

We have community support. I haven't faced any problems with support. 

The tool's deployment is quick and straightforward compared to Windows. It takes about five to ten minutes to complete. 

Kali Linux offers a perpetual license, meaning you pay for it once and can use it. While free versions of Linux are available, Kali Linux, being an enterprise edition, usually comes with a perpetual license. I rate its pricing a five out of ten. 

Pre-installed tools can provide basic training and security measures, which is helpful. However, these tools may not be sufficient to secure your workload fully. That's why it's important to complement them with other specialized security tools to enhance your overall security.

Before using Kali Linux, make sure you know its pros and cons. It's a good system to learn because it's the best choice for some situations. It has default firewall settings that block everything by default. It's up to the user to decide how much they want to open up.       

Learning Kali Linux takes time because it relies on command-line tasks instead of graphical interfaces. Practice is key to becoming comfortable with it.

Kali Linux's use cases are quite diverse. It can be used as an operating system for learning Linux, penetration testing, ethical hacking, and much more.

The most effective features of Kali Linux include its stability as a Linux operating system, its flexibility in configuring resources such as partitions, its powerful and stable file system, and its multi-user capability, which allows for setting user privileges and rights. Additionally, Kali Linux provides access to a wide range of free and open-source applications for testing and development purposes.

The tool's most valuable features for security tasks include its resistance to viruses, ability to configure and filter incoming connections, and security measures that make it difficult for hackers to break into the system. Linux systems are known for their strong security measures, including numerous checkpoints and gates that make hacking attempts difficult. As a result, many financial and scientific institutions prefer to use Linux for its enhanced security compared to Windows.

With access to a vast repository of tools, users can install third-party tools and perform various tasks related to network testing, penetration testing, and session testing.

The tool is slightly difficult to learn. 

I rate the tool's stability a nine out of ten. 

Kali Linux's scalability depends on the available resources. Depending on the resources available, users can install multiple instances of Kali Linux, which can be scaled up to meet the needs of various user sizes.

I've never contacted Kali Linux for technical support. Most issues and their resolutions are readily available on the internet.

The solution's deployment is easy and takes about ten minutes to deploy. 

I rate the overall product a nine out of ten. For aspiring ethical hackers, I highly recommend using Kali Linux. It's stable and reliable. However, remember that while Kali Linux is very reliable, new bugs and issues may arise occasionally, and driver support for new hardware can sometimes be lacking. 

Additionally, it's worth noting that Linux operating systems like Kali Linux are not designed for general entertainment purposes like gaming. They are preferred by developers, engineers, and technical users who want to customize and utilize the full potential of their operating system. If you're looking for a system for general purposes like internet browsing and gaming, Windows or macOS may be more suitable options.

I use the solution in my company for penetration testing. The product is used to check if there is any vulnerability within a system.

The solution's most valuable feature is that it is very easy to use. The tool is very user-friendly, and its performance is very good.

From an improvement perspective, it should be made possible for users to learn about the product easily.

I have been using Kali Linux for three months.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a nine out of ten.

The product's initial setup phase was straightforward.

One just needs to create a bootable drive to install the product.

The solution is deployed on an on-premises model.

I can take care of the product's installation myself.

I have used the free version.

I strongly recommend the product to others who plan to use it since it is a reliable tool.

When it comes to the learning curve for new users who plan to use the product, I would say that if someone is not familiar with cybersecurity, then they would need at least six months to a year to learn about the product.

In terms of the value derived from the use of the product, I could see that with the solution, I was able to see the vulnerabilities.

I rate the solution an eight out of ten.

In my cybersecurity work, I use Kali Linux for web application penetration testing, network testing, vulnerability assessment of any devices or domains, multiple testing types, and code testing. Those are certain basic use cases.

I used Kali Linux in multiple companies like banks, IT companies, and even smaller companies like music departments or other departments. But mostly, I use it for IT companies and banks.

The systems that are not completely updated create vulnerabilities on the system or on the domain. So first, we have to upgrade all the systems and apply complete security patches. In Windows, there are security patches; in Linux, there are also security patches. We'll upgrade the system. 

Additionally, Kali Linux is wonderful. If there is a specific requirement for a lower version, then we have to put a specific script over the database or over the code so nobody can directly access that code.

I frequently use SQLmap for web application testing, along with other tools like Burp Suite and Vega.

When we execute commands on tools and the few scripts that I have prepared, we will use SQLmap to execute those scripts on the target system. This helps us find loopholes. Like, a report may show TXG is open or that the configuration password is in cleartext. 

Based on this, we suggest vendors make the required changes, or if they are using an older version, they might need a newer upgrade. So there's a lot of capability in it. We suggest upgrading that version, and after completing the vulnerability assessment, we prepare a diagnostic report with suggestions. 

Once we provide complete details, then they take some time to fix those vulnerabilities. After that, we'll again execute the vulnerability assessment as a second phase. If everything goes fine, then we will give them certification that their system and application are now secure.

Sometimes, I do face challenges. There's an issue where sometimes during the initial installation, it doesn't install properly. It gives multiple errors like packages not installing, so we have to install those tools separately. For instance, if we want to install a network or other tools, we have to install those complete toolkits manually.

So, the challenge is with the initial setup, where I sometimes get errors. 

Regarding wireless attacks, OS attacks, and social engineering... the tools should be easier to learn because I know everything very well, but some people in my team struggle to understand. If there were GUI interfaces for the tools, it would help me guide my team in using them step-by-step. Command lines are very difficult for other team members who know the tool's purpose but not the Linux commands. GUI interfaces need more improvement.

So, the UI interface needs improvement to make it more visible and easier for users. Expert users can do everything without any issues, but new users will struggle.

I've been working with Kali Linux for the last 10 to 12 years. I use the latest version. 

The stability is good because I've been using it for the last ten years. I've completed many successful projects, providing good vulnerability assessments to my clients and vendors.

It is a scalable solution. I would rate the scalability an eight out of ten.  

We have about four to five users using Kali Linux. Two or three are basic users; they need to learn first before they can execute the scripts.

We do not plan to increase the further usage because we do not have the need. I and some other partners have good experience with it, and we are managing those parts.

I tried to connect to customer support through email, but I received responses very slowly. In those situations, I do my own research and development to fix those particular errors.

For their understanding of the errors and providing solutions, I'd give them a ten out of ten. But about response time, I'll give it a five because it's very slow.

Neutral

From my perspective, I can set up Kali Linux with information gathering, vulnerability analysis tools, and application analysis tools. I'm able to configure those. 

However, now many people are interested in cybersecurity. So, I suggest that Kali Linux should improve things like the GUI interface, make it easier to use, and include a training portal that's easier for basic users to understand.

I use it sometimes on-premises and sometimes on the cloud.

Sometimes the setup takes only one hour, no more than that. But if we start getting errors, then it can take four to five hours to complete the setup of Kali Linux.

The price is good because Kali Linux already provides a good bundle of tools. The price is sufficient if you want a good operating system with the necessary tools. So, the cost is not an issue.

Kali Linux is much better than others because it gives you a good set of tools. It is preferred for vulnerability assessments and cybersecurity. You don't have to spend a lot of money on different tools like Tenable. We don't need those because everything is already there in Kali. You just need to explore, configure it properly, and it will provide you with good results.

Overall, I would rate it an eight out of ten because any new user or someone without deep expertise won't be able to understand how to scale or manage it, but an experienced person can.