Their site is down. Can someone post the magnet link?

EDIT found the link on reddit: magnet:?xt=urn:btih:66fc47bf95d1aa5eca358f12c70af3ba5c7e8f9a&tr=udp://tracker.kali.org:6969/announce&tr=http://tracker.kali.org:6969/announce (torrent at http://images.kali.org/kali-linux-2.0-amd64.torrent)

Site is back up but cheers for the magnet!

> At the request of Rapid7, we have removed the Metasploit Community / Pro package from Kali Linux and now host the open-source metasploit-framework package only...

> In addition, the Rapid7 team no longer maintains the Metasploit package in Kali...

Seems they had a problem with metasploit company.

It is likely in response to this: https://community.rapid7.com/community/metasploit/blog/2015/...

"Kali Linux is Now a Rolling Distribution" - finally!

I seriously thought that was the goal when they changed names from Backtrack to Kail in the first place. Oh well, good that it's now one at least.

TL;DR Kali Linux is now a rolling distribution, which pulls packages from Debian testing.

Anyone else getting a weird sha1sum on the Torrent?

I've downloaded twice and I'm getting a34527e9178e7185eebbca0730d825a7c78fcca4

Kali's website (and sha1 file) says aaeb89a78f155377282f81a785aa1b38ee5f8ba0

I'm getting from http now, but its slow as sin.

It took awhile to figure out what happen to backtrack seeing this Kali Linux I was curious about Backtrack.

Kali Linux is the successor of Backtrack but on Debian.

Interesting, they should have kept the brand sheesh.

What is about Kali that sets it apart from other Linux distributions?

It comes with the most popular tools for penetration testing.

Personally, I try to steer people away from it until they've learned how to do things the hard way (i.e. you have Python and Bash installed, write your own simple tools and hack this network) and then Kali is easy mode.

It's a Debian-based distribution, with a lot of preinstalled penetration-testing tools.

Deployed as a live USB, it becomes the Swiss Army knife of pentesters.

It is a distro built specifically for pen testing.

What exactly do you mean by "built"? I mean if it's, like other users said, just a bundle of pre-installed tools, how does it differ from Ubuntu?

Kali includes a huge number of tools (some pre-installed, others in the repos) that aren't available via the package manager for most distros. Also things like wifi drivers that are patched to support monitor mode and default login as root, which is insecure for day-to-day computing but since most of the tools require root access, it's quite nice on Kali.

I believe every network protocol and outside connection is disabled by default. It's supposed to be setup so that it can be booted invisibly, on an existing system via live USB so that you can simulate a real intrusion.

You should doublecheck this with wireshark yourself before finding yourself in a potentially bad situation. Kali is not so silent as advertised.

Good to know.

I'd guess its focus on penetration testing.

You login as root. You don't use sudo.

`sudo -i` sort of solves the lack of su in Ubuntu and derivatives.

Has anyone seen a list of what tools have been added in this release?

Here you go: https://www.kali.org/releases/kali-linux-20-released/

They've added a ton of stuff as well as removed metasploit pro package due to Rapid7 asking them to remove it.

kali.org's SSL cert shows as invalid due to a subject mismatch. Is that on purpose?

It's been a while since I used Kali so this might have changed, but the distro provides pentest-focused default configs and patchsets that can be a pain to set up yourself. Configuring your own systems can also leave behind revealing information that will allow others to trace your activities.

Kali is designed to allow you to quickly set up throwaway systems for particular projects. It's far from perfect, but represents a better starting point than a general-purpose distro.

Doesn't Kali default to having you login as "root", for pretty much this exact reason?

So run everything else as root. Real secure. "Make everything setuid 0!"

Running as root in a lot of ways is to further nail home that this is a tool that is not for your day to day computer usage. You'll pull it out for testing, use it, and then toss the environment. With the environment as disposable as it is, running as a regular user gains you nothing, except a potential case of carpal tunnel from typing sudo over and over again.

Kali is much less of a live CD than backtrack was.

Also, most of the people Kali is targeted towards would use it every day.

They ship customized kernel and drivers for obvious reasons. That's the real deal.

What does their "customized kernel" do? (Besides having a few wifi drivers built in)

AFAIK just that.

The point is that none of the menu items are worth anything as they spawn an xterm, which emits an error about requiring sudo, then exits. Having a metric ton list of installed tools that are displayed and are not usable seems pretty daft.