Kali Linux | Penetration Testing and Ethical Hacking Linux Dist…'s Avatar

Kali Linux | Penetration Testing and Ethical Hacking Linux Dist…

@kali.org.web.brid.gy

Home of Kali Linux, an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments. [bridged from https://kali.org/ on the web: https://fed.brid.gy/web/kali.org ]

51
Followers 0
Following 7
Posts 14.05.2025
Joined
Posts Following

Latest posts by Kali Linux | Penetration Testing and Ethical Hacking Linux Dist… @kali.org.web.brid.gy

Preview
Kali & LLM: macOS with Claude Desktop GUI & Anthropic Sonnet LLM This post will focus on an alternative method of using Kali Linux, moving beyond direct terminal command execution. Instead, we will leverage a Large Language Model (LLM) to translate “natural language” descriptions of desired actions into technical commands. Achieving this setup requires the integration of three distinct systems: * UI: Apple’s macOS _(Can also use Microsoft Windows, but not covered in this guide)_ - with Claude Desktop * Attacking box: Kali Linux - using various tools * LLM: _In the cloud_ - Anthropic’s Sonnet 4.5 * * * The LLM is only part of the story. When paired with Model Context Protocol (MCP)’s, it allows/enables the LLM to seamlessly connect with external sources (data, programs/tools etc). At a very high level: 1. We can ask a LLM to-do a task via a “prompt”. * _“ Can you please port scan `scanme.nmap.org`, if you find a valid web server, check if `security.txt` exists”_ 2. The LLM will understand what we asked it to-do. * _“ First task, I need to use Nmap/Network Mapper to-do a port scan of scan `scanme.nmap.org`”_ 3. LLM will then request the MCP to-do any action(s). * _“ Is Nmap installed? Can I access it?”_ 4. MCP will run the request and return results * _`$ nmap scanme.nmap.org`_ 5. The LLM will process the results as well as showing it to us as end-users. * _“ I found that `scanme.nmap.org` is up, and contains a web server on port 80/TCP & 443/TCP.”_ 6. If needed, could be a loop, and re-run a command/action again back in the MCP until the prompt has been completed/full-filled. * _“ Now I need see if `/.well-known/security.txt` gives `HTTP 200` response”_ Just like the joys of text editors wars _(`vim` vs `emacs` vs `nano`)_, this is not to say its the “best” way to-do it. This is **a way**. This scenario may work for you, or it may not be acceptable to you _(e.g. privacy)_. That is fine. * * * If you are wonder “Why this setup? Why are you using multiple OSes?”, there are various reasons why! * You may want a graphical user interface (GUI), which Claude Desktop is. * Its an official product from Anthropic, who is making the model we want to run. However Claude Desktop is not officially supported on Linux. * There are workarounds (e.g. community packages or WINE, as well as other solutions, such as 5ire, AnythingLLM, Goose (Desktop) & Witsy * It being “free”. * _At the time of writing, 2026-01_ * Speed * Having Kali running in “the cloud”, may have greater network connection , or be closer to your target - thus speeding things up! ## SSH We are going to want our macOS box, to be able to talk/interact/communicate to Kali. For this, we will use SSH. ### Kali Setup First up, Kali. If you are using Kali in the cloud, you likely already have SSH pre-setup. If SSH is not setup, let’s quickly install and run: $ sudo apt update [...] $ $ sudo apt install -y openssh-server [...] $ $ sudo systemctl enable --now ssh [...] $ ### macOS Switching over to our macOS machine, open up `Terminal` _(or similar program)_ , and either find out public SSH key or generate one: user@Users-MacBook-Pro ~ % ls -lah .ssh ls: .ssh: No such file or directory user@Users-MacBook-Pro ~ % This is a clean install, so we will be generating a new key. * * * Generating a new SSH key, is the same steps as doing it on Linux: user@Users-MacBook-Pro ~ % ssh-keygen Generating public/private ed25519 key pair. Enter file in which to save the key (/Users/user/.ssh/id_ed25519): Created directory '/Users/user/.ssh'. Enter passphrase for "/Users/user/.ssh/id_ed25519" (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/user/.ssh/id_ed25519 Your public key has been saved in /Users/user/.ssh/id_ed25519.pub The key fingerprint is: SHA256:9JWMFmD6Jhq9gSLVrWSQaqR0hOOfGC5wd/HoMW1CoKU user@Users-MacBook-Pro.local The key's randomart image is: +--[ED25519 256]--+ | +oo. o.. | | =.B .oo + . | |=.E +.o=. o + | |+=.o.+*o+o . | |=.=.=o+=S . | |.+ + o.= | |. . . | | | | | +----[SHA256]-----+ user@Users-MacBook-Pro ~ % user@Users-MacBook-Pro ~ % cat ~/.ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFVZPT158E6mNNGrtOXTBQtK/7sXj09gRGZjkyMt82hs user@Users-MacBook-Pro.local user@Users-MacBook-Pro ~ % _Password is not shown_ * * * Now, lets add that public SSH key from macOS to Kali, allowing for key authentication. Our Kali is located at `192.168.1.30`, change the IP to match your setup: user@Users-MacBook-Pro ~ % ssh-copy-id kali@192.168.1.30 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/user/.ssh/id_ed25519.pub" The authenticity of host '192.168.1.30 (192.168.1.30)' can't be established. ED25519 key fingerprint is SHA256:s1EHXZomZxup5ybdUSgTJwnyjwrMBxFSmAgt4+ijhws. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys kali@192.168.1.30's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'kali@192.168.1.30'" and check to make sure that only the key(s) you wanted were added. user@Users-MacBook-Pro ~ % _Password is not shown_ This hopefully will be the last time you need to type in your Kali password when connecting via SSH! * * * ### Testing Finally, let’s test it out: user@Users-MacBook-Pro ~ % ssh kali@192.168.1.30 Linux kali 6.16.8+kali-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.16.8-1kali1 (2025-09-24) x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Jan 21 13:47:48 2026 from 192.168.30.153 ┏━(Message from Kali developers) ┃ ┃ This is a minimal installation of Kali Linux, you likely ┃ want to install supplementary tools. Learn how: ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-minimum-setup/ ┃ ┗━(Run: “touch ~/.hushlogin” to hide this message) ┌──(kali㉿kali)-[~] └─$ _Please replace`192.168.1.30` with **YOUR** Kali IP address._ Boom! ## MCP Server (MCP Kali Server) Now that we have a console on Kali, let’s continue our MCP server setup. There are many of MCP server options out there already with more being created every day. We will be using mcp-kali-server: $ sudo apt install -y mcp-kali-server [...] $ $ kali-server-mcp 2026-01-21 13:54:41,734 [INFO] Starting Kali Linux Tools API Server on 127.0.0.1:5000 * Serving Flask app 'kali_server' * Debug mode: off 2026-01-21 13:54:41,748 [INFO] WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead. * Running on http://127.0.0.1:5000 2026-01-21 13:54:41,748 [INFO] Press CTRL+C to quit _Long term, there are various different ways to have`kali-server-mcp` running in the background, such as using a tmux/screen session, or creating a systemd.unit, but that is out of scope for this post._ ### Testing To test that everything so far is working, in another terminal run `mcp-server` (this is what our MCP client, Claude Desktop, will end up running): $ mcp-server 2026-01-21 14:03:25,804 [INFO] Initialized Kali Tools Client connecting to http://localhost:5000 2026-01-21 14:03:25,812 [INFO] Successfully connected to Kali API server at http://localhost:5000 2026-01-21 14:03:25,812 [INFO] Server health status: healthy 2026-01-21 14:03:25,812 [WARNING] Not all essential tools are available on the Kali server 2026-01-21 14:03:25,812 [WARNING] Missing tools: dirb, gobuster, nikto, nmap 2026-01-21 14:03:25,828 [INFO] Starting Kali MCP server Did you see anything wrong? Did you spot the warning? > Missing tools: dirb, gobuster, nikto, nmap * * * Let’s install them now (as well other tools which `mcp-kali-server` can use), we can re-use the `mcp-server` terminal before closing it: 2026-01-21 14:03:25,828 [INFO] Starting Kali MCP server ^C [...] $ $ sudo apt install -y mcp-kali-server dirb gobuster nikto nmap enum4linux-ng hydra john metasploit-framework sqlmap wpscan wordlists [...] $ $ sudo gunzip -v /usr/share/wordlists/rockyou.txt.gz # Alt: `$ wordlists` /usr/share/wordlists/rockyou.txt.gz: 61.9% -- replaced with /usr/share/wordlists/rockyou.txt $ $ exit _Our Kali installation was aminimal installation, without any tools pre-installed, which is why this happened._ ## Claude Desktop Time to switch machines, and on macOS, download Claude Desktop. This will be our interface to the LLM, and it also is a MCP client, which will talk to our MCP server (`mcp-kali-server`), which will run commands on Kali. Download Claude.dmg _(At the time of writing (2026-01-21), latest version`v1.1.381-c2a39e`)_ Afterwards, open `Claude.dmg` and copy `Claude.app` into Applications before running it. If you are using Microsoft Windows, setup should be similar, but it is out of scope for this post. * * * Now, we need to follow the complete the first time items, and follow the steps to to register/sign in At the time of writing (2026-01), Claude Desktop is on Apple macOS and Microsoft Windows. There is not an official Linux build. Others have reported that using WINE is possible, as well as other unofficial Linux builds - You do you (and at your own risk!) Using Claude Code, requires a API key, which at the time of writing, does not have a free-tier option. * * * ## MCP Client (Claude Desktop) With all that out of the way, we need to setup Claude Desktop’s MCP client. Open settings (Claude -> Settings), then find `Deveploper` (Under `Desktop app`), and click `Edit Config`. Finder should open up with `claude_desktop_config.json` highlighted (otherwise: `/Users/[USERNAME]/Library/Application Support/Claude/claude_desktop_config.json`). Open/edit the file using your text editor of choice, and paste in: { "mcpServers": { "mcp-kali-server": { "command": "ssh", "args": [ "kali@192.168.1.30", "mcp-server" ], "transport": "stdio" } } } _Please replace`192.168.1.30` with YOUR Kali IP address as before._ So for us, it looks like: user@Users-MacBook-Pro ~ % cat /Users/user/Library/Application\ Support/Claude/claude_desktop_config.json | jq { "preferences": { "quickEntryShortcut": "off", "menuBarEnabled": false }, "mcpServers": { "mcp-kali-server": { "command": "ssh", "args": [ "-i", "/Users/user/.ssh/id_ed25519", "kali@192.168.1.30", "mcp-server" ], "transport": "stdio" } } } user@Users-MacBook-Pro ~ % * * * Finally restart Claude Desktop by quitting and re-opening for our settings to take affect. ### Testing Let’s see what all the hype about and give it a quick spin: > Can you please do a port scan for me on `scanme.nmap.org`? * * * Claude will check if we trust the MCP, and if we wish to run commands. * * * Afterwards, we just wait. If you are impatient, you can peek behind the curtain a little bit by checking the logs! In the terminal which we ran `kali-server-mcp`, we can then see: 2026-01-21 14:20:21,688 [INFO] Executing command: which nmap 2026-01-21 14:20:21,690 [INFO] Executing command: which gobuster 2026-01-21 14:20:21,692 [INFO] Executing command: which dirb 2026-01-21 14:20:21,693 [INFO] Executing command: which nikto 2026-01-21 14:20:21,695 [INFO] 127.0.0.1 - - [21/Jan/2026 14:20:21] "GET /health HTTP/1.1" 200 - 2026-01-21 14:21:25,385 [INFO] Executing command: nmap -sV scanme.nmap.org 2026-01-21 14:21:39,295 [INFO] 127.0.0.1 - - [21/Jan/2026 14:21:39] "POST /api/tools/nmap HTTP/1.1" 200 - ## Recap In review: * We have a Kali instance running (could be on the same network, or in the Cloud). * On Kali, we setup SSH service to allow for secure communication. * On Kali, we ran `MCP-Kali-Server` for our MCP server. * We also made sure Kali has the needed tools installed! * On macOS, we setup Claude Desktop, and configured a MCP client. * macOS can SSH into our Kali box, to run `MCP-Kali-Server`’s client. * We then used Anthropic’s `Sonnet 4.5` LLM to-do a `nmap` port scan of `scanme.nmap.org`. …and we did this for “free”! _We may be talking about AI, but AI was not used to write this!_ * * * _Find out more about advanced red teaming for AI environments atOffSec.com_
25.02.2026 00:00 👍 0 🔁 0 💬 0 📌 0
Preview
Kali Vagrant Rebuilt: Out With Packer, In With DebOS Vagrant files, `*.box`, are pre-configured Virtual Machines (VM) VM images, which when imported into HashiCorp’s Vagrant, allow for VMs to be interacted with via the command line. You create, start, interact, stop, destroy VMs all without leaving the terminal. _Think containers (Docker/Podman), but for VMs._ * * * Previously we have been using HashiCorp’s Packer to generate our HashiCorp’s Vagrant images. Packer is a wrapper, around whatever hypervisor you wish, and it will automate installing the OS (unattended setup via preseeding), run any commands or scripts, export the VM and finally compress it. The down-side to Packer is that you need to have the chosen hypervisor installed on the host OS, you can’t cross-build. If you use Linux, you can’t build Window’s Hyper-V. * * * For a few years now , we have been using DebOS, to automate building our VMs. This has been working great for us. Recently we realized: “ _Why do we have two different systems, for the same purpose?_ ”. A little bit of digging into “how to make a vagrant base box VM” boils down to just a few requirements: * Fix username _(`vagrant`)_ * Fix/Known pubic SSH keys _(default/standard insecure keypairs)_ * Able to perform superuser actions _(`sudo`)_ Simple really, just need to make sure that Vagrant can easy access the VM! Optional items (and recommended), as it helps benefits user’s rather than Vagrant: * Known/Fix credentials _(`vagrant` everywhere)_ * SSH tweaks _(speed up for airgap networks)_ All of this can be handled in a post-install step, which we have **put into our Kali-VM build-script**. * * * Now, we are building all of our VMs, automatically, in the same matter (Stock and Vagrant), all in the same infrastructure setup (Linux!). * * * Since Microsoft Windows 10 1607 / Server 2016, when exporting VMs, there would be 3 additional “binary” files, `*.vmcx/*.vmrs` included as well as an `*.xml`. As we were no longer exporting the VM from Hyper-V, but generating it outside of, we do not have these files. Now, we could create a “ _template_ ” binary which would act as a dummy marker. But this didn’t sit right with us, we didn’t want to include items, especially binary files. * * * Out of the box, Vagrant expected those binary files and failed without them. However a merge request later to upstream, and support has been added. As a result, trying to use Kali 2025.2 or higher on Windows using Hyper-V, using vagrant older than `v2.4.7` will NOT work. You need to use either an older Kali, different hypervisor, manually patch or to **upgrade Vagrant to be`v2.4.8` _(released 2025-08-05)_** or higher. * * * As Packer is no longer generating our Vagrant VMs, **we renamed the git repository** (gitlab.com/kalilinux/build-scripts/kali-vagrant -> gitlab.com/kalilinux/build-scripts/kali-packer). Finally, before **sunsetting our Packer build-scripts, we did a refresh of these build-scripts** one more time. _We might not be using it, but that doesn ’t mean you can’t._ * * * ## Demo After getting Vagrant and VirtualBox installed: $ vagrant box add kalilinux/rolling ==> box: Loading metadata for box 'kalilinux/rolling' box: URL: https://vagrantcloud.com/api/v2/vagrant/kalilinux/rolling This box can work with multiple providers! The providers that it can work with are listed below. Please review the list and choose the provider you will be working with. 1) hyperv 2) libvirt 3) virtualbox 4) vmware_desktop Enter your choice: 3 ==> box: Adding box 'kalilinux/rolling' (v2025.2.1) for provider: virtualbox (amd64) box: Downloading: https://vagrantcloud.com/kalilinux/boxes/rolling/versions/2025.2.1/providers/virtualbox/amd64/vagrant.box box: Calculating and comparing box checksum... ==> box: Successfully added box 'kalilinux/rolling' (v2025.2.1) for 'virtualbox (amd64)'! $ $ vagrant box list kalilinux/rolling (virtualbox, 2025.2.1, (amd64)) $ $ mkdir -pv vagrant-demo/; cd vagrant-demo/ mkdir: created directory 'vagrant-demo/' $ $ vagrant init --force --minimal kalilinux/rolling [...] $ $ cat Vagrantfile # -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| config.vm.box = "kalilinux/rolling" end $ $ vagrant up --provider virtualbox Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'kalilinux/rolling'... ==> default: Generating MAC address for NAT networking... ==> default: Checking if box 'kalilinux/rolling' version '2025.2.1' is up to date... ==> default: Setting the name of the VM: vagrant-demo_default_1753960552589_87147 Vagrant is currently configured to create VirtualBox synced folders with the `SharedFoldersEnableSymlinksCreate` option enabled. If the Vagrant guest is not trusted, you may want to disable this option. For more information on this option, please refer to the VirtualBox manual: https://www.virtualbox.org/manual/ch04.html#sharedfolders This option can be disabled globally with an environment variable: VAGRANT_DISABLE_VBOXSYMLINKCREATE=1 or on a per folder basis within the Vagrantfile: config.vm.synced_folder '/host/path', '/guest/path', SharedFoldersEnableSymlinksCreate: false ==> default: Clearing any previously set network interfaces... ==> default: Preparing network interfaces based on configuration... default: Adapter 1: nat ==> default: Forwarding ports... default: 22 (guest) => 2222 (host) (adapter 1) ==> default: Running 'pre-boot' VM customizations... ==> default: Booting VM... ==> default: Waiting for machine to boot. This may take a few minutes... default: SSH address: 127.0.0.1:2222 default: SSH username: vagrant default: SSH auth method: private key default: Warning: Connection reset. Retrying... default: Warning: Remote connection disconnect. Retrying... default: Warning: Connection reset. Retrying... default: Warning: Remote connection disconnect. Retrying... default: default: Vagrant insecure key detected. Vagrant will automatically replace default: this with a newly generated keypair for better security. default: default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key... ==> default: Machine booted and ready! ==> default: Checking for guest additions in VM... default: The guest additions on this VM do not match the installed version of default: VirtualBox! In most cases this is fine, but in rare cases it can default: prevent things such as shared folders from working properly. If you see default: shared folder errors, please make sure the guest additions within the default: virtual machine match the version of VirtualBox you have installed on default: your host and reload your VM. default: default: Guest Additions Version: 7.0.20 default: VirtualBox Version: 7.1 ==> default: Mounting shared folders... default: /tmp/vagrant-demo => /vagrant $ $ vagrant ssh Linux kali 6.12.25-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.12.25-1kali1 (2025-04-30) x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. ┌──(vagrant㉿kali)-[~] └─$ ### Cheat-Sheet vagrant box add kalilinux/rolling --force --clean --provider virtualbox --box-version 2025.2.1 mkdir -pv kali-vagrant/ && cd $_ vagrant init kalilinux/rolling --force --minimal --output - --box-version 2025.2.1 | tee Vagrantfile vagrant up --provider virtualbox vagrant ssh ## More Reading * Kali inside Vagrant (Guest VM) * Customizing a Kali Vagrant Vagrantfile * kali-packer/README.vagrant.md * kali-packer/README.packer.md * Build Script: kali-packer * Build Script: kali-vm
21.08.2025 00:00 👍 0 🔁 0 💬 0 📌 0
Preview
Kali Linux & Containerization (Apple's Container) If you’re an Apple user, you may have heard of Apple’s upcoming feature `Containerization` during WWDC 2025. Quick summary: * `Container` is a CLI tool, which works with Containerization. This is what end-users interact with. * `Containerization` handles creating the containers, that talks to `Virtualization.framework`. * `Virtualization.framework` is the hypervisor API (high level), and creates a new VM per container via `Hypervisor.framework`. * `Hypervisor.framework` is the low level hypervisor API, which uses the macOS kernel _(the hypervisor)_. It is similar to Microsoft’s Windows Subsystem for Linux 2 (WSL), where a very small lightweight virtual machine (VM) is launched in the background, so a Linux kernel can be used on a non Linux host _(WSL2 uses Hyper-V)_. _Not to be confused with WSL1, which was more like WINE!_ Its set to be publicly released for the next major OS release, macOS “Tahoe” 26, and also for macOS “Sequoia” 15 . `Containerization` supports containers which are “Open Container Initiative (OCI) compliant”, luckily our Kali image are! ## Setup If the first thing we see when trying to run `container` is: ~ % container zsh: command not found: container ~ % …We need to install it. * * * Doing a quick check to make sure our system is supported: ~ % sw_vers -productVersion 15.5 ~ % ~ % uname -m arm64 ~ % We are using macOS 15.5, on an Apple Silicon series device (aka arm64). We are good to go! * * * If Homebrew is installed: ~ % brew install --cask container ==> Downloading https://github.com/apple/container/releases/download/0.2.0/container-0.2.0-installer-signed.pkg ==> Downloading from https://release-assets.githubusercontent.com/github-production-release-asset/993475914/c5fb6a42-f282-4dd7-95c2-af9b142f0ed1?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-17T14%3A06%3A32Z&r ######################################################################################################################################################################################################### 100.0% ==> Installing Cask container ==> Running installer for container with sudo; the password may be necessary. Password: installer: Package name is container-0.2.0-installer-signed installer: Upgrading at base path / installer: The upgrade was successful. 🍺 container was successfully installed! ~ % Otherwise, we can manually grab the (signed) setup file from github.com/apple/container. _At the time of writing its`container-0.2.0-installer-signed.pkg`._ * * * Now when we try and run it: ~ % container OVERVIEW: A container platform for macOS USAGE: container [--debug] <subcommand> OPTIONS: --debug Enable debug output [environment: CONTAINER_DEBUG] --version Show the version. -h, --help Show help information. CONTAINER SUBCOMMANDS: create Create a new container delete, rm Delete one or more containers exec Run a new command in a running container inspect Display information about one or more containers kill Kill one or more running containers list, ls List containers logs Fetch container stdio or boot logs run Run a container start Start a container stop Stop one or more running containers IMAGE SUBCOMMANDS: build Build an image from a Dockerfile images, image, i Manage images registry, r Manage registry configurations OTHER SUBCOMMANDS: builder Manage an image builder instance system, s Manage system components ~ % …but we are not fully yet there! * * * When we use `container` to try and interact with `Containerization`, we may get: ~ % container ls Error: interrupted: "internalError: "failed to list containers" (cause: "interrupted: "XPC connection error: Connection invalid"") Ensure container system service has been started with `container system start`." ~ % We can address this by starting up the service in the background: ~ % container system start Verifying apiserver is running... Installing base container filesystem... No default kernel configured. Install the recommended default kernel from [https://github.com/kata-containers/kata-containers/releases/download/3.17.0/kata-static-3.17.0-arm64.tar.xz]? [Y/n]: y Installing kernel... ~ % Now we are off to the races! ## Running Containers Like Docker, and Podman, we can run our containers as we would expect: ~ % container run --rm -i -t kalilinux/kali-rolling ┌──(root㉿9ff4685f-76e1-42fa-86ba-f12e76c79843)-[/] └─# id uid=0(root) gid=0(root) groups=0(root) The first time running, `container` will need to pull down the container image. The default container registry is currently DockerHub (which Kali is on). * * * We are able to-do the same features as Docker/Podman as you would expect, such as sharing a directory : ~ % container run --remove --interactive --tty --volume $(pwd):/mnt --workdir /mnt docker.io/kalilinux/kali-rolling:latest ┌──(root㉿4be77ff5-bd57-4076-8bf0-8e51caff047e)-[/mnt] └─# uname -a Linux 4be77ff5-bd57-4076-8bf0-8e51caff047e 6.12.28 #1 SMP Tue May 20 15:19:05 UTC 2025 aarch64 GNU/Linux ### Alias Once everything is working as expected, we can create a quick alias to avoid retyping the full command each time: ~ % alias container-shell='container run --remove --interactive --tty --entrypoint=/bin/bash --volume $(pwd):/mnt --name "$(hostname -s)-$(mktemp -u XXXXXX)" --workdir /mnt' ~ % ~ % echo "alias container-shell='container run --remove --interactive --tty --entrypoint=/bin/bash --volume $(pwd):/mnt --name "$(hostname -s)-$(mktemp -u XXXXXX)" --workdir /mnt'" >> ~/.zshrc ~ % ~ % container-shell kalilinux/kali-rolling:latest ┌──(root㉿mba22-vB9af6)-[/mnt] └─# ## Troubleshooting Currently there are a few known limitations of Containerization, especially using macOS “Sequoia” 15, such as container’s network access not getting an IP address or no network access. We recommend reading and following Apple’s advice if you run into these issues. * * * And just like that, we have a quick way to run Kali containers on macOS. This is part of our ongoing commitment of “Kali Everywhere”, where we put the tools you need in as many places as possible and easy for you to make use of. There are many different ways to run Kali, be sure to check out our get Kali page to find the one that best fits your needs.
29.07.2025 00:00 👍 0 🔁 0 💬 0 📌 0
Preview
The Raspberry Pi's Wi-Fi Glow-Up _Thanks to Nexmon and fresh Kali packages, onboard wireless is ready for monitor mode and injection (again!)._ Kali Linux users on Raspberry Pi now have an improved and more integrated way to use the onboard Wi-Fi interface for wireless assessments. While the Nexmon project has long made this technically possible, our support in Kali has recently been refined. In Kali 2025.1, with the move to a newer Raspberry Pi kernel and a chance to revisit our packaging, we have cleaned up and formalized support for Nexmon through new packages. This not only improves the setup experience and adds support for more devices, including the Raspberry Pi 5, but also makes it easier to enable other hardware supported by Nexmon within Kali. ## Where We Started The Raspberry Pi has always been a compelling platform for portable Kali setups. But when it came to wireless assessments, things were less ideal. Raspberry Pi models use Broadcom/Cypress Wi-Fi chipsets, which don’t support monitor mode or injection by default. That left users needing an external USB adapter. The Nexmon project, created by SEEMOO Lab at TU Darmstadt, changed that by offering a firmware patching framework that extends Broadcom’s closed firmware with additional capabilities — notably, monitor mode and injection. Nexmon works by modifying the firmware binaries themselves and providing patches for the Linux driver (`brcmfmac`) to support the required modes. Kali’s integration of Nexmon has come a long way, though it hasn’t always been smooth. We were on the 5.15 kernel series for quite some time, in part due to how we were packaging the kernel and managing patchsets. This made it difficult to support newer devices like the Raspberry Pi 5, which requires a more recent kernel. When we attempted to move to 6.6, we encountered stability issues. These were not caused by Nexmon itself, but by changes in the kernel and how they interacted with our setup. Rather than ship something unreliable, we decided to pause development until we could revisit the approach. ## What’s New With the switch to the 6.12 kernel, we’ve taken the time to rebuild things properly. We’ve released two new packages: * `brcmfmac-nexmon-dkms`: A DKMS-based version of the `brcmfmac` driver with Nexmon patches * `firmware-nexmon`: Nexmon-patched firmware for supported Broadcom chips These packages make it possible to use the onboard Wi-Fi interface on **supported Raspberry Pi boards for monitor mode and frame injection, no USB adapter required**! The DKMS driver rebuilds against your kernel on installation, which should help keep things working across updates. ## Supported Devices We’ve tested the new Nexmon-enabled packages on: * Raspberry Pi 5 (64-bit) * Raspberry Pi 4 (64-bit and 32-bit) * Raspberry Pi 3B (64-bit and 32-bit) * Raspberry Pi Zero 2 W (43436s variant) * Raspberry Pi Zero W **If your board has a compatible Broadcom Wi-Fi chipset, it may work as well._If it does, let us know!_** ## Installing the Packages On a Raspberry Pi Kali image: $ sudo apt update $ sudo apt full-upgrade -y $ sudo apt install -y brcmfmac-nexmon-dkms firmware-nexmon $ sudo reboot * * * Once the device is back up, you can check that the Nexmon-patched driver is in use with: $ modinfo brcmfmac | grep filename ## Using Monitor Mode $ airmon-ng start wlan0 * * * In the command output you may see a message similar to: command failed: Unknown error 524 (-524) This is expected. Despite the message, monitor mode usually works. Confirm with: $ iw dev You should see an interface like `wlan0mon` in monitor mode. ## Verifying Injection Test injection with: $ sudo aireplay-ng --test wlan0mon You should see the `Injection is working!` message. This is not always stable however, and depends on device. ## Tips and Troubleshooting * Disable power management: `sudo iwconfig wlan0 power off` * Stop NetworkManager if needed: `sudo systemctl stop NetworkManager` * Confirm firmware loads: `dmesg | grep brcmfmac` * If you need to rebuild the driver, re-run: `sudo dpkg-reconfigure brcmfmac-nexmon-dkms` * * * If upgrading on the Raspberry Pi 3B (64-bit), Wi-Fi may stop working due to the `clm_blob`. You can verify if this is the issue by running: $ dmesg | grep clm_blob If you see it failing to load the `clm_blob`, run `sudo rm -v /lib/firmware/brcm/brcmfmac43430-sdio.raspberrypi,3-model-b.clm_blob` and then reboot. ## Special Thanks We want to give a couple of shout outs to our friends in the community who helped make this possible: * @GeneErik for discussing the pain points of working with Nexmon at a distro level, and he said it would be great if we could use DKMS with the driver. Additionally, many long nights of discussions and troubleshooting. * @NurseJackass contributed the initial support for supporting the 6.12 kernel. * The Raspberry Pi Foundation for hardware donations, permissions, and assistance as needed. ## Reporting and Feedback If: * It works on your board (especially if unlisted), let us know! * It doesn’t work, report the issue with logs and hardware details! * You get it working on an unsupported board, share how! Report in the Kali Linux forums or the Kali Linux Discord server the `#kali-arm` channel is the best place for these discussions. ## Looking Ahead This is one of several improvements we’re making across Kali ARM. Nexmon support gives Raspberry Pi users more freedom and portability when doing wireless assessments, especially when minimal hardware is key. Thanks to the Nexmon team for their research and patches, and to the Kali community for helping us test and refine these packages. We look forward to hearing how this works for you.
22.07.2025 00:00 👍 0 🔁 0 💬 0 📌 0
Preview
Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal) We’re almost half way through 2025 already, and we’ve got a lot to share with you in this release, **Kali 2025.2**. The summary of the changelog since the 2025.1 release from March is: * **Desktop Updates** - Kali-Menu refresh, GNOME 48 & KDE 6.3 updates * **BloodHound Community Edition** - Major upgrade with full set of ingestors * **Kali NetHunter Smartwatch Wi-Fi Injection** - TicWatch Pro 3 now able to de-authenticate and capture WPA2 handshakes * **Kali NetHunter CARsenal** - Car hacking tool set! * **New Tools** - 13 new shinny tools added _(and various updates)_ * * * ## Desktop Updates ### Kali Menu Refresh We’ve **completely reworked the Kali Menu**! It’s now reorganized to follow the **MITRE ATT&CK framework structure** – which means that finding the right tool for your task should now be a lot more intuitive for red and blue teams alike. Previously the Kali menu structure followed what was in BackTrack… which followed WHAX before it. The previous structure was an in-house item, before MITRE was a thing. When our menu was first created, there wasn’t as much design planning done, which we suffered for later. It meant that over time, scaling and adding new tools became difficult for us. The knock on effect was that this made it harder for you, the end-users, to discover new tools as similar tools with overlapping functions were in different places or missing entries. _Yes, seasoned professionals may not use the menu to start up items, using shortcuts such as`super key` and typing the tool name , or via a terminal window. We see the menu as a way to discover tools_. The final nail in the coffin in the setup was the fact that it was manually managed. Yes, all those entries were previously created by-hand (which also may explain a few things). As a result, we had stopped adding new tools to the menu… until now. Now, we have created a new system and automated many aspects, making it easier for us to manage, and easier for you to discover items. Win win. Over time, we hope to start to add this to kali.org/tools/. Currently Kali Purple still follows NIST CSF (National Institute of Standards and Technology Critical Infrastructure Cybersecurity), rather than MITRE D3FEND. This is a big change, and we want your feedback! Think something should be renamed, moved, or see a tool that’s missing? Help us improve the menu by editing the structure directly — it’s all open and managed through a **simple YAML file**. ### GNOME 48 GNOME has been bumped up to version 48, and brings with it: * **Notification Stacking** * **Performance Improvements** * **Dynamic triple buffering** * **Enhanced Image Viewer** * **Digital Wellbeing** * **Preserve Battery Health** * **HDR (High Dynamic Range) Support** * **Updated Text Editor** As with previous GNOME updates in Kali, we’ve given all our themes a fresh coat of paint – everything’s been tuned to look sharp and feel smooth. The document reader evince has been replaced with the new papers app. If you’re rocking Kali with GNOME, this update is definitely worth the reboot. Want the full scoop? Check out the official GNOME 48 release notes. #### New GNOME VPN IP Extension Just like we did for Xfce back in Kali 2024.1, we’ve now brought the VPN IP indicator to GNOME too! It shows the IP address of your current VPN connection right in the panel — and with a simple click, it copies it straight to your clipboard. Handy, right? Huge thanks to @Sarthak Priyadarshi who not only came up with the idea, but also provided all of the coding to make it happen. Community contributions like this make Kali better for everyone! ### KDE Plasma 6.3 KDE Plasma fans, rejoice – we’ve included Plasma 6.3, and it’s packed with polish: * **Huge overhaul of fractional scaling** * **Accurate screen colors when using the Night Light** * **More accurate CPU usage in system sonitor** * **Info Center provides more information** , like GPUs data or batteries’ cycle counts * **More customization features** Whether you’re into tiling window madness or prefer a traditional desktop setup, Plasma 6.3 brings both flexibility and style. You can read more about all the new changes for Plasma desktop in their official release post. ### New Community Wallpapers There are also new changes in the Community Wallpapers package (pkg), including 2 new backgrounds provided by @Onix32032044 and 1 background provided by @Arszilla. To access these wallpapers, simply install the `kali-community-wallpapers` package, which also offers many other stunning backgrounds created by our community contributors. ## BloodHound Community Edition If you’re doing Active Directory recon, this upgrade is a game changer. BloodHound just got a major upgrade – we’ve **bumped it up to the latest version: BloodHound Community Edition (CE)**. With this update, we’re also shipping the full set of ingestors to support it: * azurehound * bloodhound-ce-python * sharphound Heads up: **`bloodhound-ce-python`** is the ingestor made specifically **for BloodHound CE**. Don’t mix it up with the **old`bloodhound-python`**, which only work with the **legacy version**. So what’s new in BloodHound CE? Expect a smoother interface, better performance, and new capabilities for mapping complex Active Directory environments. You can check our guide about **how to configure a new installation of Bloodhound-CE in Kalihere**. ## New Tools in Kali It would not be a Kali release if there were not any new tools added! A quick run down of what has been added _(to the network repositories)_ : * azurehound - BloodHound data collector for Microsoft Azure * binwalk3 - Firmware Analysis Tool * bloodhound-ce-python - Python based ingestor for BloodHound CE * bopscrk - Generate smart and powerful wordlists * chisel-common-binaries - Prebuilt binaries for chisel * crlfuzz - Fast tool to scan CRLF vulnerability written in Go (Submitted by @Arszilla) * donut-shellcode - Generates position-independent shellcode from memory and runs them * gitxray - Scan GitHub repositories and contributors to collect data (Submitted by @weirdlantern) * ldeep - In-depth LDAP enumeration utility * ligolo-ng-common-binaries - Prebuilt binaries for Advanced ligolo-ng * rubeus - Raw Kerberos interaction and abuses * sharphound - BloodHound CE collector * tinja - CLI tool for testing web pages for template injection _There has also been numerous new libraries as well as packages updates as well, such as`PowerShell` and code-oss._ ### Xclip pre-installed We’ve added xclip by default across all desktop environments in Kali. Why? Because being able to **quickly send output to the clipboard from the terminal** is incredibly useful — especially during reporting, note-taking, or sharing on-the-fly. Here are a few quick examples: ┌──(kali㉿kali)-[~/Downloads] └─$ ip a | grep inet | xclip -selection clipboard Boom — now your IP info is in your clipboard, ready to paste. Or maybe you’ve just cracked a hash and want to copy the flag: ┌──(kali㉿kali)-[~/Downloads] └─$ grep FLAG crackme.txt | xclip -sel c # Or pass it to the next command ┌──(kali㉿kali)-[~/Downloads] └─$ xclip -o -sel c | grep FLAG No more mouse highlighting or right-click gymnastics. Just pipe it to xclip and paste wherever you need. Small tool, big quality-of-life boost. ## Kali NetHunter Updates ### Smartwatch Wi-Fi Injection After 3 years, we are proud to introduce the **first actual smartwatch that finally has wireless injection support**! Thanks to the exceptional collaboration by @yesimxev and @Jakob Link from NexMon team. Countless emails, lost brain cells, but it was worth it. Now Kali NetHunter on the TicWatch Pro 3 _(all variants with bcm43436b0 chipset)_ supports wireless injection, de-authentication, and able to capture WPA2 handshakes! Check out the install guide. * * * ### CARsenal **CAN Arsenal come with a new version** by @V0lk3n. It is now renamed as CARsenal, to better match the goal which is to provide a car hacking tool set. Code got a lot of rewrite, and provide a more friendly UI. Also it come with new tools such as: * **hlcand** : Modified slcand for ELM327 use * **VIN Info** : Decode your VIN identifier * **CaringCaribou** : Actually provide Listener, Dump, Fuzzer, Send, UDS and XCP modules * **ICSim** : Provide a great simulator to play with VCAN and test CARsenal toolset without hardware needed Actual kernel with CAN support enabled: * **Samsung Galaxy S9** (A13/exynos9810) * **Samsung Galaxy S10** (A14 & A15/exynos9820) * (NEW!) **Realme C15** (A10) * (NEW!) **Redmi Note 11** (A15) Its documentations and kernel configuration has been updated as well. * * * ### Android Radio There’s another possibly first use case of **Kali NetHunter KeX running on Android radio**. A teaser to the upcoming Android Auto support… * * * ### Kali NetHunter Kernels Kali NetHunter kernels updates: * (NEW!) **Xiaomi Redmi 4/4X** (A13) (by @MomboteQ) * (NEW!) **Xiaomi Redmi Note 11** (A15) (by @Madara273) * Updated **Realme C15** (A10) (by @Frostleaft07) * Updated **Samsung Galaxy S10** (A14,A15/exynos9820) (by @V0lk3n) * Updated **Samsung Galaxy S9** (A13/exynos9810) (by @V0lk3n) ## Kali ARM SBC Updates We will start off with some Raspberry Pi updates: * We have combined some of our Raspberry Pi images, so that **Raspberry Pi 5 does not need its own separate image** . It is now supported by our 64-bit image! _This is reflected by the new name of the download link onget-kali._ * Raspberry Pi devices have had their **kernel upgraded to a 6.12** based kernel. This was made possible thanks to @Nurse Jackass who add support to the brcmfmac nexmon driver. * Additionally, the udev rule that used to allow you to run `vgencmd` without requiring root rights on Raspberry Pi devices was updated, so you no longer need elevated privileges to run it. Now onto some USB Armory MKII: * It also has had its **kernel upgraded to a 6.12** based kernel. * The **bootloader upgraded to 2025.04**. PowerShell on the ARM images has been bumped from 7.1.3 to 7.5.1 Build-scripts: * Mirror replacement is fixed, so if you want to build a custom image pointing at a specific mirror, just follow the instructions in the README * Occasionally there would be a build failure with no output. This was tracked down to the limit_cpu function and has been fixed so we no longer swallow the error code when there is one, and pass it on so when a failure happens we can know why. ## Kali Website Updates * Kali Linux Community and Support * Meet The Kali Team ### Kali Documentation Our Kali documentation has had various updates to existing pages as well as new pages: * Adding Encrypted Persistence to a Kali Linux Live USB Drive _(updated)_ * Adding Persistence to a Kali Linux Live USB Drive _(updated)_ * Fixing PostgreSQL ‘collation version mismatch’ _(new)_ * Installing NetHunter on the OnePlus 5T _(new by@Güray Çakmak)_ * Installing NetHunter on the Xiaomi Mi A3 _(new by@mr00k3)_ * Making a Kali Bootable USB Drive (Linux) _(updated)_ * Making a Kali Bootable USB Drive (macOS/OS X) _(updated)_ * NetHunter Wardriving _(new by@Alex)_ * Official Kali Linux Sites _(updated)_ * Raspberry Pi 1 (Original) _(updated)_ * Raspberry Pi 2 v1.2 _(updated)_ * Raspberry Pi 2 _(updated)_ * Raspberry Pi 3 _(updated)_ * Raspberry Pi 400 _(updated)_ * Raspberry Pi 4 _(updated)_ * Raspberry Pi 5 _(updated)_ * Raspberry Pi Zero _(updated)_ * Raspberry Pi Zero W _(updated)_ * Raspberry Pi Zero 2 W _(updated)_ * Verifying USB Write _(new by@serval)_ * Where and How to Contribute to Kali _(updated)_ ### Kali Blog Recap Since our last release, we did the following blog posts: * A New Kali Linux Archive Signing Key ## Kali Team Updates It’s also with a heavy heart to announce that both @elwood as well as @gamb1t have stepped down and are no longer part of the Kali team. We hope you join us in wishing them all the best with their adventures going forward. @elwood has been part of Kali before it was called Kali and @gamb1t joined the team back in 2019. Both of them were very active and well known in Kali’s history as well as community. Shubham Vishwakarma (@shubhamvis98) has been doing a lot of heavy lifting with Kali NetHunter Pro since the start and has now fully joined the team. @v0lk3n has now been active and passionate for a while, with his work and efforts into the project it makes sense for him to have joined the Kali NetHunter team. Please welcome @Aura, James Green (@greenjam94) and @Tristram as Kali’s Community Leaders! You will see them in various places, such as our real-time chat and forums. Come and say hi to them. ## Community Shout-Outs These are **people from the public who have helped Kali** and the team for the last release. We want to praise them for their work _(we like to give credit where due!)_ : * @Alex * @Arszilla * @chewbaqa * @Data 19C * @florent4014 * @Frostleaf * @Güray Çakmak * @Kimo Coder * @Kyle Olmstead * @Madara273 * @MomboteQ * @mr00k3 * @Nurse Jackass * @serval * @SkyW4r33x * @soffensive * @V0lk3n * @Volodymyr BOBER * @x Anyone can help out, anyone can get involved! ### The ROKFOSS initiative, by and for Korean users In South Korea, a group of users that go by the name of ROKFOSS have been very active lately. Over the last few months, they have helped to setup new Kali Linux mirrors, and we now have a total of 6 mirrors in this country thanks to their support. But the initiative goes further: they now provide a translation of the Kali Linux documentation in Korean, along with a chat instance. Big thanks for this initiative! ### New Kali Mirrors We added _2_ new mirrors to the pool during this release cycle: * **India** : mirror.del2.albony.in, sponsored by Albony Network and thanks to Shrirang Kahale. * **South Korea** : mirror.hemino.net, thanks to “QuietSky”. If you have the disk space and bandwidth, we always welcome new mirrors. ## Miscellaneous Below are a few other things which have been updated in Kali, which we are calling out which do not have as much detail: * Community post: What I Learned About Kali Purple Hub, MALCOLM, and Autopilot at Black Hat Asia 2025 * Community post: [KDE] My first rice * Community post: Kali on Pi4 Cyberdeck - Triskel_mk1 * Community post: NetHunter C-deck * Kali is now on Bluesky, `@kalilinux.bsky.social` * Kali is now on PeerTube, `kalilinux@video.infosec.exchange` * We updated our preseed examples repos * These changes are all the public items, if you would like a peak behind the curtain to see other items we have been working on check out GitLab activity and milestones * * * ## Get Kali Linux 2025.2 **Fresh Images** : So what are you waiting for? Go get Kali already! Seasoned Kali Linux users are already aware of this, but for those who are not, we also produce **weekly builds** that you can use. If you cannot wait for our next release and you want the latest packages _(or bug fixes)_ when you download the image, you can just use the weekly image instead. This way you will have fewer updates to do. _Just know that these are automated builds that we do, not QA like we do for our standardrelease images_. But we gladly take bug reports about those images because we want any issues to be fixed before our next release! **Existing Installs** : If you already have an existing Kali Linux installation, remember you can always do a quick update: ┌──(kali㉿kali)-[~] └─$ echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | sudo tee /etc/apt/sources.list [...] ┌──(kali㉿kali)-[~] └─$ sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg [...] ┌──(kali㉿kali)-[~] └─$ sudo apt update && sudo apt -y full-upgrade [...] ┌──(kali㉿kali)-[~] └─$ cp -vrbi /etc/skel/. ~/ [...] ┌──(kali㉿kali)-[~] └─$ [ -f /var/run/reboot-required ] && sudo reboot -f Do make sure your kali-archive-keyring has been updated. * * * You should now be on Kali Linux 2025.2. We can do a quick check by doing: ┌──(kali㉿kali)-[~] └─$ grep VERSION /etc/os-release VERSION_ID="2025.2" VERSION="2025.2" VERSION_CODENAME=kali-rolling ┌──(kali㉿kali)-[~] └─$ uname -v #1 SMP PREEMPT_DYNAMIC Kali 6.12.25-1kali1 (2025-04-30) ┌──(kali㉿kali)-[~] └─$ uname -r 6.12.25-amd64 _NOTE: The output of`uname -r` may be different depending on the system architecture._ * * * As always, should you come across any bugs in Kali, please submit a report on our bug tracker. _We will never be able to fix what we do not know is broken!_ **And Social networks are not bug trackers!** * * * Want to keep up-to-date easier? We’ve got you! * Blog? Use our RSS feed and newsletter * Download? We have a Torrent RSS feed * Socials? Bluesky, Facebook, Instagram, Mastodon & X
13.06.2025 00:00 👍 0 🔁 0 💬 0 📌 0