Kali Linux Reviews

My main use case for Kali Linux is whenever there's an open-source or free tool to use with an API and Python that I need to utilize. I prefer Kali Linux because it has a Linux environment and numerous open-source tools that work and are compatible with Kali Linux.

A specific example of how I've used Kali Linux in my work is that it has many offensive security tools. The last time I used it was when I was preparing for my OSWA exam, where I used the terminal extensively to probe the labs provided to me in the OSWA certification exam.

I also use Kali Linux as my go-to operating system. My main operating system on my personal laptop is Kali Linux, and for my office use case, I have Kali Linux set up in a VM.

The best features Kali Linux offers include the ability to customize everything and anything, from the terminal to the preferences to getting the environment set up and storing everything as I would want, and setting preferences accordingly.

When I say customizing everything, I customize my tools that run using the CLI, such as the terminal itself. I usually write a script that would automate running four or five tools simultaneously. For example, I would provide input for a first tool, and the output from the first tool would be the input for the second tool, and so forth. The output from the second tool would be the input for the third tool, and similarly, I have a script written that combines three or four tools and gives me the end result exactly the way I want it or in the particular format that I need.

A unique and really helpful feature of Kali Linux, compared to other operating systems, is that many of the offensive security tools are already pre-configured and pre-installed. I do not have to deal with a lot of hassle. I just boot up the operating system and I'm ready to go. The software is already loaded in the operating system.

On a personal level, I have done a significant amount of learning, experimentation, and hands-on practice with Kali Linux.

I think Kali Linux can be improved because it is not a beginner-friendly operating system. A basic hands-on guide for anyone who installs the operating system would be beneficial, so that they become acclimated to the operating system and understand the file directory structure. That could be a good starting point for Kali Linux.

In terms of needed improvements, I have found that when downloading Kali Linux from kali.org, we get the ISO file. However, when downloading a virtual machine image, such as a VMware image or VirtualBox image, I was unable to directly use it through VMware or VirtualBox. I think Kali Linux needs to provide a better image that would be compatible with running on these platforms. Additionally, the versions that are available, or the latest version whenever it is released, are not very stable. I generally prefer using an older version rather than the latest version of Kali Linux.

I have been using Kali Linux for four or five years.

Kali Linux is stable for my use cases, though not the latest version. If you downgrade two or three versions from the latest, you are good to go.

Regarding the scalability of Kali Linux for my work and projects, whenever I was conducting brute force attacks and provided more than two or three million lines of payload, the system would freeze. However, I believed this was a hardware fault rather than a software issue, though I am not entirely certain about this limitation.

I have not used the customer support for Kali Linux, but I have searched extensively on Stack Overflow and Kali forums. That was very helpful because most of the issues I faced were already mentioned in one of those forums, and I was able to solve the problems I was experiencing.

Before Kali Linux, I was using a Debian operating system and I also tried Parrot OS. I found Parrot OS a little bit flashy. Kali Linux is more calm and composed. That is why I switched to Kali Linux. I still appreciate Debian, but it does not have the tools. If I'm getting a fresh operating system, I would still prefer Kali Linux.

I would say I have seen a return on investment in time saved, for sure. For metrics, I do not find any metrics apart from the learning that I have done.

My experience with pricing, setup cost, and licensing for Kali Linux is that this is not for commercial use. This is for personal use that I have done. The pricing, setup cost, and licensing were all nil for me. I installed the operating system from kali.org and ran it on a personal machine and in a VM on my professional machine.

I did not evaluate other options before choosing Kali Linux. I already knew about it.

Kali Linux has helped me with my learning and experimentation by allowing me to do many CTFs when I was learning to go into the offensive security side or doing penetration testing. There, I learned many probing attacks, such as HTTP probe, and then there is the Gitrob tool. Many of the offensive security tools that I used were in Kali Linux. The best part is automating it through the CLI. The CLI is the one feature that I have used the most in Kali Linux.

The most significant benefits I have experienced since using Kali Linux for my personal or professional work are the hands-on capabilities that we use on the tools at every stage of probing a website. This includes everything from reconnaissance to active attacks, passive attacks, and then trying to use Burp Suite, which is a proxy tool. That is where I find it the most useful. Getting accustomed to the terminal gives you a different feeling than using the GUI.

Kali Linux stands out compared to other operating systems I have used for security work because it is a specific distribution of Linux that has all the required tools pre-loaded and configured. Python is already configured with the correct path variable, Java is installed already, and Go is pre-loaded. These are features that every offensive security software or operating system needs. If I'm using Windows and trying to attack a website, I have to manually install those programming languages that I will be writing scripts on, and then declare the path variables. That makes it more tedious than how Kali Linux works. Additionally, I can run multiple threads in Kali Linux, and the operating system is still able to support the performance, compared to Windows, which will lag or freeze if given multiple processes to run.

My advice for others looking into using Kali Linux is to first understand the basics of Linux, then understand how the Linux terminal works, and only after that should you dive into Kali Linux. If Kali Linux is the first operating system you are using in a Linux environment, you might become confused. Many of the features do not have a graphical user interface, so you will need to be more accustomed to the terminal.

Kali Linux is a great operating system. I appreciate it because it offers a diverse range of tools. I do not think I have ever used all the tools that are pre-provided in the operating system. An option to choose what different kinds of attacks you are using so you can streamline the software that you are downloading would be beneficial. If I need something for an active attack, that would be a different stream of tools that should be pre-loaded, compared to passive kinds of attacks. That could be a major upgrade or option for choosing at the time of download. You could get a lightweight operating system, and if needed, you can always download those tools later. Overall, I found this product to be valuable for my security work.

My main use case for Kali Linux is primarily for testing and cybersecurity, specifically for doing penetration testing on applications and network applications that we utilize for network monitoring.

A specific penetration test I performed using Kali Linux was for the application related to DDI, which encompasses DNS, DHCP infrastructure, and network monitoring as well as authentication for Cisco ISE, during which I used tools such as Hydra, Nmap, Ncat, and Wireshark to capture and analyze network packets.

Kali Linux fits into my team because I mainly work with network tools and focus primarily on DNS; it plays a crucial role in penetration testing and ensuring that my applications are secure against attacks through various cybersecurity criteria.

The best features Kali Linux offers include its Debian-based architecture and being open source, which is important for many reasons, such as allowing for live USB boot and custom ISOs, making penetration testing simpler with comprehensive pre-installed toolsets such as Nmap, useful for vulnerability scanning.

The live USB and custom ISO options help me specifically as they allow for quick access to a wide selection of pre-installed security tools, saving me time on installations and configurations through live USB boot functionality, which lets me get up and running quickly.

The integration of cloud and containers within Kali Linux is something I wish more people knew about, as it allows for utilizing containerized versions that provide scalability and eliminate the need for a virtual machine setup.

Kali Linux has positively impacted my organization by improving efficiency in penetration testing; its open-source nature permits extensive customization and inclusion of numerous comprehensive pre-installed tools, contributing to a secure network environment with effective monitoring of network applications.

The outcomes from using Kali Linux in our organization are significant; we experienced reduced cybersecurity attacks and improved application security, leading to decreased attack surfaces and quicker testing cycles that enabled faster launches and installations.

There are areas for improvement in Kali Linux, particularly regarding its use of the Linux kernel, which requires external additional patching, and the fact that network services are disabled by default, which complicates usage; enhancing user-friendliness through more GUI-based tools and better integration could be beneficial.

While Kali Linux is open source, it lacks vendor support, and I believe that improving documentation and community engagement is essential, making it more user-friendly and encouraging the use of GUI tools can significantly enhance the overall experience.

I have been using Kali Linux for around five years, starting in 2018 or 2019, and I continue to use it until 2024, with plans to keep using Kali Linux starting in January 2025.

Before switching to Kali Linux, we used Fedora for penetration testing. The decision to move to Kali Linux was influenced by its open-source nature, which reduced costs while facilitating easier automation with DevOps tools.

Integrating Kali Linux with DevOps tools has resulted in reduced operational costs due to automated test cases, making it a worthwhile investment with significant returns by decreasing the attack surface area and the frequency of attack incidents.

My experience with pricing, setup costs, and licensing for Kali Linux has been positive, as it operates under an open-source model with setup costs primarily related to hardware and virtual machines, eliminating the need for vendor-specific licenses.

We evaluated alternatives to Kali Linux, including Parrot OS, BlackArch, BackBox, and the Network Security Toolkit (NST), but Kali Linux was chosen for its stability, open-source nature, and strong community support.

Kali Linux's scalability is commendable; it allows for easy expansion through containerized versions and custom ISOs, although support is primarily dependent on the community rather than vendor assistance.

My advice for others looking into using Kali Linux is to ensure they have a strong foundation in Linux knowledge and are familiar with the various toolsets available within Kali Linux so that they can select the right tools for their specific needs.

I believe Kali Linux is a valuable open-source tool with great potential for growth through community involvement, and continuous development can enhance its position as a leading solution for penetration testing.

On a scale of one to ten, I rate Kali Linux an eight out of ten.

Kali Linux serves as the base OS across all my cloud environments. A typical task or project where Kali Linux plays a key role is that I have designated it as the base OS, which is the underlying operating system I use for all my cloud-native applications, with Kali Linux running across all the cloud nodes used for cloud-native products.

Kali Linux has positively impacted my organization significantly as it aids in red team work and penetration testing. It is not just red team work, as it also involves the blue team who defends and remediates issues, so having these tools available allows us to proactively identify issues rather than reactively, which is typically more difficult. Without these tools, the identification process is complicated and often only occurs after damage is done, making it critical that we utilize red team tools on a regular basis, allowing us to test, identify issues quickly, automate scans, and promptly notify teams to address fixes.

The best features that Kali Linux offers stand out because it is built out of offensive security and blue team validation. It is not only about red team tools but also includes a massive security tool set, boasting over 600 plus tools available via Kali Linux, which we utilize for recon, scanning, exploitation, penetration testing, among others, with various tools such as clients that we can run, along with Metasploit, Burp Suite, SQLMap, Aircrack, Reaver, Hashcat, Hydra, and others to test different scenarios.

Out of all those tools and capabilities, my favorite tools in Kali Linux that I find myself relying on the most are Burp Suite, which I frequently use, and based on Burp Suite issues, I can start the recon and then proceed to exploit using Metasploit or SQLMap, which are the second steps I take.

Kali Linux can be improved, as I have encountered challenges with dependencies that can be overwhelming. It is not always easy to deploy or run the tools without running into dependency issues, particularly on third-party private networks, so having pre-built packages could improve this situation.

I have been using Kali Linux for around 10 years.

Kali Linux is stable.

The scalability of Kali Linux is good.

Customer support for Kali Linux has been great.

Positive

Before Kali Linux, I used more Windows-based tools, which posed significant challenges.

Deploying Kali Linux in my environment was easy, with no hurdles.

My experience with the configuration process was smooth, without any challenges.

I have seen a return on investment with Kali Linux, particularly in terms of needing fewer employees and the time saved, especially securing the business and protecting customer data.

My experience with pricing, setup cost, and licensing is overall good.

We use a variety of other tech products, including a bunch of AWS services, CrowdStrike, Rapid7, Trend Micro, Datadog, Axonius, Splunk, and several others.

I am interested in analyst insights about other solutions.

My advice to others looking into using Kali Linux is that it is a good security tool.

I have shared all valuable information, so I have no additional thoughts about Kali Linux.

I found this interview to be conducted well, and you are doing good.

I would appreciate a short poem or haiku that summarizes my review. I give this review a rating of five out of five.

My main use case for Kali Linux is for penetration testing.

A quick specific example of how I've used Kali Linux for penetration testing is that there are some tools which could be used to simulate a threat or an attack on, for example, a web browser, and try to pinpoint the issues that happen. There are many tools in Kali Linux that allow an individual to do that.

The best features Kali Linux offers are that it is focused on cybersecurity and has a lot of tools related to cybersecurity.

The specific cybersecurity tools in Kali Linux I find most valuable or use most often include Nmap.

Kali Linux has positively impacted my work by facilitating and simplifying the setup for an operating system and installing tools. It is all in one package, so getting started to do the job happens without the headache of installations, setup, and preparations.

It helps me save a lot of time. For example, I have saved at least one week of installations and operations compared to Ubuntu.

I think there are a lot of efforts which are really great for improving Kali Linux. Increasing the tutorials and the help inside Kali Linux would make it more useful.

I have been using Kali Linux for two years.

Kali Linux is stable.

Kali Linux's scalability is really good; I am using it in a very good way.

I have not needed to reach out for help regarding customer support.

I previously used Ubuntu and installed some tools there, but I switched to Kali Linux because it contains everything at once.

My experience with pricing, setup cost, and licensing has been good because I am using the free version.

I have seen a return on investment by using fewer resources and saving a lot of time.

My experience with pricing, setup cost, and licensing has been good because I am using the free version.

I did not evaluate other options before choosing Kali Linux.

My advice to others looking into using Kali Linux is to try to learn a lot about it before using it. When you start using it, you will find it very useful. I would rate my overall experience with Kali Linux as a 9.

In my cybersecurity work, I use Kali Linux for web application penetration testing, network testing, vulnerability assessment of any devices or domains, multiple testing types, and code testing. Those are certain basic use cases.

I used Kali Linux in multiple companies like banks, IT companies, and even smaller companies like music departments or other departments. But mostly, I use it for IT companies and banks.

The systems that are not completely updated create vulnerabilities on the system or on the domain. So first, we have to upgrade all the systems and apply complete security patches. In Windows, there are security patches; in Linux, there are also security patches. We'll upgrade the system. 

Additionally, Kali Linux is wonderful. If there is a specific requirement for a lower version, then we have to put a specific script over the database or over the code so nobody can directly access that code.

I frequently use SQLmap for web application testing, along with other tools like Burp Suite and Vega.

When we execute commands on tools and the few scripts that I have prepared, we will use SQLmap to execute those scripts on the target system. This helps us find loopholes. Like, a report may show TXG is open or that the configuration password is in cleartext. 

Based on this, we suggest vendors make the required changes, or if they are using an older version, they might need a newer upgrade. So there's a lot of capability in it. We suggest upgrading that version, and after completing the vulnerability assessment, we prepare a diagnostic report with suggestions. 

Once we provide complete details, then they take some time to fix those vulnerabilities. After that, we'll again execute the vulnerability assessment as a second phase. If everything goes fine, then we will give them certification that their system and application are now secure.

Sometimes, I do face challenges. There's an issue where sometimes during the initial installation, it doesn't install properly. It gives multiple errors like packages not installing, so we have to install those tools separately. For instance, if we want to install a network or other tools, we have to install those complete toolkits manually.

So, the challenge is with the initial setup, where I sometimes get errors. 

Regarding wireless attacks, OS attacks, and social engineering... the tools should be easier to learn because I know everything very well, but some people in my team struggle to understand. If there were GUI interfaces for the tools, it would help me guide my team in using them step-by-step. Command lines are very difficult for other team members who know the tool's purpose but not the Linux commands. GUI interfaces need more improvement.

So, the UI interface needs improvement to make it more visible and easier for users. Expert users can do everything without any issues, but new users will struggle.

I've been working with Kali Linux for the last 10 to 12 years. I use the latest version. 

The stability is good because I've been using it for the last ten years. I've completed many successful projects, providing good vulnerability assessments to my clients and vendors.

It is a scalable solution. I would rate the scalability an eight out of ten.  

We have about four to five users using Kali Linux. Two or three are basic users; they need to learn first before they can execute the scripts.

We do not plan to increase the further usage because we do not have the need. I and some other partners have good experience with it, and we are managing those parts.

I tried to connect to customer support through email, but I received responses very slowly. In those situations, I do my own research and development to fix those particular errors.

For their understanding of the errors and providing solutions, I'd give them a ten out of ten. But about response time, I'll give it a five because it's very slow.

Neutral

From my perspective, I can set up Kali Linux with information gathering, vulnerability analysis tools, and application analysis tools. I'm able to configure those. 

However, now many people are interested in cybersecurity. So, I suggest that Kali Linux should improve things like the GUI interface, make it easier to use, and include a training portal that's easier for basic users to understand.

I use it sometimes on-premises and sometimes on the cloud.

Sometimes the setup takes only one hour, no more than that. But if we start getting errors, then it can take four to five hours to complete the setup of Kali Linux.

The price is good because Kali Linux already provides a good bundle of tools. The price is sufficient if you want a good operating system with the necessary tools. So, the cost is not an issue.

Kali Linux is much better than others because it gives you a good set of tools. It is preferred for vulnerability assessments and cybersecurity. You don't have to spend a lot of money on different tools like Tenable. We don't need those because everything is already there in Kali. You just need to explore, configure it properly, and it will provide you with good results.

Overall, I would rate it an eight out of ten because any new user or someone without deep expertise won't be able to understand how to scale or manage it, but an experienced person can. 

In general, Kali Linux is used for hosting applications, developing new applications, and operating systems. It's also used in containers and nodes. The tool offers a smaller footprint than Windows because it lacks the functionality of graphical user interfaces. One advantage of Kali Linux is its lower maintenance requirements than Windows, with slower update cycles and easier maintenance procedures.

The tool's most valuable features are low maintenance and stability. 

The tool is already stable and well-developed, so there's minimal feedback for enhancement or change. However, it should improve security, which is crucial, especially with the increasing use of Kali Linux in cloud environments.

I have been using the product for a few months. 

I rate the tool's stability a ten out of ten.

Kali Linux is scalable and has a smaller footprint. It can be run on multiple instances of your applications.

We have community support. I haven't faced any problems with support. 

The tool's deployment is quick and straightforward compared to Windows. It takes about five to ten minutes to complete. 

Kali Linux offers a perpetual license, meaning you pay for it once and can use it. While free versions of Linux are available, Kali Linux, being an enterprise edition, usually comes with a perpetual license. I rate its pricing a five out of ten. 

Pre-installed tools can provide basic training and security measures, which is helpful. However, these tools may not be sufficient to secure your workload fully. That's why it's important to complement them with other specialized security tools to enhance your overall security.

Before using Kali Linux, make sure you know its pros and cons. It's a good system to learn because it's the best choice for some situations. It has default firewall settings that block everything by default. It's up to the user to decide how much they want to open up.       

Learning Kali Linux takes time because it relies on command-line tasks instead of graphical interfaces. Practice is key to becoming comfortable with it.

I use the tool with Nmap to perform network audits. We use it to find vulnerabilities in our network through attacks. It's for those who want to launch or create viruses or perform attacks on systems. With Kali Linux, you can conduct penetration testing for networks, web applications, and Android mobile apps.

The product should improve its security features.

I have been using the product for five years. 

I rate Kali Linux's stability a nine out of ten. 

I rate the tool's scalability a seven to eight out of ten. I use it for my personal purposes. 

Kali Linux is open-source and doesn't have support. 

Setting up Kali Linux is straightforward. Deploying and installing it on our machines typically takes 25 minutes. The basic steps involve providing your name and selecting the location and time settings during installation. Once completed, you can use the default credentials to log into the Kali Linux operating system and gain permissions.

The tool is open-source. 

Kali Linux is a beginner tool. You can use it for testing and practicing. However, using it for real-time attacks can pose legal issues. Users can perform penetration testing but should refrain from attacking real company websites.

The tool is useful for personal use, such as for hackers or for conducting penetration testing and gathering information for review purposes. However, using it for unauthorized or suspicious activities could lead to legal repercussions.

I rate the overall product an eight out of ten. Hackers could potentially use it as a weapon to attack any company or website. 

I use the solution in my company for vulnerability assessment, to run penetration testing, and to do automated scans of the websites for malware. In general, the tool is useful to check for vulnerabilities in websites and applications.

The interface is good and straightforward to use.

In the older versions of the solution, there were problems with the UI. Improvements are only required in the UI of the product's older version. In the latest version of the product, the UI is good. If you know how to use the product, the UI part is okay.

There can be some lagging issues because the product gets stuck at times, making it an area of concern where improvements are required.

I have experience with Kali Linux since 2017.

It is a stable solution. Stability-wise, I rate the solution an eight out of ten.

At times, the product gets stuck, and there are some lagging-related issues, but it is something that depends on the system you are running the product on, so you can change the system if required.

It is a scalable solution.

Only I use the product in my company.

The tool is not hard to deploy. You just need to download Kali Linux Images and decide on how you want to deploy it. You can deploy the tool directly on a laptop, or you can deploy it through VirtualBox from VMware. For deployment, I just need to open Kali Linux Image on VirtualBox.

It is an open-source tool.

I have found the tool to be the most effective when we want to run the vulnerability assessment provided by the solution in our company for certain websites and applications so that we can find or detect issues. In our company, Kali Linux is used for most of the use case scenarios where vulnerability assessment is required.

The areas I found to be the most effective from the perspective of security tasks are Zed Attack Proxy (ZAP), Metasploit, Wireshark, Nikto, and SQLMAP.

There have been a lot of benefits from the pre-installed tools in the product, in terms of security auditing part in our company. There are also other operating systems on which you can run Kali Linux, where users are provided with a massive range of tools like BlackArch Linux and ParrotOS, which are useful for certain use cases.

The product is good to start with, and it is good for penetration testing and vulnerability assessment. It is good for those who want to go into the line of website security. New users of the product should know the basics of Linux to be able to use the solution because it is an area that could be hard for many.

The value derived from the use of the product in our company stems from the results it provides us. The reason to use the product is to get answers when you run a vulnerability assessment from a security perspective. The product provides an outcome that can be used to access the security posture of an application, and it can also help you find loopholes. In general, it can be used to test applications.

I rate the tool a ten out of ten.