Penetration testing for the masses with KaliPosted on May 15, 2013 by Finian
Kālī (Sanskrit: काली, IPA: [kɑːliː]), also known as Kālikā (Sanskrit: कालिका), is the Hindu goddess associated with empowerment, shakti. The name Kali comes from kala, which means black, time, death, lord of death, Shiva. [source: wikipedia]
Interesting and a little scary on first glance, but perhaps more relevant to us, Kali Linux is the new generation of the industry-leading Backtrack Linux penetration testing and security auditing distribution. Kali Linux is a complete re-build of Backtrack from the ground up, adhering completely to Debian development standards. [source: kali.org]
It’s new and kind of [definitely] different from what we have been used to with its predecessor. The target audience for this distribution has changed. It’s intended to be less of a pentester / security consultant / [dare I say it] skiddie oriented distribution and geared more towards the security-savvy sysadmin. It has been brought to us by the well-known Offensive Security team in conjunction with Rapid7. The technical requirements and therefore the associated learning curve for using it are intended to be lower, so that Kali (and perhaps Rapid7) can move into the Enterprise space. It has been suggested that it will be used as an internal security audit / penetration testing platform. Rapid7 will be providing enterprise support for users going forward for just this scenario. [Acquisition on the horizon?]
Does it meet this assertion? Well, at first glance, I’m not sure it’s quite there. Yet.
I guess the ultimate aim for the commercial organisations behind Kali is that any security conscious organisation (with a plugged-in CISO) can conduct their own penetration tests by pushing the Kali release to their technical teams to use. I’m not sure, however, whether the typical sysadmin has the time to invest in penetration testing or the familiarising themselves with the inner workings of a new operating system distribution. I think most would argue that they have enough to do already! More importantly, will your internal teams want to accept the responsibility of assessing and grading the security posture of your network?
With this in mind, Kali Linux does not yet provide a point-and-click pentest solution which I think is probably a requirement to meet the needs of this audience. All the common and well known security testing tools are present and neatly packaged within the distribution and the seamless integration of the Metasploit Framework will certainly help users get up, running and exploiting more quickly. However, without a means of correlating the results and findings into one manageable format, the value to the casual part time penetration tester is debatable.
If the idea is to use the much improved Metasploit pentest management engine, this may well appeal to the less technical user; however, does that now make it a platform which simply pushes the all-in-one Metasploit pentest tool, rather than allowing those tech-savvy admins into getting down and dirty with a real testing methodology? For a non-Linux experienced Administrator there is always the Metasploit Windows edition, which, on the surface, is a simpler solution.
In my opinion, until Kali gets to a point where a less technical user can interface with a shiny GUI, provide a network range, tweak a few settings and click to go, other solutions will be favoured; maybe Nessus or, for the financially unimpaired, Nexpose.
None of the this should detract in any way from the release of Kali Linux, however, and as a Backtrack user I can safely say that the move is an excellent development. It promises to offer a whole lot back to the Debian community and it’s more stable and sleeker than before. My next post will be a more technical look at the new Kali release, some of the changes there have been from Backtrack (mainly based on the move to Debian from Ubuntu!) and what else we can expect from the next generation pentest platform.