Technology, Support & Services

Kali Linux 2020.3 released: A new shell and a Bluetooth Arsenal for NetHunter – Help Net Security

Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. You can download it or upgrade to it.

Kali Linux 2020.3 changes

New features include:

  • Kali NetHunter – Kali’s mobile pentesting platform/app – has been augmented with Bluetooth Arsenal, which combines a set of Bluetooth tools in the app with pre-configured workflows and use cases. “You can use your external adapter for reconnaissance, spoofing, listening to and injecting audio into various devices, including speakers, headsets, watches, or even cars,” Offensive Security explained
  • Kali NetHunter now also supports Nokia 3.1 and Nokia 6.1 phones
  • The team has pre-generated 19 ARM images (“alternate flavors” of Kali for different ARM hardware) but has also refreshed build-scripts for ARM devices, so that users can quickly self generate images for those devices (39 in total)
  • Win-KeX (Windows + Kali Desktop EXperience) provides a persistent-session GUI

There’s also some visual changes/upgrades:

  • The design of Kali’s GNOME desktop environment has been improved
  • There are new themed icons for tools
  • Improved support for HiDPI (High Dots Per Inch) displays

A new default shell in the offing

Last but not least, one big announcement: the company aims to switch bash (aka “Bourne-Again SHell”) with ZSH as Kali’s default shell.

ZSH is based on the same shell as bash, but has additional features and support for plugins and themes.

The switch is scheduled to happen in the next iteration of the distro. In the meantime, users are urged to try it out and offer feedback.

“We hope we have the right balance of design and functionality, but we know these typically don’t get done perfect the first time. And, we don’t want to overload the default shell with too many features, as lower powered devices will then struggle or it may be hard to on the eyes to read,” the company explained.

“We will be doing extensive testing during this next cycle so we reserve the right to delay the default change, or change direction all together.”

Kali Linux contains a large amount of penetration testing tools from various different niches of the security and forensics fields. In addition, the versions of the tools can be tracked against their upstream sources.

Penetration Testing Tools present in Kali Linux

The Kali Linux penetration testing platform contains a vast array of tools and utilities, from information gathering to final reporting, that enable security and IT professionals to assess the security of their systems.

Metapackages give you the flexibility to install specific subsets of tools based on your particular needs. Kali Linux includes metapackages for wireless, web applications, forensics, software defined radio, and more.

Maintaining and updating the large number of tools included in the Kali distribution is a on-going task. Our Version Tracking page allows you to compare the current upstream version with the version currently in Kali.

NetHunter Rootless Edition

Install Kali NetHunter on any stock, unrooted Android device without voiding the warranty. Android Device (Stock unmodified device, no root or custom recovery required)

  • Install the NetHunter-Store app from store.nethunter.com
  • From the NetHunter Store, install Termux, NetHunter-KeX client, and Hacker’s keyboard Note: The button “install” may not change to “installed” in the store client after installation – just ignore it. Starting termux for the first time may seem stuck while displaying “installing” on some devices – just hit enter.
  • Open Termux and type:
    • kali@kali:~$ termux-setup-storage
    • kali@kali:~$ pkg install wget
    • kali@kali:~$ wget -O install-nethunter-termux https://offs.ec/2MceZWr
    • kali@kali:~$ chmod +x install-nethunter-termux
    • kali@kali:~$ ./install-nethunter-termux

Usage:

Open Termux and type one of the following:

CommandTo
nethunterstart Kali NetHunter command line interface
nethunter kex passwdconfigure the KeX password (only needed before 1st use)
nethunter kex &start Kali NetHunter Desktop Experience user sessions
nethunter kex stopstop Kali NetHunter Desktop Experience
nethunter <command>run in NetHunter environment
nethunter -rstart Kali NetHunter cli as root
nethunter -r kex passwdconfigure the KeX password for root
nethunter -r kex &start Kali NetHunter Desktop Experience as root
nethunter -r kex stopstop Kali NetHunter Desktop Experience root sessions
nethunter -r kex killKill all KeX sessions
nethunter -r <command>run <command> in NetHunter environment as root

Note: The command nethunter can be abbreviated to nh. Tip: If you run kex in the background (&) without having set a password, bring it back to the foreground first when prompted to enter the password, i.e. via fg <job id> – you can later send it to the background again via Ctrl + z and bg <job id>

To use KeX, start the KeX client, enter your password and click connect Tip: For a better viewing experience, enter a custom resolution under “Advanced Settings” in the KeX Client

Tips:

  1. Run sudo apt update && sudo apt full-upgrade -y first thing after installation to update Kali. If you have plenty of storage space available you might want to run sudo apt install -y kali-linux-default as well.
  2. All of the penetration testing tools should work but some might have restrictions, e.g. metasploit works but doesn’t have database support. If you discover any tools that don’t work, please post it in our forums.
  3. Some utilities like “top” won’t run on unrooted phones.
  4. Non-root users still have root access in the chroot. That’s a proot thing. Just be aware of that.
  5. Galaxy phone’s may prevent non-root users from using sudo. Just use “su -c” instead.
  6. Perform regular backups of your rootfs by stopping all nethunter sessions and typing the following in a termux session: tar -cJf kali-arm64.tar.xz kali-arm64 && mv kali-arm64.tar.xz storage/downloads That will put the backup in your Android download folder. Note: on older devices, change “arm64” to “armhf”
  7. Please join us in our forums to exchange tips and ideas and be part of a community that strives to make NetHunter even better.

Leave a Reply

Your email address will not be published. Required fields are marked *