Offensive Security has released Kali Linux 2020.3, the latest iteration of the popular open source penetration testing platform. You can download it or upgrade to it.
Kali Linux 2020.3 changes
New features include:
- Kali NetHunter – Kali’s mobile pentesting platform/app – has been augmented with Bluetooth Arsenal, which combines a set of Bluetooth tools in the app with pre-configured workflows and use cases. “You can use your external adapter for reconnaissance, spoofing, listening to and injecting audio into various devices, including speakers, headsets, watches, or even cars,” Offensive Security explained
- Kali NetHunter now also supports Nokia 3.1 and Nokia 6.1 phones
- The team has pre-generated 19 ARM images (“alternate flavors” of Kali for different ARM hardware) but has also refreshed build-scripts for ARM devices, so that users can quickly self generate images for those devices (39 in total)
- Win-KeX (Windows + Kali Desktop EXperience) provides a persistent-session GUI
There’s also some visual changes/upgrades:
- The design of Kali’s GNOME desktop environment has been improved
- There are new themed icons for tools
- Improved support for HiDPI (High Dots Per Inch) displays
A new default shell in the offing
Last but not least, one big announcement: the company aims to switch bash (aka “Bourne-Again SHell”) with ZSH as Kali’s default shell.
ZSH is based on the same shell as bash, but has additional features and support for plugins and themes.
The switch is scheduled to happen in the next iteration of the distro. In the meantime, users are urged to try it out and offer feedback.
“We hope we have the right balance of design and functionality, but we know these typically don’t get done perfect the first time. And, we don’t want to overload the default shell with too many features, as lower powered devices will then struggle or it may be hard to on the eyes to read,” the company explained.
“We will be doing extensive testing during this next cycle so we reserve the right to delay the default change, or change direction all together.”
Kali Linux contains a large amount of penetration testing tools from various different niches of the security and forensics fields. In addition, the versions of the tools can be tracked against their upstream sources.
Penetration Testing Tools present in Kali Linux
The Kali Linux penetration testing platform contains a vast array of tools and utilities, from information gathering to final reporting, that enable security and IT professionals to assess the security of their systems.
Metapackages give you the flexibility to install specific subsets of tools based on your particular needs. Kali Linux includes metapackages for wireless, web applications, forensics, software defined radio, and more.
Maintaining and updating the large number of tools included in the Kali distribution is a on-going task. Our Version Tracking page allows you to compare the current upstream version with the version currently in Kali.
NetHunter Rootless Edition
Install Kali NetHunter on any stock, unrooted Android device without voiding the warranty. Android Device (Stock unmodified device, no root or custom recovery required)
- Install the NetHunter-Store app from store.nethunter.com
- From the NetHunter Store, install Termux, NetHunter-KeX client, and Hacker’s keyboard Note: The button “install” may not change to “installed” in the store client after installation – just ignore it. Starting termux for the first time may seem stuck while displaying “installing” on some devices – just hit enter.
- Open Termux and type:
kali@kali:~$ pkg install wget
kali@kali:~$ wget -O install-nethunter-termux https://offs.ec/2MceZWr
kali@kali:~$ chmod +x install-nethunter-termux
Open Termux and type one of the following:
|start Kali NetHunter command line interface|
|configure the KeX password (only needed before 1st use)|
|start Kali NetHunter Desktop Experience user sessions|
|stop Kali NetHunter Desktop Experience|
|start Kali NetHunter cli as root|
|configure the KeX password for root|
|start Kali NetHunter Desktop Experience as root|
|stop Kali NetHunter Desktop Experience root sessions|
|Kill all KeX sessions|
Note: The command
nethunter can be abbreviated to
nh. Tip: If you run kex in the background (
&) without having set a password, bring it back to the foreground first when prompted to enter the password, i.e. via
fg <job id> – you can later send it to the background again via
Ctrl + z and
bg <job id>
To use KeX, start the KeX client, enter your password and click connect Tip: For a better viewing experience, enter a custom resolution under “Advanced Settings” in the KeX Client
sudo apt update && sudo apt full-upgrade -yfirst thing after installation to update Kali. If you have plenty of storage space available you might want to run
sudo apt install -y kali-linux-defaultas well.
- All of the penetration testing tools should work but some might have restrictions, e.g. metasploit works but doesn’t have database support. If you discover any tools that don’t work, please post it in our forums.
- Some utilities like “top” won’t run on unrooted phones.
- Non-root users still have root access in the chroot. That’s a proot thing. Just be aware of that.
- Galaxy phone’s may prevent non-root users from using sudo. Just use “su -c” instead.
- Perform regular backups of your rootfs by stopping all nethunter sessions and typing the following in a termux session:
tar -cJf kali-arm64.tar.xz kali-arm64 && mv kali-arm64.tar.xz storage/downloadsThat will put the backup in your Android download folder. Note: on older devices, change “arm64” to “armhf”
- Please join us in our forums to exchange tips and ideas and be part of a community that strives to make NetHunter even better.