how to install & download Kali Linux? Step by Step Techcaro.com

Downloading Kali Linux

IMPORTANT! Never download Kali Linux images from anywhere other than the official sources.
Always be sure to verify the SHA256 checksums of the file you’ve downloaded against our official values.
It would be easy for a malicious entity to modify; a Kali installation to contain exploits or malware and host it unofficially.

Where to Get Official Kali Linux Images

ISO Files for Intel-based PCs

In order to run Kali “Live” from a USB drive on standard Windows and Apple PCs, you’ll need a Kali Linux bootable ISO image, in either 32-bit or 64-bit format.

If you’re not sure of the architecture of the system you want to run Kali on, on Linux or macOS, you can run the command uname -m at the command line. That you get the response, "x86_64", use the 64-bit ISO image (the one containing "amd64" in the file name); if you get "i386", use the 32-bit image (the one containing "i386" in the file name). If you're on a Windows system, the procedure for determining whether your architecture is detailed on Microsoft's website.

The Kali Linux images are available both as directly downloadable “.iso/.img” files or via “.torrent” files.

Building your own Kali Linux ISO, standard or customized, is a very simple process.

Virtual Machines Images

If you want to run Kali Linux as a “guest” under VMware or VirtualBox, Kali Linux is available as a pre-built virtual machine with any guest tools already installed. These images are available in 64-bit (amd64), and 32-bit PAE (i*86) formats.

ARM Images

The hardware architectures of ARM-based devices vary considerably, so it is not possible to have a single image that will work across all of them. Pre-built Kali Linux images for the ARM architecture are available for a wide range of devices.

Scripts for building your own ARM images locally are also available on GitLab. For more details, see the articles on setting up an ARM cross-compilation environment and building a custom Kali Linux ARM chroot.

Verifying Your Downloaded Kali Image

Why do I need to do this?

Before you run Kali Linux Live or install it to your hard disk, you want to be very sure that what you’ve got actually is Kali Linux and not an imposter. Kali Linux is a professional penetration testing and forensics toolkit. As a professional penetration tester; having absolute confidence in the integrity of your tools is critical; if your tools are not trustworthy, your investigations will not be trustworthy, either.

Moreover, as the leading penetration testing distribution, Kali’s strengths mean that a bogus version of Kali Linux could do a tremendous amount of damage if it were deployed unwittingly. There are plenty of people with plenty of reason to want to stick very sketchy stuff into something that looks like Kali, and you absolutely do not want to find yourself running something like that.

Avoiding this is simple:

• Only download Kali Linux via the official download pages at kali.org/downloads/ or offensive-security.com/kali-linux-vmware-arm-image-download/ — you will not be able to browse to these pages without SSL; encrypting the connection makes it much harder for an attacker to use a “man-in-the-middle” attack to modify your download. There are a few potential weaknesses to even these sources — see the sections on verifying the download with the SHA256SUMS file, and its signature against the official Kali Development team private key for something much closer to absolute assurance.
• Once you’ve downloaded an image, and before you run it, always validate that it really is what it’s supposed to be by verifying its checksum using one of the procedures detailed below.

There are several methods for verifying your download. Each provides a certain level of assurance and involves a corresponding level of effort on your part.

• You can download an ISO image from an official Kali Linux “Downloads” mirror; calculate the ISO’s SHA256 hash and compare it by inspection with the value listed on the Kali Linux site. This is quick and easy, but potentially susceptible to subversion via a DNS poisoning: it assumes that the site to which, for example; the domain “kali.org” resolves is in fact the actual Kali Linux site. If it somehow were not, an attacker could present a “loaded” image and a matching SHA256 signature on the fake web page. See the section “Manually Verify the Signature on the ISO (Direct Download)”, below.
• You can download an ISO image through the torrents, and it will also pull down a file — unsigned — containing the calculated SHA256 signature. You can then use the shasum command (on Linux and macOS) or a utility (on Windows) to automatically verify that the file’s computed; signature matches the signature in the secondary file. This is even easier than the “manual” method, but suffers from the same weakness; if the torrent you pulled down is not really Kali Linux, it could still have a good signature. See the section “Verify the Signature on the ISO; Using the Included Signature File (Torrent Download)”, below.
• To be as close to absolutely certain as possible that the Kali Linux download you’ve obtained is the real thing; you can download both a cleartext signature file; and a version of the same file that has been signed with the official Kali Linux; private key and use GNU Privacy Guard (GPG) to first; verify that the computed SHA256 signature and the signature in the cleartext file match and second; verify that the signed version of the file containing the SHA256 hash has been correctly signed with the official key.

If you use this more complicated process; and successfully validate your downloaded ISO, you can proceed with pretty complete assurance that what you’ve got is the official image; and that it has not been tampered with in any way. This method, while the most complex, has the advantage of providing independent assurance of the integrity of the image. The only way this method can fail is if the official Kali Linux private key is not only subverted by an attacker but also not subsequently revoked by the Kali Linux development team. For this method, see the section on verification using the SHA256SUMS file.

What do I need to do this?

If you’re running on Linux, you probably already have GPG (GNU Privacy Guard) installed. You’re on Windows or macOS, you’ll need to install the appropriate version for your platform.

• If you’re on a PC running Windows, download and install GPG4Win from here. Certain versions of Windows do not have the native ability to calculate SHA256 checksums. To check this, you can open the command prompt and run certutil -?. If you do have this installed, you can run certutil -hashfile kali-linux-2021.3-live-amd64.iso sha256 to verify your download. If you do not have certutil installed, you will also need a utility such as Microsoft File Checksum Integrity Verifier or Hashtab to verify your download.
• If you’re on a Macintosh running macOS, download and install GPGTools from here. Alternatively, if you have Homebrew installed, just run brew install gnupg

Once you’ve installed GPG, you’ll need to download and import a copy of the Kali Linux official key. Do this with the following command:

$ wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import

or the command

$ gpg --keyserver hkps://keys.openpgp.org --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6

Your output should look like this:

gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <devel@kali.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)

Verify that the key is properly installed with the command:

$ gpg --fingerprint 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6

The output will look like this:

pub rsa4096 2012-03-05 [SC] [expires: 2023-01-16] 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6 uid [ full] Kali Linux Repository <devel@kali.org> sub rsa4096 2012-03-05 [E] [expires: 2023-01-16]

You’re now set up to validate your Kali Linux download.

How Do I Verify My Downloaded Image?

Manually Verify the Signature on the ISO (Direct Download)

If you downloaded the ISO directly from the downloads page, verify it using the following procedure.

On Linux, or macOS, you can generate the SHA256 checksum from the ISO image you’ve downloaded with the following command (assuming that the ISO image is named “kali-Linux-2021.3-live-amd64.iso”, and is in your current directory):

$ shasum -a 256 kali-linux-2021.3-live-amd64.iso

The output should look like this:

e316b27025922e9f6bca0cacee6dde83dbfd4a549ad18026526f5824af639fc1 kali-linux-2021.3-live-amd64.iso

The resulting SHA256 signature, “e316b27025922e9f6bca0cacee6dde83dbfd4a549ad18026526f5824af639fc1”, can be seen to match the signature displayed in the “sha256sum” column on the official download page for the 64-bit Intel architecture Kali Linux 2021.3 ISO image:

Verify the Signature on the ISO Using the Included Signature File (Torrent Download)

If you downloaded your copy of the Kali Linux ISO image via the torrents, in addition to the ISO file (e.g. kali-linux-2021.3-live-amd64.iso), there will be a second file containing the computed SHA256 signature for the ISO, with the extension “.txt.sha256sum” (e.g. kali-linux-2021.3-live-amd64.txt.sha256sum). You can use this file to verify the authenticity of your download on Linux or macOS with the following command:

$ grep kali-linux-2021.3-live-amd64.iso kali-linux-2021.3-live-amd64.txt.sha256sum | shasum -a 256 -c

If the image is successfully authenticated, the response will look like this:

kali-linux-2021.3-live-amd64.iso: OK

IMPORTANT! If you are unable to verify the authenticity of the Kali Linux image you have downloaded as described in the preceding section, do NOT use it! Using it could endanger not only your own system, but any network you connect to as well as the other systems on that network. Stop, and ensure that you have downloaded the images from a legitimate Kali Linux mirror.

Verify the ISO Using the SHA256SUMS File

This is a more complex procedure, but offers a much higher level of validation: it does not rely on the integrity of the web site you downloaded the image from, only the official Kali Linux development team key that you install independently. To verify your image this way for an Intel architecture version of Kali, you will need to download three files from the Kali “Live CD Image” site for the current release (v2021.3, as of this writing):

• The ISO image itself (e.g. kali-linux-2021.3-live-amd64.iso)
• The file containing the calculated SHA256 hash for the ISO, SHA256SUMS
• The signed version of that file, SHA256SUMS.gpg

Before verifying the checksums of the image, you must ensure that the SHA256SUMS file is the one generated by Kali Linux. That’s why the file is signed by Kali’s official key with a detached signature in SHA256SUMS.gpg. If you have not already done so, Kali’s official key can be downloaded and imported into your keychain with this command:

$ wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import

or this command

$ gpg --keyserver hkps://keys.openpgp.org --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6

Your output should look like this:

gpg: key ED444FF07D8D0BF6: public key "Kali Linux Repository <devel@kali.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)

You should verify that the key is properly installed with the command:

$ gpg --fingerprint 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6

The output will look like this:

pub rsa4096 2012-03-05 [SC] [expires: 2023-01-16] 44C6 513A 8E4F B3D3 0875 F758 ED44 4FF0 7D8D 0BF6 uid [ full] Kali Linux Repository <devel@kali.org> sub rsa4096 2012-03-05 [E] [expires: 2023-01-16]

Once you have downloaded both SHA256SUMS and SHA256SUMS.gpg, you can verify the signature as follows:

$ gpg --verify SHA256SUMS.gpg SHA256SUMS gpg: Signature made Mon Sep 2 06:42:05 2019 EDT gpg: using RSA key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 gpg: Good signature from "Kali Linux Repository <devel@kali.org>" [full]

If you do not get that “Good signature” message or if the key ID does not match, then you should stop and review whether you downloaded the images from a legitimate Kali Linux mirror. The failed verification strongly suggests that the image you have may have been tampered with.

If you did get the “Good signature” response, you can now be assured that the checksum in the SHA256SUMS file was actually provided by the Kali Linux development team. All that remains to be done to complete the verification is to validate that the signature you compute from the ISO you’ve downloaded matches the one in the SHA256SUMS file. You can do that on Linux or macOS with the following command (assuming that the ISO is named “kali-linux-2021.3-live-amd64.iso” and is in your working directory):

$ grep kali-linux-2021.3-live-amd64.iso SHA256SUMS | shasum -a 256 -c

If the image is successfully authenticated, the response will look like this:

kali-linux-2021.3-live-amd64.iso: OK

If you do not get “OK” in response, then stop and review what’s happened: the Kali image you have has apparently been tampered with. Do NOT use it.

Once you’ve downloaded and verified your image, you can proceed to create a bootable “Kali Linux Live” USB drive.

If you are a person who is pursuing a career in Information Security, one of the most important things is to have a security-focused operating system. A suitable OS helps you in performing time-consuming and tedious tasks efficiently. Currently, there are countless Linux based OS but Kali Linux is arguably one of the best choices. It is used by cybersecurity experts for penetration testing, ethical hacking, and network security assessments. In this article, we will take a look at how to install Kali Linux.

Let’s take a look at topics covered in this article:

Let’s get started!

What is Kali Linux?

Kali Linux is the industry’s leading Linux distribution in penetration testing, ethical hacking, and security auditing.

When it comes to penetration testing, hacking and offensive Linux distributions, one of the first thing to be mentioned is Kali Linux. The software comes pre-packaged with a variety of different command line hacking tools geared towards various information security tasks. Such as Penetration Testing, Network Security, Computer Forensics, and Application Security. Basically, Kali Linux is the ultimate OS for ethical hackers and is widely recognized in all parts of the world, even among Windows users who may not even know what Linux is.

So, what makes Kali Linux a preferable choice when compared to other Linux distributions like Parrot Security, Backbox, Blackarch, and many others?

How to install Kali Linux? | Kali Linux Tutorial | Edureka

This Edureka video on “How to install Kali Linux?” will help you understand how to install Kali Linux on different platforms like windows, mac and Linux distributions.

Why do people use Kali Linux?

Kali Linux is the most preferred operating system to perform various information security tasks due to the following reasons:

• It offers more than 600 penetration testing tools from various fields of security and forensics
• Completely customizable, so if you are not comfortable with current Kali Linux features, you can customize Kali Linux the way you want
• Though penetration tools tend to be written in English, Kali provides multilingual support
• It supports a wide range of wireless devices
• Comes with the custom kernel, patched for injections
• Developed in a secure environment
• It’s a free and open source software

So, because of the above reasons, Kali Linux is the most popular OS used by Cyber Security experts all over the world. If you want to get into the world of Cyber Security and Ethical Hacking, learning how to install Kali Linux is the first step. You can go through this Cybersecurity video lecture where you can find our Training expert is discussing each & every nitty-gritty of the technology.

What is Cyber Security? | Introduction to Cyber Security | Edureka

This Edureka video on “What is Cyber Security” gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today’s IT world and how cybersecurity is the solution to these attacks.

Let’s start with our Kali Linux Installation!

How to install Kali Linux?

Kali Linux installation is a fairly simple process and you have multiple installation options. Most preferred ones include:

1. Installing Kali Linux by making a Kali (linux) bootable USB drive
2. Kali Linux hard disk install
3. Using virtualization software, such as VMware or VirtualBox
4. Dual booting Kali Linux with the operating system

While you have multiple options to choose from, in this article, we will learn how to install Kali Linux using virtualization software. Following are the below-stated steps, you can set up your machine with all the tools you need to perform a comprehensive penetration test.

INSTALLATION REQUIREMENTS

• Minimum 20 GB of free space in your hard drive is recommended.
• At least 4 GB of ram is recommended when using VMware or VirtualBox
• CD-DVD Drive / USB Support

Getting Started with Installation

Step 1: Install VMware

In order to run Kali Linux, we will need some sort of virtualization software first. While there are many options to choose from, such as Oracle’s VirtualBox, I prefer using VMware. Once the installation is done, launch VMware from your applications folder.

Step 2: Download Kali Linux and check image integrity

To download Kali Linux you can go to the official download page ;and select the one that best suits your needs from there. In addition, on the download page, you will find a bunch of hexadecimal numbers. And those are not there for fun. Kali Linux is intended to be used for security-related tasks. So, you need to check the integrity of the image you download.

You should check the SHA-256 fingerprint of the file and compare it with the one provided on the download site.

Step 3: Launch a new virtual machine

On VMware Workstation Pro homepage, click on create a new virtual machine, choose the Kali Linux iso file, select the guest operating system and configure virtual machine details (here, Kali Linux). Start the virtual machine by selecting the Kali Linux VM, and then clicking on the green “Power On” button.

The machine will start up!

INSTALLATION PROCEDURE

Step 1: Once the machine is powered up, you will be prompted to select your preferred installation mode in the GRUB menu. Select graphical install and continue.

Step 2: Next couple of screens will ask you to select locale information such as your preferred language, your country location and, keyboard layout.

Step 3: Once through the local information, the loader will automatically install some additional components and configure your network related settings. Then the installer will prompt for a hostname and domain for this installation. Provide appropriate information for the environment and continue installing.

Step 4: Set a password for your Kali Linux machine and hit continue. DO NOT FORGET THIS PASSWORD.

Cyber Security Training

Step 5: After the password is set, the installer will prompt you to set the time zone and then pauses at the disk partitioning. The installer will now provide you four choices about the partitions of the disk. The easiest option for you is to use ‘Guided — Use Entire Disk’. Experienced users can use the “Manual” partitioning method for more granular configuration options.

Step 6: Select the partitioning disk (the recommended option is all files in one partition for new users) & then hit on continue.

Step 7: Confirm all changes to be made to the disk on the host machine. Be aware that if you continue it will ERASE DATA ON THE DISK.

On you confirm the partition changes, the installer will run through the process of installing the files. Let it install the system automatically, this may take a while…

Step 8: Once the necessary files are installed, system will ask you if you want to set up a network mirror to obtain future pieces of software and updates. Be sure to enable this functionality if you wish to use the Kali repositories.

Let it configure the package manager related files then…

Step 9: Next you will be asked to install the GRUB boot loader. Select ‘Yes’ and pick the device to write the necessary boot loader information to the hard drive which is required to boot Kali.

Step 10: Once the installer finishes installing GRUB to the disk, click on continue to finish the installation, it will install some final stage files.

By this point, Kali would be successfully installed and you would be ready to begin your journey exploring Kali Linux!

Do you know what is google coin and How to choose a Blogging Niche? you might try our other content.

Originally published at https://techcaro.com on October 30, 2021.