Kali Linux is the industry-standard distribution for penetration testing and security research. This guide covers everything a beginner needs to get started: installation options, initial setup, essential tools, and how to use Kali legally and responsibly.
What is Kali Linux?
Kali Linux is a Debian-based distribution maintained by Offensive Security, specifically designed for:
- Penetration testing
- Digital forensics
- Security auditing
- Vulnerability assessment
- CTF (Capture the Flag) competitions
It ships with 600+ pre-installed security tools including Nmap, Metasploit, Burp Suite, Wireshark, Aircrack-ng, and many more.
Legal Warning: Only use Kali Linux tools on systems you own or have explicit written permission to test. Unauthorized penetration testing is illegal in most jurisdictions.
Installation Options
Option 1: Virtual Machine (Recommended for Beginners)
The safest way to start — your host OS is unaffected:
- Download VirtualBox (free) or VMware Workstation
- Download the Kali Linux VM image
- Import the
.ovafile into VirtualBox: - File → Import Appliance → select the .ova → Import
- Default credentials:
kali/kali
VirtualBox settings to optimize: - RAM: 4GB minimum, 8GB recommended - CPUs: 2 minimum, 4 recommended - Video Memory: 128MB - Enable 3D Acceleration
Option 2: Bare Metal Install
Best performance. Use a dedicated machine or a laptop not used for daily work.
- Download Kali Linux ISO
- Create bootable USB with Etcher:
Flash from file → Select ISO → Select target USB → Flash! - Boot from USB (press F12/F2/Del during boot to open boot menu)
- Select "Graphical Install"
Disk partitioning for single-boot: - Use entire disk → All files in one partition → Finish
Option 3: WSL2 on Windows
# Windows PowerShell (Admin)
wsl --install -d kali-linux
Then in WSL:
sudo apt update && sudo apt install -y kali-linux-default
Option 4: Live Boot (No Install)
Boot from USB without installing. Great for forensics (no writes to disk):
- Create bootable USB (same as above)
- Boot from USB
- Select "Live (amd64)"
- Changes don't persist after reboot
Option 5: Raspberry Pi / ARM
Kali supports Raspberry Pi 4/5:
# Download ARM image from kali.org
# Flash with Etcher
# Boot and log in: kali/kali
Initial Setup After Installation
Change Default Password
passwd
# Enter current password: kali
# Enter new password: (your strong password)
# Confirm: (repeat)
Update the System
sudo apt update && sudo apt full-upgrade -y
sudo apt autoremove -y
sudo reboot
This is critical — always update before doing anything else.
Install Additional Tools
# Install a specific tool set
sudo apt install -y kali-linux-default # core tools (included by default)
sudo apt install -y kali-linux-large # more tools (~9GB)
sudo apt install -y kali-linux-everything # all tools (~20GB)
# Or install individual tools
sudo apt install -y burpsuite
sudo apt install -y maltego
sudo apt install -y bloodhound
Configure Display (VM)
If screen resolution is wrong in VirtualBox:
sudo apt install -y virtualbox-guest-x11
sudo reboot
Essential Tools Overview
Network Scanning — Nmap
# Scan a host (replace with IP you OWN)
nmap 192.168.1.1
# Scan with service detection
nmap -sV 192.168.1.1
# Scan with OS detection
nmap -O 192.168.1.1
# Full aggressive scan
nmap -A 192.168.1.1
# Scan a subnet
nmap 192.168.1.0/24
# Scan specific ports
nmap -p 22,80,443,8080 192.168.1.1
# Stealth SYN scan
sudo nmap -sS 192.168.1.1
# UDP scan
sudo nmap -sU 192.168.1.1
Web Application Testing — Nikto
# Scan a web server for vulnerabilities
nikto -h http://testphp.vulnweb.com
# Scan specific port
nikto -h http://192.168.1.100 -p 8080
Password Cracking — John the Ripper
# Crack /etc/shadow (on a test system)
john /etc/shadow
# With wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt hashfile.txt
# Show cracked passwords
john --show hashfile.txt
Extract Archives
Kali includes rockyou.txt (famous password wordlist):
ls /usr/share/wordlists/
gunzip /usr/share/wordlists/rockyou.txt.gz
wc -l /usr/share/wordlists/rockyou.txt
# 14,344,391 passwords
Wireless Testing — Aircrack-ng
Requires a compatible wireless adapter (see our Kali WiFi adapter guide):
# Check wireless interfaces
iwconfig
# Put interface in monitor mode
sudo airmon-ng start wlan0
# Scan for networks
sudo airodump-ng wlan0mon
# Capture traffic from specific network
sudo airodump-ng -c 6 --bssid AA:BB:CC:DD:EE:FF -w capture wlan0mon
Metasploit Framework
# Start Metasploit
msfconsole
# Search for exploits
msf6 > search ms17-010
# Use an exploit
msf6 > use exploit/windows/smb/ms17_010_eternalblue
# Set target
msf6 exploit(ms17_010_eternalblue) > set RHOSTS 192.168.1.100
# Run
msf6 exploit(ms17_010_eternalblue) > run
Important: Only test Metasploit against machines you own or have permission to test (e.g., your own vulnerable VMs like Metasploitable).
Set Up a Practice Lab
Never test tools against real targets without permission. Set up a local lab:
Option 1: Metasploitable 2
Intentionally vulnerable Linux VM:
# Download from: https://sourceforge.net/projects/metasploitable/
# Import into VirtualBox
# Network: Host-Only or Internal Network (isolated from internet!)
Option 2: DVWA (Damn Vulnerable Web Application)
# Using Docker
docker run -d -p 80:80 vulnerables/web-dvwa
# Access: http://localhost
# Login: admin / password
Option 3: HackTheBox / TryHackMe
Online platforms with legal targets:
- TryHackMe — great for beginners, guided paths
- HackTheBox — more advanced, CTF-style
Network Isolation
Always isolate your lab from your real network:
In VirtualBox: Network → Adapter → Attached to: Host-Only Adapter
This prevents tools from accidentally scanning your real network.
Terminal Basics for Kali
If you're new to Linux:
# Navigation
pwd # current directory
ls -la # list files with details
cd /tmp # change directory
cd ~ # go to home directory
cd .. # go up one level
# File operations
cp source dest # copy
mv source dest # move/rename
rm file # delete file
rm -rf dir/ # delete directory (be careful!)
mkdir newdir # create directory
# Text viewing
cat file.txt # show entire file
less file.txt # scroll through file (q to quit)
grep "pattern" file.txt # search in file
head -n 20 file.txt # first 20 lines
tail -n 20 file.txt # last 20 lines
# Permissions
chmod +x script.sh # make executable
sudo command # run as root
sudo -i # root shell
# Networking
ip a # show IP addresses
ip route # show routing table
ping 8.8.8.8 # test connectivity
curl http://example.com # HTTP request
Customizing Kali
Change Shell to Zsh (default in modern Kali)
chsh -s /usr/bin/zsh
Kali uses zsh with Oh My Zsh by default since 2020.
Terminal Multiplexer (Tmux)
# Start tmux
tmux
# Split horizontally
Ctrl+b %
# Split vertically
Ctrl+b "
# Switch panes
Ctrl+b arrow-key
# Detach (session keeps running)
Ctrl+b d
# Reattach
tmux attach
Common Aliases
Add to ~/.zshrc or ~/.bashrc:
alias update='sudo apt update && sudo apt full-upgrade -y'
alias ports='ss -tlnp'
alias myip='curl -s ifconfig.me'
alias nmap-quick='nmap -sV -sC -oA scan'
Kali Services
# Start/stop services as needed (don't run unnecessary services)
# SSH server
sudo systemctl start ssh
sudo systemctl enable ssh
# PostgreSQL (required by Metasploit)
sudo systemctl start postgresql
sudo msfdb init
# Apache web server
sudo systemctl start apache2
Keeping Kali Updated
# Regular update (run weekly)
sudo apt update && sudo apt full-upgrade -y
# Clean up
sudo apt autoremove -y
sudo apt clean
# Check Kali version
cat /etc/os-release
uname -r
Learning Path for Beginners
- Linux fundamentals — spend 2-4 weeks getting comfortable with the terminal
- Networking basics — understand TCP/IP, subnets, DNS, HTTP
- TryHackMe — complete "Pre-Security" and "Introduction to Cybersecurity" paths
- Web fundamentals — DVWA, learn OWASP Top 10
- Nmap mastery — Nmap book is free online
- Metasploit Unleashed — free course at offensive-security.com
- CTF competitions — PicoCTF, CTFtime.org for practice
- CEH or OSCP certification — when ready to go professional
Summary
Getting started with Kali Linux in 2026:
- Install — VM (easiest), bare metal (best performance), WSL2 (Windows), or live USB
- Update —
sudo apt update && sudo apt full-upgrade -yimmediately - Learn the terminal — basic Linux commands first
- Practice legally — Metasploitable, DVWA, TryHackMe, HackTheBox
- Core tools — Nmap, Nikto, Burp Suite, Metasploit, Aircrack-ng
- Stay legal — only test systems you own or have explicit permission to test
Kali Linux is a professional tool. Use it to learn, grow your career in cybersecurity, and make systems more secure — never to harm others.