Kali Linux, the go-to operating system for penetration testers and cybersecurity professionals, has rolled out its 2024.3 release. Packed with significant updates and transitions, this release marks an important milestone as the community works through multiple stack migrations, including the much-anticipated Python 3.12 transition. With this release, users gain access to new tools, optimizations, and enhancements, all while preparing for the substantial changes on the horizon in the 2024.4 release.
For seasoned users, this version may feel like a transitional period, with several backend adjustments aimed at improving future stability and security. Let’s dive into the key highlights and important details of Kali Linux 2024.3.
Changelog Highlights
The new Kali Linux 2024.3 release features numerous transitions and updates, primarily focused on backend improvements. Key updates include:
- Qualcomm NetHunter Pro Devices: Qualcomm Snapdragon SDM845 SoC is now supported, enhancing the compatibility of the NetHunter suite with popular devices like OnePlus 6 and Xiaomi Pocophone F1.
- 11 New Tools Added: The release introduces several new tools to bolster the capabilities of penetration testers, such as
goshs
(an HTTP server with extended features),hekatomb
(credential extraction from domain computers), andsippts
(auditing tools for SIP-based VoIP systems). - Multiple Transitions: Following the t64 transition, the release also tackles updates in GCC 14, glibc 2.40, and Python 3.12. However, Python 3.12 won’t become the default until the 2024.4 release. Until then, Python 3.11 remains the default interpreter in this version.
- Kali Kernel Now at 6.8: The release also sees Kali Linux upgrade to the 6.8 kernel, further solidifying its standing as a cutting-edge OS for cybersecurity professionals.
New Tools and Features
Several new tools have been added in this release, many of which come from community contributions. Some highlights include:
goshs
: A more feature-packed alternative to SimpleHTTPServer.graudit
: A source code auditing tool to identify vulnerabilities.netexec
: Network service exploitation automation tool.sqlmc
: Scans domain URLs for SQL injection vulnerabilities.
With each new release, Kali demonstrates its commitment to providing users with the most comprehensive toolkit for digital forensics, security research, and penetration testing.
Kali NetHunter and ARM Updates
The 2024.3 release brings substantial updates for the NetHunter platform as well, adding support for additional devices with Qualcomm Snapdragon SDM845 SoCs, such as OnePlus 6/6T, Xiaomi Mi MIX 2S, and Fairphone 4. Meanwhile, Kali ARM builds have seen improvements in both compatibility and performance, including support for Raspberry Pi 4 Compute Module Wi-Fi and a speed boost for Raspberry Pi 5 with A2 microSD cards.
The Python 3.12 Transition
One of the most impactful changes coming in the next release is the Python 3.12 update, which removes several deprecated APIs. This means some packages may break if they haven’t been updated to handle the new Python version. In this release, Python 3.11 remains the default interpreter to give developers and users time to adjust. By the next release (2024.4), Python 3.12 will be standard, and pip
package installation will no longer be supported.
10 Best Practices for Using Kali Linux
- Regular System Updates: Always keep your Kali installation updated by regularly running
sudo apt update && sudo apt -y full-upgrade
to get the latest patches, tools, and security fixes. - Use Virtual Machines or Containers: To maintain a secure testing environment, use Kali Linux in virtual machines like VirtualBox or VMware. Alternatively, you can run it in containers (Docker) to isolate activities.
- Configure Proper Network Security: Avoid running Kali Linux on open or insecure networks. Ensure that you have a firewall set up and consider using VPNs for added privacy during penetration testing.
- Enable Multi-Factor Authentication (MFA): Secure your Kali system by enabling multi-factor authentication, especially for remote access services like SSH.
- Utilize Non-Root User: Avoid running Kali as the root user for everyday tasks. Set up a regular user account for non-admin tasks to prevent unintended system damage.
- Use Encrypted Storage: When installing Kali Linux, enable full disk encryption to safeguard data on your system. For sensitive data storage, consider using tools like VeraCrypt.
- Backup Configurations Regularly: Backup important configurations, tools, and scripts so you can quickly restore them in case of corruption or system failure.
- Participate in the Kali Community: Get involved in the Kali community by reporting bugs and contributing to the development of tools, scripts, or documentation.
- Use Sandboxed Browsing for Research: To protect your Kali installation from malicious websites, use a sandboxed browser when researching vulnerabilities or attack vectors.
- Practice Ethical Hacking: Ensure all your testing activities comply with legal and ethical guidelines. Always have authorization before performing any penetration testing on networks or systems.
10 Best Tools in Kali Linux 2024.3
- Nmap: A versatile network scanning tool for discovering hosts, ports, and services on a network.
- Metasploit: A powerful penetration testing framework that helps security professionals exploit vulnerabilities and test system security.
- Wireshark: A network protocol analyzer that allows you to capture and inspect network traffic in real time.
- Burp Suite: A web application security scanner that helps identify and exploit web vulnerabilities.
- Hydra: A password-cracking tool that supports numerous protocols for brute force password attacks.
- John the Ripper: A fast password cracker that can be used to test the strength of password hashes.
- SQLmap: An automated tool for detecting and exploiting SQL injection vulnerabilities in databases.
- GoBuster: A directory brute-forcing tool used for web application security assessments.
- Aircrack-ng: A complete suite of tools to assess Wi-Fi network security and perform WEP/WPA/WPA2 attacks.
- Netcat: A versatile networking tool used for debugging and investigating network connections.
10 Steps to Use and Understand Kali Linux 2024.3
- Install Kali Linux:
- Download the latest Kali Linux ISO from the official website.
- Use a hypervisor like VirtualBox or VMware to create a virtual machine, or install it directly on a physical machine.
- Update the System:
- After installation, update your Kali system by running:bashCopy code
sudo apt update && sudo apt -y full-upgrade
- After installation, update your Kali system by running:bashCopy code
- Familiarize Yourself with Kali’s Interface:
- Explore the GNOME or Xfce desktop environments (depending on your installation) to understand basic navigation and system utilities.
- Explore Pre-Installed Tools:
- Access the Kali menu to view all categories of tools, such as Information Gathering, Vulnerability Analysis, and Exploitation Tools.
- Install Additional Tools:
- Install any missing tools you might need by using:bashCopy code
sudo apt install <tool-name>
- Install any missing tools you might need by using:bashCopy code
- Run Nmap for Network Scanning:
- Perform a basic network scan using Nmap:bashCopy code
sudo nmap -sP <target-IP-range>
- Perform a basic network scan using Nmap:bashCopy code
- Test Web Application Security with Burp Suite:
- Launch Burp Suite and configure your browser proxy to intercept web traffic for analysis and exploitation.
- Crack Wi-Fi Passwords Using Aircrack-ng:
- Use Aircrack-ng to capture Wi-Fi packets and attempt to crack a WEP/WPA/WPA2 password:bashCopy code
sudo airmon-ng start wlan0
- Use Aircrack-ng to capture Wi-Fi packets and attempt to crack a WEP/WPA/WPA2 password:bashCopy code
- Use Metasploit for Vulnerability Exploitation:
- Launch Metasploit and use it to find and exploit system vulnerabilities:bashCopy code
sudo msfconsole
- Launch Metasploit and use it to find and exploit system vulnerabilities:bashCopy code
- Stay Informed and Update Frequently:
- Read Kali’s official blog and documentation to stay up to date with the latest releases and changes. Always use the latest tools for efficient and secure testing.
10 Tips to Prepare for Future Transitions and Avoid Cybersecurity Threats
To ensure that your systems remain secure and up-to-date, especially with major updates like the Python 3.12 transition, here are ten tips for cybersecurity professionals:
- Stay Updated: Always keep your systems and tools updated with the latest versions, including any patches or fixes from Kali’s repository.
- Test Compatibility Early: If you rely on custom tools or scripts, test them with Python 3.12 in a sandbox environment before the final rollout to ensure compatibility.
- Backup Regularly: Make sure you back up your important files and configurations before upgrading Kali to avoid data loss.
- Harden Network Security: Implement strong firewall rules, VPN configurations, and secure SSH access to protect against unauthorized access.
- Use Multi-Factor Authentication: Enforce multi-factor authentication (MFA) wherever possible to secure accounts and access points.
- Review and Update Scripts: Scripts relying on deprecated APIs should be reviewed and updated for compatibility with the new Python versions.
- Contribute to Bug Reports: Encounter bugs or issues? Contribute feedback to the Kali community via bug reports to improve future releases.
- Stay Informed: Regularly check Kali’s blog and documentation for any upcoming changes, and be proactive in adapting to them.
- Test New Tools: Take the time to explore new tools added to Kali, as they can significantly expand your cybersecurity capabilities.
- Secure Development Environments: Ensure your testing and development environments are isolated from production systems to prevent accidental exposure of vulnerabilities.
Conclusion
The Kali Linux 2024.3 release sets the stage for some major transitions, most notably the move to Python 3.12. While this update primarily focuses on backend optimizations, users should be prepared for a wave of new updates and features coming in the next release. The additions of new tools and enhancements to the NetHunter platform ensure that Kali remains at the forefront of cybersecurity tools.
As we look forward to 2024.4, this is an exciting time for Kali users, who are encouraged to test new features and report bugs to make the platform even more robust.
Want to stay on top of cybersecurity news? Follow us on Facebook, X (Twitter), Instagram, and LinkedIn for the latest threats, insights, and updates!