Chase the purple dragon
There are people who want to break into networks and machines, and people who try to stop them, known as red teams and blue teams.
Kali Linux has always sat comfortably and firmly in the red team encampment, providing tools to test network security and generally giving blue teams a hard time.
It’s an adversarial approach and one that sees red and blue teams constantly at odds, with defensive security being tested to its limits by the red team.
With Kali Purple, Offensive Security has taken a new approach in attempting to make red and blue teams work together. Red and blue combined is purple. Get it? With Kali Purple, you get a mixture of tools, so you’re no longer manning a machine gun from the trenches or sending waves of bots to get snagged on digital barbed wire. You can take a more nuanced approach.
Stay defensive with Purple
Unlike the main version of Kali, which is designed to be run on anything other than a modern desktop and offers a multitude of installation options, Kali Purple provides no such convenience. There are two options: you can choose the bog standard Kali Purple, which contains everything you need for a complete offline installation, or opt for the weekly build, which offers untested images with the latest updates. Unless you must have bleeding-edge tools at the potential expense of a stable system, avoid the weekly images.
Installation is more or less the same as with the main edition of Kali, albeit with a purplish hue to the installer. It’s as smooth as you’d expect and as there’s no option of a 10GB Everything download containing every offensive tool ever made, it’s quick as well.
During installation, you don’t get a choice of how big you want your offensive arsenal to be – however, you can select which groups of defensive tools to install. These are arranged by purpose in categories including Protect, Detect, Respond and so on (see boxout, bottom-right). The installer gives no clue as to what exactly is inside these categories, so take it on faith that they’re probably something you need.
When you first boot to the desktop, the first thing you’ll notice is how nice and relaxed it all seems. The ubiquitous dragon is still front and centre, but the malevolent gleam is gone from his eye and he’s white against a pink background. There’s no bombastic and mystical slogan, just the words ‘Kali Purple’, again, in white. The distro has purple in the name, but to our mind, it’s a kind of general pinkish pastel theme.
We were a little disappointed with the wallpaper selection, which featured only six dragons in total.
Open the System menu and you’ll immediately start to see even more differences. The black offensive categories have been gutted. Searchsploit is the only tool listed in Exploitation Tools, and if you’re looking for social engineering resources, you’ll be sadly disappointed. The purple/pink categories are stuffed to overflowing with everything you could need to fend off an attack and respond to it effectively.
There’s a fair bit of crossover between the two tool suites, and using the System menu you’ll often find the same tool in both the offensive and defensive categories.
Turning purple more like
The tools categorisation is logical and relates to the order in which you would respond to an attack. Ideally, you’d like to be able to identify an intruder before he breaks in to your house. Maybe you would shout out of the window to try to scare him off.
As with the main Kali release, entries in the System menu generally cause the tool’s help page to open in the terminal. Notable exceptions to this include OWASP Zap, an integrated tool for finding vulnerabilities in web apps, and
WireShark, a free and open source cross-platform packet analyser.
Browsing through the Kali Purple wiki before downloading, we were looking forward to trying out some of the awesome GUI tools listed. These are apps like Kali Autopilot, a script builder for automated attacks, and various dashboards that enable you to visualise system architecture, security analytics, network traffic and more. These kind of visual tools are vital in giving you an at-a-glance reference and enabling you to spot unusual activity. Are we under attack? Yes we are!
It was a little saddening to find that many of the tools described and screenshotted in the publicity aren’t actually included in the ‘complete offline installation’ package. We were particularly looking forward to trying out Malcolm, Hedgehog and Arkime,
but were unable to find them either in the System menu or in the terminal.
Attempting to install Hedgehog using apt-get was also unsuccessful, and the closest thing we could find was Hedgewars –a Worms-like game that sees spiky critters launching missiles at each other across cartoonish landscapes. There were no suggestions for Malcolm.
Arkime was present in the Kali repository though, but when we installed it using apt-get, it simply would not start.
Kali Autopilot is an attack script builder and framework for automated attacks. You can use it to attack certain parts of your infrastructure to see what breaks, and it’s another one of the big things we were excited to try. In the docs (and Kali docs are extensive), we read that Kali Autopilot would show up in the Exploitation Tools menu after running:
$ sudo apt install kali-autopilot
Guess what! ‘Unable to locate package kaliautopilot.’ At the time of writing, Kali Purple has been available for download for only a couple of days, so we expect the missing tools to materialise pretty soon. In the meantime, flagship features are missing and it’s an incredibly frustrating experience. Everything you need for a complete offline installation? Not even close.
Who is purple for ?
Kali Purple is not a daily driver for the average user, despite what its soothing colour scheme would suggest, and it comes with the same warnings as Kali proper. Adding repositories can bust your system. Don’t try to install Steam and don’t use it as the foundation of a gaming rig. Instead, it seems Kali Purple is meant to fill a gap in the market for small enterprises who have security trained staff, but don’t have the resources of a multinational corporation, and can’t or won’t pay the millions of pounds annually required for security as a service. Most of the tools included in Kali Purple are free and open source. Some may require a small fee for premium features, but you won’t be paying through the nose as you would with SolarWinds. Looking at Kali Purple, it’s easy to think that it’s a simple idea that should have been done years ago, but the concept of a defensive platform rather than an attack and pentesting distro is entirely new. Overall, we love Kali Purple, we love its tools, and we can’t wait for the complete toolset to roll out.