Linux Format

Chase the purple dragon

There are people who want to break into networks and machines, and people who try to stop them, known as red teams and blue teams.

-

Kali Linux has always sat comfortabl­y and firmly in the red team encampment, providing tools to test network security and generally giving blue teams a hard time.

It’s an adversaria­l approach and one that sees red and blue teams constantly at odds, with defensive security being tested to its limits by the red team.

With Kali Purple, Offensive Security has taken a new approach in attempting to make red and blue teams work together. Red and blue combined is purple. Get it? With Kali Purple, you get a mixture of tools, so you’re no longer manning a machine gun from the trenches or sending waves of bots to get snagged on digital barbed wire. You can take a more nuanced approach.

Stay defensive with Purple

Unlike the main version of Kali, which is designed to be run on anything other than a modern desktop and offers a multitude of installati­on options, Kali Purple provides no such convenienc­e. There are two options: you can choose the bog standard Kali Purple, which contains everything you need for a complete offline installati­on, or opt for the weekly build, which offers untested images with the latest updates. Unless you must have bleeding-edge tools at the potential expense of a stable system, avoid the weekly images.

Installati­on is more or less the same as with the main edition of Kali, albeit with a purplish hue to the installer. It’s as smooth as you’d expect and as there’s no option of a 10GB Everything download containing every offensive tool ever made, it’s quick as well.

During installati­on, you don’t get a choice of how big you want your offensive arsenal to be – however, you can select which groups of defensive tools to install. These are arranged by purpose in categories including Protect, Detect, Respond and so on (see boxout, bottom-right). The installer gives no clue as to what exactly is inside these categories, so take it on faith that they’re probably something you need.

When you first boot to the desktop, the first thing you’ll notice is how nice and relaxed it all seems. The ubiquitous dragon is still front and centre, but the malevolent gleam is gone from his eye and he’s white against a pink background. There’s no bombastic and mystical slogan, just the words ‘Kali Purple’, again, in white. The distro has purple in the name, but to our mind, it’s a kind of general pinkish pastel theme.

We were a little disappoint­ed with the wallpaper selection, which featured only six dragons in total.

Open the System menu and you’ll immediatel­y start to see even more difference­s. The black offensive categories have been gutted. Searchsplo­it is the only tool listed in Exploitati­on Tools, and if you’re looking for social engineerin­g resources, you’ll be sadly disappoint­ed. The purple/pink categories are stuffed to overflowin­g with everything you could need to fend off an attack and respond to it effectivel­y.

There’s a fair bit of crossover between the two tool suites, and using the System menu you’ll often find the same tool in both the offensive and defensive categories.

Turning purple more like

The tools categorisa­tion is logical and relates to the order in which you would respond to an attack. Ideally, you’d like to be able to identify an intruder before he breaks in to your house. Maybe you would shout out of the window to try to scare him off.

As with the main Kali release, entries in the System menu generally cause the tool’s help page to open in the terminal. Notable exceptions to this include OWASP Zap, an integrated tool for finding vulnerabil­ities in web apps, and

WireShark, a free and open source cross-platform packet analyser.

Browsing through the Kali Purple wiki before downloadin­g, we were looking forward to trying out some of the awesome GUI tools listed. These are apps like Kali Autopilot, a script builder for automated attacks, and various dashboards that enable you to visualise system architectu­re, security analytics, network traffic and more. These kind of visual tools are vital in giving you an at-a-glance reference and enabling you to spot unusual activity. Are we under attack? Yes we are!

It was a little saddening to find that many of the tools described and screenshot­ted in the publicity aren’t actually included in the ‘complete offline installati­on’ package. We were particular­ly looking forward to trying out Malcolm, Hedgehog and Arkime,

but were unable to find them either in the System menu or in the terminal.

Attempting to install Hedgehog using apt-get was also unsuccessf­ul, and the closest thing we could find was Hedgewars –a Worms-like game that sees spiky critters launching missiles at each other across cartoonish landscapes. There were no suggestion­s for Malcolm.

Arkime was present in the Kali repository though, but when we installed it using apt-get, it simply would not start.

Kali Autopilot is an attack script builder and framework for automated attacks. You can use it to attack certain parts of your infrastruc­ture to see what breaks, and it’s another one of the big things we were excited to try. In the docs (and Kali docs are extensive), we read that Kali Autopilot would show up in the Exploitati­on Tools menu after running:

$ sudo apt install kali-autopilot

Guess what! ‘Unable to locate package kaliautopi­lot.’ At the time of writing, Kali Purple has been available for download for only a couple of days, so we expect the missing tools to materialis­e pretty soon. In the meantime, flagship features are missing and it’s an incredibly frustratin­g experience. Everything you need for a complete offline installati­on? Not even close.

Who is purple for ?

Kali Purple is not a daily driver for the average user, despite what its soothing colour scheme would suggest, and it comes with the same warnings as Kali proper. Adding repositori­es can bust your system. Don’t try to install Steam and don’t use it as the foundation of a gaming rig. Instead, it seems Kali Purple is meant to fill a gap in the market for small enterprise­s who have security trained staff, but don’t have the resources of a multinatio­nal corporatio­n, and can’t or won’t pay the millions of pounds annually required for security as a service. Most of the tools included in Kali Purple are free and open source. Some may require a small fee for premium features, but you won’t be paying through the nose as you would with SolarWinds. Looking at Kali Purple, it’s easy to think that it’s a simple idea that should have been done years ago, but the concept of a defensive platform rather than an attack and pentesting distro is entirely new. Overall, we love Kali Purple, we love its tools, and we can’t wait for the complete toolset to roll out.

?? ?? OWASP Zap is technicall­y an offensive tool and will launch a one-click attack to discover vulnerabil­ities on your self-hosted web app. It’ll give you a list of risky implementa­tions that can be exploited by attackers.
OWASP Zap is technicall­y an offensive tool and will launch a one-click attack to discover vulnerabil­ities on your self-hosted web app. It’ll give you a list of risky implementa­tions that can be exploited by attackers.
?? ?? Kali Purple looks almost like a normal distro. The colours would look good in a Barbie mansion, and even the dragons look less aggressive.
Kali Purple looks almost like a normal distro. The colours would look good in a Barbie mansion, and even the dragons look less aggressive.
?? ?? Missing packages are the bane of Kali Purple. While we expect they will eventually appear, having headline features MIA is not a good look.
Missing packages are the bane of Kali Purple. While we expect they will eventually appear, having headline features MIA is not a good look.
?? ??
?? ??

Newspapers in English

Newspapers from Australia