Penetration Testing Tools Policy
One of the key tasks in transitioning from Backtrack Linux to Kali was combing through the packages and selecting the “best of breed” from what was available.
We realize that there are many tools or scripts that can do the same job. Some are clearly better than others in some respect, some are more a matter of personal preference. With this in mind, keeping an updated, useful penetration testing tool repository is a challenging task. The Kali Development team uses some of these questions to help decide whether a specific tool should be included in Kali Linux.
- Is the tool useful/functional in a Penetration Testing environment?
- Does the tool overlap functionality of other existing tools?
- Does the licensing of the tool allow for free redistribution?
- How much resources does the tool require? Will it work in a “standard” environment?
The answers to questions such as these, among other considerations, help us come to a decision whether the tool should be included in Kali.
Most of the members of the Kali development team are working penetration testers, and we rely on our combined experience and expertise to select the best tools to add the most value to the Kali distribution as we continue its development.
Tools which are specifically aimed at DOS, DDOS or anonymity are rarely used in legitimate engagements, and are therefore not installed by default in Kali Linux.
New Tool Requests
We are always open to adding new and better tools to our distribution, but we ask that a case be made for each tool. Please put some thought and effort into the tool submission, and please do not just send the developers a one line request. Submissions for new tool requests can be made through our Kali Linux bug tracker.
Updated on: 2019-Nov-29