Kali Post-Installation Tweaks

August 14, 2017 | Views: 12712

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Undeniably, Kali is the best choice of Linux distro for Penetration Testers, Bug Bounty Hunters, and Security Researchers (if you think differently, please comment below). It carries a completely open source tools to perform the “Kill Chain“.

However, many users tend to overlook the aspect of fine tuning the arsenal and launching a Vulnerability Assessment and PenTest (VAPT) right away.

As a best practice, hardening and tweaking should be the first thing to do in every operating system after the installation. And here below are the simple steps after the Kali installation.

1. Switch to root user account and change the “toor” password
sudo su

2. Add repository
Edit “/etc/apt/sources.list” with your favorite editor; pico, vi, vim, nano, or leap. Then add the following repository below if missing.
# start here
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://http.kali.org/kali kali main non-free contrib
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
deb http://repo.kali.org/kali kali-bleeding-edge main
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main
# end here

3. Clean, Update, Upgrade and Dist-Upgrade your arsenal.
apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

4. Start your favorite Tool
-Configure the Metasploit logging. Sample version below is MSF4
echo “spool /root/msf_console.log” > /root/.msf4/msfconsole.rc

-Start the database, web server, and Metasploit
service postgresql start && update-rc.d postgresql enable
service apache2 start
msfdb init

5. Update the VMware tool if you are using Kali on VMware
cp /media/cdrom0/* /tmp && cd /tmp && tar xvf /tmp/VMwareTools*
cd vmware-tools-distrib
./vmware-install.pl –default
vmware-toolbox-cmd upgrade status
*REMOVE the CD-Rom media then *restart the Kali.

6. Modify the machine hostname to your Hacker’s code (mine is Strainer)
vi /etc/hostname
vi /etc/hosts
#Reboot required to take effect

7. Tweaking your Kali to make faster
-Edit the desktop config file /usr/share/applications/nautilus.desktop and change the Startup Notification to “false”

-Install the bleachbit to clean the System and Free Disk Space
apt-get install bleachbit
bleachbit > clean

-Remove the iceweasel web browser if opt to
apt-get remove iceweasel

-Install Mozilla web browser
echo -e “ndeb http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt all main” | tee -a /etc/apt/sources.list > /dev/null
apt-get install firefox-mozilla-build

8. Enjoy hacking … ethically 🙂 !!!


About the Author:

I have spent 14 years as an IT professional with Master’s degree in Information Technology. I am a certified ethical hacker (CEH), certified security analyst (CSA), and certified cyber crime investigator.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Hi Strainer
    I have 2 questions,
    1 The latest kali (Jessy) have a rolling update option, if you have choose this option, and you change the sources.list file, what are the consequences ?
    2 Why Remove the iceweasel web browser, and installing FF, what are the benefits ?

    Keep up the good work

  2. is there anything that we have to configure before adding to sources.list because the repositories that you have specified are not working, it shows the error “not found” and “couldn’t update it securely”.

    • import certifications perhaps?
      just an idea (sorry, I don’t have the time to verify)

    • @cyber-beast:
      Thank you so much mate for trying this out while may I verify the Kali version that you were using?
      Second, what I may suggest is; do a trial and error on the entries. Add one-by-one until the error will comes out. At least you could isolate which entry in the sources.list is having you troubled with.

      Cheers mate!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?