On the 13th of March, 2023, the Kali Linux team announced the availability of a new version of their security-focused Linux distribution, named “Kali Linux Purple”.
The new distribution is aimed at defensive security. “Defensive” not in the sense of simply protecting your personal computer for anonymity like Qubes OS and Tails, but in the sense of protecting other machines or resources that you might own, just like an enterprise-level defensive system.
What is Kali Linux Purple?
For so long, Kali Linux has been the de facto Linux distribution for penetration testing and other offensive security operations. Hackers, from all types of white, grey and black, used it to accomplish their quick-and-dirty tasks without a hassle.
Today, the Kali Linux team with the release of Purple aims to expand their area of focus to include defensive security. That is, the aim is to provide a platform that users can utilize to protect key systems for whatever types of usage (personal, organization, enterprise…) they seek protection for.
The new Linux distribution, Kali Linux Purple, simply comes with pre-installed tools to IDENTIFY, PROTECT, DETECT, RESPOND and RECOVER important data and resources.
In case you were wondering why we wrote the preceding 5 words in a capital case, this is because these 5 stages are known as the “Five Framework”, which are the main stages a defensive cybersecurity strategy should take into account in order to be effective. It is part of both the US NIST and UK NCSC cybersecurity strategies.
Simply put, the new Kali Linux Purple was built with these 5 stages in mind, and includes all the needed tools in each stage for a security administrator to do his/her job.
Kali Linux Purple Walkthrough
In this article, we will go through a quick overview of what’s included in Kali Linux Purple.
Kali Linux Purple comes with Xfce 4.18 as a default desktop, but of course, you can choose to install other desktops like GNOME or KDE if you wish to.
Just like the normal Kali Linux, the Purple distribution is based on Debian Testing; meaning that it follows the rolling-release model and provides software updates as soon as they are available.
Customized desktop and icon themes are in place to give the distribution a similar eye-candy to Kali Linux.
Included Defensive Security Tools
The included defensive tools are categorized in two ways in the application menu:
Based on the “Five Framework” we explained earlier: Identify, protect, detect, respond and recover categories. Each tool is placed in the category that it fits the most.
Based on the general usage of the tool: Just a general categorization for the main usage of each included tool in Kali Linux Purple.
You can see that clearly in the following screenshot:
There are so many tools included with Kali Linux Purple (around 100). We have prepared a list of the default installed packages on GitHub if you would like to see them in detail.
The most important ones are perhaps:
Arkime and Wireshark for packet capturing and analysis.
SpiderFoot for automated OSINT data collection.
NSA’s Ghidra for reverse engineering.
Cisco Auditing Tool for vulnerability scanning and reporting.
Firewall Builder for building various defense rules.
ClamAV for detecting trojans and other malicious viruses.
The distribution has available packages for installation related to Elastic Stack and Cyberchef tools. These are not installed by default, but are available in the official repositories. After all, the main selling point of Kali Linux, and also the Purple distribution, is that it includes pre-built packages for cybersecurity tools that are not available in Debian.
Kali Purple could serve students and any interested folks in defensive cybersecurity. The distribution comes with documentation for most of the included tools, which should help any newbies in learning what they need along the way:
Other than that, there isn’t much to see so far in Kali Purple. The distribution just includes various cybersecurity tools for different tasks with a nice-looking theme.
Hardware Resources Usage
It is very good that Kali Linux Purple comes with the Xfce desktop by default. It is much more lightweight than GNOME or KDE, leaving more RAM and CPU resources to use by your other software rather than wasting it on the desktop.
Kali Linux Purple uses around 850 MB of RAM after a fresh installation:
$ free -m
total used free shared buff/cache available
Mem: 5928 857 4446 6 893 5070
Swap: 974 0 974
And reaches the graphical login screen after booting in 2.2 seconds:
Startup finished in 3.388s (kernel) + 2.220s (userspace) = 5.609s
graphical.target reached after 2.206s in userspace.
Is it Safe to use Kali Purple as Daily Driver?
We strongly recommend not using it as a daily driver.
The distribution is still not finished and has not been finally released yet; it is still in the development stage. So you may encounter many problems or issues here and there.
Additionally, we do not recommend using any distribution of the Kali Linux family as a daily driver. It may include open connection ports or you may misconfigure your system in such a way that leaves you vulnerable to hacking without you knowing.
Finally, the distribution is based on Debian Testing (aka rolling-release model of Debian), so you will be getting the most recent software releases in your system whenever they are available. While this is not necessarily bad, it could lead to regressions in some cases or backward compatibility issues depending on your workload.
The best way to use Kali Purple – and any Kali Linux distribution – is via a contained environment such as a virtual machine (QEMU, VirtualBox… etc). In this way, you remain protected while isolating your cybersecurity environment from your sensitive data and files.
Download Kali Linux Purple
You can download Kali Purple from the official website.
Additional documentation about the Kali Linux Purple project is available on GitLab. The distribution developers have provided a general overview of the project and a small roadmap they are currently working on.
It would be interesting to see how the distribution develops in the future, and what additional features it can include to help cybersecurity researchers and professionals.