How to Install Kali Linux on Raspberry Pi? (+15 first steps)

I recently installed Kali Linux on my Raspberry Pi and I will give you some tips to start on this distribution

How to install Kali Linux on Raspberry Pi?
Kali Linux images are available on the Offensive security website.
Installing this distribution can be done by flashing one image to an SD card by using a software like Etcher.

In this article, I will explain in 15 steps how to get started with this hacking distribution on Raspberry Pi.
Feel free to use the table of contents below to go directly to what interests you the most

Kali Linux introduction

Kali Linux is a Debian-based Linux distribution, which includes security and penetration testing tools
Formerly known as Backtrack, many security companies (and also hackers) use it
Associated with Raspberry Pi, it turns it into a perfect hacking kit

Kali Linux is available for the ARM architecture, so the installation is relatively simple. We will now see how to install it on your Raspberry Pi

Kali Linux installation

Download Kali Linux images for Raspberry Pi

Images for the ARM architecture are available on this page of the official website
Click on the image name to download it directly, or click on “Torrent” to download the torrent file

If you don’t know Torrent, it’s a peer-to-peer download protocol
You need to download and install a software to use it (Transmission, Vuze, Deluge, BitTorrent, …).
On Ubuntu, for example, Transmission is part of the basic packages already installed

As you can see, all Raspberry Pi models are now supported, including the Raspberry Pi 4. This is good news for us πŸ™‚
(Hint: take the last image for the Raspberry Pi 4)

Create a new SD Card with Etcher

Now that you have the image of Kali Linux, we will create an SD card to install and use it later.
If possible, I recommend installing it on another SD card than the one you use for Raspbian, so you don’t have to redo everything if you come back on Raspbian (8Gb minimum)
If you need more SD cards, you can check my recommended products here

As usual, we will use Etcher to create our SD card
If you don’t have it yet you can download it from the official website, it’s available for Linux, Windows and macOS and will make your life easier

Once Etcher installed, start it
Then select your image and your SD card then start the copy
I don’t know exactly why, but Kali Linux took longer than other distributions to flash (even if the size is almost the same as Raspbian Full), probably more compressed than Raspbian

First boot

Just insert the SD card into your Raspberry Pi and start
Kali Linux will start directly the login screen
No questions or other, insert, start, wait

There is nothing else to do πŸ™‚

First login

Once Kali started, you need to log in

The default identifiers on Kali Linux are:
– login: kali
– password: kali

It is strongly recommended changing them quickly
You can change it by opening a terminal and typing the command:
passwd

Note: on Raspberry Pi 4, my keyboard wasn’t working at all, so I could not log in. I tried to log with SSH, and update everything, but it didn’t change anything.
I found old forum posts on this issue (2014), it seems common with Kali Linux and new Raspberry Pi models.
But before considering this as a failure, I tried the last image (“64 bits”) and it works!
I don’t know why they have 2 images tagged for Raspberry Pi 4, but the first one boot without USB support

Kali Linux Configuration

You are now on the Kali Linux Desktop, and we can move to the configuration part

Keyboard layout

If you don’t use a US keyboard, you can change the layout in the Settings, Keyboard options
But be careful, on the login screen you will keep the US layout for the moment, so choose your password knowing this

Connect to your Network

We are talking here only about networks in DHCP, if you must necessarily define a fixed IP address, look at the following step

Ethernet:

Just connect the RJ45 cable to your Raspberry Pi and wait a few seconds for an IP address to be assigned to it, there is nothing else to do

WiFi:

On the Kali desktop, click on the network icon at the top right, and choose the SSID of your Wi-Fi network
Type the password of your access point, and wait a few moments

Get your current IP address:

Whatever your connection mode, you can retrieve the IP address obtained with the ifconfig command:
sudo ifconfig
The addresses are indicated on the second line of each interface, after the keyword “inet”

eth0 = Ethernet, wlan0 = Wi-Fi

I recommend not to activate both simultaneously, even if it works I had problems of response time by moments. Probably a problem of routing (I didn’t look any longer, but by disabling the Wi-Fi I worked)

Set a static IP address

A static IP address will allow you to choose the IP address associated with your Raspberry Pi, and therefore find it more easily later

  • Open a terminal or connect with SSH
  • To set a static IP open the /etc/network/interfaces file:
    sudo nano /etc/network/interfaces
  • You will see something like this
    auto eth0
    iface eth0 inet dhcp
  • Replace it with something like this:
    auto eth0
    iface eth0 inet static
    address 192.168.1.200
    netmask 255.255.255.0
    gateway 192.168.1.1
    nameserver 8.8.8.8

    Replace the IPs indicated by what fits your network
  • Reboot your Raspberry Pi or unplug/plug the network cable to update your IP

You can do the same thing for your Wi-Fi connection by replacing eth0 with wlan0

Update Kali

As for any fresh new installation, a good practice is to update your system :
sudo apt update
sudo apt upgrade

Enable SSH and VNC

Now that we have a fixed IP address, it’s time to make our Raspberry Pi accessible from another network computer

Enable SSH

In theory, SSH is installed and enabled by default.
If you don’t have access, it’s probably because you need to start the service:
service ssh start

Enable VNC

VNC will allow you to have access to a remote desktop on your Raspberry Pi
On the latest Kali Linux versions, TightVNC is already installed
You just need to set a password:

  • Open a terminal or connect via SSH
  • Use this command to define your password:
    vncserver
  • Once done, this will also start the service

You can now connect to your Raspberry Pi on Kali Linux with any VNC Viewer
For example, on Ubuntu :
sudo apt install xtightvncviewer
xtightvncviewer 192.168.1.200:1

On Windows, you can download TightVNC here

Remember that VNC is not a secure protocol, and if you use it at home it’s ok, but in a more extensive network it is better to use it through an SSH tunnel for example

Kali Linux tools

Ok, you are now ready to try the Kali Linux tools available directly after the installation
There are so many apps available that it can quickly become overwhelming
That’s why I’ll show you a few ones here, that you can easily try

Change your MAC Address

Overview

A MAC address is a unique identifier for each network adapter. It depends on each manufacturer and it’s often used to give access to a specific part of the network to restricted computers. A DHCP server can also assign always the same IP to a MAC Address
For example, you can configure your Wi-Fi network to whitelist your MAC address, and prevent anyone else from connecting to it

MacChanger is a tool which allows you to do MAC address spoofing, i.e. to pretend to be someone else

Usage

Install it if needed
sudo apt install macchanger

See your current MAC Address
ifconfig eth0

  • Disable your network card
    ifdown eth0
  • Get a random MAC address
    macchanger -r eth0
  • Set a specific MAC address
    macchanger -m XX:XX:XX:XX:XX:XX eth0
  • Reboot to reset and get the standard MAC Address

Hack Wi-Fi password

Overview

AirCrack-NG is one of the most known tools in Kali Linux.
It’s a complete suite of tools to test the wireless security of a network
It provides tools for monitoring, attacking, testing and cracking WiFi networks

Usage

You need to disconnect the Wi-Fi on your Raspberry Pi before starting

  • Then check that your network card is compatible (it is):
    sudo airmon-ng
  • Start monitoring:
    sudo airmon-ng start wlan0
  • Show wireless network available:
    sudo airodump-ng wlan0mon
    airodump scan wifi networks

And you are ready to go
You can read this post to get more details on how to do this

Brute force with Hydra

Overview

Brute force is a password cracking method, that try passwords from a dictionary or other, and try all the possibilities until it works

Hydra is a tool to make very fast brute force from a Kali Linux software and which supports many protocols

Usage

First, you will need a list of passwords and put it in a file, like /root/passwords.txt (one per line)
You can find most common passwords on Internet, or generate your own
For the test, just put a few random passwords manually in the file

Then you can try it, for example, I have decided to brute force SSH on my computer from the Raspberry Pi:
hydra -l root -P /root/passwords.txt -t 6 ssh://192.168.222.51

If I check in my /var/log/auth.log, I can see tries from the Raspberry :

May 22 15:55:37 ubuntu sshd[2481]: Failed password for root from 192.168.222.31 port 37226 ssh2
May 22 15:55:37 ubuntu sshd[2487]: Failed password for root from 192.168.222.31 port 37234 ssh2
May 22 15:55:39 ubuntu sshd[2482]: Failed password for root from 192.168.222.31 port 37228 ssh2
May 22 15:55:39 ubuntu sshd[2484]: Failed password for root from 192.168.222.31 port 37232 ssh2

Packet Analyzer

Overview

A packet analyzer (or sniffer) is a tool that can intercept traffic from the network and capture it to analyze it

On Kali Linux, you can use Wireshark, which is the most used tool to analyze network traffic
It’s a graphical tool, but you can capture packets with tcpdump or something else, and then open it with Wireshark

Usage

You can find the app in the Applications menu, under Sniffing and spoofing

  • Start it and then go to Capture > Start
  • You will now see all packets from the network
  • Click Stop when you want

Then there are many features that you can use to filter or analyze what you have captured

SQL Injection

Overview

SQL injection is a technique to attack insecure applications, including injecting code into user fields that are not protected

This technique is mainly used to attack websites
For example, if you replace a parameter of the URL, say ?user=yourname by something like ?user=yourname ‘ OR 1
If the field is poorly protected, the SQL query will be modified and will return all the data, not just those of your user

On Kali Linux, the sqlmap tool allows testing SQL injection vulnerabilities

Usage

Sqlmap is a straightforward tool to use

You only need to indicate the URL of the page to be tested, something like this:
sqlmap -u https://www.domain.com/?p=123

Once you have found a security hole, it is possible to dig deeper with this tool to see what you can get. But the best thing to do is to fix it πŸ™‚

Vulnerabilities exploit

Overview

Metasploit is a tool that will allow you to validate vulnerabilities and use them
Metasploit allows you to automate the process of discovery and exploitation and provides you with the tools required to perform the manual testing phase of a penetration test

Usage

You can start it in Applications > Exploitation Tools > Metasploit framework

This tool will initialize and start a terminal that will allow you to use it.
For example, you can use nmap in the framework:
db_nmap -v -sV 192.168.222.51

You can also retrieve information about a known vulnerability, and try to use it
db_rebuild_cache
search CVE-2018-9864
use exploit/folder/folder/name

Replace the search parameter with your vulnerability ID and use the exploit path displayed in the search results
If you are interested, find a good tutorial on the topic, it’s not possible to explain everything in a few lines

Video

If you want a visual explanation, you can watch this video on how to install Kali Linux on your Raspberry Pi:

Subscribe to get all the other videos about Raspberry Pi:

Conclusion

We learned how to install Kali Linux on Raspberry Pi, the first steps of the system configuration, and some exciting tools to use on this distribution

As I said at the beginning, this article is not exhaustive. There are hundreds of apps and most are quite complicated to take in hand which would require an article each, but it was not the goal here

I still hope you understand the basics and that this article made you want to try πŸ™‚

raspberry pi kali linux

How useful was this post?

Click on a star to rate it!

Average rating 4.4 / 5. Vote count: 7

No votes so far! Be the first to rate this post.

As you found this post useful...

Spread the word!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

How to Install Kali Linux on Raspberry Pi? (+15 first steps)

6 comments

  1. Andrew Reply

    perhaps you can help me with something.i’m trying to remote to a raspberry pi from a phone then start a pentest.but the catch is i have the pi in a coat pocket.giving the appearance i’m just playing on my phone.all the while using my tools on kali while walking through a site i’ve been tasked with.basicly (phone-raspberry pi(in pocket)-wireless router-loot)ideas?

  2. Maya Reply

    This article was extremely helpful. It explained important things that YouTube tutorials did not.

  3. Eduardo Reply

    Thanks for the very explained tutorial, it teaches much more than just intallation!
    I’m having an issue with the network devices. I’m not sure, but after the update and upgrade or after I changed the interfaces file as you suggested and rebooted the Pi there is the message “device not managed” under the “Ethernet Networks” and Wo-Fi Networks”.

    Could help me?

    Thanks

  4. Patrick Fromaget Post authorReply

    Hello,

    I just updated this post today
    Mainly for the installation part as there are a few changes in the last updates
    The Raspberry Pi 4 is now supported (if you download the good image version…)

Leave a Reply

Your email address will not be published. Required fields are marked *