I started reading Kali Linux Revealed because I
wanted to learn a bit about the work of professional penetration testers. I’m
also interested in the specific software tools those folks use. In my
experience, books on GNU/Linux tend toward operator manuals, so I was fairly
confident I’d find content like that here.
I was disappointed on both fronts. While the book has some information on the
trade of penetration testing, it’s limited to about 20 pages in the penultimate
chapter. And the only applications that are discussed with any detail are SSH,
PostgreSQL, and Apache–hardly what anyone would call tools of the trade.
The Preface starts things strong with an account of how one professional
matured in their career right alongside the “penetration testing framework”
that would ultimately become Kali Linux. It’s a nice perspective which explains
why and how Kali came to be–social context that you wouldn’t get by studying
online resources like tutorials and forum posts.
The opening chapters target an audience of first-time GNU/Linux users. This
includes a chapter on setting up the operating system, a kind of obvious tour
through the graphical installer which feels like filler. Some readers may
benefit from this kind of instruction, but the book is not nearly comprehensive
enough to actually help them. It would be more appropriate to direct first-time
GNU/Linux users to a separate work that’s been authored for them specifically.
Kali Linux is a derivative of the Debian GNU/Linux
distribution, and one of the authors is prominent
Debian developer Raphaël Hertzog. Their influence is unmistakable. Like The
Debian Administrator’s Handbook before it,
Kali Linux Revealed has much to say about software packaging. Although this
isn’t what I was looking for, I did enjoy learning about it. Not that I need to
create my own Debian packages. It’s that I’ve been typing
apt-get install for
years, and the command still feels pretty opaque to me. Debian developers work
hard to make package management seamless for end users like me, but I enjoy
having a better understanding of the abstractions I use on a daily basis. It
make me feel a little more secure in my reliance on complex systems, just in
case anything goes haywire.
I was surprised to find this content here and for it to be my favorite aspect.
This information has nothing to do with penetration testing, and in fact, it’s
only glancingly related to the Kali distribution. The nitty-gritty of Debian
package management (the archive layouts, the file formats, the command-line
tools, etc.) are just as relevant for Ubuntu users, for example. It’s a
testament to Debian’s design that something like Kali could be built and still
retain so much of Debian’s characteristic configurability.
I didn’t get what I came for, so I’m going to keep looking for quality content
on penetration testing (I’ve got my eye on No Starch
Press at the moment). What I did find
is valuable in its own right. Given that the book is published under a Creative
Commons license (i.e. it’s free), I still got more than I bargained for.