Rich choice makes decision struggles

kalinin

New Member
Joined
Sep 21, 2024
Messages
25
Reaction score
7
Credits
256
Hello there,
i am newbie here, But I can't say that I'm new to Linux - I've been using it for some time and have some experience.
I've been «flirting» with Kali for about two weeks - then on VM, then with live bootable flash drives. I like the sphere, and, let's say - cybersecurity is the sphere where I see myself in the future. However, I still didn't dare to completely switch to Kali - mainly because of rumors that it's not for every day, too difficult, slows down and so on. A couple of days ago, I still decided to switch to it thoroughly. I don't regret it - I'm very happy with everything, and it's quite suitable even for household functions.

But I am misled by an unimaginable number of tools and applications - I still, despite their extensive study, have not opened at least to see each of them. But I am misled by an unimaginable number of tools and applications - I still, despite their extensive study, have not opened at least to see each of them. My type of activity is web and server development, automation. I'm still a student, so it's just small websites on hostings and a couple of VPS, where I implement projects on python - well, it's more and more for the sake of experience. So I want to ask, so to speak, to share my experience with me.

My type of activity is web and server development, automation. I'm still a student, so it's just small websites on hostings and a couple of VPS, where I implement projects on python - well, it's more and more for the sake of experience. Without a permanent OS, my study of tools was chaotic, now I have singled out the sphere of the web, and I want to delve into it. although this reduced the amount of material - however, there is still too much choice.

Please advise me where, how is better to start? What is more functional and convenient, and what is still too difficult, and not in my field of activity. in general - your opinion, how should I approach this issue. thank you.
 


The only advice i can give you is read the kali docs, they state that installing apps other thane those in the approved Kali repository is likely to break your system, kali is not for general use

From the Kali docs [there are pages of them, this bit is more relevant]
As the distribution’s developers, you might expect us to recommend that everyone should be using Kali Linux. The fact of the matter is, however, that Kali is a Linux distribution specifically geared towards professional penetration testers and security specialists, and given its unique nature, it is NOT a recommended distribution if you’re unfamiliar with Linux or are looking for a general-purpose Linux desktop distribution for development, web design, gaming, etc.

Even for experienced Linux users, Kali can pose some challenges. Although Kali is an open source project, it’s not a wide-open source project, for reasons of security. The development team is small and trusted, packages in the repositories are signed both by the individual committer and the team, and - importantly - the set of upstream repositories from which updates and new packages are drawn is very small. Adding repositories to your software sources which have not been tested by the Kali Linux development team is a good way to cause problems on your system.

While Kali Linux is architected to be highly customizable, do not expect to be able to add random unrelated packages and repositories that are “out of band” of the regular Kali software sources and have it Just Work. In particular, there is absolutely no support whatsoever for the apt-add-repository command, LaunchPad, or PPAs. Trying to install Steam on your Kali Linux desktop is an experiment that will not end well. Even getting a package as manager.


There are around another 10 pen-testing distributions, some may easier to install and more compatible for daily use.
 
The only advice i can give you is read the kali docs, they state that installing apps other thane those in the approved Kali repository is likely to break your system, kali is not for general use

From the Kali docs [there are pages of them, this bit is more relevant]
As the distribution’s developers, you might expect us to recommend that everyone should be using Kali Linux. The fact of the matter is, however, that Kali is a Linux distribution specifically geared towards professional penetration testers and security specialists, and given its unique nature, it is NOT a recommended distribution if you’re unfamiliar with Linux or are looking for a general-purpose Linux desktop distribution for development, web design, gaming, etc.

Even for experienced Linux users, Kali can pose some challenges. Although Kali is an open source project, it’s not a wide-open source project, for reasons of security. The development team is small and trusted, packages in the repositories are signed both by the individual committer and the team, and - importantly - the set of upstream repositories from which updates and new packages are drawn is very small. Adding repositories to your software sources which have not been tested by the Kali Linux development team is a good way to cause problems on your system.

While Kali Linux is architected to be highly customizable, do not expect to be able to add random unrelated packages and repositories that are “out of band” of the regular Kali software sources and have it Just Work. In particular, there is absolutely no support whatsoever for the apt-add-repository command, LaunchPad, or PPAs. Trying to install Steam on your Kali Linux desktop is an experiment that will not end well. Even getting a package as manager.


There are around another 10 pen-testing distributions, some may easier to install and more compatible for daily use.
hello, thank you for your advice, i will know about it. To be honest, i can say that browsing is my the only daily activity, that does not relate to professional activity. Still, the rest is either back/front development, code, system administration and a lot of reading. By the way, the advice is good - without documentation, it would be quite problematic to successfully install Kali. I explain my choice, among other things, by flexible settings and the ability to provide maximum protection and security for my projects, now and in the future.
Thank you anyway!
 
Hello @kalinin,
Welcome to the linux.org forum. I can't give any better advise on Kali than @Brickwizard has already given read the documents completely. And then choose if it's the right tool for the job you want to do. May a dual boot with another more general distro might work for you.
 
Hello @kalinin,
Welcome to the linux.org forum. I can't give any better advise on Kali than @Brickwizard has already given read the documents completely. And then choose if it's the right tool for the job you want to do. May a dual boot with another more general distro might work for you.
sure thing. i did start from linux lite, and i still have it. i did exactly how you said. may be that’s also why i want something more specific, lite feels little boring even after classic ubuntu or debian.
and thank you !
 
may be that’s also why i want something more specific, l
Suggestions, have a look at
Parrot home
MX-Linux
Fedora
openSUSE
 
sure thing. i did start from linux lite, and i still have it. i did exactly how you said. may be that’s also why i want something more specific, lite feels little boring even after classic ubuntu or debian.
and thank you !
well I like Debian it may be boring at times but sometimes boring can be good. :)
in any event enjoy the journey!
 
Suggestions, have a look at
Parrot home
MX-Linux
Fedora
openSUSE
yeah, i I thought about it. let's be honest, is there any reason that I shouldn't use Kali? this is a closed club and I’m not invited?)
it was obvious for me that first time it surely will be uncomfortable, unusual. its like a normal reaction idk. if it will no matter what, why i should give up with the most featured system and pick the other one? its just my opinion.
I was shocked when I figured out there were so many Linux distros - I still hear about a new one every couple of days. I don’t know anything about the last one on your list, but I definitely won’t put Fedora. it just seemed strange at all to me.
if it weren’t for my ambitions - for every day standard debian is the top option.
 
well I like Debian it may be boring at times but sometimes boring can be good. :)
in any event enjoy the journey!
yeah, debian is good, i have it on every vps installed. Llite is a way closer to Win than it might seem to be haha
 
We have one member who accuses me of being negative to Kali, I am not, it is a good distribution when used by experienced Linux users for its intended Purpous, which is pen-testing only, if you wish to use it for this then I recommend you use a VM/VB which will be easy to wipe and re-install when you bulk your machine [which you probably will,a few times]

If you want a distribution, you can install to use as a daily drive, and easily install the pen-testing tools, take a look at Parrot Home [its sister builds ParrotSec and Hack the box, like Kali are only suited to Pen-testing]
 
We have one member who accuses me of being negative to Kali, I am not, it is a good distribution when used by experienced Linux users for its intended Purpous, which is pen-testing only, if you wish to use it for this then I recommend you use a VM/VB which will be easy to wipe and re-install when you bulk your machine [which you probably will,a few times]

If you want a distribution, you can install to use as a daily drive, and easily install the pen-testing tools, take a look at Parrot Home [its sister builds ParrotSec and Hack the box, like Kali are only suited to Pen-testing]
now i remembered. had to take a look once again on parrot. of course i will wrong to say like this now, but imo as i dont know a lot is parrotsec almost the same thing. its also pen testing focused, with a lot of ways and tools. i even noticed many packs and tools i explored yday and now. so what the difference between, i can only say that parrot has another builds, i mean home, arch etc, and its not that lightweight, while kali also customizable and has plenty of ways to boot. so i see no point to install all those similar tools but on another os.
i may probably face tech problems, just like on every other os exept lightweight focused, oriented by default to be like it. then, kali is not only for pentest, they say, it can be used for practice of offensive and defensive tactics. yeah its the most advanced os exactly for pentesters, i will say again - in my opinion, just because more people are pentesters, insterested in or wannabe. for example pentest community of parrotsec much (2-3) times bigger than everyone else. i honestly enjoyed of couple hours doing xaker_neo's stuff, still not so inspired of being a pentester, but as i wanna work on security improvments, anyway i will got to know how it happens, what exactly those people do just to prevent or at least to try. any sh happens, but i dont really think that someone will decide to crack me personally, simply not worth an effort at all. just random guy. Parrot, by the way, the security of their system even more efficient than kali has i read, anyway if i will really need to privately do something in the net, i will do it with tails and tor. everything else is just depends on motivation of bad guys.

well i just wanna say that where is pentesting, there also is defence, i will try to get into basics while learning, and i hope no one will not come up with such idea like trying to steal my nudes :p i dont provoke and will not for sure.
 
s not only for pentest, they say, it can be used for practice of offensive and defensive tactics. yeah its the most advanced os exactly for pentesters,
Any of the 10 or so other builds will do exactly the same, the tools are not exclusive to Kali as many have been produced by independent testers for example Anonsurf was developed for Parrot and has to be ported to kali, although both are Debian based they are not the same inside, and yes if you want to use any of those 10 distributions for hacking or adapting any other distribution for hacking that is your prerogative,
at the end of the day this is Linux with over 500 desktop builds there is one out there to fit any individual taste, you take your pick and will probably change it at some point if you get fed up or problems with your initial choice.
 
cybersecurity is the sphere where I see myself in the future. However, I still didn't dare to completely switch to Kali - mainly because of rumors that it's not for every day, too difficult, slows down and so on.
I suggest that you simply ignore those rumors because it depends on what you'll be doing.

If you'll be studying security tools present in Kali every day for X hours then is makes sense to install Kali as main OS, this will make things straightforward and more comfortable to you.

Kali is not difficult at all and that's just an excuse made by those who are not interested or never were interested to spend time learning the tools or security concepts in general, if you however dedicate few hours a day on hard work studying them you should find things pretty much easy relatively soon, depending on your learning approach.

My type of activity is web and server development, automation.
Then I suggest you learn at least one of the popular client side and server side language like javascript, PHP etc.
You'll also want to learn SQL and naturally HTML.

If you'll be using Kali for web-based penetration testing then this are your foundations without which Kali tools won't be of much serious use.
Without those foundations you will find Kali tools limited in what they can do, sooner or later you'll find that your attack is only say 60% complete and can't continue due to not knowing this or that language, or you'll need to write a piece of exploit to use as input to some tool in Kali, without such input you won't succeed.

If you'll be focusing on attacking web servers you'll also want to learn at least C/C++ language to able to find vulnerabilities in server source code, of course the language you need to know depends on the language used to write web server.

Knowing the language for that purpose is not enough though, several tools exist that help automatically find possible weaknesses, from which point on, understanding the language is helpful to verify discovery and to plan on how to write an exploit, usually in not in same language but in some other that is suitable for tool which you'll be using if you'll be using a tool in Kali, ex. Ruby is most popular for that task.

Please advise me where, how is better to start? What is more functional and convenient, and what is still too difficult, and not in my field of activity.
1. Programing
2. Programing
3. Programing

If you won't learn programing you'll never be hacker but just another silly script kiddie hoping that somebody else does the job and shares material for them.

Probably most important is your learning method however, ex. will you use YT tutorials, books, blogs, manuals, forums etc.
I suggest to avoid YT, forums, blogs or anything similar because you'll be losing time and get frustrated soon.
Buy a book instead and learn things how they should be learned, that is, from ground up, then you can use forums like SE to ask specific questions.

let's be honest, is there any reason that I shouldn't use Kali?
The only reason not to use Kali is if you won't be using or studying Kali tools.

People will tell you how you can install those tools on some other distro as well, but that makes sense only if you know what you need to install, otherwise if you're only exploring and don't know what you need then install Kali and start exploring and experimenting.
 
I suggest that you simply ignore those rumors because it depends on what you'll be doing.

If you'll be studying security tools present in Kali every day for X hours then is makes sense to install Kali as main OS, this will make things straightforward and more comfortable to you.

Kali is not difficult at all and that's just an excuse made by those who are not interested or never were interested to spend time learning the tools or security concepts in general, if you however dedicate few hours a day on hard work studying them you should find things pretty much easy relatively soon, depending on your learning approach.


Then I suggest you learn at least one of the popular client side and server side language like javascript, PHP etc.
You'll also want to learn SQL and naturally HTML.

If you'll be using Kali for web-based penetration testing then this are your foundations without which Kali tools won't be of much serious use.
Without those foundations you will find Kali tools limited in what they can do, sooner or later you'll find that your attack is only say 60% complete and can't continue due to not knowing this or that language, or you'll need to write a piece of exploit to use as input to some tool in Kali, without such input you won't succeed.

If you'll be focusing on attacking web servers you'll also want to learn at least C/C++ language to able to find vulnerabilities in server source code, of course the language you need to know depends on the language used to write web server.

Knowing the language for that purpose is not enough though, several tools exist that help automatically find possible weaknesses, from which point on, understanding the language is helpful to verify discovery and to plan on how to write an exploit, usually in not in same language but in some other that is suitable for tool which you'll be using if you'll be using a tool in Kali, ex. Ruby is most popular for that task.


1. Programing
2. Programing
3. Programing

If you won't learn programing you'll never be hacker but just another silly script kiddie hoping that somebody else does the job and shares material for them.

Probably most important is your learning method however, ex. will you use YT tutorials, books, blogs, manuals, forums etc.
I suggest to avoid YT, forums, blogs or anything similar because you'll be losing time and get frustrated soon.
Buy a book instead and learn things how they should be learned, that is, from ground up, then you can use forums like SE to ask specific questions.


The only reason not to use Kali is if you won't be using or studying Kali tools.

People will tell you how you can install those tools on some other distro as well, but that makes sense only if you know what you need to install, otherwise if you're only exploring and don't know what you need then install Kali and start exploring and experimenting.
Hello there!

I realize that with due diligence and time one can achieve a lot, if not everything. It's not about motivation or blinded optimism, it's about an objective perception of reality, or rather striving for it. I asked because people here obviously know and know more than I do and are much more experienced than I am. And it is always good to listen to good advice, if someone can give it.

Thank you for such a detailed answer! Just at the moment I am learning unix console commands, in fact, I am already making some progress, but I am still far from a good level. If the basic commands I have already memorized, and quite well oriented in file systems, with more advanced features, as well as with parameters and options is still going with difficulty, but the main thing is that there is a desire.

I was hoping to avoid learning these languages... but apparently it's not time yet. Well, I'm learning PHP as part of my college curriculum, as well as SQL, so it's waiting for me anyway.

I was hoping HTML would be a thing of the past pretty soon, that's what I'm getting at, and I have no attraction to frontend at all - to me it's much easier to do via a visual editor, or generate a framework on a neural network and then tweak and customize a bit.

I've tried taking the plunge into Rust, but it's something of a mess. I've heard that it will soon replace C++, but the thing is that I'm learning python on my own right now, and adding another language, especially one that is so different and much more complex, doesn't make much sense to me.

I'd rather concentrate on what I've decided to focus on for now, but of course I'll have to learn low-level programming eventually.

Thank you once again for your comment!
 
I've tried taking the plunge into Rust, but it's something of a mess. I've heard that it will soon replace C++, but the thing is that I'm learning python on my own right now, and adding another language, especially one that is so different and much more complex, doesn't make much sense to me.
You've made a good point, which is, why should you learn some complex language when there exist alternatives that are easier and more modern and getting seemingly widely adopted by community according to some trends?

Here is the thing, why learning complex language is beneficial:

Languages which are not complex do a lot of job for you, to understand what they do you'll need to delve into low level languages.
e.g. easy languages do for you: memory management, garbage collection, they provide easy and ready to use libraries, type safety, are easier to write, take less lines of code to do this or that, and overall you write programs much faster with them.

However without looking under the hood you'll not understand why that's so.
You'll most likely not be able to deal with hardware.
You'll be very limited when it comes to any kinds of optimizations.
You'll also be limited to what kinds of programs you can write.
Your design decisions will be governed by those languages, no freedom to do something the way you might want to.

And probably most importantly, in regard to pentesting if that's your objective, you'll be limited to what kind of hacking is going to be available to you.

Python for e.g. is for data scientists, AI programming and to write high level software fast, none of which is suitable for what you want to do, and that's pentesting.

In the end it boils down to what you'll be doing or want to do, no language is bad or worse, they're just different tools used for different tasks.
 
To be honest, i can only say that i am agree, yoo, i don’t know that much. For example Ruby language i see for the first time, even never ever heared.. so, too much to work on, years of time



here is also the basic paradox of every professional activity - to understand what i exactly will need, what can bring more benefit, what less and etc i need to know at least all the basic stuff, to finally pick a sphere and grow prof skills. i simply need to study more to formulate something in more detail



i chose python because 1. i wanted bot, 2. google said it’s good for beginners 3. usable everywhere. So i just thought that even if i will change priority in the future, i will find an effort in it. And i suppose its fair to other languages as well



aaand, yeah, pentesting is very interesting and useful, knowing skills must have, basics, but not more for me. I wrote somewhere above that I am more attracted to the protection of something (website, server, data privacy)… for example for last couple days i manually maybe one day will come when i will find a balance between soft/def/dev. who knows, for now not even me for sure



i will repeat myself once again, i have to learn a huuge amount of things, to be confident in my knowledge, at least at some middle level.. You know what am i doing now? I practice to create/admin/manage web servers, today i finally got some success. i did order a vps with debian, configured it with apache, Then I linked the ip to the domain, put an ssl certificate, wrote a simple one html and now i am struggling with flask trynna set up logging and users database.

And its only for training to ensure maximum security of this small site, so that later when I take up normal projects I already know something. so I plan to bring it to mind and try to hack again and again and look for vulnerabilities. and i am already thinking that i am soooo good at it haha, but its the top of the iceberg, but it is what it is.



one day ;) thank you
 


Top