Kali Linux releases first-ever defensive distro with score of new tools

The team behind the Kali Linux project has released a brand-new version called Kali Purple, designed specifically for defensive security practitioners - a first for the project.

Kali Purple was released as a technical preview this week and marks the first time the platform has catered to defenders, previously being used as a tool for red teamers and penetration testers.

As of now, Kali Purple is a proof of concept distro for security testing, described by Kali as a “reference architecture for the ultimate SOC In-A-Box”.

It will allow teams to engage in internal wargames, learn how to protect small-to-medium-sized IT environments, and practice threat hunting, among other activities.

The name references the addition of blue and purple team capabilities to Kali Linux’s existing suite of red team testing tools, expanding the distro from its offensive testing pedigree to encompass the entire security testing spectrum.

More than 100 defensive tools are included within Kali Purple. These include CyberChef, which can encrypt or decrypt data as well as compression and data analysis, Elastic’s security information and event management (SIEM), and the open source network intrusion detection system Zeek.

Kali Autopilot, a script builder for automated attacks is also included in Kali Purple. Through a community hub developers will be able to share scripts for blue teams to go up against, as well as practice packet captures to train in network analysis.

The developers outlined their goal of making Kali the best Linux distro for security tests, and expanding enterprise-grade security to all.

“Remember what we did a decade ago with Kali Linux? Or with BackTrack before that? We made offensive security accessible to everyone,” Kali wrote in its blog post.

“No expensive licenses required, no need for commercial grade infrastructure, no writing code or compiling tools to make it all work… just download Kali Linux and do your thing. We are excited to start a new journey with the mission to do exactly the same for defensive security: Just download Kali Purple and do your thing.”

Kali Purple has been structured around the National Institute of Standards and Technology’s (NIST’s) five functions as outlined in the Cybersecurity Framework: “identify, protect, detect, respond, and recover”.

In addition to the announcement of Kali Purple, the firm highlighted eight new tools included in Kali Linux 2023.1.

These include the aforementioned Cyberchef, as well as packet capture system Arkime, DevSecOps and vulnerability management tool DefectDojo, network scanner Dscan, Kubernetes package manager Kubernetes-Helm, password analysis and cracking kit 2 (PACK2), pen test data management tool RedEye, and cryptographic algorithm interface Unicrypto.

The update also brings a visual refresh to the distro, with new wallpapers and Kali Purple themes, as well as a new tiling and widget system with the introduction of the graphical workspace environment KDE Plasma 5.27.

Kali Purple is available as a pre-launch technical preview now, with a dedicated Discord server and wiki. Further details on its full launch are expected in the future.