We strongly recommend that all OffSec learners use the Kali VMware image for the most streamlined experience.
- Software Requirements
- Kali VM Download
- Using the Kali VM under Windows
- Using the Kali VM under macOS
- Using the Kali VM under Linux
- Updating the Kali VM
SOFTWARE REQUIREMENTS
The Kali VM we recommend in this article is built for use with VMware products. Windows and Linux users can use either VMware Workstation or the free VMware Workstation Player, whereas macOS users will require VMware Fusion.
Free trials are available for both Workstation and Fusion if you do not already have a license for them.
KALI VM DOWNLOAD
Please visit the following URL to download the Kali VM:
This Kali VM has the following credentials:
- Username: kali
- Password: kali
USING THE KALI VM UNDER WINDOWS
Verifying the Download Integrity
Under Windows, you can use a command-line program like certutil which is installed as part of Certificate Services to verify that your download did not get corrupted.
Note: The following is an example and does not reflect the current version of Kali or the SHA hash
C:\Users\student\Downloads>certutil -hashfile kali-linux-202x.x-vmware-amd64.7z sha256
SHA256 hash of kali-linux-202x.x-vmware-amd64.7z: 23a72e853503f082f43c288be44e90495e5f3a453df12e6afeed9d8c54ad54e0
CertUtil: -hashfile command completed successfully.
C:\Users\student\Downloads>
Compare the computed SHA256 checksum with the one shown on the Kali VM download page. If the values do not match, that means your download did not complete successfully and you will need to download the file again. Do not proceed until you have a valid download or you will encounter issues going forward.
Extracting the Archive
The 7-Zip application is the quickest and easiest way to extract .7z and other archives on Windows. Once installed, right click the Kali VM archive and select Extract to "Kali-Linux-202x.x-vmware-amd64\" and the VM will be extracted into a new folder in the current directory.
Note: Please take into consideration that the Kali VM includes a wide array of payloads, exploits, and other security-related files. As a result, it's possible that your local antivirus programs might classify the Kali VM as potentially harmful, which is a foreseeable outcome.
If desired, you may exclude the folder where you are running the Kali VM from your Antivirus program in order to prevent it from flagging the Kali VM as malicious.
Launching the VM
To open and launch the extracted VM, open an Explorer window, navigate to the directory containing the extracted files, and double-click the Kali-Linux-202x.x-vmware-amd64.vmx file.
We recommend you to configure Windows Explorer to show the file extensions in order to locate the .vmx file by disabling the "Hide extensions for known file types" item on View/Options menu.
As the virtual machine is starting up, VMware will display a prompt asking if you moved or copied the VM. Click the "I Copied It" button to continue.
Once the VM has booted, you can log in with the username of kali and the password of kali. Make sure you change the default password with the passwd command after you have logged in.
USING THE KALI VM UNDER macOS
Verifying the Download Integrity
Unlike Windows, macOS does not require any additional software in order to verify the integrity of the downloaded file. To compute the SHA256 checksum of the file, open the Terminal application, change to the directory that contains the downloaded archive and run the shasum -a 256 command as follows:
Note: The following is an example and does not reflect the current version of Kali or the SHA hash
alice@macbook-pro ~ % shasum -a 256 Downloads/kali-linux-202x.x-vmware-amd64.7z
23a72e853503f082f43c288be44e90495e5f3a453df12e6afeed9d8c54ad54e0 Downloads/kali-linux-202x.x-vmware-amd64.7z
alice@macbook-pro ~ %
Compare the computed SHA256 checksum with the one shown above. If the values do not match, that means your download did not complete successfully and you will need to download the file again. Do not proceed until you have a valid download or you will encounter issues going forward.
Extracting the Archive
To extract the .7z archive, you will require a separate application, installed either through the app store, MacPorts, or Homebrew. MacPorts and Homebrew users who install the p7zip package can extract the archive at the command line as shown below:
daveman@win-xp Downloads % 7z x kali-linux-202x.x-vmware-amd64.7z
7-Zip [64] 17.03 : Copyright (c) 1999-2020 Igor Pavlov : 2017-08-28
p7zip Version 17.03 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,12 CPUs x64)
Scanning the drive for archives:
1 file, 2863124229 bytes (2731 MiB)
Extracting archive: kali-linux-202x.x-vmware-amd64.7z
--
Path = kali-linux-202x.x-vmware-amd64.7z
Type = 7z
Physical Size = 2863124229
Headers Size = 692
Method = LZMA2:26
Solid = +
Blocks = 4
Everything is Ok
Folders: 1
Files: 43
Size: 13282325285
Compressed: 2863124229
alice@macbook-pro ~ %
You can see where you extracted to and what was extracted by doing:
alice@macbook-pro ~ % pwd
/Users/alice/Downloads
alice@macbook-pro ~ %
alice@macbook-pro ~ % ls
Kali-Linux-202x.x-vmware-amd64 kali-linux-202x.x-vmware-amd64.7z
alice@macbook-pro ~ %
alice@macbook-pro ~ % open .
Launching the VM
To open and launch the extracted VM, you can either use Finder or the same terminal window from before. To use Finder, navigate to the directory containing the extracted file, and double-click the Kali-Linux-202x.x-vmware-amd64.vmwarevm file.
As the virtual machine is starting up, VMware will display a prompt asking if you moved or copied the VM. Click the "I Copied It" button to continue.
Once the VM has booted, you can log in with the username of kali and the password of kali. Make sure you change the default password with the passwd command after you have logged in.
USING THE KALI VM UNDER LINUX
Verifying the Download Integrity
As with macOS, the majority of Linux distributions do not require any additional software in order to verify the integrity of the downloaded file. To compute the SHA256 checksum of the file, open the Terminal application, change to the directory that contains the downloaded archive and run the shasum -a 256 command as follows:
Note: The following is an example and does not reflect the current version of Kali or the SHA hash
student@linux:~/Downloads$ shasum -a 256 kali-linux-202x.x-vmware-amd64.7z
23a72e853503f082f43c288be44e90495e5f3a453df12e6afeed9d8c54ad54e0 kali-linux-202x.x-vmware-amd64.7z
student@linux:~/Downloads$
Compare the computed SHA256 checksum with the one shown on the Kali VM download page. If the values do not match, that means your download did not complete successfully and you will need to download the file again. Do not proceed until you have a valid download or you will encounter issues going forward.
Extracting the Archive
Although it may not be installed by default, most Linux distributions will have a p7zip package that can be installed with their package manager that will allow you to extract .7z archives. The Kali VM archive can then be extracted as follows:
student@linux:~/Downloads$ 7z x kali-linux-202x.x-vmware-amd64.7z
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,12 CPUs x64)
Scanning the drive for archives:
1 file, 2863124229 bytes (2731 MiB)
Extracting archive: kali-linux-202x.x-vmware-amd64.7z
--
Path = kali-linux-202x.x-vmware-amd64.7z
Type = 7z
Physical Size = 2863124229
Headers Size = 692
Method = LZMA2:26
Solid = +
Blocks = 4
Everything is Ok
Folders: 1
Files: 43
Size: 13282325285
Compressed: 2863124229
student@linux:~/Downloads$
Launching the VM
To open and launch the extracted VM, open a file manager window, navigate to the directory containing the extracted files, and double-click the .vmx file.
As the virtual machine is starting up, VMware will display a prompt asking if you moved or copied the VM. Click the "I Copied It" button to continue.
Once the VM has booted, you can log in with the username of kali and the password of kali. Make sure you change the default password with the passwd command after you have logged in.
UPDATING THE KALI VM
Although there is no need to update the virtual machine in order to complete the course exercises, you are certainly free to do so if you wish. Bear in mind that updating software may introduce new bugs or issues. If you choose to update the VM, we strongly suggest that you create a snapshot of the VM before upgrading (if you can't take a snapshot, make a backup of the VM by powering it off and creating a copy of the folder). If you encounter issues after updating, you will then be able to revert to a working state if you are unable to find a solution to the issue in the Kali Linux Forums or Kali IRC channel (#kali-linux on irc.freenode.net).