Kali Linux
By OffSec
A free Debian-based distribution maintained by OffSec and preloaded with reconnaissance, exploitation, and forensics tools. Kali's own infrastructure is GPL-licensed and many bundled tools are open source, but the distribution also includes software under other terms, so it does not have one project-wide open-source license.
Verified Source: 1
- Product type
- Distribution
- Deployment
- On-prem
- Organization size
- IndividualSMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
ASM/BASHow Kali Linux measures up against the full Attack Surface Management & Breach/Attack Simulation taxonomy.
- External attack surface discovery — supported
- Continuously finds internet-facing assets, domains, and shadow IT before attackers do.
- Exposure prioritization — not supported
- Ranks discovered exposures using adversary and exploitability context.
- Breach and attack simulation — not supported
- Safely simulates real attack techniques against live defenses to test control effectiveness.
- Security control validation — supported
- Measures whether existing tools actually detect or block the simulated attacks.
- Attack path mapping — not supported
- Shows the chained steps an attacker could take from an exposure to real impact.
- Continuous testing — not supported
- Re-runs simulations on a schedule to catch drift and regressions over time.
Alternatives
Other Attack Surface Management & Breach/Attack Simulation tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include Kali Linux.