Kali Linux releases first-ever defensive distro with score of new tools

A screenshot of a Linux operating system with Kali Purple windows open on the desktop and a stylised dragon in the background next to the text 'KALI'
(Image credit: Kali / Offensive Security)

The team behind the Kali Linux project has released a brand-new version called Kali Purple, designed specifically for defensive security practitioners - a first for the project.

Kali Purple was released as a technical preview this week and marks the first time the platform has catered to defenders, previously being used as a tool for red teamers and penetration testers.


Datto SMB cyber security for MSPs report

A world of opportunity for MSPs


As of now, Kali Purple is a proof of concept distro for security testing, described by Kali as a “reference architecture for the ultimate SOC In-A-Box”.

It will allow teams to engage in internal wargames, learn how to protect small-to-medium-sized IT environments, and practice threat hunting, among other activities.

The name references the addition of blue and purple team capabilities to Kali Linux’s existing suite of red team testing tools, expanding the distro from its offensive testing pedigree to encompass the entire security testing spectrum.

More than 100 defensive tools are included within Kali Purple. These include CyberChef, which can encrypt or decrypt data as well as compression and data analysis, Elastic’s security information and event management (SIEM), and the open source network intrusion detection system Zeek.

Kali Autopilot, a script builder for automated attacks is also included in Kali Purple. Through a community hub developers will be able to share scripts for blue teams to go up against, as well as practice packet captures to train in network analysis.

The developers outlined their goal of making Kali the best Linux distro for security tests, and expanding enterprise-grade security to all.

“Remember what we did a decade ago with Kali Linux? Or with BackTrack before that? We made offensive security accessible to everyone,” Kali wrote in its blog post.

“No expensive licenses required, no need for commercial grade infrastructure, no writing code or compiling tools to make it all work… just download Kali Linux and do your thing. We are excited to start a new journey with the mission to do exactly the same for defensive security: Just download Kali Purple and do your thing.”

Kali Purple has been structured around the National Institute of Standards and Technology’s (NIST’s) five functions as outlined in the Cybersecurity Framework: “identify, protect, detect, respond, and recover”.

In addition to the announcement of Kali Purple, the firm highlighted eight new tools included in Kali Linux 2023.1.

These include the aforementioned Cyberchef, as well as packet capture system Arkime, DevSecOps and vulnerability management tool DefectDojo, network scanner Dscan, Kubernetes package manager Kubernetes-Helm, password analysis and cracking kit 2 (PACK2), pen test data management tool RedEye, and cryptographic algorithm interface Unicrypto.

The update also brings a visual refresh to the distro, with new wallpapers and Kali Purple themes, as well as a new tiling and widget system with the introduction of the graphical workspace environment KDE Plasma 5.27.

Kali Purple is available as a pre-launch technical preview now, with a dedicated Discord server and wiki. Further details on its full launch are expected in the future.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.