Ethical Hacking #Kali Linux#installation#virtual machine

Getting Started with Kali Linux in 2026: Complete Install Guide

How to install Kali Linux as a VM, on bare metal, or on a USB drive — with the right tools and first steps for beginners.

9 min read

Kali Linux is a Debian-based distribution built for penetration testing and security research. It comes pre-loaded with hundreds of security tools — Nmap, Burp Suite, Metasploit, Wireshark, Aircrack-ng, and many more — so you don’t have to hunt them down individually.

Before you install it, understand what it’s for: Kali is a specialist tool, not a daily-driver operating system. It runs as root by default (in older versions), has a minimal desktop, and is configured for attack workflows, not productivity. Most security professionals use it in a VM alongside a normal OS.

Choosing your installation method

There are three common approaches:

Virtual machine (recommended for beginners): Kali runs inside your existing Windows or macOS system. No risk to your main installation. Easy to snapshot and restore if you break something. Slightly slower due to virtualisation overhead.

Bare metal: Kali is installed directly on a dedicated machine or as a dual-boot alongside Windows. Full hardware access, best performance. Requires a spare machine or careful partitioning.

Persistent USB: Kali runs from a USB drive with a persistent storage partition. Portable, but slower than bare metal. Good for fieldwork.

Step 1: Download Kali Linux

Go to kali.org/get-kali. Download the correct image for your method:

  • VM: Download the pre-built VMware or VirtualBox image (.7z file) — this is the fastest way to get running
  • Bare metal or USB: Download the installer ISO (64-bit)

Always verify the SHA256 checksum before installing. Kali publishes checksums on the download page. On Windows, open PowerShell and run:

Get-FileHash .\kali-linux-2026.1-installer-amd64.iso -Algorithm SHA256

Compare the output to the published hash. If they don’t match, re-download.

Step 2: Set up the virtual machine

Using the pre-built VM image (fastest)

  1. Install VMware Workstation Player (free) or VirtualBox
  2. Extract the downloaded .7z file with 7-Zip
  3. In VMware: File → Open → select the .vmx file
  4. In VirtualBox: File → Import Appliance → select the .ova file
  5. Start the VM. Default credentials are kali / kali

Building from ISO

If you’re installing from the ISO into a new VM:

VMware:

  1. Create New Virtual Machine → Typical
  2. Select the Kali ISO
  3. Set disk size to at least 60GB (thin provisioned is fine)
  4. Set RAM to at least 4GB (8GB recommended)
  5. Enable 3D acceleration under display settings

VirtualBox:

  1. New → Linux → Debian (64-bit)
  2. Attach the ISO to the optical drive
  3. 4GB RAM minimum, 60GB disk
  4. Enable PAE/NX and nested VT-x under processor settings

Step 3: Initial setup after install

Change the default password

passwd

Enter a strong password. If you’re using the pre-built image, kali/kali is public knowledge.

Update the system

sudo apt update && sudo apt full-upgrade -y

Run this immediately after install and regularly afterward. Kali’s tools update frequently.

Install VMware/VirtualBox guest additions

For VMware, open-vm-tools is usually pre-installed. Verify with:

systemctl status open-vm-tools

For VirtualBox, install the guest additions for shared clipboard and screen resizing:

sudo apt install -y virtualbox-guest-x11
sudo reboot

Step 4: Understand the tool categories

Kali organises its tools into categories accessible from the Applications menu:

CategoryKey tools
Information GatheringNmap, theHarvester, Recon-ng
Vulnerability AnalysisNikto, OpenVAS
Web Application AnalysisBurp Suite, SQLmap, Dirb
Password AttacksHashcat, John the Ripper, Hydra
Wireless AttacksAircrack-ng, Wifite
ExploitationMetasploit Framework
Post ExploitationEmpire, Mimikatz
ForensicsAutopsy, Volatility

Don’t try to learn all of these at once. Pick one category and one tool and go deep before moving on.

Step 5: Your first commands

Get comfortable with the basics before touching any attack tools:

# System info
uname -a
ip a                    # Show network interfaces

# Nmap — your most-used tool
nmap -sV 192.168.1.1    # Scan a host, detect service versions
nmap -sC -sV -oN scan.txt 192.168.1.0/24  # Scan a subnet, save output

# Update a specific tool
sudo apt install --only-upgrade metasploit-framework

Kali’s tools are dual-use — they can be used for defence and attack. Only run scans and tests against systems you own or have explicit written permission to test. Unauthorised scanning is illegal in most jurisdictions, regardless of intent.

For practice, use:

What to learn next

Once Kali is running, the next step is understanding the methodology — not just individual tools. Look up the PTES (Penetration Testing Execution Standard) and the OWASP Testing Guide for structured frameworks that explain what you’re actually doing when you run each tool.

#Kali Linux #installation #virtual machine #beginners #Linux #VMware #VirtualBox