I get a ton of questions lately from you guys asking me if it is "safe" to download Kali Linux from its original source over at kali.org. I am not actually sure why those questions arise all the time, but it's definitely a good time to address this in a separate blog post on how (and where) to download Kali Linux in a safe and easy way.
There are a ton of different websites out there that allow you to download Kali Linux and all its different images - but are all of them safe? Certainly not.
In this post, I show you the safest way to download an uncompromised version of Kali Linux, and how to verify your download by checking the SHA256sum.
Table of Contents
- Step 1 - Where to download Kali Linux
- Step 2 - Choosing a version of Kali Linux
- Step 3 - Verifiyng the Download
- Where to go from here?
Step 1 - Where to download Kali Linux
The safest and most obvious way to download Kali Linux is the Kali Linux website, Kali.org. If you head over there, you are directly greeted with a download button.
Step 2 - Choosing a version of Kali Linux
Once there, Kali made it even more confusing for beginners lately, giving you a bunch of different choices that can be hard to understand. But if you want to download Kali to install it on your physical computer, you want to choose Bare Metal.
Once you click on that, you get presented with another selection of choices. I recommend choosing the 64-bit Installer, which is suitable for most situations.
The download of Kali Linux starts as soon as you click on the button.
Step 3 - Verifiyng the Download
To be sure that we downloaded a legitimate version of Kali Linux, the download is provided with a SHA256 Checksum that you can test against your download. This verifies that the download is indeed the original, unmodified, and safe version.
Click on sum below the Kali Linux 64-bit Installer and copy the SHA256sum to your clipboard.
Once your download has finished, you can use Windows PowerShell to verify the SHA256sum. Press your Windows key and type "PowerShell" and open it up.
In PowerShell type the following syntax to check the SHA256sum:
Code language: CSS (css)
(Get-FileHash .\Downloads\kali-linux-2021.3-installer-amd64.iso).Hash -eq "3a199fce1220a09756159682ed87ca16f7735f50dcde4403dc0c60525f90c756"
Here, the file path after .\ leads to your downloads directory (adjust in case you saved it somewhere else) and the value between the parenthesis after -eq is the hash that you had copied from the Kali Linux website.
If the file hash is legit and correct, you will get a True in return for your query. If the file hash is not valid, you would get False.
Once you are sure that you have downloaded the correct file, you can now continue to install Kali Linux on your computer. This website, as well as my YouTube channel, has a ton of resources on installing Kali Linux in a lot of different ways.
Where to go from here?
I have a ton of Kali Linux tutorials on this blog, as well as on my YouTube channel, so in case you need some assistance in installing Kali Linux, choose one of the tutorials listed below.
- Install Kali Linux on Windows - Easy Beginner Guide
- Install Kali Linux in Dual-Boot with Windows 10 - Complete Beginner Guide
- The Top Things to do after installing Kali Linux
As you can see, it can be a bit confusing to download Kali as a beginner - I have been in your situation too, many years ago. I hope this helps in providing a safe way to download Kali Linux and takes some of the frustration away.
If you want to learn how to install Kali Linux afterward, check out this tutorial.