Is it dangerous to install hacking tools on my private linux machine?
772
I use my Ubuntu for private and business purposes. Can I also install tools on my computer that are actually there to perform penetration tests? Or is it harmless?
trust the publisher not to perform malicious actions
trust the publisher to develop secure software
The same trust must be given to any dependencies of the program.
What makes some pentest tools special is that they provide a larger attack surface than many other programs and the people using them are more interesting targets than the users of many other programs.
Wireshark for example specifically warns against running as root, because of the high number of vulnerabilities (because of a high attack surface, insecure language (C), novice contributors, etc). Of course, you may not be happy with having your user account compromised either.
As a general guideline, I would use these rules:
run pentest programs on a dedicated computer or at least dedicated VM if possible.
the larger the attack surface of the program, and the higher the amount of known vulnerabilities / the less secure the code is, the more important rule 1 becomes.
The less reputable the source of the program is, the more you want to follow rule 1. Ubuntu repositories eg can generally be trusted more than a random github repository from an unknown entity or a nodejs program with dozens of npm dependencies.
Kali linux tools are hacking tools that are neither safe nor harmless. Installing Kali linux tools in Ubuntu by Katoolin or other means can turn Ubuntu into a hybrid Ubuntu/Kali Linux OS that is made possible by the fact that both OSs are Debian-based.
The only secure way to install Kali linux tools is to install Kali Linux in a virtual machine.
in my opinion install kali Linux in place of Ubuntu. but if you work with thi last one you can find the kali linux hacking tools in this link https://tools.kali.org/tools-listing some script can be found in GitHub. and before to download anything from the web check the comments of in the section and also the website if is official or not. and virtual machine its virtual
That really depends on the programs.
As with any program you install, you ideally:
The same trust must be given to any dependencies of the program.
What makes some pentest tools special is that they provide a larger attack surface than many other programs and the people using them are more interesting targets than the users of many other programs.
Wireshark for example specifically warns against running as root, because of the high number of vulnerabilities (because of a high attack surface, insecure language (C), novice contributors, etc). Of course, you may not be happy with having your user account compromised either.
As a general guideline, I would use these rules:
The only secure way to install Kali linux tools is to install Kali Linux in a virtual machine.
in my opinion install kali Linux in place of Ubuntu. but if you work with thi last one you can find the kali linux hacking tools in this link https://tools.kali.org/tools-listing some script can be found in GitHub. and before to download anything from the web check the comments of in the section and also the website if is official or not. and virtual machine its virtual