Security testing with Kali Purple

Kali Purple is a new project from the Kali developers that focuses primarily on network defense and the NIST cybersecurity framework. In this article, we will show the capabilities and uses of this new security tool, which is primarily aimed at defending blue teams.

Kali's new network security project "Purple" combines tools for red and blue teams. Traditional Kali setups are more offensive oriented and can perform aggressive pentests for red teams.

Red teams are tasked with finding vulnerabilities in the network through hacking attacks (offensive security/ethical hacking) so that they can be closed before real cybercriminals attack. Kali developers also call Kali Purple SOC In-A-Box.

Let's look at what capabilities Kali Purple offers to test protection against intruders.

Kali Purple is significantly different from Kali

Kali Purple is a security distribution independent of the traditional version of Kali, with other tools pre-installed by default. Since Kali Purple is still in the early stages of development, the level of development is not yet as advanced as the previously known version of Kali. However, Kali and Kali Purple use the same package sources to install tools. This can be checked in the Kali terminal using the following command:

cat /etc/apt/sources.list

This means that all the tools needed by the Red, Blue and Purple teams can be installed on both platforms. For example, Kali Purple does not have Burp Suite, but you can easily install it in the terminal:

sudo apt install burpsuite

Conversely, tools from Karli Purple can be installed in a regular Kali distribution, for example Cisco Auditing Tool CAT:

sudo apt install cisco-auditing-tool

So, inside the distributions are very similar, but the set of tools is different.

Kali Purple - Security Operations Center for Small and Medium Businesses

Kali's new project "Kali Purple" focuses on offensive tools for the Red Team, as well as the Blue Team, which focuses on protecting networks and is therefore the "enemy" of the Red Team.

The Purple Team is a combination of the Red and Blue Teams and is ready to attack and defend. These are the teams Kali Purple focuses on. Thus, the security distribution includes tools for attackers and defenders, while traditional Kali distributions are still focused primarily on red teams. The Kali Purple distribution can be downloaded for free directly from the project website, where you can also find Kali Purple documentation.

Network protection tools

Offensive penetration testing tools have been available on Kali Linux for many years. Kali Purple uses analysis tools such as Arkime, vulnerability scanners such as Greenbone Vulnerability Manager (GVM), and other intrusion detection systems such as Suricata. Other examples include CyberChef, Elasticsearch SIEM (Security Information and Event Management), TheHive, Malcolm and Zeek.

These tools are part of Kali Purple, but the Blue/Purple Team can of course use all the other tools that were previously reserved for the Red Team in Kali.

Automation platforms are also included. Kali Autopilot helps you create scenarios. There are also templates that you can use. They are available on Kali Purple Hub.

However, you can install almost any other tools. Debian is used as the basis for Kali. Therefore, other Debian security tools can be easily installed on Kali Purple.

Kali Purple uses the NIST cybersecurity framework

The U.S. National Institute of Standards and Technology (NIST) provides a cybersecurity framework that provides standards, guidelines, and practices for protecting networks. These core principles of National Institute of Standards and Technology Critical Infrastructure Cybersecurity (NIST CSF) are embedded in Kali Purple.

The procedures are divided into five areas: identification, protection, detection, response and recovery. These five domains are also available as program groups in Kali Purple. Each group of programs contains tools that can be used in the corresponding direction. It's not necessarily just new tools. For blue and purple commands, you can also use standard tools from the regular Kali distribution, such as Maltego.

Getting started with Kali Purple

After downloading Kali Purple, the new version can be installed on physical and virtual computers. There are currently no live distribution or ready-made virtual machine images.

But this can change at any moment. For example, you can use VMware, Virtualbox, or Hyper-V products. Installation is carried out through a wizard. After installation, it makes sense to first install all packages in the terminal. This is done using standard Debian commands:

sudo apt update -y && sudo apt upggrade -y

If Kali Purple is updated and relaunched, new versions will become available and tools for red and blue teams can be used in a common interface. While the red teams are actively looking for vulnerabilities in the network, the blue teams are checking whether the security measures in the network are sufficient. The purple team takes on both tasks.

Like the traditional Kali distribution, Kali Purple divides the tools into different groups such as Identity, Protection, Detection, and Response. However, in many cases, program groups also contain other tools aimed primarily at blue teams.

Mainton Company - custom software development and testing, SEO and online advertising since 2004.