Tool review: Katoolin

hacking
tool

#1

Hi fellas,

This article follows my previous post about Hacking operating system assessment, providing a complet review and my personal feedback apropos of Katoolin tool.

Basically, once your setup ready, you probably want to get tools, wordlists and frameworks in order to be able to do your usual hacking activities. If you choose a use pre built operating system e.g Kali Linux, Parrot Security OS, etc, you should normally be already operational. However, if you preferred to customize your setup by yourself, two choices face you:

  • Get your stuff from official repositories
  • Use Kali linux repositories to fetch and install your tools

Until now, I always opted for the first solution, allowing me to control my dependancies and avoiding compatibility issues due to outdated packages which could potentially fuck up your system.

A few weeks ago, I found an interesting alternative, katoolin, whose aim is to simplify the package installation process.

Katoolin is a python tool which, from Kali Linux repositories, allows to easily install packages that are maintained and enhanced by offensive security.

The first step is to the add the Kali repo and update your package manager with the following procedure:

1 > 1 > 2

Then use the back command to return to the main menu.

You are now ready to browse the multiple categories available and install tools that your need by typing their number in the console.

Once finished, delete the repo previously added to avoid any issue when it will be the time to update your Linux :stuck_out_tongue:

Pros

The principal advantage of katoolin is to provide a classified list of tools available from Kali repositories, allowing to discover new software without having caught cancer with their shitty operating system :slight_smile:

Cons

Depending on your system, the usage of this tool could be catastrophique. Indeed, I tried it on several Linux version and here is my feedback.

Firstly, I run it on a netinst debian under the following setup. Everything worked fine and save me plenty of times, particularly when came the time to install firewalk which is a veritable pain in the ass.

Afterward, I was forced to change, for hardware compatibility reason, of distribution for Ubuntu. Due to the fact that my previous experience with katoolin was satisfying, I decided to use it again. One week later, when I wanted to change my Unity theme, I realized that my package manager was completely broken cause katoolin took the initiative to downgrade, without my consent, some packages required for the install. That was so fucked up that I wasn’t even able to authenticate myself through the login interface. After 2/3 hours of debugging, I gave up and reinstall my system (no more time to waste :triumph:).

To conclude, I recommend avoiding using this tool, mainly if you use a heavy desktop environment. However, if you decided to give it a chance, use it extremely cautiously because the consequences of its usage could be quite irritating.

I hope you enjoyed this article.

Best,
Nitrax


(Command-Line Ninja) #2

Awesome article! Katoolin seems quite interesting. Since it is a python tool, could I run this on Arch? Or does it actually add the kali repos?

Keep up the good work @Nitrax. It also seems you’re in the lead for 1337 of the m0n7h!

- pry0cc


#3

Cheers mate! I was quite surprised when I saw the poll results, it will be a kind of achievement!

Actually, it only adds the Kali repos, that’s all. I think that Katoolin works on Arch. It relies mainly on your package manager so if you change it in the code base by Pacman or whatever, it should work :slight_smile:

Best,
Nitrax


(Full Snack Developer) #4

So Katoolin is a sort of package manager that adds/grooms repos for Offensive Security packages on top of your system/distro stuff?


(oaktree) #5

You could always get your h4x0r tools by compiling from source!

$ make
$ make install

#6

Yep and I recommend it :slight_smile:


#7

This is the idea. Katoolin just update your source list.


(Full Snack Developer) #8

Sweet. Have you seen blackarch and their meta-manager blackman?


#9

wait what? katoolin is simple.
You add kali repos
you download the tools you want
you remove the repos

If you update and upgrade with the kali repos, your system gets borked. you can just update the tools if you want by adding the repos temporarily and then removing them.

Since kali is debian based, its packages are installed with dpkg, so you get .deb binaries. You don’t (for god’s sake) do this in Arch. Like Arch repos wont work in Debian, Debian mirrors wont work in Arch.


#10

Its a dangerous python script, if not used correctly, can totally destroy your system. ask @_py

tbh, its pretty effective as you get everything together and categorised accordingly. +1 for the OP.


#11

@worz I agree, that is why I don’t recommend it. This article was mainly made to inform the community about the terrible effect of this tool. Upgrade your system after having add Kali repo can be the worse mistake of your life :joy:


#12

Yes and I planned to move on BlackArch soon :stuck_out_tongue:


#13

3 hours of debugging is nothing compared to the 9 of mine. I might had actually looked up the 3rd page of the google results for a solution. If you wanna play around with kali’s tools, just keep it on a live USB. The most unstable piece of crap I’ve ever dealt with.


#14

Fortunately, I hadn’t already configure the whole system :stuck_out_tongue:


(oaktree) #15

See, if you just build from source and leave it in its own directory, you won’t screw anything up!


(Command-Line Ninja) #16

Heh. Arch is even more stable. HELL. GENTOO @worz :wink:


#17

How unstable was it @_py (as in give examples)?

-Phoenix750


(Command-Line Ninja) #18

As in you try to install any package from the repo’s and it looses its mind. And then dare you try a system upgrade it won’t even boot if it managed to download. That’s just my experience.


#19

@anon63959120: As @pry0cc correctly pointed it out, broken dependencies, period. Can’t get any worse than that.


#20

I thought apt-get took care of “dependency hell” automatically? Atleast it does that on my ParrotSec distro.

-Phoenix750