Ubuntu – Is it dangerous to install hacking tools on the private linux machine

command linehackingkali-linux-toolssoftware installationtools

I use my Ubuntu for private and business purposes. Can I also install tools on my computer that are actually there to perform penetration tests? Or is it harmless?

Best Answer

That really depends on the programs.

As with any program you install, you ideally:

  • trust the publisher not to perform malicious actions
  • trust the publisher to develop secure software

The same trust must be given to any dependencies of the program.

What makes some pentest tools special is that they provide a larger attack surface than many other programs and the people using them are more interesting targets than the users of many other programs.

Wireshark for example specifically warns against running as root, because of the high number of vulnerabilities (because of a high attack surface, insecure language (C), novice contributors, etc). Of course, you may not be happy with having your user account compromised either.

As a general guideline, I would use these rules:

  1. run pentest programs on a dedicated computer or at least dedicated VM if possible.
  2. the larger the attack surface of the program, and the higher the amount of known vulnerabilities / the less secure the code is, the more important rule 1 becomes.
  3. The less reputable the source of the program is, the more you want to follow rule 1. Ubuntu repositories eg can generally be trusted more than a random github repository from an unknown entity or a nodejs program with dozens of npm dependencies.