How to add Kali Linux repositories to another Linux distribution

I'll start with the most important thing, with a serious warning: this operation may kill your distribution and make it unusable! This is a very real opportunity to break everything due to incompatibility of packages!

What will the Kali Linux repository give?

After all these terrible warnings, the question arises, why take this risk? If you add the repository of another distribution, you can install its packages. For example, if you add Kali Linux repositories to Linux Mint, you can install Kali Linux programs on Linux Mint.

What happens when adding repositories of other Linux distributions

When adding any new repositories, after updating the package cache, packages from new repositories become available for installation, as well as for updating existing packages in the system.

Repositories may contain the same packages, but different versions. When performing updates, newer packages will replace packages of previous versions in the system. Since the source packages of the distribution kit may not be compatible with the packages of another distribution kit, the system may stop working normally after the upgrade. Moreover, if the first upgrade went fine, this does not mean that as a result of any subsequent upgrade something bad will not happen.

You can significantly reduce the danger from Kali Linux repositories, but at the same time take advantage of this Linux distribution. We will achieve this by setting a lower priority for Kali Linux repository; this will be described below.

What distributions can Kali Linux repositories be added to

Only distributions based on Debian are suitable for this, that is, Debian itself, as well as Linux Mint, Ubuntu, etc.

Manual for adding Kali Linux repositories (using Linux Mint as an example)

We will not only correctly add repositories, but also configure the low priority of Kali Linux repositories, thanks to this:

• with automatic updates, Kali Linux packages will not replace the main distribution packages, even if Kali Linux has newer versions
• it will be possible to install any Kali Linux programs
• when new versions of Kali Linux programs are released, they will be automatically updated along with other packages in the system

That is, we get the benefits of Kali Linux, but we do not risk spoiling our distribution (although anything can happen).

Start with a complete upgrade of your system:

sudo apt update && sudo apt full-upgrade -y

Then reboot it; that is, we got a completely updated system in which the command

sudo apt update

should output the following:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.

Run the test - try installing the WPScan program on Linux Mint:

sudo apt install wpscan

This package is missing, so the expected failure:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package wpscan

Add Kali Linux repositories:

sudo sh -c "echo 'deb https://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list.d/kali.list"

To make sure that new repositories are added, try again to update the apt cache:

sudo apt update

The operation should fail:

Get:5 https://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease [30.5 kB]
Err:5 https://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6
Reading package lists... Done
W: GPG error: https://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ED444FF07D8D0BF6
E: The repository 'https://http.kali.org/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

This is normal – it should be so.

For the next operation, we need the gnupg package, install it:

sudo apt install gnupg

Now, in order for the system to verify Kali Linux packages, you need to add the public key of this distribution. Download it and add it with the following commands:

wget 'https://archive.kali.org/archive-key.asc'
sudo apt-key add archive-key.asc

Now you update the cache again (but at the moment DO NOT upgrade the system – otherwise everything will break and you will not be able to boot anymore):

sudo apt update

As you can see, we are invited to upgrade more than one and a half thousand packages – DO NOT do this.

Now we need to set the correct priority for packages from Kali Linux repositories: they will have a lower priority than the others, as a result, Kali Linux packages (for example, kernels) will not be installed automatically, but manually you can install any packages that you need.

Run the command:

sudo sh -c "echo 'Package: *'>/etc/apt/preferences.d/kali.pref; echo 'Pin: release a=kali-rolling'>>/etc/apt/preferences.d/kali.pref; echo 'Pin-Priority: 50'>>/etc/apt/preferences.d/kali.pref"

Or simply create the file /etc/apt/preferences.d/kali.pref with the following contents:

Package: *
Pin: release a=kali-rolling
Pin-Priority: 50

Updating the package cache again:

sudo apt update

As you can see, now the Kali Linux repository does not affect the system when it is updated:

But if we try to install WPScan, which we could not find in the repositories earlier, then now everything will be successful. Although there are nuances – the apt program will not cope with this task:

sudo apt install wpscan

The problem will be that the wpscan package has dependencies, these dependencies are present in the Kali Linux repositories, but something prevents the apt program from installing them.

Therefore, to install Kali Linux packages, we will use aptitude in a command of the form:

sudo aptitude install -t kali-rolling PACKAGE-NAME

For example, to install wpscan:

sudo aptitude install -t kali-rolling wpscan

wpscan --hh
wpscan --update

wpscan --url paysend.pro

This is the effect of Kali Linux repositories (the ability to install its programs) with minimal risk of breaking the Linux distribution into which you add new repositories.

Nevertheless, the risks remain: when installing packages, in the dependencies of which important components of the system, such as the kernel, may be present. Therefore, it is not recommended to install drivers and kernel modules from the Kali Linux repository (you can install anything from the main repositories of your Linux distribution, including video drivers and new kernels). With the vast majority of other programs should not be a problem.

Complete system conversion to Kali Linux

If you need Kali Linux, then just download the Live distribution and install it for yourself.

But there are situations when it is impossible to ‘just download and install’ - for example, when deploying Kali Linux on VPS hosting. I had to solve this problem when deploying the system to DigitalOcean. I’ll talk about this example in the next article about my experience with DigitalOcean.