Kali Linux is quickly getting traction as de facto penetration testing suite/OS for professionals and hobbyists alike. But obviously, it is not as popular as mainstream Linux distros like Ubuntu, Mint or Debian. That leaves most of pentesters in the dark when searching for the best laptop for Kali Linux. Up until now, Kali forums are filled with year-old suggestions of buying a Lenovo laptop that’s almost as old as you are. And I won’t lie – in some cases, you might aswell get that refurbished Lenovo. But maybe now is the time to get a something new?
Well, I took on the mission of finding the best Kali Linux laptops and it wasn’t pretty. Apparently, checking laptops one-by-one for their WiFi chipsets is not most fun way to spend my free time.
Now, I will skip the whole “do you really need Kali Linux” part and I’ll assume you have all the reasons in the world to install it and to buy a laptop for it.
Ok, let’s go straight to finding the holy grail of penetration testing – the best laptop for Kali Linux.
Requirements for the best Kali Linux laptop
How much power do you need?
To find the best laptop for penetration testing we need to define what exactly it will be used for.
For the most part, any laptop that runs Linux will work. You don’t need anything fancy when it comes to pentesting laptops. In the most basic sense, if Ubuntu can run on a laptop, Kali can run on it too.
You could use a Kali Live USB with persistence or dual-boot with Windows (or other Linux distro). Most likely, you’ll also need to have a couple of virtual machines (via Oracle Virtual Box, VMware or Parallels). That only requires a basic processor and a bit extra RAM. You don’t need much for capturing, probing and listening. In that case, you might want to steer away from bulky machines and towards lighter ones if your budget allows it.
Using GPU cracking is an entirely another subject. In that case, you’ll need a laptop resembling a gaming rig. Then powerful CPU and GPU will come a long way but even then there some serious issues with GPU cracking on a laptop.
We can apply basic CPU guidelines when searching for a processor.
I would steer away from laptop pre-3rd generation Intel Core processors and from Celeron/Pentium lines. These processors are only OK if you want a Chromebook-class machine. In that case, you could even use ARM CPUs that should suffice for basic MITM attacks. Though, it might take a while to load and to juggle virtual machines. Also, trying to crack long series of hashes is almost out of the question.
Apart from that, i3 and i5 processors are viable but an i7 U-series (as i7-6500U) processor would be ideal even if you want a laptop with a long battery runtime. And those that want a powerful rig should look for i7 HQ and HK series. i7-6700HQ and i7-6820HK CPUs are the most popular in 2016 laptops but their 4th and 5th generation counterparts are equally viable.
The absolute minimum should be 4 GB. And even then, I would call it a viable amount of RAM if you will be using it in-field and without virtual machines. Yes, it is possible to have a pair of VMs on 4GB but extra 4GB cost so little that there aren’t reasons why to stay on the 4GB.
8 GB is a solid starting point for laptops under $900. But 16 GB is a bit better, especially if you can go for a 15.6″ laptop above $900 price tag.
GPU is primarily used for cracking hashes using “hardware acceleration”. It’s achieved with Nvidia’s CUDA cores (there is an analogous AMD platform but laptop market is almost entirely dominated by Nvidia).
At first sight, it might seem like a good idea – mobile GPUs have been slowly catching up and closing the gap to their desktop GPU models. Also, if you don’t need to do key cracking away from a power socket – there are little downside to getting a Nvidia card with dedicated memory.
But there are reasons why separate machines with a desktop CPUs/GPUs are preferred for processing keys. First of all, they are still faster than anything you could find in a laptop. Moreover, desktop parts bring better performance for a dollar and they can be upgraded at any time.
But second and a lot more important reason is heat. Cracking with GPU can heat up your laptop rapidly and laptops are very prone to overheating. Intensive CPU and GPU tasks are an easy way to catch your laptop on fire. I’m using a 17″ laptop with an i7 CPU and a dedicated GPU and I have to clean it ~every 5 months prevent hardware throttling which severely limits performance. And guess what, there’s not much fun to unscrew dozens of screws to remove the accumulated strips of dust twice every year.
Also, don’t forget that Virtual Machines on laptops get assigned to Intel’s integrated GPU which means you can’t do GPU cracking on them as you could on a dedicated machine. Of course, you could use your host (native or Live OS) as attacker and avoid that problem altogether but that comes with its own obvious limitations.
Storage requirements can be calculated without much trouble. Assume, minimum 250GB for main host and 50GB for every virtual host. It goes without saying, that you might want and need more than 250GB on your primary host – either for additional software, a library of ISOs and VM images or even software/games/media not related to pentesting at all.
|# of VMs||250GB host||500GB host|
If you’re a beginner and/or you don’t know how many VMs you’ll need – sticking with 2 is a good starting point.
Of course, if your particular workflow demands more or less storage – adjust these numbers as you see fit. This is just a crude estimate.
As always, SSD is recommended but if you’re on a budget – go for a regular HDD. Only your boot times will suffer – though, slower boot times every time you start a virtual machine is not ideal.
Offensive Security for one of its workshops recommended to “Bring a powerful laptop with […] a fast hard drive. Bootstrapping and building ISOs will take a very long time on a machine which isn’t up to spec and you will likely be left behind”. At the same time, you’re not going DEF CON or Kali Linux workshops. But even then, SSDs have a lot of advantages over HDDs: durability, no need to defragment, better resistance to damage and (somewhat) to temperature.
You probably know all the reasons to get an SSD – but it still depends on your budget and whether that can match your storage requirements. You could get a laptop with multiple hard drive bays or M.2 slots but then you’ll need to make compromises on weight and battery life.
You’ll probably need a Wi-Fi chip with monitoring and injection mode and either “ac” (some are not fully supported) or “b/g/n”. Sadly, this is not always an option and even if there is a decent WiFi card – you could get better results with an external solution.
You can buy a pretty decent adapter (that just plugs into one of the USB ports on any side) for around $20-$40. I’ll cover additional hardware and peripherals later on in this guide
Also, it’s quite obvious that we should prefer WiFi cards with higher maximum bandwidth. But if you’ll be using an external WiFi adapter – you can just ignore this feature. Even if you’ll be using internal WiFi for hosting an “unsuspecting client” – it will not need that much bandwidth.
I don’t know much about using Bluetooth for pentesting but I see no reason why you should get a laptop with it, especially when most laptops come with Bluetooth 4.0.
Ethernet port is one of the few ports that you should care about. Bandwidth-dependant penetration testing will benefit greatly from a 1 Gbps network port. Sadly, a lot of laptops, especially those under 15 inches are sacrificing this fat port for a thinner frame. These laptops usually have some sort of USB-to-Ethernet adapter but apart from USB 3.1, these might not take full advantage of possible speeds over a fiber connection. And even then, LAN chips that need an adapter rarely go up to 1 Gbps.
Having multiple USB ports is a plus. 4 USB ports would be ideal but 3 should suffice in most cases. And contrary to recent trends, having only a single USB 3.1 Type C port is a no-no when it comes to pentesting.
Whether you need a long battery life depends entirely on your type of pentesting. As a default, unlesss you’re going for a 17″ gaming-class rig with a top-of-the-line GPU, I’d say you should pay attention to battery performance.
Battery life is crucial for in-field laptop use and wardriving.
Removable battery is a big fat plus. Then we could get additional batteries directly from China.
If you prefer to take a 17″ machine to work every day – then you can skip this section entirely.
Machines with used to work with hashes (using GPU) will need very good ventilation. And good air circulation goes hand in hand with additional air paths and bulky frames in general. That’s why, unless you’re OK with having a desktop-replacement type of machine, you should not use your laptop for GPU cracking. It’s OK for short key lists but for large datasets you’d save a lot of time by feeding these hashes into a desktop PC.
Meanwhile, other, more lightweight types of pentesting, do not demand a lot of well-performing hardware. In that case, you could get away with buying an ultrabook or even a (fanless!) netbook.
In short, if you’ll need to crack keys – you should get a machine that has enough vents and can handle the heat it produces. In other cases – you’re in the clear.
Best laptops for Kali Linux
There are quite a few laptops on shops dedicated for Linux. Another option is to go for a laptop pre-installed with Ubuntu. System76 is best known sellers of these laptops (which generally are just rebranded Clevos). These might be good if you want a problem-free installation and you don’t need long battery life.
For basic pentesting, even Chromebooks like Toshiba Chromebook 2 on Kali can work out just fine. If you’re feeling expermental and you need a basic pentesting laptop – you can go for an ARM Chromebook as there are guides for booting Kali Linux on ARM machines.
Going for Google Pixel is also an option but you might need to work out a few issues first. And anyways, at that price point, I would suggest looking at other laptops – Google Pixel excels at display quality which might not be a good enough reason for pentesters to pay a hefty premium.
There’s a special place for older Lenovo ThinkPads in pentesting hall of fame. This popular model has a screen of just the right size (14″) for work and in-field work. 3 USB ports for multiple adapters + mouse, Gigabit Ethernet, and 802.11a/g WiFi.
Though, even the classic laptops do not age well. 1366×768 resolution is definitely one of the laptop’s weakest points. Also, lack of USB 3.0 ports is another pain-point for any laptop in 2016. But these specs are not critical for working with Kali Linux and anyways, you can’t get a perfect laptop under $300.
Overall, considering its price, it is a better option than Chromebooks and other Windows laptops you could find at this price. It’s a very easy option if you’d like to keep your budget under $400 and you’re OK with T420’s low resolution. If you end up going for this model, I suggest upgrade up to 8GB RAM and preferably to a larger SSD. Or you could get a version with 8GB and 320GB HDD
One of the best laptops in $700. It has a good enough processor and 8GB of RAM for multiple VMs and a good battery life. Sadly, the battery is integrated which might not be ideal when working “in-field”.
It can be upgraded to have more storage – though you’ll need to replace its hard drive instead of adding another one. This laptop should be assembled very similarly to Acer V3-575G which can be seen dissasembled for RAM/SSD upgrade here. Judging from its drivers, it comes with either Intel WLAN or Atheros NFA435. Both are very likely to be supported in Linux and Atheros model is very likely to support monitor mode and packet injection after installing custom Atheros drivers. It also has Gigabit Ethernet and 4 USB ports (USB 3.1C, 2x USB 3.0, USB 2.0)
Overall, a great machine with its limited storage and lack of replaceable battery being the only caveats.
This is a desktop replacement if I have seen one. Actually, there are a few even more desktop-ish laptops but this one seems to be a bit more balanced.
It has an actual desktop i7-6700K CPU and 256GB Samsung Pro PCIe SSD and 1 TB 7200RPM hard drive. It uses Killer Wireless N1535 which uses Qualcomm Atheros chipset which is a good sign for any Linux user. And there have been reports of Killer Wireless chips supporting packet injection which is even better news for Kali Linux users. Wireless chip is connected via M.2 port so you could even easily and cheaply replace it with any other if this particular one doesn’t actually support monitor mode (which is unlikely).
If you would like to have more than an hour of battery life – check out CybertronPC Matrix which has the same GPU but a bit weaker Intel i7-6820HK CPU. It also has Gigabit ethernet and 4 USB 3.0 ports. Though you might need to use an external Wi-Fi adapter for that one.
MacBooks for Kali Linux
MacBook Air is one of the best laptops for its battery life and portability. Its storage and RAM can be limiting if you go beyond a couple of VMs but for everything else (excluding GPU cracking) it’s just fine.
Until Apple releases a new series of MacBook Pros, this is the best one when it comes to delivering good performance with above-average battery life.
You can use Parallels to host several instances of Kali Linux and there’s nothing stopping you from using it as your main laptop for everyday use.
Depending on what you want to do specifically, you might need to buy 2 Wi-Fi adapters (or use internal and external USB adapter). There are a few options:
- [$14] TP-LINK TL-WN722N is the cheapest adapter with external antenna, flawless Kali and Ubuntu compatibility. It uses Atheros AR9271 chipset which supports packet injection and monitor mode.
- [$30] Alfa AWUS036H – a known brand in the industry. Comes with a better antenna and 256 bit WEP support (not a necessity in most cases). But it has a limit of 54Mbps. Not officially compatible with Windows 8.1 and Windows 10 if you’re going to use Windows to host Kali.
- [$100] WiFi Pineapple Nano – 2 Atheros radios
Any decent Class 1 adapter for long-range or Class 3 for short-range scanning should suffice.
You might also want an NFC adapter, RFID reader/Writer or a Software Defined Radio device like bladeRF but all of that is extra and I’m in no position to recommend a particular device or brand.