Downloading the Kali Linux is quite easy except verifying Kali Linux ISO. Before you use Kali Linux and Install it, you should verify that you’re going to use actually is Kali Linux or something modified by Hackers. Hackers can do anything with your download, therefore you should Verify Kali Linux ISO with SHA256sum key.
Only downloading the Kali Linux via the official website reduces the risk somewhat but not totally. An attacker can use a “man-in-the-middle” attack to modify your download, therefore you must browse the website having a trusted SSL certificate. However, Chrome will not allow you to browse, so don’t worry about that.
Verify Kali Linux ISO with SHA256sum
Once you’ve downloaded the Kali Linux image, you can verify it with the SHA256sum hash file. It can be verified using one of the methods below.
I always recommend you should download the Kali Linux image via Torrent. Once you’ve downloaded the Image from Torrent, you will get Hash File as well. To verify an image with the given hash file follow the below steps.
1. First of all, Open the Kali Linux downloaded folder then hold the shift key and hit the right-click, then open PowerShell or Command Prompt, or whatever your Windows shows in options.
2. Now type the command certutil -? to check if it this Installed on your PC.
3. Next, type the command “certutil -hashfile kali-linux.iso sha256”, replace the Kali-Linux with downloaded Kali Linux ISO image file name.
4. In order to verify MD5 and SHA1 hash, you can type MD5 or SHA1 at the last of the command like this. certutil -hashfile kali-linux.iso MD5
5. This will calculate the SHA256 Hash key and show you the result. Now compare this key with the SHA256sum key text file(Can open with Notepad) you downloaded along with Kali Image.
6. Once you’ve verified keys, Congratulations, you have downloaded actually is Kali Linux.
Verify Kali Linux SHA256sum using Gpg4win
1. First, Download Gpg4Win Here, and Install on your PC.
2. Once Installation is finished, Go to the Kali Linux folder you downloaded.
3. Right Click on the Kali Linux.iso and select More GpgEX options>Create Checksums.
4. This will generate the Sha256sum.txt file, you can open this file to get a key.
5. Now you can match this key with downloaded key.
Hopefully, You can verify Kali Linux ISO using these methods. Once you have verified the Kali Linux Image file, you can install it on your PC. If you want to install Kali Linux with Windows 10, So this is something for you: How to Install and Dual Boot Kali Linux with Windows 10