Making sure that the operating system on which we are running Metasploit is trustworthy is our first step, so we will start by learning how to download Kali Linux and check for image integrity.
To download Kali Linux, you can go to the official download page and follow the first download link on that page.
In the right-hand side column, you will find the SHA 256 checksum for the image you have downloaded. The checksum is designed to verify data integrity using SHA-256 (the SHA-2 family with a digest length of 256 bits). To check the image file, you can use the built-in shasum
command if you are on a Mac or a Unix/Linux system, or download a tool such as QuickHash GUI, which has a graphical interface and is available for Linux, Windows, and Mac.
Then, compare the hash on the left with the corresponding hash in the sha256SUM column; if both hashes match, then the downloaded image is almost certainly intact.