# Software Management

Software, packages, and binaries are important aspects of Linux. When performing penetration testing, we often need to find, download, and remove tools from our system regularly. Learning the basics of adding and removing software using common package management techniques, such as **apt** for Debian-based distributions (**dnf** for Fedora, **pacman** for Arch), **git**, **dpkg**, and **pip** for Python libraries, is an essential skill. In this section, we will explore software management in Linux.

## What is Repository?

A repository, in the context of Linux, is a storage location from which software packages are retrieved and installed on a system. An APT repository, specifically, is used by Debian-based distributions like Ubuntu (or Kali in our case), where packages are managed using the Advanced Package Tool (APT). These repositories contain deb (short for debian) packages and metadata, allowing users to easily install, update, and manage software. Other commonly used repositories in Linux include `YUM/DNF1` repositories for RPM-based distributions like Fedora and CentOS, `Pacman` repositories for Arch Linux, and `snap or Flatpak` repositories, which provide universal packages across different distributions. Each repository type serves as a centralized source for software distribution and updates.

## APT

An APT repository is a centralized storage location containing software packages and metadata for Debian-based Linux distributions like Ubuntu or Kali. It uses the Advanced Package Tool (APT) to manage `.deb` packages, enabling users to install, update, and remove software seamlessly. Repositories are categorized as main, restricted, universe, and multiverse, depending on the software's licensing and support. APT repositories are accessed via sources listed in the `/etc/apt/sources.list` file, and tools like `apt-get` or `apt` interact with them to resolve dependencies and fetch packages. They ensure secure, efficient software management through signed packages and regular updates.

### Locating a Package

Prior to downloading a software package, you can verify its availability in your repository—a centralized database where your operating system maintains software information. The APT tool includes a search feature that allows you to determine if the desired package is accessible. The syntax for this operation is simple and intuitive

APT uses a database called the APT cache. This is used to provide information about packages installed on our system offline. We can search the APT cache, for example, to find all nginx related packages.

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ apt-cache search nginx

┌──(kali㉿kali)-[~/Desktop]
└─$ apt search nginx
```

In Linux, particularly on Debian-based systems like Ubuntu or Kali, the commands `apt-get update` and `apt-get upgrade` play crucial roles in managing software packages. The `apt-get update` command refreshes the local package index by fetching the latest information from the configured repositories. This ensures your system is aware of the newest versions of packages and their dependencies, but it does not install or upgrade any software. On the other hand, `apt-get upgrade` installs the latest versions of all currently installed packages available in the repositories. This command upgrades packages to their newest versions while preserving existing configurations. Together, these commands help keep your system secure, up-to-date, and functioning efficiently by ensuring you have access to the latest software updates and security patches.

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt-get update  

┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt-get upgrade

## One liner:
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt-get update && sudo apt-get upgrade -y
```

{% hint style="info" %}
**One Liner Explanation**:

The `sudo apt-get update` command refreshes the package list from repositories to ensure the latest versions are available. The `sudo apt-get upgrade -y` command installs all available updates for installed packages, automatically confirming the process with `-y`.
{% endhint %}

### Installing Software Packages

To install software from your operating system’s default repository via the terminal, use the `apt-get` command, followed by the `install` keyword and the name of the desired package. The syntax is as follows:

```bash

┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt-get install nmap -y

```

To check all installed packages

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ apt list --installed      
```

### Removing Software Packages

In Debian-based Linux distributions, the `remove` and `purge` commands are used to uninstall packages, but they differ in how they handle configuration files. The `remove` command uninstalls a package while keeping its configuration files intact, which can be useful if you plan to reinstall the software later and retain its settings. For example, `sudo apt-get remove <package-name>`. On the other hand, the `purge` command completely removes the package along with its configuration files, ensuring no traces are left behind. This is ideal for a clean, thorough uninstallation. For example, `sudo apt-get purge <package-name>`. Use `remove` for partial uninstallation and `purge` for a complete cleanup.

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt-get remove nmap ## Partial Cleanup

┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt-get purge nmap ## Complete Cleanup
```

## Additional Package Managing Tools

### Dpkg

`dpkg` is a low-level package manager for Debian-based Linux systems like Ubuntu or Kali, used to install, remove, and manage `.deb` packages. It works directly with individual `.deb` files but does not resolve dependencies automatically. To install a `.deb` package, use:

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo dpkg -i <package-name.deb>
```

To remove a package, use:

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo dpkg -r <package-name>
```

For complete removal, including configuration files, use:

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo dpkg --purge <package-name>
```

For practice visit [here](https://discord.com/api/download?platform=linux\&format=deb) and download `.deb` file for Discord Desktop Client and practice dpkg.

{% hint style="info" %}
**Note**:

If we have `.deb` file, we can either use dpkg or use apt itself as well.

`sudo apt install ./discord-0.0.80.deb`
{% endhint %}

### Pip

`pip` is the standard package management tool for Python, designed to install, manage, and uninstall Python packages from the **Python Package Index (PyPI)** or other repositories. It simplifies the process of adding third-party libraries and tools to your Python environment. To install a package, use

```jsx
┌──(kali㉿kali)-[~/Desktop]
└─$ pip install <package-name>

```

To remove a package, use:

```jsx
┌──(kali㉿kali)-[~/Desktop]
└─$ pip uninstall <package-name>

```

You can also list installed packages with:

```jsx
┌──(kali㉿kali)-[~/Desktop]
└─$ pip list  
```

## **Adding Repositories to Your `sources.list` File**

The servers that host software for specific Linux distributions are known as **repositories**. Nearly every Linux distribution has its own repositories, which contain software specifically developed and configured for that distribution. While these repositories often include similar software, they may have different versions or entirely different packages. This means that software from one distribution's repository might not work well—or at all—with another distribution.

In Kali Linux, the primary repository is tailored for security and hacking tools. However, since Kali focuses on these areas, it may lack some general-purpose or specialized software. To address this, you can add additional repositories to your system. These backup repositories will be searched if the desired software isn't found in the Kali repository.

The repositories your system searches for software are defined in the **`sources.list`** file. You can edit this file to specify which repositories your system should use. For example, I often add the **Debian or Ubuntu repositories** after the Kali repositories in my `sources.list` file. This way, when I request a software package, the system first checks the Kali repository. If the package isn't found there, it then searches the Debian or Ubuntu repository.

You can locate the `sources.list` file at **`/etc/apt/sources.list`** and open it with any text editor. For instance, you can use **Nano** to edit the file. To open the file, enter the following command in your terminal, replacing `nano` with your preferred text editor:

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ nano /etc/apt/sources.list
```

#### Repository Categories in Linux Distributions

Many Linux distributions, such as Ubuntu and Debian, categorize their repositories. For example, Ubuntu organizes its repositories into the following categories:

* **main**: Contains supported open-source software.
* **universe**: Contains community-maintained open-source software.
* **multiverse**: Includes software restricted by copyright or legal issues.
* **restricted**: Contains proprietary device drivers.
* **backports**: Offers packages from later releases.

It’s generally not recommended to use **testing**, **experimental**, or **unstable** repositories in your `sources.list` file. These repositories may contain untested or unstable software that could potentially break your system.

When you request a software package, your system searches through the repositories listed in `sources.list` in the order they appear. It stops searching as soon as it finds the desired package. Therefore, it’s important to ensure that any added repositories are compatible with your system. Since Kali is based on Debian, Debian repositories are generally compatible with Kali.

Add the following to`sources.list` file:

```bash
deb [arch=amd64] http://packages.microsoft.com/repos/vscode stable main
```

After saving the file, you can install Visual Studio Code using the following commands:

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt update ## Refresh the repo to get info about VSCode
┌──(kali㉿kali)-[~/Desktop]
└─$ sudo apt install code ## Installing VSCode: it's referred as "code" in repository
```

## Installing Softwares with Git

Sometimes the software you need may not be available in any repositories—especially if it’s newly developed—but it might be hosted on **GitHub** (<https://github.com/>), a platform where developers share their projects for others to download, use, and contribute to. For example, if you’re looking for a tool like `hydra`, a brute-force related tool, and it’s not available in your distribution’s repository (*assume that it's not available*), you can search for it on GitHub by entering `Hydra` in the search bar. If the project exists, you’ll see its repository in the search results.

Once you’ve located the software on GitHub, you can install it via the terminal using the `git clone` command followed by the repository’s URL.

```bash
┌──(kali㉿kali)-[~/Desktop]
└─$ git clone https://github.com/vanhauser-thc/thc-hydra                                       
Cloning into 'thc-hydra'...
remote: Enumerating objects: 3665, done.
remote: Counting objects: 100% (1395/1395), done.
remote: Compressing objects: 100% (195/195), done.
remote: Total 3665 (delta 1272), reused 1216 (delta 1198), pack-reused 2270 (from 3)
Receiving objects: 100% (3665/3665), 3.42 MiB | 5.25 MiB/s, done.
Resolving deltas: 100% (2474/2474), done.
```

{% hint style="info" %}
While Git is a vast topic on its own, here we only explain how to clone a repository hosted on GitHub to your local system.&#x20;

After cloning, the installation guide for the tool can be found in the **README.md** file within the repository. Make sure to read it before proceeding.
{% endhint %}

After cloning the repository in local system, I can `cd` to it and read **README.md** file for installation guide:

<figure><img src="/files/sdM2VTL9lmvBKdX390Hm" alt=""><figcaption></figcaption></figure>

```bash
┌──(kali㉿kali)-[~/Desktop/thc-hydra]
└─$ ./configure # Checks system dependencies and generates the necessary Makefiles for compilation

┌──(kali㉿kali)-[~/Desktop/thc-hydra]
└─$ make # Compiles the source code into an executable binary based on the Makefile

┌──(kali㉿kali)-[~/Desktop/thc-hydra]
└─$ make install # Copies the compiled binaries and other necessary files to system directories for global use
```

***

Experiment with all the topics covered in this section to become comfortable with managing software and tools in Linux. Try locating tools, installing them using different methods, and removing them to reinforce your understanding.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://handbook.ncateam.xyz/fundamentals/linux/software-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.