The Kali Linux distribution is based on Debian Testing. Therefore, most of the Kali packages are imported, as-is, from the Debian repositories. In some cases, newer packages may be imported from Debian Unstable or Debian Experimental, either to improve user experience, or to incorporate needed bug fixes.
In order to implement some of Kali’s unique features, we had to fork some packages. The Kali development team strives to keep such packages to a minimum by improving the upstream packages whenever possible, either by integrating the feature directly, or by adding the required hooks so that it’s straightforward to enable the desired features without further modifying the upstream packages themselves.
Each package forked by Kali is maintained in a Git repository with a “debian” branch so that updating a forked package can be easily done with a simple git merge debian in its master branch.
Beyond this, Kali incorporates many additional packages which are specific to the penetration testing and security auditing field. The majority of these packages constitute “free software” according to Debian’s Free Software Guidelines. Kali intends to contribute those packages back to Debian and to maintain them directly within Debian.
To facilitate this, Kali packaging strives to comply with the Debian Policy and follow the best practices in use in Debian.