This tool provide an easy way to deploy a clean pentesting environment with Kali linux using vagrant and virtualbox.
I assume you are familiar with openstack and vagrant.
Latest pentest-env release is tested with:
- Virtualbox (4.3.30)
- Vagrant (1.7.4)
- http://ftp.sliim-projects.eu/boxes/kali-2.0-amd64.box
- http://ftp.sliim-projects.eu/boxes/kali-2.0-light-amd64.box
Fresh install from kali.org
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Authorized keys for
rootuser are stored inssh-keys/directory (no passphrase). - Enabling
rpcbindandsshservices at boot.
Please don’t forget to read security warning below !
You will need rake and berkshelf for vm provisionning, you can install it with rubygems:
gem install rake berkshelfClone pentest-env repository and its submodules:
git clone https://github.com/Sliim/pentest-env.git
cd pentest-env/
git submodule init
git submodule updateOr in one line:
git clone https://github.com/Sliim/pentest-env.git --recursiveInstall cookbooks dependencies:
rakePentest-env works with Vagrant, so all you need to know is to use basic vagrant features :) To run kali instance:
vagrant up kaliSince Pentest-env 0.5.0, customizations are stored in $HOME/.pentestrc file as YAML format.
An example of configuration file is available at the root of this repository named pentestrc.example
You can copy and edit it for your needs:
cp pentestrc.example ~/.pentestrcHere is a minimal configuration:
scripts_path: ~/.pentest.d/scripts
targets_path: ~/.pentest.d/targets
targets: []This setup set your scripts and targets directories used by pentest-env.
It also set an empty target list.. if you just want to run a Kali instance..
You can perform many customizations on kali linux instance.
Just add kali key in your $HOME/.pentestrc, below the availables customizations:
packages- An array of apt packages to installcommands- List of command to run as inline shell scriptscripts- List of scripts to execute. They must be located inscripts_pathdirectorysynced_folders- Hash for forlders to sync with the instance
Example:
kali:
packages: [git-core]
commands:
- curl https://opscode-omnibus-packages.s3.amazonaws.com/debian/6/x86_64/chef_12.0.3-1_amd64.deb -o chef.deb && sudo dpkg -i chef.deb
scripts: [openvas.sh]
synced_folders: {data: /pentest}You can easily deploy targets with your kali instance. Pentest-env comes with some targets ready to use:
dvwa- DVWA (Damn Vulnerable Web Application) - http://www.dvwa.co.uk/vicnum- OWASP Vicnum - https://www.owasp.org/index.php/Category:OWASP_Vicnum_Projectgruyere- Google Gruyere - http://google-gruyere.appspot.com/bricks- OWASP Bricks - https://www.owasp.org/index.php/OWASP_Brickswebgoat- OWASP WebGoat - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
To setup targets to deploy, edit your $HOME/.pentestrc and set the targets list:
targets: [dvwa vicnum]You can add your own targets in your targets_path directory and use them in your targets list.
Targets instance can be customized same as the kali instance, use the target’s name as a key in your configuration file to customize the targets:
dvwa:
packages: [git-core]
vicnum:
packages: [git-core]chef-solo is used as the provisioner. You need to init git submodules to provision your
Kali with provided roles in pentest-chef-repo. If this submodule is missing, kali
provisioning will be ignored.
You can add/remove some roles to you Kali linux by editing the provisioning section in Vagrantfile
For example:
kali.vm.provision :chef_solo do |chef|
...
chef.add_recipe('apt')
chef.add_role('kali-full')
chef.add_role('faraday')
endSee pentest-chef-repo for a detailed list of available roles.
Hostonly connection will be reset at first vm creation. To resolve this, disconnect connection in gui mode and run in your vagrant directory:
vagrant reload kaliIf you have the following message when you run apt-get update:
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.kali.org kali/updates Release: The foll
owing signatures were invalid: KEYEXPIRED 1425567400 KEYEXPIRED 1425567400 KEYEXPIRED 1425567400
You need to update your kali-archive-keyring:
rm -rf /var/lib/apt/lists
apt-get update
apt-get install kali-archive-keyring
Source: https://forums.kali.org/showthread.php?24687-Problem-with-apt-get-update
pentest-env boxes are also availables in my atlas profile: https://atlas.hashicorp.com/Sliim
- Kali linux 1.0: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0-amd64.box
VirtualBox 4.2.10Vagrant 1.0.7
- Kali linux 1.0.4: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0.4-amd64.box
VirtualBox 4.2.16Vagrant 1.2.7
- Kali linux 1.1.0: http://ftp.sliim-projects.eu/boxes/kali-1.1.0-amd64-en-layout.box
VirtualBox 4.3.20Vagrant 1.7.1
- Kali linux 2.0: http://ftp.sliim-projects.eu/boxes/kali-2.0-amd64.box
VirtualBox 4.3.30Vagrant 1.7.4
- Kali linux 2.0 light: http://ftp.sliim-projects.eu/boxes/kali-2.0-light-amd64.box
VirtualBox 4.3.30Vagrant 1.7.4
Provided boxes are fresh install of Kali linux with some changes:
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Installation of
chefpackage for provisioning. vagrantuser was created for provisionning (Password:tnargav).admingroup don’t require password for sudo.vagrantuser is inadmingroup.- Authorized keys for
vagrantuser are stored inssh-keys/directory (no passphrase). - Enabling
rpcbind,nfs-commonandsshservices at boot.
Fresh install from http://cdimage.kali.org/kali-latest/amd64/kali-linux-1.0.4-amd64-mini.iso
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Installation of
chefpackage for provisioning. - Authorized keys for
rootuser are stored inssh-keys/directory (no passphrase). - Enabling
rpcbind,nfs-commonandsshservices at boot. - Modified /etc/issue for vagrant os detection.
- MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.
Fresh install from http://cdimage.kali.org/kali-1.1.0a/kali-linux-1.1.0a-amd64.iso
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Authorized keys for
rootuser are stored inssh-keys/directory (no passphrase). - Enabling
rpcbind,nfs-commonandsshservices at boot. - Modified /etc/issue for vagrant os detection.
- MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.
Fresh install from http://cdimage.kali.org/kali-2.0/kali-linux-2.0-amd64.iso
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Authorized keys for
rootuser are stored inssh-keys/directory (no passphrase). - Enabling
rpcbindandsshservices at boot.
Fresh install from http://cdimage.kali.org/kali-2.0/kali-linux-light-2.0-amd64.iso
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Authorized keys for
rootuser are stored inssh-keys/directory (no passphrase). - Enabling
rpcbindandsshservices at boot.
Virtual machine boot with sshd service running and may cause some security issues:
- Bridged network is enabled by default.
- Default root password of this box is insecure (toor).
- Vagrant user is insecure
- Private key stored in
ssh-keys/. - Password known (
tnargav). - User in sudoers with no password required.
- Private key stored in
Virtual machine boot with sshd service running and may cause some security issues:
- Bridged network is enabled by default.
- Default root password of this box is insecure (toor).
Same as Kali linux 1.0.4
Same as Kali linux 1.1.0
See COPYING file