This tool provide an easy way to deploy a clean pentesting environment with Kali linux using vagrant and virtualbox.
I assume you are familiar with virtualbox and vagrant.
Tested with:
- Virtualbox (4.2.16)
- Vagrant (1.2.7)
- vagrant-berkshelf (for targets deployment)
- Kali linux 1.0: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0-amd64.box
- VirtualBox 4.2.10
- Vagrant 1.0.7
- Kali linux 1.0.4: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0.4-amd64.box
- VirtualBox 4.2.16
- Vagrant 1.2.7
Provided boxes are fresh install of Kali linux with some changes:
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Installation of
chefpackage for provisioning. vagrantuser was created for provisionning (Password:tnargav).admingroup don’t require password for sudo.vagrantuser is inadmingroup.- Authorized keys for
vagrantuser are stored inssh-keys/directory (no passphrase). - Enabling rpcbind, nfs-common and ssh services at boot.
Fresh install from http://cdimage.kali.org/kali-latest/amd64/kali-linux-1.0.4-amd64-mini.iso
- Installation of linux kernel headers for vbox guest additions.
- Installation of virtualbox guest additions.
- Installation of
chefpackage for provisioning. - Authorized keys for
rootuser are stored inssh-keys/directory (no passphrase). - Enabling rpcbind, nfs-common and ssh services at boot.
- Modified /etc/issue for vagrant os detection.
- MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.
Please don’t forget to read security warning below !
vagrant plugin install vagrant-berkshelfgit clone https://github.com/Sliim/pentest-env.git
cd pentest-env
vagrant up kalivagrant up kaliYou can perform many customizations when deploying a kali linux instance.
Customizations are located in custom/ directory.
Below available customizations:
custom/packages
Allow user to set a package list to install in Kali linux. Puts in this file some packages you want to install after kali linux deployed. These packages are installed with debian package manager (apt).
custom/synced_folders
Allow user to set a list of directories to sync in Kali linux.
Puts in this file your host directories you want to sync with kali linux.
File format is simply a ruby Hash, for example, to sync $HOME/.pentest-env into /root/data, custom file look like:
{
ENV["HOME"] + "/.pentest-env" => "/root/data"
}custom/scripts/
Allow user to execute some scripts after Kali linux deployed.
Each files into custom/scripts/ will be executed on the guest with vagrant shell provisionning.
You can easily deploy targets with your kali instance.
To setup targets, edit custom/targets (create if not exists) and set one target per line you want to deploy.
$ cat custom/targets
gruyere
vicnumHere two virtual machines will be deployed with a gruyere and a vicnum instance ready to use.
To deploy Kali linux and targets:
vagrant upAvailable targets are:
dvwa- DVWA (Damn Vulnerable Web Application) - http://www.dvwa.co.uk/vicnum- OWASP Vicnum - https://www.owasp.org/index.php/Category:OWASP_Vicnum_Projectgruyere- Google Gruyere - http://google-gruyere.appspot.com/bricks- OWASP Bricks - https://www.owasp.org/index.php/OWASP_Brickswebgoat- OWASP WebGoat - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Hostonly connection will be reset at first vm creation. To resolve this, disconnect connection in gui mode and run in your vagrant directory:
vagrant reload kaliVirtual machine boot with sshd service running and may cause some security issues:
- Bridged network is enabled by default.
- Default root password of this box is insecure (toor).
- Vagrant user is insecure
- Private key stored in
ssh-keys/. - Password known (
tnargav). - User in sudoers with no password required.
- Private key stored in
Virtual machine boot with sshd service running and may cause some security issues:
- Bridged network is enabled by default.
- Default root password of this box is insecure (toor).
See COPYING file