# Kali Linux - VM ![](/files/y89lfz56sL6AOB5Kzoi7) [Kali Linux](https://www.kali.org/) *** ## 🌐 Resources 🔗 > * [Kali docs](https://www.kali.org/docs/) > * [kali-meta | Kali Linux Tools](https://www.kali.org/tools/kali-meta/) *** ## [First Install - Virtual Machine](https://www.kali.org/docs/installation/hard-disk-install/) * Create a new Virtual Machine in VMWare with preferred specs: * Processors: `1 CPU - 4 Cores` * RAM Memory: `8 GB` * Hard Disk: `60 GB` (basic install and updates take around `15 to 20 GB`) * CD: use the Kali Installer .iso image file - [Download here](https://www.kali.org/get-kali/) - and check *Connect at power on* * Network: set it as `NAT` * Edit the Virtual Machine Settings and go to **Options** menu * **Advanced** * Set Firmware type to `UEFI` * Boot the virtual machine and proceed with the [Kali Installation](https://www.kali.org/docs/installation/hard-disk-install/) ![](/files/jFUMVCM9EYrvXYwGf2Fu) ![](/files/hRrx6yLs5BqrpN51QTcF) *** ## First Boot & [Update](https://www.kali.org/docs/general-use/updating-kali/) * Boot Kali Linux * Open the Terminal and run the command ```bash sudo apt update && sudo apt full-upgrade -y && sudo apt -y autoremove ``` > * **`full-upgrade`** performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole. > * This command will upgrade the system to the latest Kali version. > * Tips from the [Updating Kali](https://www.kali.org/docs/general-use/updating-kali/) post: > * ❗ *You should be checking for updates every few weeks* > * 📌 *A good practice is that you ensure **all tools work before an engagement** and during that engagement you should not update* * Reboot the system ```bash reboot ``` * Customize Kali and finish off the setup using `kali-tweaks` if necessary ```bash kali-tweaks ``` ![kali-tweaks](/files/7wqh4OsuZ3t2iG8t36V4) * Stop the VM and take a VM Snapshot *** ## Configurations ### Basic config ```bash # Timezone for "Europe/Rome" sudo unlink /etc/localtime sudo ln -s /usr/share/zoneinfo/Europe/Rome /etc/localtime sudo timedatectl set-timezone "Europe/Rome" # Change "root" user password sudo passwd root # Disable Password prompt for sudo group sudo sed -i.bak 's/%sudo\s\+ALL=(ALL:ALL) ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/' /etc/sudoers # Set GRUB Timeout sudo sed -E '/^GRUB_TIMEOUT=/s/=(.*)/=1/' -i /etc/default/grub sudo update-grub ``` ### SSH keys * **Host SSH keys** - resets the host's SSH identity and **enables SSH** (disable if not necessary) * **User SSH key pair** - creates a new personal SSH login key * **Add to ssh-agent** - loads the key for automatic use ```bash # Host ssh keys sudo /bin/rm -v /etc/ssh/ssh_host_* sudo dpkg-reconfigure openssh-server sudo systemctl enable --now ssh # User ssh key pair cd mkdir -p $HOME/.ssh cd $HOME/.ssh ssh-keygen -t ed25519 # Type a secure passphrase when asked chmod 700 $HOME/.ssh chmod 600 $HOME/.ssh/* # Add the SSH private key to the ssh-agent eval "$(ssh-agent -s)" && ssh-add $HOME/.ssh/id_ed25519 ``` *** ### Install [JetBrainsMono Nerd Font](https://www.nerdfonts.com/font-downloads) ```bash # Install etBrainsMono Nerd Font cd mkdir -p $HOME/.local/share/fonts cd $HOME/.local/share/fonts curl -fLO https://github.com/ryanoasis/nerd-fonts/releases/latest/download/JetBrainsMono.zip unzip JetBrainsMono.zip rm JetBrainsMono.zip fc-cache -fv cd ``` ### [Terminator](https://github.com/gnome-terminator/terminator) ```bash sudo apt install -y terminator ``` * Config file -> `$HOME/.config/terminator/config` * Make sure to have already installed the necessary font ```bash rm -f "$HOME/.config/terminator/config" mkdir -p "$HOME/.config/terminator" && touch "$HOME/.config/terminator/config" # Basic layout with maximized windows, custom font, infinite scrollback, no transparency cat > "$HOME/.config/terminator/config" << 'EOF' [global_config] window_state = maximise putty_paste_style = True [keybindings] [profiles] [[default]] font = JetBrainsMono Nerd Font Mono 16 foreground_color = "#f6f5f4" show_titlebar = False scrollback_infinite = True disable_mousewheel_zoom = True use_system_font = False [layouts] [[default]] [[[window0]]] type = Window parent = "" [[[child1]]] type = Terminal parent = window0 [plugins] EOF ``` * From the `Default Applications / Utilities` menu, set `terminator` as the default terminal to use ![](/files/zo1lzJGz5MoBQWxq4wNl) ```bash sudo update-alternatives --config x-terminal-emulator ``` ![](/files/KGPPfRMUeOkf012x299P) * [Terminator Shortcuts here](/home/operating-systems/linux/tools/terminator-shortcuts.md) * ⌨️ `CTRL+ALT+T` is a keyboard shortcut already configured in Kali. It should open the `terminator` with your configured layout. ### Zsh & Oh-My-Zsh > Follow the guide here to setup `ZSH` with `Oh-My-Zsh` - [Zsh & Oh-My-Zsh - syselement](/home/operating-systems/linux/tools/zsh.md) and some useful aliases *** ## Personal Kali Config ```bash # KALI Linux XFCE Theme mod cd echo -ne "\n--------Kali Theme Mod--------\n" ## Login: Kali-Dark + Wallpaper + User sudo apt install kali-wallpapers-2020.4 sudo ln -sf /usr/share/backgrounds/kali/kali-neon-16x9.png /usr/share/desktop-base/kali-theme/login/background sudo sed s:"Kali-Light":"Kali-Dark":g -i /etc/lightdm/lightdm-gtk-greeter.conf sudo sed '/#greeter-hide-users=false/s/^#//g' -i /etc/lightdm/lightdm.conf ## Desktop Wallpaper xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitorVirtual1/workspace0/last-image --create -t string -s /usr/share/backgrounds/kali/kali-neon-16x9.png ## Show Panel on primary display xfconf-query -c xfce4-panel -p /panels/panel-1/output-name --create -t string -s "Primary" ## Turn Numlock ON xfconf-query -c keyboards -p /Default/Numlock --create -t bool -s true ## Disable Display sleep and Disable Screensaver xfconf-query -c xfce4-screensaver -p /lock/enabled -n -t bool -s true xfconf-query -c xfce4-screensaver -p /lock/saver-activation/enabled -n -t bool -s true xfconf-query -c xfce4-screensaver -p /saver/enabled -n -t bool -s false xfconf-query -c xfce4-screensaver -p /saver/fullscreen-inhibit -n -t bool -s true xfconf-query -c xfce4-screensaver -p /saver/idle-activation/enabled -n -t bool -s false xfconf-query -c xfce4-screensaver -p /saver/mode -n -t int -s 0 xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-enabled -n -t bool -s false xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -n -t int -s 0 xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -n -t int -s 0 xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/general-notification -n -t bool -s true xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/lock-screen-suspend-hibernate -n -t bool -s true xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/power-button-action -n -t int -s 3 xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-panel-label -n -t int -s 0 xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-tray-icon -n -t bool -s false ``` ```bash ## Set Keybindings - Print, Alt+Shift+S, Win+E, Alt+T ## cp "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.bak" # Insert the following lines under the first awk ' found == 0 && // { print; print " "; print " "; print " "; found = 1; next; } { print } ' "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" > /tmp/xfce4-keyboard-shortcuts.xml && \ mv /tmp/xfce4-keyboard-shortcuts.xml "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" ``` ```bash ## Panel configuration # to git pull from Github repo and import into $HOME/.config/xfce4/panel/ # Download the profile cd wget http:///syselement_kali_panel_config.tar.bz2 # open Panel, import and apply the syselement_kali_panel_config ``` ```bash ## Set autologin for ## # sudo nano /etc/lightdm/lightdm.conf # # In the [Seat:*] section of the file, set the following values: # autologin-user= # autologin-user-timeout=0 # Set Adwaita-dark Theme # xfconf-query -c xsettings -p /Net/ThemeName -s "Adwaita-dark" ``` ### CTF Configs * Download and add hacking platforms `.ovpn` files * To setup OpenVpn aliases check the **Zsh & Oh-My-Zsh** section ```bash cd mkdir -p "$HOME"/htb "$HOME"/tcm "$HOME"/tools # Copy every .ovpn file in the respective dir # e.g. File names # htb.ovpn # htbvip.ovpn # thm.ovpn ``` ```bash sudo sh -c 'gunzip -c /usr/share/wordlists/rockyou.txt.gz > /usr/share/wordlists/rockyou.txt' ``` *** ## Tools ### Basic Tools * Install basic tools ```bash sudo apt install -y apt-transport-https btop curl duf eza fastfetch flameshot gdu git-all htop ipcalc locate nano net-tools npm pipx software-properties-common speedtest-cli sshpass terminator tmux tor tree ugrep vlc wget xclip ``` ### [Sublime](https://www.sublimetext.com/docs/linux_repositories.html) ```bash sudo sh -c ' wget -qO- https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor -o /usr/share/keyrings/sublimehq-archive.gpg && echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/sublimehq-archive.gpg] https://download.sublimetext.com/ apt/stable/" | tee /etc/apt/sources.list.d/sublime-text.list && apt update && apt install -y sublime-text ' ``` ```bash # APT DEB822 source format sudo sh -c ' wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | tee /usr/share/keyrings/sublimehq-pub.asc > /dev/null && cat < /etc/apt/sources.list.d/sublime-text.sources Types: deb URIs: https://download.sublimetext.com/ Suites: apt/stable/ Signed-By: /usr/share/keyrings/sublimehq-pub.asc EOF && apt update && apt install sublime-text ' ``` * Run it with **`subl`** command. ### [Brave](https://brave.com/linux/) ```bash sudo sh -c ' apt install -y curl && curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg && echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list && wget http://archive.ubuntu.com/ubuntu/pool/main/libu/libu2f-host/libu2f-udev_1.1.10-3.2_all.deb && dpkg -i libu2f-udev_1.1.10-3.2_all.deb && apt update && apt install -y brave-browser && rm -rf libu2f-udev_1.1.10-3.2_all.deb ' ``` ### [Github Desktop](https://github.com/shiftkey/desktop) ```bash sudo sh -c ' wget -qO - https://mirror.mwt.me/shiftkey-desktop/gpgkey | gpg --dearmor -o /usr/share/keyrings/mwt-desktop.gpg && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mwt-desktop.gpg] https://mirror.mwt.me/shiftkey-desktop/deb/ any main" > /etc/apt/sources.list.d/mwt-desktop.list && apt update && apt install -y github-desktop ' ``` ### [VS Codium](https://github.com/VSCodium/vscodium) ```bash sudo sh -c ' curl -fsSLo /usr/share/keyrings/vscodium-archive-keyring.asc https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg && echo "deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main" > /etc/apt/sources.list.d/vscodium.list && apt update && apt install -y codium ' ``` ### [Docker](https://www.kali.org/docs/containers/installing-docker-on-kali/) ```bash # Install Docker Engine via APT repository sudo apt update && sudo apt install -y curl apt-transport-https software-properties-common ca-certificates gnupg packages=("docker.io" "docker-doc" "docker-compose" "podman-docker" "containerd" "runc") for pkg in "${packages[@]}"; do sudo apt remove "$pkg" -y done && sudo sh -c ' curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg && chmod a+r /usr/share/keyrings/docker.gpg && echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list && apt update && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin ' # Add the current user to the "docker" group to let it run Docker sudo groupadd docker sudo gpasswd -a "${USER}" docker # Enable the services at boot # sudo systemctl enable --now docker.service containerd.service # OR Disable the services at boot sudo systemctl disable docker.service containerd.service # still has docker.socket active to start the Docker service only when necessary # Reboot and Test reboot docker run hello-world ``` * New commands ```bash sudo apt remove $(dpkg --get-selections docker.io docker-compose docker-doc podman-docker containerd runc | cut -f1) # Add Docker's official GPG key: sudo apt update sudo apt install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: sudo tee /etc/apt/sources.list.d/docker.sources < `$HOME/.config/flameshot/flameshot.ini` * Make sure to have already installed the necessary font ```bash mkdir -p "$HOME/.config/flameshot/" && touch "$HOME/.config/flameshot/flameshot.ini" cat > "$HOME/.config/flameshot/flameshot.ini" << 'EOF' [General] contrastOpacity=188 copyPathAfterSave=false saveAfterCopy=true saveAsFileExtension=png saveLastRegion=true savePath=/home/syselement/Pictures/flameshot savePathFixed=true showHelp=false showMagnifier=false showStartupLaunchMessage=false squareMagnifier=true startupLaunch=true EOF ``` * Set this as a custom **Keyboard/Application shortcut** for `flameshot` * I use `Shift+Alt+S` (configured in the **Personal Kali Config** above) *** ## Security Tools > * [Active directory pentesting: cheatsheet and beginner guide - HTB](https://www.hackthebox.com/blog/active-directory-penetration-testing-cheatsheet-and-guide) ### [AutoRecon](https://github.com/Tib3rius/AutoRecon) > *AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements.* > > 📌 Installs dependencies: > > * dirsearch > * enum4linux-ng > * feroxbuster > * oscanner > * python3-ntlm-auth > * python3-requests-ntlm > * python3-toml > * seclists > * sipvicious > * tnscmd10g ```bash sudo apt update -y && sudo apt install -y autorecon mkdir -p $HOME/scans/autorecon ``` ```bash cd $HOME/scans/autorecon sudo autorecon ``` ```bash # ./results/target Directory Structure . ├── exploit/ ├── loot/ ├── report/ │   ├── local.txt │   ├── notes.txt │   ├── proof.txt │   └── screenshots/ └── scans/ ├── _commands.log ├── _manual_commands.txt ├── tcp80/ ├── udp53/ └── xml/ ``` ### [BloodHound CE](https://github.com/SpecterOps/BloodHound) > BloodHound - uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment > > * [BloodHound Community Edition Quickstart - SpecterOps](https://bloodhound.specterops.io/get-started/quickstart/community-edition-quickstart) ```bash # Requirement: Install Docker (see above) sudo sh -c ' apt update -y mkdir -p /opt/bloodhound cd /opt/bloodhound wget https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-linux-amd64.tar.gz tar -xvzf bloodhound-cli-linux-amd64.tar.gz ln -s /opt/bloodhound/bloodhound-cli /usr/local/bin/bloodhound-cli /opt/bloodhound/bloodhound-cli install ' ``` ```bash # Some commands # (First) Install, e.g. after cleaning docker containers sudo bloodhound-cli install # Start sudo bloodhound-cli containers start # Update sudo bloodhound-cli update # Stop sudo bloodhound-cli containers stop ``` * Go to , and log in with `admin` and the randomly generated password from the last installation step. Reset the password as prompted. * To get data into BloodHound, ingest sample data or run a data collector. ```bash # Other commands sudo bloodhound-cli resetpwd sudo bloodhound-cli config get default_password ``` * `e.g.` `ohmyzsh` aliases ```bash nano $ZSH_CUSTOM/aliases.zsh ``` ```bash alias bloodhound-up='sudo bloodhound-cli containers start' alias bloodhound-update='sudo bloodhound-cli update' alias bloodhound-down='sudo bloodhound-cli containers stop' ``` ### [BloodHound.py CE](https://github.com/dirkjanm/BloodHound.py) * Install by cloning this repository `git clone https://github.com/dirkjanm/BloodHound.py`, checking out the CE branch `git checkout bloodhound-ce` and running `pip install .` from the project directory. * The **BloodHound.py CE ingestor** will add a command line tool `bloodhound-ce-python` to your PATH. ```bash mkdir -p $HOME/tools cd $HOME/tools git clone https://github.com/dirkjanm/BloodHound.py cd BloodHound.py git checkout bloodhound-ce pipx install . --force ``` ```bash bloodhound-ce-python ``` ### [BloodyAD](https://github.com/CravateRouge/bloodyAD) ```bash pipx install bloodyAD ``` ```bash bloodyAD --host -d bloody.local -k set password john.doe 'Password123!' ``` ### [kali-linux-labs](https://www.kali.org/tools/kali-meta/#kali-linux-labs) > *These applications are meant to be insecure & vulnerable to help users experiment in a controlled manner. This metapackage depends on all the packages containing vulnerable environments for safe testing.* * `dvwa` * `juice-shop` ```bash sudo apt install -y kali-linux-labs ``` ### [Katana](https://github.com/projectdiscovery/katana) > *A next-generation crawling and spidering framework* ```bash sudo apt install -y golang go install github.com/projectdiscovery/katana/cmd/katana@latest sudo cp $HOME/go/bin/katana /usr/bin/ ``` ```bash katana -u ``` ### [maigret](https://github.com/soxoj/maigret) > *Collect a dossier on a person by username from thousands of sites* ```bash pipx install git+https://github.com/soxoj/maigret pipx ensurepath ``` ```bash maigret ``` ### [pimpmykali](https://github.com/Dewalt-arch/pimpmykali) > *Kali Linux Fixes for Newly Imported VM's* > > ❗ **Read** [**docs**](https://github.com/Dewalt-arch/pimpmykali) **before running it! It may contains mods that you do not want.** ```bash cd /opt sudo rm -rf pimpmykali/ sudo git clone https://github.com/Dewalt-arch/pimpmykali sudo /opt/pimpmykali/pimpmykali.sh # For a new kali vm, run menu option N ``` ### [pwntools](https://github.com/Gallopsled/pwntools) > *Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.* ```bash sudo apt update && sudo apt install -y python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential python3 -m pipx install pwntools ``` ### [Searchsploit](https://www.exploit-db.com/searchsploit) ```bash # ~3GB of space necessary sudo apt update && sudo apt -y install exploitdb # Update via apt searchsploit -u ``` ### [SecLists](https://github.com/danielmiessler/SecLists) ```bash seclists() { if [[ -d /usr/share/seclists ]]; then echo -e "\n /usr/share/seclists already exists -- skipping" else echo -e "\n Download Seclists to /tmp/SecLists.zip" sudo wget https://github.com/danielmiessler/SecLists/archive/master.zip -O /tmp/SecList.zip echo -e "\n Extracing /tmp/Seclists.zip to /usr/share/seclists" sudo unzip -o /tmp/SecList.zip -d /usr/share/seclists # rm -f /tmp/SecList.zip echo -e "\n Seclists complete" fi } seclists ``` ### [Sherlock](https://sherlockproject.xyz/) > *Hunt down social media accounts by username across social networks* ```bash # On Kali sudo apt install -y sherlock ``` ```bash sherlock ``` ### [Volatility](https://github.com/volatilityfoundation/volatility3) ```bash # Volatility install - on KALI cd /opt sudo wget https://github.com/volatilityfoundation/volatility3/releases/download/v2.26.0/volatility3-2.26.0.tar.gz sudo tar -xvzf volatility3-2.26.0.tar.gz cd /opt/volatility3-2.26.0 sudo pip install --user -e ".[full]" --break-system-packages # Create bash/zsh alias nano $ZSH_CUSTOM/aliases.zsh # Add the following line alias vol='/opt/volatility3-2.26.0/vol.py' ``` *** ## Sysprep for clone/export ```bash sudo bash -eux <<'EOF' # 1) Update & clean apt-get update apt-get -y dist-upgrade apt-get -y autoremove --purge apt-get clean rm -rf /var/lib/apt/lists/* # 2) Make machine-id regenerate on first boot # systemd will repopulate this if it's empty truncate -s 0 /etc/machine-id rm -f /var/lib/dbus/machine-id || true # 3) (Optional, recommended if you will clone/share widely) new SSH host keys per clone rm -f /etc/ssh/ssh_host_* # uncomment to remove systemctl enable ssh # ensure SSH starts; keys will regenerate at next boot # 4) Clear logs & histories journalctl --rotate journalctl --vacuum-time=1s || true find /var/log -type f -exec truncate -s 0 {} \; || true for u in /root /home/*; do rm -f "$u/.bash_history" "$u/.zsh_history" 2>/dev/null || true done history -c || true # 5) Trim to reclaim space on thin-provisioned disks fstrim -av || true sync EOF ``` * **VMware Workstation:** Power off VM → take a **snapshot** named `Base` * use **Clone** (full) from that snapshot * or optionally **Export OVA** for portable distribution *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.syselement.com/home/operating-systems/linux/distros/kali-vm.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.