Kali Linux - VM
π Resources π
Create a new Virtual Machine in VMWare with preferred specs:
Processors:
1 CPU - 2 Cores
RAM Memory:
8 GB
Hard Disk:
60 GB
CD: use the Kali Installer .iso image file - Download here - and check Connect at power on
Network: set it as NAT
Boot the virtual machine and proceed with the Kali Installation

First Boot & Update
Boot Kali Linux
Open the Terminal and run the command
sudo apt update && sudo apt full-upgrade -y && sudo apt -y autoremove
full-upgrade
performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole.This command will upgrade the system to the latest Kali version.
Tips from the Updating Kali post:
β You should be checking for updates every few weeks
π A good practice is that you ensure all tools work before an engagement and during that engagement you should not update
Reboot the system
reboot
Customize Kali and finish off the setup using
kali-tweaks
if necessary
kali-tweaks

Configurations
Basic config
# Timezone for "Europe/Rome"
sudo unlink /etc/localtime
sudo ln -s /usr/share/zoneinfo/Europe/Rome /etc/localtime
sudo timedatectl set-timezone "Europe/Rome"
# Change "root" user password
sudo passwd root
# Disable Password prompt for sudo group
sudo sed -i.bak 's/%sudo\s\+ALL=(ALL:ALL) ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/' /etc/sudoers
# Set GRUB Timeout
sudo sed -E '/^GRUB_TIMEOUT=/s/=(.*)/=1/' -i /etc/default/grub
sudo update-grub
SSH keys
Host SSH keys - resets the host's SSH identity and enables SSH (disable if not necessary)
User SSH key pair - creates a new personal SSH login key
Add to ssh-agent - loads the key for automatic use
# Host ssh keys
sudo /bin/rm -v /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server
sudo systemctl enable --now ssh
# User ssh key pair
cd
mkdir -p $HOME/.ssh
cd $HOME/.ssh
ssh-keygen -t ed25519
# Type a secure passphrase when asked
chmod 700 $HOME/.ssh
chmod 600 $HOME/.ssh/*
# Add the SSH private key to the ssh-agent
eval "$(ssh-agent -s)" && ssh-add $HOME/.ssh/id_ed25519
Install JetBrainsMono Nerd Font
# Install etBrainsMono Nerd Font
cd
mkdir -p $HOME/.local/share/fonts
cd $HOME/.local/share/fonts
curl -fLO https://github.com/ryanoasis/nerd-fonts/releases/latest/download/JetBrainsMono.zip
unzip JetBrainsMono.zip
rm JetBrainsMono.zip
fc-cache -fv
sudo apt install -y terminator
Config file ->
$HOME/.config/terminator/config
Make sure to have already installed the necessary font
rm -f "$HOME/.config/terminator/config"
mkdir -p "$HOME/.config/terminator" && touch "$HOME/.config/terminator/config"
# Basic layout with maximized windows, custom font, infinite scrollback, no transparency
cat > "$HOME/.config/terminator/config" << 'EOF'
[global_config]
window_state = maximise
[keybindings]
[profiles]
[[default]]
font = JetBrainsMono Nerd Font Mono 16
foreground_color = "#f6f5f4"
show_titlebar = False
scrollback_infinite = True
disable_mousewheel_zoom = True
use_system_font = False
[layouts]
[[default]]
[[[window0]]]
type = Window
parent = ""
[[[child1]]]
type = Terminal
parent = window0
[plugins]
EOF
From the
Default Applications / Utilities
menu, setterminator
as the default terminal to use

sudo update-alternatives --config x-terminal-emulator

β¨οΈ
CTRL+ALT+T
is a keyboard shortcut already configured in Kali. It should open theterminator
with your configured layout.
Zsh & Oh-My-Zsh
Follow the guide here to setup
ZSH
withOh-My-Zsh
- Zsh & Oh-My-Zsh - syselement and some useful aliases
Personal Kali Config
# KALI Linux XFCE Theme mod
echo -ne "\n--------Kali Theme Mod--------\n"
## Login: Kali-Dark + Wallpaper + User
sudo apt install kali-wallpapers-2020.4
sudo ln -sf /usr/share/backgrounds/kali/kali-neon-16x9.png /usr/share/desktop-base/kali-theme/login/background
sudo sed s:"Kali-Light":"Kali-Dark":g -i /etc/lightdm/lightdm-gtk-greeter.conf
sudo sed '/#greeter-hide-users=false/s/^#//g' -i /etc/lightdm/lightdm.conf
## Desktop Wallpaper
xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitorVirtual1/workspace0/last-image --create -t string -s /usr/share/backgrounds/kali/kali-neon-16x9.png
## Show Panel on primary display
xfconf-query -c xfce4-panel -p /panels/panel-1/output-name --create -t string -s "Primary"
## Turn Numlock ON
xfconf-query -c keyboards -p /Default/Numlock --create -t bool -s true
## Disable Display sleep and Disable Screensaver
xfconf-query -c xfce4-screensaver -p /lock/enabled -n -t bool -s true
xfconf-query -c xfce4-screensaver -p /lock/saver-activation/enabled -n -t bool -s true
xfconf-query -c xfce4-screensaver -p /saver/enabled -n -t bool -s false
xfconf-query -c xfce4-screensaver -p /saver/fullscreen-inhibit -n -t bool -s true
xfconf-query -c xfce4-screensaver -p /saver/idle-activation/enabled -n -t bool -s false
xfconf-query -c xfce4-screensaver -p /saver/mode -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-enabled -n -t bool -s false
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/general-notification -n -t bool -s true
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/lock-screen-suspend-hibernate -n -t bool -s true
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/power-button-action -n -t int -s 3
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-panel-label -n -t int -s 0
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-tray-icon -n -t bool -s false
## Set Keybindings - Print, Alt+Shift+S, Win+E, Alt+T ##
cp "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml.bak"
# Insert the following lines under the first <property name="custom" type="empty">
awk '
found == 0 && /<property name="custom" type="empty">/ {
print;
print " <property name=\"<Alt>t\" type=\"string\" value=\"terminator\"/>";
print " <property name=\"<Shift><Alt>s\" type=\"string\" value=\"/usr/bin/flameshot gui --clipboard\"/>";
print " <property name=\"Print\" type=\"string\" value=\"/usr/bin/flameshot gui --clipboard\"/>";
found = 1;
next;
}
{ print }
' "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml" > /tmp/xfce4-keyboard-shortcuts.xml && \
mv /tmp/xfce4-keyboard-shortcuts.xml "$HOME/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml"
## Panel configuration
# to git pull from Github repo and import into $HOME/.config/xfce4/panel/
## Set autologin for <username> ##
# sudo nano /etc/lightdm/lightdm.conf
# # In the [Seat:*] section of the file, set the following values:
# autologin-user=<username>
# autologin-user-timeout=0
# Set Adwaita-dark Theme
# xfconf-query -c xsettings -p /Net/ThemeName -s "Adwaita-dark"
CTF Configs
Download and add hacking platforms
.ovpn
filesTo setup OpenVpn aliases check the Zsh & Oh-My-Zsh section
mkdir -p "$HOME"/htb "$HOME"/tcm "$HOME"/pwnx "$HOME"/tools
# Copy every .ovpn file in the respective dir
# e.g. File names
# htb.ovpn
# htbvip.ovpn
# thm.ovpn
# pwnx.ovpn
sudo sh -c 'gunzip -c /usr/share/wordlists/rockyou.txt.gz > /usr/share/wordlists/rockyou.txt'
Tools
Basic Tools
Install basic tools
sudo apt install -y apt-transport-https btop curl duf eza fastfetch flameshot gdu git-all htop locate nano net-tools npm pipx software-properties-common speedtest-cli sshpass terminator tmux tor tree ugrep vlc wget xclip
sudo sh -c '
wget -qO- https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor -o /usr/share/keyrings/sublimehq-archive.gpg &&
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/sublimehq-archive.gpg] https://download.sublimetext.com/ apt/stable/" | tee /etc/apt/sources.list.d/sublime-text.list &&
apt update &&
apt install -y sublime-text
'
# APT DEB822 source format
sudo sh -c '
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | tee /usr/share/keyrings/sublimehq-pub.asc > /dev/null &&
cat <<EOF > /etc/apt/sources.list.d/sublime-text.sources
Types: deb
URIs: https://download.sublimetext.com/
Suites: apt/stable/
Signed-By: /usr/share/keyrings/sublimehq-pub.asc
EOF &&
apt update &&
apt install sublime-text
'
Run it with
subl
command.
sudo sh -c '
apt install -y curl &&
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg &&
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list &&
wget http://archive.ubuntu.com/ubuntu/pool/main/libu/libu2f-host/libu2f-udev_1.1.10-3.2_all.deb &&
dpkg -i libu2f-udev_1.1.10-3.2_all.deb &&
apt update &&
apt install -y brave-browser &&
rm -rf libu2f-udev_1.1.10-3.2_all.deb
'
sudo sh -c '
wget -qO - https://apt.packages.shiftkey.dev/gpg.key | gpg --dearmor | tee /usr/share/keyrings/shiftkey-packages.gpg > /dev/null &&
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/shiftkey-packages.gpg] https://apt.packages.shiftkey.dev/ubuntu/ any main" > /etc/apt/sources.list.d/shiftkey-packages.list &&
apt update &&
apt install -y github-desktop
'
sudo sh -c '
curl -fsSLo /usr/share/keyrings/vscodium-archive-keyring.asc https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg &&
echo "deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main" > /etc/apt/sources.list.d/vscodium.list &&
apt update &&
apt install -y codium
'
# Install Docker Engine via APT repository
sudo apt update && sudo apt install -y curl apt-transport-https software-properties-common ca-certificates gnupg
packages=("docker.io" "docker-doc" "docker-compose" "podman-docker" "containerd" "runc")
for pkg in "${packages[@]}"; do
sudo apt remove "$pkg" -y
done &&
sudo sh -c '
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker.gpg &&
chmod a+r /usr/share/keyrings/docker.gpg &&
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bullseye stable" | tee /etc/apt/sources.list.d/docker.list &&
apt update &&
apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
'
# Add the current user to the "docker" group to let it run Docker
sudo groupadd docker
sudo gpasswd -a "${USER}" docker
# Enable the services at boot
# sudo systemctl enable --now docker.service containerd.service
# OR Disable the services at boot
sudo systemctl disable docker.service containerd.service
# still has docker.socket active to start the Docker service only when necessary
# Reboot and Test
reboot
docker run hello-world
sudo apt install flameshot
Config file ->
$HOME/.config/flameshot/flameshot.ini
Make sure to have already installed the necessary font
mkdir -p "$HOME/.config/flameshot/" && touch "$HOME/.config/flameshot/flameshot.ini"
cat > "$HOME/.config/flameshot/flameshot.ini" << 'EOF'
[General]
contrastOpacity=188
copyPathAfterSave=false
saveAfterCopy=true
saveAsFileExtension=png
saveLastRegion=true
savePath=/home/syselement/Pictures/flameshot
savePathFixed=true
showHelp=false
showMagnifier=false
showStartupLaunchMessage=false
squareMagnifier=true
startupLaunch=true
EOF
Set this as a custom Keyboard/Application shortcut for
flameshot
I use
Shift+Alt+S
(configured in the Personal Kali Config above)
Security Tools
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements.
π Installs dependencies:
dirsearch
enum4linux-ng
feroxbuster
oscanner
python3-ntlm-auth
python3-requests-ntlm
python3-toml
seclists
sipvicious
tnscmd10g
sudo apt update -y && sudo apt install -y autorecon
mkdir -p $HOME/scans/autorecon
cd $HOME/scans/autorecon
sudo autorecon <TARGET-IP>
# ./results/target Directory Structure
.
βββ exploit/
βββ loot/
βββ report/
βΒ Β βββ local.txt
βΒ Β βββ notes.txt
βΒ Β βββ proof.txt
βΒ Β βββ screenshots/
βββ scans/
βββ _commands.log
βββ _manual_commands.txt
βββ tcp80/
βββ udp53/
βββ xml/
BloodHound - uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment
# Requirement: Install Docker (see above)
sudo sh -c '
apt update -y
mkdir -p /opt/bloodhound
cd /opt/bloodhound
wget https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-linux-amd64.tar.gz
tar -xvzf bloodhound-cli-linux-amd64.tar.gz
ln -s /opt/bloodhound/bloodhound-cli /usr/local/bin/bloodhound-cli
/opt/bloodhound/bloodhound-cli install
'
# Some commands
# (First) Install, e.g. after cleaning docker containers
sudo bloodhound-cli install
# Start
sudo bloodhound-cli containers start
# Update
sudo bloodhound-cli update
# Stop
sudo bloodhound-cli containers stop
Go to http://localhost:8080/ui/login, and log in with
admin
and the randomly generated password from the last installation step. Reset the password as prompted.To get data into BloodHound, ingest sample data or run a data collector.
# Other commands
sudo bloodhound-cli resetpwd
sudo bloodhound-cli config get default_password
e.g.
ohmyzsh
aliases
nano $ZSH_CUSTOM/aliases.zsh
alias bloodhound-up='sudo bloodhound-cli containers start'
alias bloodhound-update='sudo bloodhound-cli update'
alias bloodhound-down='sudo bloodhound-cli containers stop'
Install by cloning this repository
git clone https://github.com/dirkjanm/BloodHound.py
, checking out the CE branchgit checkout bloodhound-ce
and runningpip install .
from the project directory.The BloodHound.py CE ingestor will add a command line tool
bloodhound-ce-python
to your PATH.
mkdir -p $HOME/tools
cd $HOME/tools
git clone https://github.com/dirkjanm/BloodHound.py
cd BloodHound.py
git checkout bloodhound-ce
pipx install . --force
bloodhound-ce-python
pipx install bloodyAD
bloodyAD --host <IP> -d bloody.local -k set password john.doe 'Password123!'
These applications are meant to be insecure & vulnerable to help users experiment in a controlled manner. This metapackage depends on all the packages containing vulnerable environments for safe testing.
dvwa
juice-shop
sudo apt install -y kali-linux-labs
A next-generation crawling and spidering framework
sudo apt install -y golang
go install github.com/projectdiscovery/katana/cmd/katana@latest
sudo cp $HOME/go/bin/katana /usr/bin/
katana -u <URL>
Collect a dossier on a person by username from thousands of sites
pipx install git+https://github.com/soxoj/maigret
pipx ensurepath
maigret <USER>
Kali Linux Fixes for Newly Imported VM's
β Read docs before running it! It may contains mods that you do not want.
cd /opt
sudo rm -rf pimpmykali/
sudo git clone https://github.com/Dewalt-arch/pimpmykali
sudo /opt/pimpmykali/pimpmykali.sh
# For a new kali vm, run menu option N
Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
sudo apt update && sudo apt install -y python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
python3 -m pipx install pwntools
# ~3GB of space necessary
sudo apt update && sudo apt -y install exploitdb
# Update via apt
searchsploit -u
seclists() {
if [[ -d /usr/share/seclists ]];
then
echo -e "\n /usr/share/seclists already exists -- skipping"
else
echo -e "\n Download Seclists to /tmp/SecLists.zip"
sudo wget https://github.com/danielmiessler/SecLists/archive/master.zip -O /tmp/SecList.zip
echo -e "\n Extracing /tmp/Seclists.zip to /usr/share/seclists"
sudo unzip -o /tmp/SecList.zip -d /usr/share/seclists
# rm -f /tmp/SecList.zip
echo -e "\n Seclists complete"
fi
}
seclists
Hunt down social media accounts by username across social networks
# On Kali
sudo apt install sherlock
sherlock <USER>
Last updated
Was this helpful?