├── README.md
├── bls_wallpaper.png
└── kali-setup-script.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # Kali Setup Script
 2 | 
 3 | Prepares Kali for a pentest by enabling session logging, installing tools, and making common configuration changes
 4 | 
 5 | <img alt="XFCE + Gnome" src="https://user-images.githubusercontent.com/20261699/77855493-cd481680-71be-11ea-8019-20681c643b0d.PNG" width=500>
 6 | 
 7 | ## NOTE: THIS SCRIPT ASSUMES YOU ARE RUNNING AS ROOT (LIKE IN THE OLD DAYS)
 8 | ## NON-ROOT USERS ARE NOT SUPPORTED
 9 | 
10 | ## One-liner:
11 | (don't forget to reboot after the script finishes :)
12 | ~~~
13 | curl -k -s https://raw.githubusercontent.com/blacklanternsecurity/kali-setup-script/master/kali-setup-script.sh | bash
14 | ~~~
15 | 
16 | ## Full feature list:
17 | 
18 | 1. Enables details logging of terminal sessions
19 | 	- Including ALL OUTPUT (saved to ~/Logs)
20 | 1. Installs the following:
21 | 	1. CrackMapExec (from GitHub)
22 | 	1. Impacket (from GitHub)
23 | 	1. Bloodhound (from GitHub)
24 | 	1. EAPhammer (from GitHub)
25 | 	1. patator (network brute-force tool)
26 | 	1. PCredz
27 | 	1. Gowitness
28 | 	1. EavesARP
29 | 	1. bettercap
30 | 	1. docker
31 | 	1. Firefox (official non-ESR version)
32 | 	1. Chromium
33 | 	1. Sublime Text
34 | 	1. BoostNote
35 | 	1. golang (plus environment)
36 | 	1. zmap
37 | 	1. LibreOffice
38 | 	1. htop
39 | 	1. Remmina
40 | 	1. gnome-screenshot
41 | 	1. realtek-rtl88xxau-dkms (ALFA wireless drivers)
42 | 	1. i3 + XFCE desktop environment (optional)
43 | 1. Updates system
44 | 1. Removes gnome-software
45 | 1. Disables auto-lock
46 | 1. Enables tap-to-click
47 | 1. Initializes Metasploit database
48 | 1. Installs rad BLS wallpaper


--------------------------------------------------------------------------------
/bls_wallpaper.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/blacklanternsecurity/kali-setup-script/45e17a71ff02f4dc2728da91bbc9b5c0b287c90c/bls_wallpaper.png


--------------------------------------------------------------------------------
/kali-setup-script.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | usage()
  4 | {
  5 |     cat <<EOF
  6 | Usage: ${0##*/} [option]
  7 |   Options:
  8 |     --i3            Set up i3 as the default window manager
  9 |     --remove-i3     Set window manager back to XFCE defaults
 10 |     --no-zmap       Don't install zmap asset inventory
 11 |     --help          Display this message
 12 | 
 13 | EOF
 14 | exit 0
 15 | }
 16 | 
 17 | # parse arguments
 18 | while :
 19 | do
 20 |     case $1 in
 21 |         i3|-i3|--i3)
 22 |             install_i3=true;
 23 |             ;;
 24 |         remove-i3|-remove-i3|--remove-i3)
 25 |             remove_i3=true;
 26 |             ;;
 27 |         no-zmap|-no-zmap|--no-zmap)
 28 |             no_zmap=true;
 29 |             ;;
 30 |         -h|--help|help)
 31 |             usage
 32 |             ;;
 33 |         *)
 34 |             break
 35 |     esac
 36 |     shift
 37 | done
 38 | 
 39 | # make sure we're root
 40 | if [ "$HOME" != "/root" ]
 41 | then
 42 |     printf "Please run while logged in as root\n"
 43 |     exit 1
 44 | fi
 45 | 
 46 | # fix bashrc
 47 | cp /root/.bashrc /root/.bashrc.bak
 48 | cp "/home/$(fgrep 1000:1000 /etc/passwd | cut -d: -f1)/.bashrc" /root/.bashrc
 49 | . /root/.bashrc
 50 | 
 51 | # enable command aliasing
 52 | shopt -s expand_aliases
 53 | 
 54 | # skip prompts in apt-upgrade, etc.
 55 | export DEBIAN_FRONTEND=noninteractive
 56 | alias apt-get='yes "" | apt-get -o Dpkg::Options::="--force-confdef" -y'
 57 | apt-get update
 58 | 
 59 | # make sure Downloads folder exists
 60 | mkdir -p ~/Downloads 2>/dev/null
 61 | 
 62 | 
 63 | # if we're not on a headless system
 64 | if [ -n "$DISPLAY" ]
 65 | then
 66 | 
 67 | 
 68 |     printf '\n============================================================\n'
 69 |     printf '[+] Enabling Tap-to-click\n'
 70 |     printf '============================================================\n\n'
 71 |     gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true
 72 |     xfconf-query -c pointers -p /SynPS2_Synaptics_TouchPad/Properties/libinput_Tapping_Enabled -n -t int -s 1 --create
 73 |     xfconf-query -c pointers -p /SynPS2_Synaptics_TouchPad/Properties/Synaptics_Tap_Action -n -s 0 -s 0 -s 0 -s 0 -s 1 -s 3 -s 2 -t int -t int -t int -t int -t int -t int -t int --create
 74 | 
 75 | 
 76 |     printf '\n============================================================\n'
 77 |     printf '[+] Disabling Auto-lock, Sleep on AC\n'
 78 |     printf '============================================================\n\n'
 79 |     # disable session idle
 80 |     gsettings set org.gnome.desktop.session idle-delay 0
 81 |     # disable sleep when on AC power
 82 |     gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing'
 83 |     # disable screen timeout on AC
 84 |     xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 --create --type int
 85 |     xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 --create --type int
 86 |     xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 --create --type int
 87 |     # disable sleep when on AC
 88 |     xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/inactivity-on-ac -s 14 --create --type int
 89 |     # hibernate when power is critical
 90 |     xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/critical-power-action -s 2 --create --type int
 91 | 
 92 | 
 93 |     printf '\n============================================================\n'
 94 |     printf '[+] Setting Theme\n'
 95 |     printf '============================================================\n\n'
 96 |     # dark theme
 97 |     # gsettings set org.gnome.desktop.interface gtk-theme 'Adwaita-dark'
 98 |     mkdir -p '/usr/share/wallpapers/wallpapers/' &>/dev/null
 99 |     wallpaper_file="$(find . -type f -name bls_wallpaper.png)"
100 |     if [[ -z "$wallpaper_file" ]]
101 |     then
102 |         wget -P '/usr/share/wallpapers/wallpapers/' https://raw.githubusercontent.com/blacklanternsecurity/kali-setup-script/master/bls_wallpaper.png
103 |     else
104 |         cp "$wallpaper_file" '/usr/share/wallpapers/wallpapers/bls_wallpaper.png'
105 |     fi
106 |     gsettings set org.gnome.desktop.background primary-color "#000000"
107 |     gsettings set org.gnome.desktop.background secondary-color "#000000"
108 |     gsettings set org.gnome.desktop.background color-shading-type "solid"
109 |     gsettings set org.gnome.desktop.background picture-uri "file:///usr/share/wallpapers/wallpapers/bls_wallpaper.png"
110 |     gsettings set org.gnome.desktop.screensaver picture-uri "file:///usr/share/wallpapers/wallpapers/bls_wallpaper.png"
111 |     gsettings set org.gnome.desktop.background picture-options scaled
112 |     xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitor0/image-path -s /usr/share/wallpapers/wallpapers/bls_wallpaper.png
113 |     xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitor1/image-path -s /usr/share/wallpapers/wallpapers/bls_wallpaper.png
114 |     xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitorVirtual1/workspace0/last-image -s /usr/share/wallpapers/wallpapers/bls_wallpaper.png
115 |     xfconf-query -c xfce4-desktop -p /backdrop/screen0/monitorVirtual1/workspace1/last-image -s /usr/share/wallpapers/wallpapers/bls_wallpaper.png
116 | 
117 | 
118 |     printf '\n============================================================\n'
119 |     printf '[+] Setting Default Terminal\n'
120 |     printf '============================================================\n\n'
121 |     apt-get install gnome-terminal
122 |     # set default terminal
123 |     touch ~/.config/xfce4/helpers.rc
124 |     sed -i '/TerminalEmulator=.*/c\' ~/.config/xfce4/helpers.rc
125 |     echo 'TerminalEmulator=gnome-terminal' >> ~/.config/xfce4/helpers.rc
126 |     # disable menus in gnome terminal
127 |     gsettings set org.gnome.Terminal.Legacy.Settings default-show-menubar false
128 |     # disable "close terminal?" prompt
129 |     gsettings set org.gnome.Terminal.Legacy.Settings confirm-close false
130 | 
131 | 
132 |     printf '\n============================================================\n'
133 |     printf '[+] Disabling Animations\n'
134 |     printf '============================================================\n\n'
135 |     gsettings set org.gnome.desktop.interface enable-animations false
136 | 
137 | 
138 |     printf '\n============================================================\n'
139 |     printf '[+] Disabling Terminal Transparency\n'
140 |     printf '============================================================\n\n'
141 |     profile=$(gsettings get org.gnome.Terminal.ProfilesList default)
142 |     profile=${profile:1:-1}
143 |     gsettings set "org.gnome.Terminal.Legacy.Profile:/org/gnome/terminal/legacy/profiles:/:$profile/" use-transparent-background false
144 |     # bring back minimize/maxminize buttons
145 |     gsettings set org.gnome.desktop.wm.preferences button-layout appmenu:minimize,maximize,close
146 | 
147 | 
148 | fi
149 | 
150 | 
151 | 
152 | # install pip because FUCKING OFFSEC removed it from the kali repos
153 | #cd /root/Downloads
154 | #curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
155 | #python get-pip.py
156 | 
157 | 
158 | printf '\n============================================================\n'
159 | printf '[+] Disabling LL-MNR\n'
160 | printf '============================================================\n\n'
161 | echo '[Match]
162 | name=*
163 | 
164 | [Network]
165 | LLMNR=no' > /etc/systemd/network/90-disable-llmnr.network
166 | 
167 | 
168 | printf '\n============================================================\n'
169 | printf '[+] Removing the abomination that is gnome-software\n'
170 | printf '============================================================\n\n'
171 | killall gnome-software
172 | while true
173 | do
174 |     pgrep gnome-software &>/dev/null || break
175 |     sleep .5
176 | done
177 | apt-get remove gnome-software
178 | 
179 | 
180 | printf '\n============================================================\n'
181 | printf '[+] Installing:\n'
182 | printf '     - wireless drivers\n'
183 | printf '     - golang & environment\n'
184 | printf '     - docker\n'
185 | printf '     - powershell\n'
186 | printf '     - terminator\n'
187 | printf '     - pip & pipenv\n'
188 | printf '     - patator\n'
189 | printf '     - vncsnapshot\n'
190 | printf '     - zmap\n'
191 | printf '     - htop\n'
192 | printf '     - mosh\n'
193 | printf '     - tmux\n'
194 | printf '     - NFS server\n'
195 | printf '     - DNS Server\n'
196 | printf '     - hcxtools (hashcat)\n'
197 | printf '============================================================\n\n'
198 | apt-get install \
199 |     realtek-rtl88xxau-dkms \
200 |     golang \
201 |     docker.io \
202 |     powershell \
203 |     terminator \
204 |     python3-dev \
205 |     python3-pip \
206 |     patator \
207 |     net-tools \
208 |     vncsnapshot \
209 |     zmap \
210 |     htop \
211 |     mosh \
212 |     tmux \
213 |     nfs-kernel-server \
214 |     dnsmasq \
215 |     hcxtools \
216 |     mosh \
217 |     vim
218 | python2 -m pip install pipenv
219 | python3 -m pip install pipenv
220 | apt-get remove mitmproxy
221 | python3 -m pip install mitmproxy
222 | 
223 | # default tmux config
224 | cat <<EOF > "$HOME/.tmux.conf"
225 | set -g mouse on
226 | set -g history-limit 50000
227 | 
228 | # set second prefix key to "CTRL + A"
229 | set -g prefix2 C-a
230 | bind C-a send-prefix -2
231 | 
232 | # List of plugins
233 | set -g @plugin 'tmux-plugins/tmux-logging'
234 | 
235 | # Initialize TMUX plugin manager (keep this line at the very bottom of tmux.conf)
236 | run '~/.tmux/plugins/tpm/tpm'
237 | EOF
238 | 
239 | # enable and start docker
240 | systemctl stop docker &>/dev/null
241 | echo '{"bip":"172.16.199.1/24"}' > /etc/docker/daemon.json
242 | systemctl enable docker --now
243 | 
244 | # initialize mitmproxy cert
245 | mitmproxy &>/dev/null &
246 | sleep 5
247 | killall mitmproxy
248 | # trust certificate
249 | cp ~/.mitmproxy/mitmproxy-ca-cert.cer /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
250 | update-ca-certificates
251 | 
252 | mkdir -p /root/.go
253 | gopath_exp='export GOPATH="$HOME/.go"'
254 | path_exp='export PATH="/usr/local/go/bin:$GOPATH/bin:$PATH"'
255 | sed -i '/export GOPATH=.*/c\' ~/.profile
256 | sed -i '/export PATH=.*GOPATH.*/c\' ~/.profile
257 | echo $gopath_exp | tee -a "$HOME/.profile"
258 | grep -q -F "$path_exp" "$HOME/.profile" || echo $path_exp | tee -a "$HOME/.profile"
259 | . "$HOME/.profile"
260 | 
261 | # enable NFS server (without any shares)
262 | systemctl enable nfs-server
263 | systemctl start nfs-server
264 | fgrep '1.1.1.1/255.255.255.255(rw,sync,all_squash,anongid=0,anonuid=0)' /etc/exports &>/dev/null || echo '#/root        1.1.1.1/255.255.255.255(rw,sync,all_squash,anongid=0,anonuid=0)' >> /etc/exports
265 | exportfs -a
266 | 
267 | # example NetworkManager.conf line for blacklist interfaces
268 | fgrep 'unmanaged-devices' &>/dev/null /etc/NetworkManager/NetworkManager.conf || echo -e '[keyfile]\nunmanaged-devices=mac:de:ad:be:ef:de:ad' >> /etc/NetworkManager/NetworkManager.conf
269 | 
270 | 
271 | printf '\n============================================================\n'
272 | printf '[+] Updating System\n'
273 | printf '============================================================\n\n'
274 | apt-get update
275 | apt-get upgrade
276 | 
277 | 
278 | printf '\n============================================================\n'
279 | printf '[+] Installing Bettercap\n'
280 | printf '============================================================\n\n'
281 | apt-get install libnetfilter-queue-dev libpcap-dev libusb-1.0-0-dev
282 | go get -v github.com/bettercap/bettercap
283 | 
284 | 
285 | printf '\n============================================================\n'
286 | printf '[+] Installing EapHammer\n'
287 | printf '============================================================\n\n'
288 | cd ~/Downloads
289 | git clone https://github.com/s0lst1c3/eaphammer.git
290 | cd eaphammer
291 | apt-get install $(grep -vE "^\s*#" kali-dependencies.txt  | tr "\n" " ")
292 | chmod +x kali-setup
293 | # remove prompts from setup script
294 | sed -i 's/.*input.*Do you wish to proceed.*/    if False:/g' kali-setup
295 | ./kali-setup
296 | ln -s ~/Downloads/eaphammer/eaphammer /usr/local/bin/eaphammer
297 | 
298 | 
299 | printf '\n============================================================\n'
300 | printf '[+] Installing Gowitness\n'
301 | printf '============================================================\n\n'
302 | go get -v github.com/sensepost/gowitness
303 | 
304 | 
305 | printf '\n============================================================\n'
306 | printf '[+] Installing MAN-SPIDER\n'
307 | printf '============================================================\n\n'
308 | cd ~/Downloads
309 | git clone https://github.com/blacklanternsecurity/MANSPIDER
310 | cd MANSPIDER && python3 -m pipenv install -r requirements.txt
311 | 
312 | 
313 | printf '\n============================================================\n'
314 | printf '[+] Installing bloodhound.py\n'
315 | printf '============================================================\n\n'
316 | pip install bloodhound
317 | 
318 | 
319 | printf '\n============================================================\n'
320 | printf '[+] Installing PCredz\n'
321 | printf '============================================================\n\n'
322 | apt-get remove python-pypcap
323 | apt-get install python-libpcap
324 | cd ~/Downloads
325 | git clone https://github.com/lgandx/PCredz.git
326 | ln -s ~/Downloads/PCredz/Pcredz /usr/local/bin/pcredz
327 | 
328 | 
329 | printf '\n============================================================\n'
330 | printf '[+] Installing EavesARP\n'
331 | printf '============================================================\n\n'
332 | cd ~/Downloads
333 | git clone https://github.com/mmatoscom/eavesarp
334 | cd eavesarp && python3 -m pip install -r requirements.txt
335 | cd && ln -s ~/Downloads/eavesarp/eavesarp.py /usr/local/bin/eavesarp
336 | 
337 | 
338 | printf '\n============================================================\n'
339 | printf '[+] Installing CrackMapExec\n'
340 | printf '============================================================\n\n'
341 | cme_dir="$(ls -d /root/.local/share/virtualenvs/* | grep CrackMapExec | head -n 1)"
342 | if [[ ! -z "$cme_dir" ]]; then rm -r "${cme_dir}.bak"; mv "${cme_dir}" "${cme_dir}.bak"; fi
343 | apt-get install libssl-dev libffi-dev python-dev build-essential
344 | cd ~/Downloads
345 | git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec
346 | cd CrackMapExec && python3 -m pipenv install
347 | python3 -m pipenv run python setup.py install
348 | ln -s ~/.local/share/virtualenvs/$(ls /root/.local/share/virtualenvs | grep CrackMapExec | head -n 1)/bin/cme ~/usr/local/bin/cme
349 | apt-get install crackmapexec
350 | 
351 | 
352 | printf '\n============================================================\n'
353 | printf '[+] Installing Impacket\n'
354 | printf '============================================================\n\n'
355 | cd ~/Downloads
356 | git clone https://github.com/CoreSecurity/impacket.git
357 | cd impacket && python3 -m pipenv install
358 | python3 -m pipenv run python setup.py install
359 | 
360 | 
361 | printf '\n============================================================\n'
362 | printf '[+] Enabling bash session logging\n'
363 | printf '============================================================\n\n'
364 | 
365 | apt-get install tmux-plugin-manager
366 | mkdir -p "$HOME/.tmux/plugins" 2>/dev/null
367 | export XDG_CONFIG_HOME="$HOME"
368 | export TMUX_PLUGIN_MANAGER_PATH="$HOME/.tmux/plugins"
369 | /usr/share/tmux-plugin-manager/scripts/install_plugins.sh
370 | mkdir -p "$HOME/Logs" 2>/dev/null
371 | 
372 | grep -q 'TMUX_LOGGING' "/etc/profile" || echo '
373 | export HISTSIZE= 
374 | export HISTFILESIZE=
375 | export PROMPT_COMMAND="history -a"
376 | export HISTTIMEFORMAT="%F %T "
377 | setopt INC_APPEND_HISTORY 2>/dev/null
378 | 
379 | logdir="$HOME/Logs"
380 | mkdir -p $logdir 2>/dev/null
381 | #gzip -q $logdir/*.log &>/dev/null
382 | export XDG_CONFIG_HOME="$HOME"
383 | export TMUX_PLUGIN_MANAGER_PATH="$HOME/.tmux/plugins"
384 | if [[ ! -z "$TMUX" && -z "$TMUX_LOGGING" ]]; then
385 |     logfile="$logdir/tmux_$(date -u +%F_%H_%M_%S)_UTC.$$.log"
386 |     "$TMUX_PLUGIN_MANAGER_PATH/tmux-logging/scripts/start_logging.sh" "$logfile"
387 |     export TMUX_LOGGING="$logfile"
388 | fi' >> "/etc/profile"
389 | 
390 | normal_log_script='
391 | export HISTSIZE= 
392 | export HISTFILESIZE=
393 | export PROMPT_COMMAND="history -a"
394 | export HISTTIMEFORMAT="%F %T "
395 | setopt INC_APPEND_HISTORY 2>/dev/null
396 | 
397 | logdir="$HOME/Logs"
398 | mkdir -p $logdir 2>/dev/null
399 | if [[ -z "$NORMAL_LOGGING" && ! -z "$PS1" && -z "$TMUX" ]]; then
400 |     logfile="$logdir/$(date -u +%F_%H_%M_%S)_UTC.$$.log"
401 |     export NORMAL_LOGGING="$logfile"
402 |     script -f -q "$logfile"
403 |     exit
404 | fi'
405 | 
406 | grep -q 'NORMAL_LOGGING' "$HOME/.bashrc" || echo "$normal_log_script" >> "$HOME/.bashrc"
407 | grep -q 'NORMAL_LOGGING' "$HOME/.zshrc" || echo "$normal_log_script" >> "$HOME/.zshrc"
408 | 
409 | 
410 | printf '\n============================================================\n'
411 | printf '[+] Initializing Metasploit Database\n'
412 | printf '============================================================\n\n'
413 | systemctl start postgresql
414 | systemctl enable postgresql
415 | msfdb init
416 | 
417 | 
418 | printf '\n============================================================\n'
419 | printf '[+] Unzipping RockYou\n'
420 | printf '============================================================\n\n'
421 | gunzip /usr/share/wordlists/rockyou.txt.gz 2>/dev/null
422 | ln -s /usr/share/wordlists ~/Downloads/wordlists 2>/dev/null
423 | 
424 | 
425 | if [ -n "$remove_i3" ]
426 | then
427 | 
428 |     printf '\n============================================================\n'
429 |     printf '[+] Removing i3\n'
430 |     printf '============================================================\n\n'
431 |     rm ~/.config/autostart/i3.desktop
432 |     rm ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
433 |     rm -r ~/.cache/sessions
434 | fi
435 | 
436 | 
437 | if [ -n "$install_i3" ]
438 | then
439 | 
440 |     printf '\n============================================================\n'
441 |     printf '[+] Installing i3\n'
442 |     printf '============================================================\n\n'
443 |     # install dependencies
444 |     apt-get install i3 j4-dmenu-desktop fonts-hack feh
445 |     # make sure .config directory exists
446 |     mkdir -p /root/.config
447 |     # make startup script
448 |     echo '#!/bin/bash
449 | xrandr --output eDP-1 --mode 1920x1080
450 | sleep 1
451 | feh --bg-scale /usr/share/wallpapers/wallpapers/bls_wallpaper.png
452 | ' > /root/.config/i3_startup.sh
453 | 
454 |     # set up config
455 |     grep '### KALI SETUP SCRIPT ###' /etc/i3/config.keycodes || echo '
456 | ### KALI SETUP SCRIPT ###
457 | # win+L lock screen
458 | # bindsym $sup+l exec i3lock -i /usr/share/wallpapers/wallpapers/bls_wallpaper.png
459 | # win+E file explorer
460 | # bindsym $sup+e exec thunar
461 | # resolution / wallpaper
462 | exec_always --no-startup-id bash "/root/.config/i3_startup.sh"
463 | 
464 | # BLS theme
465 | # class             border  background  text        indicator   child_border
466 | client.focused      #666666 #666666     #FFFFFF     #FFFFFF     #666666
467 | ' >> /etc/i3/config.keycodes
468 | 
469 |     # gnome terminal
470 |     sed -i 's/^bindcode $mod+36 exec.*/bindcode $mod+36 exec gnome-terminal/' /etc/i3/config.keycodes
471 |     # improved dmenu
472 |     sed -i 's/.*bindcode $mod+40 exec.*/bindcode $mod+40 exec --no-startup-id j4-dmenu-desktop/g' /etc/i3/config.keycodes
473 |     # mod+shift+e logs out of gnome
474 |     sed -i 's/.*bindcode $mod+Shift+26 exec.*/bindcode $mod+Shift+26 exec xfce4-session-logout/g' /etc/i3/config.keycodes
475 |     # hack font
476 |     sed -i 's/^font pango:.*/font pango:hack 11/' /etc/i3/config.keycodes
477 |     # focus child
478 |     sed -i 's/bindcode $mod+39 layout stacking/#bindcode $mod+39 layout stacking/g' /etc/i3/config.keycodes
479 |     sed -i 's/.*bindsym $mod+d focus child.*/bindcode $mod+39 focus child/g' /etc/i3/config.keycodes
480 | 
481 |     # get rid of saved sessions
482 |     rm -r /root/.cache/sessions/*
483 | 
484 |     # hide xfwm
485 |     sed -i '/export GOPATH=.*/c\' /usr/share/applications/xfce-wm-settings.desktop
486 |     echo 'Hidden=true' >> /usr/share/applications/xfce-wm-settings.desktop
487 | 
488 |     # create i3 autostart file
489 |     mkdir -p /root/.config/autostart 2>/dev/null
490 |     cat <<EOF > /root/.config/autostart/i3.desktop
491 | [Desktop Entry]
492 | Encoding=UTF-8
493 | Version=0.9.4
494 | Type=Application
495 | Name=i3
496 | Comment=i3
497 | Exec=i3
498 | OnlyShowIn=XFCE;
499 | RunHook=0
500 | StartupNotify=false
501 | Terminal=false
502 | Hidden=false
503 | EOF
504 | 
505 |     # create XFCE session
506 |     mkdir -p /root/.config/xfce4/xfconf/xfce-perchannel-xml/ 2>/dev/null
507 |     cat <<EOF > /root/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
508 | <?xml version="1.0" encoding="UTF-8"?>
509 | 
510 | <channel name="xfce4-session" version="1.0">
511 |   <property name="general" type="empty">
512 |     <property name="FailsafeSessionName" type="string" value="Failsafe"/>
513 |     <property name="LockCommand" type="string" value=""/>
514 |   </property>
515 |   <property name="sessions" type="empty">
516 |     <property name="Failsafe" type="empty">
517 |       <property name="IsFailsafe" type="bool" value="true"/>
518 |       <property name="Count" type="int" value="1"/>
519 |       <property name="Client0_Command" type="array">
520 |         <value type="string" value="xfsettingsd"/>
521 |       </property>
522 |       <property name="Client0_PerScreen" type="bool" value="false"/>
523 |     </property>
524 |   </property>
525 | </channel>
526 | EOF
527 | 
528 | fi
529 | 
530 | 
531 | if [ -z "$no_zmap" ]
532 | then
533 | 
534 |     printf '\n============================================================\n'
535 |     printf '[+] Installing Zmap Asset Inventory\n'
536 |     printf '============================================================\n\n'
537 |     cd /opt
538 |     mv zmap-asset-inventory "zmap-asset-inventory.bak$(date +%s)" &> /dev/null
539 |     git clone https://github.com/blacklanternsecurity/zmap-asset-inventory
540 |     docker build --network host -t zmap-assets zmap-asset-inventory
541 | 
542 | fi
543 | 
544 | 
545 | 
546 | 
547 | # if we're not on a headless system
548 | if [ -n "$DISPLAY" ]
549 | then
550 | 
551 |     printf '\n============================================================\n'
552 |     printf '[+] Installing:\n'
553 |     printf '     - gnome-screenshot\n'
554 |     printf '     - LibreOffice\n'
555 |     printf '     - Remmina\n'
556 |     printf '     - file explorer SMB capability\n'
557 |     printf '============================================================\n\n'
558 |     apt-get install \
559 |         gnome-screenshot \
560 |         libreoffice \
561 |         remmina \
562 |         gvfs-backends # smb in file explorer
563 | 
564 |     printf '\n============================================================\n'
565 |     printf '[+] Installing Bloodhound\n'
566 |     printf '============================================================\n\n'
567 |     # uninstall old version
568 |     apt-get remove bloodhound
569 |     rm -rf /opt/BloodHound-linux-x64 &>/dev/null
570 | 
571 |     # download latest bloodhound release from github
572 |     release_url="https://github.com/$(curl -s https://github.com/BloodHoundAD/BloodHound/releases | egrep -o '/BloodHoundAD/BloodHound/releases/download/.{1,10}/BloodHound-linux-x64.zip' | head -n 1)"
573 |     cd /opt
574 |     wget "$release_url"
575 |     unzip -o 'BloodHound-linux-x64.zip'
576 |     rm 'BloodHound-linux-x64.zip'
577 | 
578 |     # fix white screen issue
579 |     echo -e '#!/bin/bash\n/opt/BloodHound-linux-x64/BloodHound --no-sandbox $@' > /usr/local/bin/bloodhound
580 |     chmod +x /usr/local/bin/bloodhound
581 | 
582 |     # install Neo4J
583 |     wget -O - https://debian.neo4j.org/neotechnology.gpg.key | apt-key add -
584 |     echo 'deb https://debian.neo4j.org/repo stable/' > /etc/apt/sources.list.d/neo4j.list
585 |     apt-get update
586 |     apt-get install neo4j
587 | 
588 |     # increase open file limit
589 |     apt-get install neo4j gconf-service gconf2-common libgconf-2-4
590 |     mkdir -p /usr/share/neo4j/logs /usr/share/neo4j/run
591 |     grep '^root   soft    nofile' /etc/security/limits.conf || echo 'root   soft    nofile  500000
592 |     root   hard    nofile  600000' >> /etc/security/limits.conf
593 |     grep 'NEO4J_ULIMIT_NOFILE=60000' /etc/default/neo4j 2>/dev/null || echo 'NEO4J_ULIMIT_NOFILE=60000' >> /etc/default/neo4j
594 |     grep 'fs.file-max' /etc/sysctl.conf 2>/dev/null || echo 'fs.file-max=500000' >> /etc/sysctl.conf
595 |     sysctl -p
596 |     neo4j start
597 | 
598 |     # install cypheroth, which automates bloodhound queries & outputs to CSV
599 |     cd ~/Downloads
600 |     git clone https://github.com/seajaysec/cypheroth
601 |     ln -s ~/Downloads/cypheroth/cypheroth.sh /usr/local/bin/cypheroth
602 | 
603 | 
604 |     printf '\n============================================================\n'
605 |     printf '[+] Installing Firefox\n'
606 |     printf '============================================================\n\n'
607 |     if [[ ! -f /usr/share/applications/firefox.desktop ]]
608 |     then
609 |         wget -O /tmp/firefox.tar.bz2 'https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en-US'
610 |         cd /opt
611 |         tar -xvjf /tmp/firefox.tar.bz2
612 |         if [[ -f /usr/bin/firefox ]]; then mv /usr/bin/firefox /usr/bin/firefox.bak; fi
613 |         ln -s /opt/firefox/firefox /usr/bin/firefox
614 |         rm /tmp/firefox.tar.bz2
615 | 
616 |         cat <<EOF > /usr/share/applications/firefox.desktop
617 | [Desktop Entry]
618 | Name=Firefox
619 | Comment=Browse the World Wide Web
620 | GenericName=Web Browser
621 | X-GNOME-FullName=Firefox Web Browser
622 | Exec=/opt/firefox/firefox %u
623 | Terminal=false
624 | X-MultipleArgs=false
625 | Type=Application
626 | Icon=firefox-esr
627 | Categories=Network;WebBrowser;
628 | MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
629 | StartupWMClass=Firefox-esr
630 | StartupNotify=true
631 | EOF
632 |     fi
633 | 
634 | 
635 |     printf '\n============================================================\n'
636 |     printf '[+] Installing Chromium\n'
637 |     printf '============================================================\n\n'
638 |     apt-get install chromium
639 |     sed -i 's#Exec=/usr/bin/chromium %U#Exec=/usr/bin/chromium --no-sandbox %U#g' /usr/share/applications/chromium.desktop
640 | 
641 | 
642 |     printf '\n============================================================\n'
643 |     printf '[+] Installing Sublime Text\n'
644 |     printf '============================================================\n\n'
645 |     wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | apt-key add -
646 |     apt-get install apt-transport-https
647 |     echo "deb https://download.sublimetext.com/ apt/stable/" > /etc/apt/sources.list.d/sublime-text.list
648 |     apt-get update
649 |     apt-get install sublime-text
650 | 
651 | 
652 |     printf '\n============================================================\n'
653 |     printf '[+] Installing BoostNote\n'
654 |     printf '============================================================\n\n'
655 |     boost_deb_url="https://github.com$(curl -Ls https://github.com/BoostIO/boost-releases/releases/latest | egrep -o '/BoostIO/boost-releases/releases/download/.+.deb')"
656 |     cd /opt
657 |     wget -O boostnote.deb "$boost_deb_url"
658 |     apt-get install gconf2 gvfs-bin
659 |     dpkg -i boostnote.deb
660 |     rm boostnote.deb
661 | 
662 | 
663 |     printf '\n============================================================\n'
664 |     printf '[+] Cleaning Up\n'
665 |     printf '============================================================\n\n'
666 |     updatedb
667 |     rmdir ~/Music ~/Public ~/Videos ~/Templates ~/Desktop &>/dev/null
668 |     gsettings set org.gnome.shell favorite-apps "['firefox.desktop', 'org.gnome.Terminal.desktop', 'terminator.desktop', 'org.gnome.Nautilus.desktop', 'org.gnome.Screenshot.desktop', 'sublime_text.desktop', 'boostnote.desktop']"
669 | 
670 | fi
671 | 
672 | 
673 | printf '\n============================================================\n'
674 | printf "[+] Done. Don't forget to reboot! :)\n"
675 | printf "[+] You may also want to install:\n"
676 | printf '     - BurpSuite Pro\n'
677 | printf '     - Firefox Add-Ons\n'
678 | printf '============================================================\n\n'
679 | 


--------------------------------------------------------------------------------