├── ubuntu ├── Makefile ├── deploy │ └── deploy.yaml └── Dockerfile ├── kali ├── Makefile ├── deploy │ ├── config.yaml │ ├── deploy.yaml │ └── README.md ├── conf │ ├── proxychains.conf │ └── README.md ├── docker-entrypoint.sh ├── Dockerfile └── Dockerfile_systemd ├── docker-compose.yaml ├── Makefile └── README.md /ubuntu/Makefile: -------------------------------------------------------------------------------- 1 | build: 2 | 3 | docker build -t ubuntu:jammy . 4 | 5 | exec: 6 | 7 | docker run -it -u root ubuntu:jammy bash 8 | -------------------------------------------------------------------------------- /kali/Makefile: -------------------------------------------------------------------------------- 1 | build: 2 | 3 | docker build -f Dockerfile_systemd -t kali_s:latest . 4 | 5 | exec: 6 | 7 | docker run -it -p 87:8087 --rm --privileged --workdir /usr --name kali-systemd kali_s:latest bash 8 | 9 | tag: 10 | 11 | docker tag kali_s:latest lostcauze7/kali-dockerized:latest 12 | 13 | push: 14 | 15 | docker push lostcauze7/kali-dockerized:latest 16 | 17 | -------------------------------------------------------------------------------- /kali/deploy/config.yaml: -------------------------------------------------------------------------------- 1 | kind: Cluster 2 | apiVersion: kind.x-k8s.io/v1alpha4 3 | nodes: 4 | - role: control-plane 5 | image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 6 | - role: worker 7 | image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 8 | - role: worker 9 | image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 10 | 11 | -------------------------------------------------------------------------------- /ubuntu/deploy/deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app: ubuntu 7 | name: ubuntu 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: ubuntu 13 | strategy: {} 14 | template: 15 | metadata: 16 | creationTimestamp: null 17 | labels: 18 | app: ubuntu 19 | spec: 20 | containers: 21 | - image: ubuntu:jammy 22 | name: ubuntu 23 | imagePullPolicy: Always 24 | command: ["/bin/sleep", "3650d"] 25 | resources: {} -------------------------------------------------------------------------------- /kali/deploy/deploy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: kali-deployment 5 | spec: 6 | replicas: 1 7 | selector: 8 | matchLabels: 9 | app: kali 10 | template: 11 | metadata: 12 | labels: 13 | app: kali 14 | spec: 15 | containers: 16 | - name: kali-container 17 | image: lostcauze7/kali-dockerized:latest 18 | ports: 19 | - containerPort: 8087 20 | securityContext: 21 | privileged: true 22 | workingDir: /usr 23 | command: 24 | - "/bin/bash" 25 | - "/docker-entrypoint.sh" 26 | - "tail" 27 | - "-f" 28 | - "/dev/null" 29 | stdin: true 30 | tty: true -------------------------------------------------------------------------------- /ubuntu/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:jammy 2 | 3 | #https://github.com/moby/moby/issues/27988 4 | RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections 5 | 6 | RUN apt-get update; apt-get install -y wget curl net-tools bmon htop netcat-traditional pciutils; apt-get clean && rm -rf /var/lib/apt/lists/* 7 | 8 | WORKDIR /usr 9 | 10 | # Install Go 11 | 12 | ENV GO_VERSION=1.21.4 13 | 14 | RUN curl -sSLO https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz; tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz; rm -rf go$GO_VERSION.linux-amd64.tar.gz 15 | 16 | ENV PATH="/usr/local/go/bin:${PATH}" 17 | 18 | # Install language dependencies 19 | 20 | RUN apt-get update; apt-get -y install python3-pip npm nodejs 21 | 22 | CMD ["/bin/bash"] -------------------------------------------------------------------------------- /kali/deploy/README.md: -------------------------------------------------------------------------------- 1 | # Deployment Kali Linux w/ systemd 2 | 3 | You can deploy Kali Linux with systemd to your K8s cluster, but if you want to use systemd you need to use in K8s, [cgroupv2](https://kubernetes.io/docs/concepts/architecture/cgroups/) 4 | 5 | [Check cgroup version](https://kubernetes.io/docs/concepts/architecture/cgroups/#check-cgroup-version) 6 | 7 | Deploy: 8 | 9 | ```bash 10 | kubectl apply -f deploy.yaml 11 | ``` 12 | 13 | ## Local cluster PoC (kind) 14 | 15 | Demonstrates local Kubernetes cluster deployment to test a Kali Linux deployment with the systemd support 16 | 17 | Firstly you need to create a local cluster, I recommend to use a [kind](https://kind.sigs.k8s.io), Kind [releases](https://github.com/kubernetes-sigs/kind/releases) 18 | 19 | ```bash 20 | kind create cluster 21 | ``` 22 | 23 | Deploy a Kali Linux systemd deployment to your local Kubernetes cluster created via kind 24 | 25 | ```bash 26 | kubectl apply -f deploy -n 27 | ``` 28 | 29 | For deleting a local kubernetes cluster in kind you can use 30 | 31 | ```bash 32 | kind delete cluster 33 | ``` 34 | 35 | Or 36 | 37 | ```bash 38 | kind delete clusters 39 | ``` -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3.8' 2 | services: 3 | 4 | kali: 5 | build: 6 | dockerfile: Dockerfile 7 | context: ./kali 8 | #image: 'kalilinux/kali-rolling' 9 | container_name: kali 10 | tty: true 11 | restart: always 12 | privileged: true # Add the privileged option, SYS_ADMIN is limited, where privileged has full access 13 | network_mode: host 14 | stdin_open: true 15 | ports: 16 | - 127.0.0.1:8085:8085 17 | 18 | ubuntu: 19 | build: 20 | dockerfile: Dockerfile 21 | context: ./ubuntu 22 | #image: 'ubuntu:jammy' 23 | container_name: ubuntu 24 | privileged: true 25 | network_mode: host 26 | tty: true 27 | restart: always 28 | stdin_open: true 29 | ports: 30 | - 127.0.0.1:8086:8086 31 | 32 | kali_systemd_2: 33 | build: 34 | dockerfile: Dockerfile_systemd 35 | context: ./kali 36 | #image: 'kalilinux/kali-rolling' 37 | # systemd image prebuilt 38 | #image: 'lostcauze7/kali-dockerized:latest' 39 | container_name: kali_systemd_2 40 | network_mode: host 41 | tty: true 42 | restart: always 43 | stdin_open: true 44 | privileged: true # Add the privileged option, SYS_ADMIN is limited, where privileged has full access 45 | working_dir: /usr # Add the working directory option 46 | ports: 47 | - 127.0.0.1:8087:8087 48 | command: "/bin/bash" -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Build and run the Kali Linux in Docker without systemd 2 | 3 | build-run-plain: 4 | docker run -p 127.0.0.1:88:8088 --network host --name kali -itd kalilinux/kali-rolling; docker attach kali 5 | 6 | # Build the Kali image with systemd support 7 | create-build-s: 8 | cd kali/ && docker build -t kali -f Dockerfile_systemd . 9 | 10 | # Run the Kali image in a container 11 | image-run-s: 12 | docker run -it -p 87:8087 --network host --rm --privileged --workdir /usr --name kali-systemd kali /bin/bash 13 | 14 | # Scan for vuln. in Kali Linux Docker image 15 | 16 | kali-scan: 17 | trivy image kali 18 | 19 | # Docker stats for Kali Linux Docker image 20 | 21 | kali-stats: 22 | docker stats -a kali_systemd 23 | 24 | # Docker compose to build all services in docker-compose.yaml 25 | 26 | docker-c-build: 27 | 28 | docker compose up -d --build 29 | 30 | # Docker compose run builed Kali Linux with systemd support from docker-compose.yaml 31 | 32 | docker-c-build-systemd: 33 | 34 | docker-compose up -d --build; docker compose run --rm kali_systemd_2 bash 35 | 36 | # Docker prebuilt 37 | 38 | docker-p-b: 39 | 40 | docker run -p 87:8087 --network host --rm --privileged --workdir /usr --name kali_p -itd lostcauze7/kali-dockerized:latest; docker attach kali_p 41 | 42 | # Creates Kind cluster (Kubernetes in Docker) with the config file in kali/deploy/config.yaml 43 | 44 | cc: 45 | kind create cluster --config=kali/deploy/config.yaml 46 | 47 | # Deletes Kind cluster 48 | 49 | dc: 50 | kind delete cluster -------------------------------------------------------------------------------- /kali/conf/proxychains.conf: -------------------------------------------------------------------------------- 1 | # proxychains.conf VER 3.1 2 | # 3 | # HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS. 4 | # 5 | 6 | # The option below identifies how the ProxyList is treated. 7 | # only one option should be uncommented at time, 8 | # otherwise the last appearing option will be accepted 9 | # 10 | #dynamic_chain 11 | # 12 | # Dynamic - Each connection will be done via chained proxies 13 | # all proxies chained in the order as they appear in the list 14 | # at least one proxy must be online to play in chain 15 | # (dead proxies are skipped) 16 | # otherwise EINTR is returned to the app 17 | # 18 | strict_chain 19 | # 20 | # Strict - Each connection will be done via chained proxies 21 | # all proxies chained in the order as they appear in the list 22 | # all proxies must be online to play in chain 23 | # otherwise EINTR is returned to the app 24 | # 25 | #random_chain 26 | # 27 | # Random - Each connection will be done via random proxy 28 | # (or proxy chain, see chain_len) from the list. 29 | # this option is good to test your IDS 30 | 31 | # Make sense only if random_chain 32 | #chain_len = 2 33 | 34 | # Quiet mode (no output from library) 35 | #quiet_mode 36 | 37 | # Proxy DNS requests - no leak for DNS data 38 | proxy_dns 39 | 40 | # Some timeouts in milliseconds 41 | tcp_read_time_out 15000 42 | tcp_connect_time_out 8000 43 | 44 | # ProxyList format 45 | # type host port [user pass] 46 | # (values separated by 'tab' or 'blank') 47 | # 48 | # 49 | # Examples: 50 | # 51 | # socks5 192.168.67.78 1080 lamer secret 52 | # http 192.168.89.3 8080 justu hidden 53 | # socks4 192.168.1.49 1080 54 | # http 192.168.39.93 8080 55 | # 56 | # 57 | # proxy types: http, socks4, socks5 58 | # ( auth types supported: "basic"-http "user/pass"-socks ) 59 | # 60 | [ProxyList] 61 | # add proxy here ... 62 | # meanwile 63 | # defaults set to "tor" 64 | socks5 127.0.0.1 9050 -------------------------------------------------------------------------------- /kali/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | container=docker 4 | export container 5 | 6 | if [ $# -eq 0 ]; then 7 | echo >&2 'ERROR: No command specified. You probably want to run `journalctl -f`, or maybe `bash`?' 8 | exit 1 9 | fi 10 | 11 | if [ ! -t 0 ]; then 12 | echo >&2 'ERROR: TTY needs to be enabled (`docker run -t ...`).' 13 | exit 1 14 | fi 15 | 16 | env >/etc/docker-entrypoint-env 17 | 18 | cat >/etc/systemd/system/docker-entrypoint.target </etc/docker-entrypoint-cmd 26 | 27 | cat >/etc/systemd/system/docker-entrypoint.service < /dev/null; then echo >&2 \"got signal \${EXIT_STATUS}\"; systemctl exit \$(( 128 + \$( kill -l \${EXIT_STATUS} ) )); else systemctl exit \${EXIT_STATUS}; fi" 35 | StandardInput=tty-force 36 | StandardOutput=inherit 37 | StandardError=inherit 38 | WorkingDirectory=$(pwd) 39 | EnvironmentFile=/etc/docker-entrypoint-env 40 | 41 | [Install] 42 | WantedBy=multi-user.target 43 | EOF 44 | 45 | systemctl mask systemd-firstboot.service systemd-udevd.service systemd-modules-load.service 46 | systemctl unmask systemd-logind 47 | systemctl enable docker-entrypoint.service 48 | 49 | systemd= 50 | if [ -x /lib/systemd/systemd ]; then 51 | systemd=/lib/systemd/systemd 52 | elif [ -x /usr/lib/systemd/systemd ]; then 53 | systemd=/usr/lib/systemd/systemd 54 | elif [ -x /sbin/init ]; then 55 | systemd=/sbin/init 56 | else 57 | echo >&2 'ERROR: systemd is not installed' 58 | exit 1 59 | fi 60 | systemd_args="--show-status=false --unit=docker-entrypoint.target" 61 | echo "$0: starting $systemd $systemd_args" 62 | exec $systemd $systemd_args 63 | -------------------------------------------------------------------------------- /kali/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling 2 | 3 | #https://github.com/moby/moby/issues/27988 4 | RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections 5 | 6 | # Update + common tools + Install Metapackages https://www.kali.org/docs/general-use/metapackages/ 7 | 8 | RUN apt-get update; apt-get install -y -q kali-linux-headless 9 | 10 | # Default packages 11 | 12 | RUN apt-get install -y wget curl net-tools whois netcat-traditional pciutils bmon htop tor 13 | 14 | # Kali - Common packages 15 | 16 | RUN apt -y install amap \ 17 | apktool \ 18 | arjun \ 19 | beef-xss \ 20 | binwalk \ 21 | cri-tools \ 22 | dex2jar \ 23 | dirb \ 24 | exploitdb \ 25 | kali-tools-top10 \ 26 | kubernetes-helm \ 27 | lsof \ 28 | ltrace \ 29 | man-db \ 30 | nikto \ 31 | set \ 32 | steghide \ 33 | strace \ 34 | theharvester \ 35 | trufflehog \ 36 | uniscan \ 37 | wapiti \ 38 | whatmask \ 39 | wpscan \ 40 | xsser \ 41 | yara 42 | 43 | #Sets WORKDIR to /usr 44 | 45 | WORKDIR /usr 46 | 47 | # XSS-RECON 48 | 49 | RUN git clone https://github.com/Ak-wa/XSSRecon; 50 | 51 | # Install language dependencies 52 | 53 | RUN apt -y install python3-pip npm nodejs golang 54 | 55 | # PyEnv 56 | RUN apt install -y build-essential \ 57 | libssl-dev \ 58 | zlib1g-dev \ 59 | libbz2-dev \ 60 | libreadline-dev \ 61 | libsqlite3-dev \ 62 | llvm \ 63 | libncurses5-dev \ 64 | libncursesw5-dev \ 65 | xz-utils \ 66 | tk-dev \ 67 | libffi-dev \ 68 | liblzma-dev \ 69 | python3-openssl 70 | 71 | RUN curl https://pyenv.run | bash 72 | 73 | # Set-up necessary Env vars for PyEnv 74 | ENV PYENV_ROOT /root/.pyenv 75 | ENV PATH $PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH 76 | 77 | RUN pyenv install -v 3.7.16; pyenv install -v 3.8.15 78 | 79 | # GitHub Additional Tools 80 | 81 | # Blackbird 82 | # for usage: blackbird/ 83 | # python blackbird.py 84 | RUN git clone https://github.com/p1ngul1n0/blackbird && cd blackbird && pyenv local 3.8.15 && pip install -r requirements.txt && cd ../ 85 | 86 | # Maigret 87 | RUN git clone https://github.com/soxoj/maigret.git && pyenv local 3.8.15 && pip3 install maigret && cd ../ 88 | 89 | # Sherlock 90 | # https://github.com/sherlock-project/sherlock 91 | RUN pip install sherlock-project 92 | 93 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* 94 | -------------------------------------------------------------------------------- /kali/Dockerfile_systemd: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling 2 | 3 | #https://github.com/moby/moby/issues/27988 4 | RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections 5 | 6 | # Update + common tools + Install Metapackages https://www.kali.org/docs/general-use/metapackages/ 7 | 8 | RUN apt-get update; apt-get install -y -q kali-linux-headless 9 | 10 | # Default packages 11 | 12 | RUN apt-get install -y wget curl net-tools whois netcat-traditional pciutils bmon htop tor 13 | 14 | # Kali - Common packages 15 | 16 | RUN apt -y install amap \ 17 | apktool \ 18 | arjun \ 19 | beef-xss \ 20 | binwalk \ 21 | cri-tools \ 22 | dex2jar \ 23 | dirb \ 24 | exploitdb \ 25 | kali-tools-top10 \ 26 | kubernetes-helm \ 27 | lsof \ 28 | ltrace \ 29 | man-db \ 30 | nikto \ 31 | set \ 32 | steghide \ 33 | strace \ 34 | theharvester \ 35 | trufflehog \ 36 | uniscan \ 37 | wapiti \ 38 | whatmask \ 39 | wpscan \ 40 | xsser \ 41 | yara 42 | 43 | #Sets WORKDIR to /usr 44 | 45 | WORKDIR /usr 46 | 47 | # XSS-RECON 48 | 49 | RUN git clone https://github.com/Ak-wa/XSSRecon; 50 | 51 | # Install language dependencies 52 | 53 | RUN apt -y install python3-pip npm nodejs golang 54 | 55 | # PyEnv 56 | RUN apt install -y build-essential \ 57 | libssl-dev \ 58 | zlib1g-dev \ 59 | libbz2-dev \ 60 | libreadline-dev \ 61 | libsqlite3-dev \ 62 | llvm \ 63 | libncurses5-dev \ 64 | libncursesw5-dev \ 65 | xz-utils \ 66 | tk-dev \ 67 | libffi-dev \ 68 | liblzma-dev \ 69 | python3-openssl 70 | 71 | RUN curl https://pyenv.run | bash 72 | 73 | # Set-up necessary Env vars for PyEnv 74 | ENV PYENV_ROOT /root/.pyenv 75 | ENV PATH $PYENV_ROOT/shims:$PYENV_ROOT/bin:$PATH 76 | 77 | RUN pyenv install -v 3.7.16; pyenv install -v 3.8.15 78 | 79 | # GitHub Additional Tools 80 | 81 | # Blackbird 82 | # for usage: blackbird/ 83 | # python blackbird.py 84 | RUN git clone https://github.com/p1ngul1n0/blackbird && cd blackbird && pyenv local 3.8.15 && pip install -r requirements.txt && cd ../ 85 | 86 | # Maigret 87 | RUN git clone https://github.com/soxoj/maigret.git && pyenv local 3.8.15 && pip3 install maigret && cd ../ 88 | 89 | # Sherlock 90 | # https://github.com/sherlock-project/sherlock 91 | RUN pip install sherlock-project 92 | 93 | RUN apt-get clean && rm -rf /var/lib/apt/lists/* 94 | 95 | COPY docker-entrypoint.sh / 96 | 97 | COPY conf/proxychains.conf /etc/proxychains.conf 98 | 99 | ENTRYPOINT ["/docker-entrypoint.sh"] 100 | -------------------------------------------------------------------------------- /kali/conf/README.md: -------------------------------------------------------------------------------- 1 | # TOR + Proxychains 2 | 3 | [Github proxychains-ng](https://github.com/rofl0r/proxychains-ng) 4 | 5 | In Kali Linux w/ systemd commmands to play with tor service: 6 | 7 | ```bash 8 | systemctl enable tor.service 9 | systemctl restart tor.service 10 | systemctl status tor.service 11 | systemctl stop tor.service 12 | ``` 13 | 14 | Proxychains usage, in this example it will run curl through proxy(or chained proxies) specified by proxychains.conf 15 | 16 | ```bash 17 | proxychains -f /etc/proxychains.conf curl 18 | ``` 19 | 20 | ## Start up proxychaining: 21 | 22 | After executing in docker container you need to enable, start tor.service and then you can execute commands over proxychain: 23 | 24 | ```bash 25 | systemctl enable tor.service 26 | systemctl start tor.service 27 | systemctl status tor.service 28 | ``` 29 | 30 | The output should be: 31 | 32 | ```bash 33 | ● tor.service - Anonymizing overlay network for TCP (multi-instance-master) 34 | Loaded: loaded (/lib/systemd/system/tor.service; disabled; preset: disabled) 35 | Active: active (exited) since XX Sep XX XX:XX:XX XX UTC; xmin xsec ago 36 | Main PID: 310 (code=exited, status=0/SUCCESS) 37 | 38 | Sep XX XX:XX:XX XX systemd[1]: Starting tor.service - Anonymizing overlay network for TCP (multi-instance-master)... 39 | Sep XX XX:XX:XX XX systemd[1]: Finished tor.service - Anonymizing overlay network for TCP (multi-instance-master). 40 | ``` 41 | 42 | Afterwards you can use proxychain: 43 | 44 | ```bash 45 | proxychains -f /etc/proxychains.conf curl 46 | proxychains -f curl 47 | ``` 48 | 49 | Get IPs (3 methods): 50 | 51 | ```bash 52 | proxychains -f /etc/proxychains.conf curl https://ipinfo.io/ip 53 | proxychains -f /etc/proxychains.conf wget -qO- https://api.ipify.org 54 | proxychains -f /etc/proxychains.conf curl -s https://ifconfig.me 55 | ``` 56 | 57 | ## How to configure TOR with bridges 58 | 59 | What is a [bridge?](https://support.torproject.org/censorship/censorship-7/) 60 | 61 | Something about [Obsfproxy](https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt) 62 | 63 | I've found this [repo](https://github.com/devshashtag/TorBridge) but it CLI it does not work due to X Display!!! 64 | Actually I've tried it manually: 65 | 66 | Install `obfs4proxy`: 67 | 68 | ```bash 69 | apt install obfs4proxy 70 | ``` 71 | 72 | Open in your browser URL `https://bridges.torproject.org/` and get bridges (select from options if u need plugable transport or the usage of IPv4 or IPv6) then it generates CAPTCHA after u success in CAPTCHA it will provide bridges 73 | 74 | Edit `/etc/tor/torcc` and add this line, where last lines should be ur bridges: 75 | 76 | ```bash 77 | UseBridges 1 78 | ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy 79 | Bridge obfs4 50.39.226.171:47368 93BBD8F80D5F5A8A55829A3168278327BABC14D7 cert=e7kfc/GAUTzv6OEu/a9zQnzGQu9dzhs4jZSmKCXYCaOVZUf5vci2KKilPzR6pUKiiO9hNA iat-mode=0 80 | # This above is just example 81 | ``` 82 | 83 | Restart tor service: 84 | 85 | ```bash 86 | service tor restart 87 | # Check the logs for proper error 88 | journalctl -exft Tor 89 | ``` -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dockerized Kali Linux and Ubuntu 22.04 2 | 3 | Dockerized Kali Linux + Ubuntu 22.04 for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering 4 | 5 | I am using [Official](https://www.kali.org/docs/containers/official-kalilinux-docker-images/) Kali Linux Docker image **kalilinux/kali-rolling**, also this page describes **Official Kali Linux Docker Images** 6 | 7 | ***!!! I am using Docker host network driver, please remember that: The host networking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server !!! The usage of the host network driver is to optimize performance or to use that in a situation where container needs to handle a wide large range of ports*** 8 | 9 | ***If you want to run this project on the Mac, Windows, Windows server please remove from all commands --network host!!!*** 10 | 11 | Actually I am managing multiple python versions with [pyenv](https://github.com/pyenv/pyenv) in Kali Linux only 12 | 13 | I'm using Python versions: `3.7.16, 3.8.15` with `pyenv local `, for details check out `kali/Dockerfile_systemd` 14 | 15 | ## Docker Hub 16 | 17 | There you can find prebuilt `Kali Linux with systemd Docker Image` 18 | 19 | [lostcauze7/kali-dockerized](https://hub.docker.com/r/lostcauze7/kali-dockerized) 20 | 21 | If you want to use prebuilt `Kali Linux with systemd Docker Image` just use command bellow, 22 | **if you want to build locally, read the documentation!** 23 | 24 | ```bash 25 | make docker-p-b #Makefile dockerprebuilt Kali 26 | docker exec -it -u root kali_p bash #docker exec to the prebuilt Kali Linux Docker container with systemd support 27 | ``` 28 | 29 | ## Deployment for Kubernetes 30 | 31 | Local cluster with [Kind](http://kind.sigs.k8s.io) - (K8s in Docker): 32 | 33 | ```bash 34 | # Creates kind cluster, 1 master + 2 worker nodes 35 | make cc 36 | # Deletes kind cluster 37 | make dc 38 | ``` 39 | 40 | ```bash 41 | # Kali Linux with systemd 42 | kubectl apply -f kali/deploy/deploy.yaml 43 | # Ubuntu 44 | kubectl apply -f ubuntu/deploy/deploy.yaml 45 | ``` 46 | 47 | ## Installation 48 | 49 | ### Installing Dive - Tool for exploring Docker Image, layer, contents to shrink image 50 | 51 | One liner to install [Dive](https://github.com/wagoodman/dive) by specific version - Linux: 52 | 53 | ```bash 54 | DIVE_VERSION=0.11.0; curl -sSLO https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.deb && sudo dpkg -i dive_${DIVE_VERSION}_linux_amd64.deb 55 | ``` 56 | 57 | if you want to build your image then jump straight into analyzing it: 58 | 59 | ```bash 60 | cd kali/ 61 | dive build -t kali . -f Dockerfile_systemd 62 | ``` 63 | 64 | ### Installing Trivy - Docker Vuln. scanner 65 | 66 | [Trivy](https://trivy.dev) installation for Docker Image vulnerabilities: 67 | 68 | If you are not using Debian/Ubuntu, read [docs](https://aquasecurity.github.io/trivy/v0.18.3/installation/) 69 | 70 | One liner to install [Trivy](https://trivy.dev) by specific version (Linux/Ubuntu): 71 | 72 | ```bash 73 | TRIVY_VERSION=0.44.0; curl -sSLO https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb && sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.deb 74 | ``` 75 | 76 | Trivy usage: 77 | 78 | ```bash 79 | trivy image 80 | ``` 81 | 82 | ### Installing Docker + Docker compose 83 | 84 | Install Docker engine by your way you or you can install it by shell script: 85 | 86 | ```bash 87 | curl -fsSL https://get.docker.com -o get-docker.sh; sudo sh get-docker.sh; rm -rf get-docker.sh 88 | 89 | #Permissions: 90 | sudo usermod -aG docker $USER 91 | newgrp docker 92 | ``` 93 | 94 | Docker compose installation (latest release), it is expected you're using only docker compose v2! Used version of **docker-compose.yaml** is **3.8** 95 | 96 | ```bash 97 | mkdir -p ~/.docker/cli-plugins/; DOCKER_COMPOSE=2.20.2; curl -SL https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE}/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose; chmod +x ~/.docker/cli-plugins/docker-compose #permission 98 | 99 | docker compose version #verify 100 | ``` 101 | 102 | ### Run Kali Linux in Docker 103 | 104 | If you want to run the docker-compose.yaml use the command: 105 | 106 | ```bash 107 | docker compose up -d --build #detached 108 | ``` 109 | 110 | ### Development 111 | 112 | Edit Dockerfiles for other services and you can develop with proper commands below 113 | 114 | ```bash 115 | docker compose up -d #detached 116 | 117 | docker compose up -d --build #rebuild new changes for all services 118 | 119 | docker compose up -d --build ubuntu #rebuild new changes for ubuntu service 120 | 121 | docker compose up -d --build kali #rebuild new changes for kali service 122 | 123 | docker compose down --rmi all #remove 124 | 125 | docker ps -a #check if container is running 126 | 127 | docker image ls #list images 128 | 129 | docker image rmi -f #remove image/s 130 | 131 | docker logs #logs 132 | 133 | docker stats #docker image statistics 134 | 135 | # Docker stop all running images and remove them, then you can use docker prune 136 | 137 | docker stop $(docker ps -a -q); docker rm $(docker ps -a -q) 138 | 139 | # PRUNE 140 | docker system prune 141 | 142 | docker image prune 143 | ``` 144 | 145 | ### Development v2 + Usage 146 | 147 | You can use multiple options to run Kali Linux in Docker or Kali Linux + Ubuntu 22.04 in Docker (docker run, docker build or docker-compose.yaml usage or by Makefile), examples are below: 148 | 149 | ```bash 150 | #Detached Kali Linux without systemd support docker run 151 | 152 | docker run -p 127.0.0.1:88:8088 --name kali -itd kalilinux/kali-rolling 153 | docker attach kali 154 | 155 | #Docker compose usage 156 | 157 | docker compose up -d --build; 158 | docker compose run -d --rm kali_systemd_2 bash #run Kali Linux with systemd detached 159 | docker exec -it -u root bash #docker exec to Kali container without systemd 160 | docker exec -it -u root bash #docker exec to ubuntu container 161 | docker exec -it -u root bash #docker exec to Kali container with systemd 162 | 163 | #Detached Kali Linux with systemd support docker run + docker build 164 | 165 | cd kali/ 166 | docker build -t kali -f Dockerfile_systemd . #Dockerfile for support systemd in docker container 167 | docker run -it --rm --privileged --workdir /usr --name kali-systemd kali /bin/bash #Docker build 168 | 169 | #Makefile 170 | #command explanation is in Makefile 171 | 172 | make build-run-plain 173 | make create-build-s 174 | make image-run-s 175 | make kali-scan 176 | make docker-c-build 177 | make docker-c-build-systemd 178 | make docker-p-b 179 | make cc 180 | make dc 181 | ``` 182 | 183 | ### Run Kali Linux in Docker with systemd in container 184 | 185 | Use it in one Dockerfile for Kali and build up images via bash script or docker-compose.yaml 186 | 187 | I've used this [Github repo](https://github.com/AkihiroSuda/containerized-systemd) 188 | 189 | ```bash 190 | cd kali/ 191 | docker build -t kali -f Dockerfile_systemd . #Dockerfile for support systemd in docker container 192 | docker run -it --rm --privileged --workdir /usr --name kali-systemd kali /bin/bash #Docker build 193 | ``` 194 | 195 | Exec to Kali Linux container in Docker: 196 | 197 | ```bash 198 | docker exec -it -u root kali bash #exec into kali container 199 | ``` 200 | 201 | ### Run Kali Docker detached - docker run 202 | 203 | ```bash 204 | docker run -p 127.0.0.1:88:8088 --name kali -itd kalilinux/kali-rolling 205 | docker attach kali 206 | ``` 207 | 208 | ### TODO 209 | 210 | ## Tools List 211 | 212 | Below is list of tools used in Kali Linux 213 | 214 | | Tools in Kali Linux | Usage 215 | | ------------------------------------------------------------------|---------------------------------------------------------------------| 216 | | [aircrack-ng](https://www.kali.org/tools/aircrack-ng/) | Complete suite of tools to assess WiFi network security | 217 | | [amap](https://www.kali.org/tools/amap/) | Application Mapper | 218 | | [amass](https://www.kali.org/tools/amass/) | Perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. | 219 | | [apktool](https://www.kali.org/tools/apktool/) | Reverse engineering 3rd party, closed, binary Android apps | 220 | | [arp-scan](https://www.kali.org/tools/arp-scan/) | ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence. | 221 | | [arjun](https://www.kali.org/tools/arjun/) | Can find query parameters for URL endpoints | 222 | | [arping](https://www.kali.org/tools/arping/) | Sends ARP and/or ICMP requests to the specified host and displays the replies. The host may be specified by its hostname, its IP address, or its MAC address. | 223 | | [axel](https://www.kali.org/tools/axel/) | Accelerate the downloading process by using multiple connections for one file, similar to DownThemAll and other famous programs. It can also use multiple mirrors for one download. | 224 | | [beef-xss](https://beefproject.com) | Browser Exploitation Framework | 225 | | [binwalk](https://www.kali.org/tools/binwalk/) | Searching a given binary image for embedded files or executable | 226 | | [blackbird](https://github.com/p1ngul1n0/blackbird/) | OSINT 227 | | [burpsuite](https://www.kali.org/tools/burpsuite/) | Integrated platform for performing security testing of web apps | 228 | | [crackmapexec](https://www.kali.org/tools/crackmapexec/) | Swiss army knife for pentesting Windows/Active Directory envs. | 229 | | [cri-tools](https://www.kali.org/tools/cri-tools/) | contains a series of debugging and validation tools for Kubelet CRI, which includes(critest,crictl) | 230 | | [dex2jar](https://www.kali.org/tools/dex2jar/) | Dex-reader is designed to read the Dalvik Executable format | 231 | | [dirb](https://www.kali.org/tools/dirb/) | Web Content Scanner | 232 | | [exploitdb](https://gitlab.com/kalilinux/packages/exploitdb) | Searchable Exploit Database archive | 233 | | [hydra](https://www.kali.org/tools/hydra/) | Parallelized login cracker which supports numerous protocols | 234 | | [john](https://www.kali.org/tools/john/) | John The Ripper - Password Cracker | 235 | | [kubernetes-helm](https://www.kali.org/tools/kubernetes-helm/#helm) | Tool for managing Helm charts 236 | | [maigret](https://github.com/soxoj/maigret) | OSINT 237 | | [mandb](https://man7.org/linux/man-pages/man8/mandb.8.html) | Updates man pages | 238 | | [metasploit-framework](https://www.kali.org/tools/metasploit-framework/) | vulnerability research, exploit development, and the creation of custom security tools 239 | | [ncrack](https://www.kali.org/tools/ncrack/) | High-speed network authentication cracking tool | 240 | | [nikto](https://www.kali.org/tools/nikto/) | Pluggable web server and CGI scanner | 241 | | [nmap](https://www.kali.org/tools/nmap/) | Network Mapper | 242 | | [responder](https://www.kali.org/tools/responder/) | Responder/MultiRelay, an LLMNR, NBT-NS and MDNS poisoner | 243 | | [set](https://www.kali.org/tools/set/) | Social Engineering Toolkit | 244 | | [sherlock](https://github.com/sherlock-project/sherlock) | OSINT | 245 | | [sqlmap](https://www.kali.org/tools/sqlmap/) | Detects and take advantage of SQL injection vulnerabilities in web applications 246 | | [steghide](https://www.kali.org/tools/steghide/) | Steganography program which hides bits of a data file | 247 | | [the Harvester](https://www.kali.org/tools/theharvester/) | Contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). | 248 | | [trufflehog](https://www.kali.org/tools/trufflehog/) | Allows you to find secrets in git repositories | 249 | | [uniscan](https://www.kali.org/tools/uniscan/) | URL scanner for vuln. + enables directory and dynamic checks | 250 | | [wapiti](https://www.kali.org/tools/wapiti/) | Allows you to audit the security of your web applications | 251 | | [whatmask](https://www.kali.org/tools/whatmask/) | Network Admin Helper | 252 | | [whatweb](https://www.kali.org/tools/whatweb/) | Identifies website | 253 | | [wireshark](https://www.kali.org/tools/wireshark/) | Network Protocol Analyzer | 254 | | [wpscan](https://www.kali.org/tools/wpscan/) | Scanner for Wordpress security issues | 255 | | [xssRecon](https://github.com/Ak-wa/XSSRecon) | Reflected XSS Scanner | 256 | | [xsser](https://github.com/epsylon/xsser) | Automation framework to detect XSS | 257 | | [yara](https://www.kali.org/tools/yara/) | Can identify/classify malware samples | 258 | 259 | ### Sort List 260 | 261 | ```bash 262 | sort -t '[' -k 2,2 -i README.md > sorted.txt 263 | ``` --------------------------------------------------------------------------------