├── README.md ├── TODO ├── checkip.sh ├── extra.sh ├── headless.sh ├── hostapd-init.service ├── hostapd-init.sh ├── runme.sh ├── software.sh └── system.sh /README.md: -------------------------------------------------------------------------------- 1 | # kali-pi-build 2 | Kali Linux for Raspberry Pi 3, 3b+ Post Install Scripts 3 | 4 | These scripts are for the Raspberry Pi running Kali Linux. The system.sh script will automatically expand your root partition. The headless.sh script will install and configure critical software for headless operation. The software.sh script will install other software needed for a penetration tester. 5 | 6 | The scripts do a variety of things: 7 | - Configure Wireless Access Point (WPA) 8 | - Email Responder to email IP addrss 9 | - Resize Root Partition 10 | - Configure headless operation 11 | - Add custom commands to .bashrc 12 | - Install and configure TOR with Proxychains 13 | - Add Printer support 14 | - Install and Configure Watchdog - use: :(){ :|: & };: to test 15 | - Install additional applications including Libreoffice, Bleachbit, Screenfetch, 16 | EZ-Sploit, Websploit, Microsoft VS Code, 17 | and more… 18 | 19 | # Installing 20 | Run the runme.sh script. 21 | 22 | If you choose, you can run the "extra.sh" script to install some additional tools (currently Lee Baird's Discover Script and Lazy Script), however, this is not recommended to do by default. 23 | 24 | # Files 25 | Critical file locations used in this project: 26 | 27 | Additional Software (Discover Script, EZ-Sploit, and PTF) 28 | 29 | /root/bin 30 | 31 | Bash Commands 32 | 33 | /root/.bashrc 34 | 35 | Network Configuration 36 | 37 | /etc/network/interfaces 38 | 39 | Hostapd files 40 | 41 | /etc/default/hostapd 42 | /etc/hostapd/hostapd.conf 43 | 44 | Email Configuration files 45 | 46 | /root/scripts/checkip.py 47 | /lib/systemd/system/checkip.service 48 | 49 | Watchdog Configuration files 50 | 51 | /etc/modules 52 | /etc/watchdog.conf 53 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | - [X] Add Re4son kernel (https://re4son-kernel.com/re4son-pi-kernel/) to the install process in system.sh 2 | (No need, Re4son is already part of Kali...) 3 | - [ ] Add interactive menu for polish (possibly using whiptail in place of dialog) 4 | - [ ] Properly determine the starting sector of root before fdisk, as changes to this on OffSec's part WILL totally break things 5 | -------------------------------------------------------------------------------- /checkip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Set ALL the variables! 4 | EXTERNAL=$(curl https://icanhazip.com) 5 | INTERNAL=$(ip a s|sed -ne '/127.0.0.1/!{s/^[ \t]*inet[ \t]*\([0-9.]\+\)\/.*$/\1/p}') 6 | FROM=UUUU 7 | PASS=PPPP 8 | TO=TTTT 9 | 10 | sendemail -f $FROM -t $TO -u "Automated IP Address Report from system $(hostname)" \ 11 | -m "Your IP address is as follows: \ 12 | \n \ 13 | External IP Address: $EXTERNAL \ 14 | \n \ 15 | Internal IP Address: $INTERNAL" \ 16 | -s "smtp.gmail.com:587" -o tls=yes \ 17 | -xu $FROM -xp $PASS -------------------------------------------------------------------------------- /extra.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Run this at your own peril. Some of this is a little heavy to run on a Raspberry Pi, 4 | #but can be useful in certain circumstances... 5 | 6 | cd /root/scripts 7 | 8 | echo "Installing Discover Script..." 9 | git clone https://github.com/leebaird/discover.git 10 | bash `pwd`/discover/update.sh 11 | 12 | echo "Installing Lazy Script..." 13 | git clone https://github.com/arismelachroinos/lscript 14 | chmod +x `pwd`/lscript/install.sh 15 | bash `pwd`/lscript/install.sh 16 | -------------------------------------------------------------------------------- /headless.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #=========================== 3 | # Start init 4 | #=========================== 5 | function pause(){ 6 | echo 'Press any key to continue...'; read -p "$*" 7 | } 8 | # End INIT 9 | 10 | #================================================= 11 | #=========== Start Main script ================== 12 | #=========== Version 2.0.4 2019-01-09 ========== 13 | #================================================= 14 | clear 15 | 16 | #======================================== 17 | #========== WPA and Email Setup ========= 18 | #======================================== 19 | while true; do 20 | clear 21 | echo " Getting WPA and Email Information" 22 | echo " ____________________________________________________________________" 23 | echo " " 24 | read -p ' Enter the device you want to use for hostapd..' devicevar 25 | read -p ' Enter the SSID for your WPA...................' ssidvar 26 | read -p ' Enter the Password for your WPA...............' passvar 27 | read -p ' Enter the email to send the IP email to.......' tovar 28 | read -p ' Enter the email account to relay from.........' fromvar 29 | read -p ' Enter the password for the relay account......' frompassvar 30 | echo " " 31 | read -p "Is the information you entered correct?(y/n) " yn 32 | case $yn in 33 | [Yy]* ) break;; 34 | * ) echo " ";; 35 | esac 36 | done 37 | 38 | if [[ -n $SUDO_USER ]]; then 39 | HOMEDIR=/home/$SUDO_USER 40 | else 41 | HOMEDIR=/root 42 | fi 43 | 44 | #===================================== 45 | #=========== Basic Config ============ 46 | #===================================== 47 | 48 | echo "Adding several commands to .bashrc..." 49 | echo "alias ll='ls --color'" >> $HOMEDIR/.bashrc 50 | echo "alias fman=thunar" >> $HOMEDIR/.bashrc 51 | echo "alias cls=clear" >> $HOMEDIR/.bashrc 52 | 53 | #==================================== 54 | #===== Headless Configuration ======= 55 | #==================================== 56 | echo "Installing Headless Software... Please Wait" 57 | apt install hostapd -y 58 | apt install bridge-utils -y 59 | apt install sendemail -y 60 | 61 | echo "Creating Interfaces file for Bridged Network..." 62 | cp /etc/network/interfaces /etc/network/interfaces.bak 63 | cat << EOF > /etc/network/interfaces 64 | #Interface Settings for Bridged Interface 65 | auto lo br0 66 | iface lo inet loopback 67 | # wireless DDDD 68 | allow-hotplug DDDD 69 | iface DDDD inet manual 70 | # eth0 connected to the ISP router 71 | allow-hotplug eth0 72 | iface eth0 inet manual 73 | # Setup bridge 74 | iface br0 inet dhcp 75 | bridge_ports DDDD eth0 76 | EOF 77 | 78 | sed -i "s|DDDD|$devicevar|g" /etc/network/interfaces 79 | 80 | cp /etc/default/hostapd /etc/default/hostapd.bak 81 | echo "Configuring Default hostapd files" 82 | cat << EOF > /etc/default/hostapd 83 | DAEMON_CONF="/etc/hostapd/hostapd.conf" 84 | EOF 85 | 86 | cat << EOF > /etc/hostapd/hostapd.conf 87 | interface=DDDD 88 | bridge=br0 89 | driver=nl80211 90 | country_code=US 91 | ssid=SSSS 92 | hw_mode=g 93 | channel=6 94 | wpa=2 95 | wpa_passphrase=PPPP 96 | wpa_key_mgmt=WPA-PSK 97 | wpa_pairwise=TKIP 98 | rsn_pairwise=CCMP 99 | auth_algs=1 100 | macaddr_acl=0 101 | EOF 102 | 103 | sed -i "s|DDDD|$devicevar|g" /etc/hostapd/hostapd.conf 104 | sed -i "s|SSSS|$ssidvar|g" /etc/hostapd/hostapd.conf 105 | sed -i "s|PPPP|$passvar|g" /etc/hostapd/hostapd.conf 106 | 107 | echo "Starting hostapd" 108 | systemctl unmask hostapd 109 | systemctl enable hostapd 110 | echo "Creating Email Responder Script" 111 | mkdir /root/scripts 112 | cp checkip.sh /root/scripts/ 113 | 114 | echo "Configuring Email Responder" 115 | sed -i "s|TTTT|$tovar|g" /root/scripts/checkip.sh 116 | sed -i "s|UUUU|$fromvar|g" /root/scripts/checkip.sh 117 | sed -i "s|PPPP|$frompassvar|g" /root/scripts/checkip.sh 118 | chmod +x /root/scripts/checkip.sh 119 | 120 | # 121 | echo "Creating Email Responder Service" 122 | # 123 | 124 | cat << EOF > /lib/systemd/system/checkip.service 125 | [Unit] 126 | Description=IP Check Script 127 | After=network.target 128 | 129 | [Service] 130 | Type=oneshot 131 | ExecStart=/bin/bash /root/scripts/checkip.sh 132 | 133 | [Install] 134 | WantedBy=multi-user.target 135 | EOF 136 | 137 | echo "Configuring Watchdog System" 138 | apt install watchdog -y 139 | modprobe bcm2835_wdt 140 | cp /etc/modules /etc/modules.bak 141 | 142 | cat << EOF > /etc/modules 143 | # /etc/modules: kernel modules to load at boot time. 144 | # This file contains the names of kernel modules that should be loaded 145 | # at boot time, one per line. Lines beginning with "#" are ignored. 146 | bcm2835_wdtl 147 | EOF 148 | 149 | cp /etc/watchdog.conf /etc/watchdog.bak 150 | cat << EOF > /etc/watchdog.conf 151 | max-load-1 = 24 152 | watchdog-device = /dev/watchdog 153 | realtime = yes 154 | priority = 1 155 | EOF 156 | 157 | #========================================================= 158 | #=============== Installing Critical Software ============ 159 | #========================================================= 160 | echo ' ' 161 | echo 'Installing Critical Software' 162 | apt install xrdp gedit cups cups-client foomatic-db cockpit -y 163 | echo ' ' 164 | # 165 | # Disable special windows manager tweak compositing off 166 | xfconf-query -c xfwm4 -p /general/use_compositing -s false 167 | echo 'Starting Critical Systems ' 168 | echo "Starting Email Responder Service" 169 | echo "You should now get an email..." 170 | systemctl enable checkip.service --now 171 | systemctl enable cups --now 172 | systemctl enable apache2 --now 173 | systemctl enable xrdp --now 174 | systemctl enable watchdog --now 175 | systemctl enable cockpit.socket --now 176 | updatedb 177 | 178 | exit 0 179 | -------------------------------------------------------------------------------- /hostapd-init.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=hostapd-init-service 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | WorkingDirectory=/root/scripts/ 8 | ExecStart=/bin/bash /root/scripts/hostapd-init.sh 9 | SyslogIdentifier=hostpad-init 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | 14 | 15 | -------------------------------------------------------------------------------- /hostapd-init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #=================== 3 | # hostapd init 4 | #=================== 5 | iw phy phy0 interface add mon0 type monitor && ifconfig mon0 up 6 | systemctl start hostapd 7 | exit 0 8 | 9 | -------------------------------------------------------------------------------- /runme.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #=========================== 3 | # Start init 4 | #=========================== 5 | function pause(){ 6 | echo 'Press any key to continue...'; read -p "$*" 7 | } 8 | 9 | # End INIT 10 | 11 | #================================================= 12 | #=========== Start Main script ================== 13 | #=========== Version 2.0.4 2019-01-09 ============== 14 | #================================================= 15 | 16 | clear 17 | echo " _ __ _ _ ____ ___ _____ ___ _ _ _ " 18 | echo "| |/ /__ _| (_) | _ \_ _| |___ / |_ _|_ __ ___| |_ __ _| | |" 19 | echo "| // _ | | | | |_) | | |_ \ | || _ \/ __| __/ _ | | |" 20 | echo "| \ (_| | | | | __/| | ___) | | || | | \__ \ || (_| | | |" 21 | echo "|_|\_\__,_|_|_| |_| |___| |____/ |___|_| |_|___/\__\__ _|_|_|" 22 | echo " " 23 | echo " By Don Bowers" 24 | echo " " 25 | echo " This script will automatically install and configure several things" 26 | echo " to make the Raspberry Pi function as a penetration testing tool." 27 | echo " One of those things is the ability for the Pi to run in headless" 28 | echo " mode. The Pi will have the ability to boot and automatically start" 29 | echo " a WAP to allow remote login. The Pi will send an email notification" 30 | echo " with the IP address of the Pi to allow remote access." 31 | echo " " 32 | echo " For this script to work you will need a GMail account to send" 33 | echo " email from and another account to receive the response." 34 | echo " " 35 | echo " " 36 | pause 37 | 38 | echo "Updating Repository..." 39 | apt update 40 | #Install software and configuration for headless operation 41 | bash headless.sh 42 | #Install additional productivity software 43 | bash software.sh 44 | 45 | echo " " 46 | echo " " 47 | echo "Deep breath...Finished." 48 | echo "A reboot is recommended before use." 49 | echo "You my want to upgrade all of the software on the Pi now" 50 | echo "by running 'apt upgrade -y'. This may take some time and" 51 | echo "will need to be monitored as user input will be required." 52 | echo "Enjoy the Pi..." 53 | echo " " 54 | -------------------------------------------------------------------------------- /software.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #=========================== 3 | # Start init 4 | #=========================== 5 | function pause(){ 6 | echo 'Press any key to continue...'; read -p "$*" 7 | } 8 | # End INIT 9 | 10 | #================================================= 11 | #=========== Start Main script ================== 12 | #=========== Version 2.0.4 2019-01-09 ============== 13 | #================================================= 14 | clear 15 | echo ' __ __ ___ ____ __ ____ __ ____' 16 | echo ' / //_/___ _/ (_) / __ \____ _____/ /_ / _/___ _____/ /_____ _/ / /' 17 | echo ' / ,< / __ `/ / / / /_/ / __ \/ ___/ __/_____ / // __ \/ ___/ __/ __ `/ / / ' 18 | echo ' / /| / /_/ / / / / ____/ /_/ (__ ) /_/_____// // / / (__ ) /_/ /_/ / / / ' 19 | echo '/_/ |_\__,_/_/_/ /_/ \____/____/\__/ /___/_/ /_/____/\__/\__,_/_/_/ ' 20 | echo ' ' 21 | echo 'By Don Bowers ' 22 | echo ' ' 23 | 24 | #================================================================== 25 | #=== Starting Productivity Software Install and Configuration === 26 | #================================================================== 27 | echo "Installing Productivity Software, this might take a wile..." 28 | apt install bleachbit apt-file scrub tor proxychains gparted -y 29 | apt install htop evince whois php netcat screenfetch theharvester locate -y 30 | apt install libreoffice -y 31 | apt install gimp -y 32 | apt install metasploit-framework -y 33 | apt install websploit postgresql fwbuilder -y 34 | apt install tmux guake -y 35 | 36 | #Currently breaks. Needs replacing with VSCodium. 37 | #echo "Installing Microsoft Visual Studio Code..." 38 | #. <( wget -O - https://code.headmelted.com/installers/apt.sh ) 39 | 40 | cd /root/scripts 41 | echo "Installing EZsploit..." 42 | git clone https://github.com/rand0m1ze/ezsploit 43 | chmod +x `pwd`/ezsploit/ezsploit.sh 44 | 45 | echo "Installing PTF..." 46 | git clone https://github.com/trustedsec/ptf 47 | cd 48 | 49 | echo "Configuring Proxychains" 50 | cp /etc/proxychains.conf /etc/proxychains.bak 51 | cat << EOF > /etc/proxychains.conf 52 | # proxychains.conf VER 3.1 53 | # 54 | dynamic_chain 55 | proxy_dns 56 | tcp_read_time_out 15000 57 | tcp_connect_time_out 8000 58 | [ProxyList] 59 | socks4 127.0.0.1 9050 60 | socks5 127.0.0.1 9050 61 | EOF 62 | 63 | echo "Starting Final Services" 64 | systemctl enable postgresql --now 65 | msfdb init 66 | 67 | exit 0 68 | -------------------------------------------------------------------------------- /system.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #=========================== 3 | # Start init 4 | #=========================== 5 | function pause(){ 6 | echo 'Press any key to continue...'; read -p "$*" 7 | } 8 | # End INIT 9 | 10 | #================================================= 11 | #=========== Start Main script ================== 12 | #=========== Version 2.0.2 6-18-2018 ============== 13 | #================================================= 14 | 15 | echo "Resizing root partition..." 16 | 17 | SDCARD="/dev/mmcblk0" 18 | ROOT="p2" 19 | 20 | #Here I'm just piping the keystrokes I would be typing at the fdisk prompt 21 | #directly into the fdisk command, complete with newlines for Enter. 22 | #Needless to say, DO NOT TOUCH UNLESS YOU KNOW WHAT YOU'RE DOING!!! 23 | fdisk "$SDCARD" <