This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.
I assume you are familiar with virtualbox and vagrant.
Latest pentest-env
release is tested with:
- Virtualbox (6.0.4)
- Vagrant (2.2.3)
Box | SHA256 |
---|---|
Kali 2018.1 | 407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd |
Kali 2018.1 Light | 1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266 |
Kali 2018.1 KDE | 0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3 |
Kali 2018.1 LXDE | f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a |
Kali 2018.1 Xfce | eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0 |
Kali 2018.1 Mate | 221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c |
Kali 2018.1 E17 | 0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d |
See the documentation page about boxes for more details.
See also others available instances.
To get started with pentest-env
, clone this repository and run vagrant up
inside the directory.
This will download and run the Kali instance.
You can customize, add targets, create new targets etc.. inside pentest-env
.
Some examples are available in the examples/
directory, to use one simply set the PENTESTRC
environment variable:
> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:
kali running (virtualbox)
metasploitable2 not created (virtualbox)
primer not created (virtualbox)
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
For more details, visit the documentation pages:
- Installation
- Usage
- Docker
- Openstack
- Customizations
- Instances
- Targets
- Write custom instances and targets
- Debugging
- Security
- About boxes
- Known issues
- Configure Kali linux with Tor & proxychains
- Configure Kali linux with Whonix gateway
- Faraday cscan against metasploitable 2 & 3 targets
- Configure a Teamserver
It's recommended to check downloaded box files with provided checksums (SHA256).
See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.
Provided boxes run the sshd
service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!
root
password of kali istoor
.- SSH private key is not private! Anyone can use this key to connect to your instance.
See the secure the environment page to automatically change these defaults values.
I recommend to disable SharedFoldersEnableSymlinksCreate
which are enabled by default by vagrant.
More details and source in the Security/Disable SharedFoldersEnableSymlinksCreate section.
Here is some projects you can build and integrate easily with pentest-env.
- Metasploitable3 - https://github.com/rapid7/metasploitable3/
- DetectionLab - https://github.com/clong/DetectionLab
- DanderSpritz-Lab - https://github.com/francisck/DanderSpritz_lab
See COPYING file