Dockerized Kali Linux + Ubuntu 22.04 for Bug Bounty, Penetration Testing, Security Research, Computer Forensics and Reverse Engineering
I am using Official Kali Linux Docker image kalilinux/kali-rolling, also this page describes Official Kali Linux Docker Images
!!! I am using Docker host network driver, please remember that: The host networking driver only works on Linux hosts, and is not supported on Docker Desktop for Mac, Docker Desktop for Windows, or Docker EE for Windows Server !!! The usage of the host network driver is to optimize performance or to use that in a situation where container needs to handle a wide large range of ports
If you want to run this project on the Mac, Windows, Windows server please remove from all commands --network host!!!
Actually I am managing multiple python versions with pyenv in Kali Linux only
I'm using Python versions: 3.7.16, 3.8.15 with pyenv local <version>, for details check out kali/Dockerfile_systemd
There you can find prebuilt Kali Linux with systemd Docker Image
If you want to use prebuilt Kali Linux with systemd Docker Image just use command bellow,
if you want to build locally, read the documentation!
make docker-p-b #Makefile dockerprebuilt Kali
docker exec -it -u root kali_p bash #docker exec to the prebuilt Kali Linux Docker container with systemd supportLocal cluster with Kind - (K8s in Docker):
# Creates kind cluster, 1 master + 2 worker nodes
make cc
# Deletes kind cluster
make dc# Kali Linux with systemd
kubectl apply -f kali/deploy/deploy.yaml
# Ubuntu
kubectl apply -f ubuntu/deploy/deploy.yamlOne liner to install Dive by specific version - Linux:
DIVE_VERSION=0.11.0; curl -sSLO https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.deb && sudo dpkg -i dive_${DIVE_VERSION}_linux_amd64.debif you want to build your image then jump straight into analyzing it:
cd kali/
dive build -t kali . -f Dockerfile_systemdTrivy installation for Docker Image vulnerabilities:
If you are not using Debian/Ubuntu, read docs
One liner to install Trivy by specific version (Linux/Ubuntu):
TRIVY_VERSION=0.44.0; curl -sSLO https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb && sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.debTrivy usage:
trivy image <image>Install Docker engine by your way you or you can install it by shell script:
curl -fsSL https://get.docker.com -o get-docker.sh; sudo sh get-docker.sh; rm -rf get-docker.sh
#Permissions:
sudo usermod -aG docker $USER
newgrp dockerDocker compose installation (latest release), it is expected you're using only docker compose v2! Used version of docker-compose.yaml is 3.8
mkdir -p ~/.docker/cli-plugins/; DOCKER_COMPOSE=2.20.2; curl -SL https://github.com/docker/compose/releases/download/v${DOCKER_COMPOSE}/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose; chmod +x ~/.docker/cli-plugins/docker-compose #permission
docker compose version #verifyIf you want to run the docker-compose.yaml use the command:
docker compose up -d --build #detachedEdit Dockerfiles for other services and you can develop with proper commands below
docker compose up -d #detached
docker compose up -d --build #rebuild new changes for all services
docker compose up -d --build ubuntu #rebuild new changes for ubuntu service
docker compose up -d --build kali #rebuild new changes for kali service
docker compose down --rmi all #remove
docker ps -a #check if container is running
docker image ls #list images
docker image rmi -f <container_id> #remove image/s
docker logs <service> #logs
docker stats <image> #docker image statistics
# Docker stop all running images and remove them, then you can use docker prune
docker stop $(docker ps -a -q); docker rm $(docker ps -a -q)
# PRUNE
docker system prune
docker image pruneYou can use multiple options to run Kali Linux in Docker or Kali Linux + Ubuntu 22.04 in Docker (docker run, docker build or docker-compose.yaml usage or by Makefile), examples are below:
#Detached Kali Linux without systemd support docker run
docker run -p 127.0.0.1:88:8088 --name kali -itd kalilinux/kali-rolling
docker attach kali
#Docker compose usage
docker compose up -d --build;
docker compose run -d --rm kali_systemd_2 bash #run Kali Linux with systemd detached
docker exec -it -u root <kali_without_systemd> bash #docker exec to Kali container without systemd
docker exec -it -u root <ubuntu> bash #docker exec to ubuntu container
docker exec -it -u root <kali_with_systemd> bash #docker exec to Kali container with systemd
#Detached Kali Linux with systemd support docker run + docker build
cd kali/
docker build -t kali -f Dockerfile_systemd . #Dockerfile for support systemd in docker container
docker run -it --rm --privileged --workdir /usr --name kali-systemd kali /bin/bash #Docker build
#Makefile
#command explanation is in Makefile
make build-run-plain
make create-build-s
make image-run-s
make kali-scan
make docker-c-build
make docker-c-build-systemd
make docker-p-b
make cc
make dcUse it in one Dockerfile for Kali and build up images via bash script or docker-compose.yaml
I've used this Github repo
cd kali/
docker build -t kali -f Dockerfile_systemd . #Dockerfile for support systemd in docker container
docker run -it --rm --privileged --workdir /usr --name kali-systemd kali /bin/bash #Docker buildExec to Kali Linux container in Docker:
docker exec -it -u root kali bash #exec into kali container docker run -p 127.0.0.1:88:8088 --name kali -itd kalilinux/kali-rolling
docker attach kaliBelow is list of tools used in Kali Linux
| Tools in Kali Linux | Usage |
|---|---|
| aircrack-ng | Complete suite of tools to assess WiFi network security |
| amap | Application Mapper |
| amass | Perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. |
| apktool | Reverse engineering 3rd party, closed, binary Android apps |
| arp-scan | ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence. |
| arjun | Can find query parameters for URL endpoints |
| arping | Sends ARP and/or ICMP requests to the specified host and displays the replies. The host may be specified by its hostname, its IP address, or its MAC address. |
| axel | Accelerate the downloading process by using multiple connections for one file, similar to DownThemAll and other famous programs. It can also use multiple mirrors for one download. |
| beef-xss | Browser Exploitation Framework |
| binwalk | Searching a given binary image for embedded files or executable |
| blackbird | OSINT |
| burpsuite | Integrated platform for performing security testing of web apps |
| crackmapexec | Swiss army knife for pentesting Windows/Active Directory envs. |
| cri-tools | contains a series of debugging and validation tools for Kubelet CRI, which includes(critest,crictl) |
| dex2jar | Dex-reader is designed to read the Dalvik Executable format |
| dirb | Web Content Scanner |
| exploitdb | Searchable Exploit Database archive |
| hydra | Parallelized login cracker which supports numerous protocols |
| john | John The Ripper - Password Cracker |
| kubernetes-helm | Tool for managing Helm charts |
| maigret | OSINT |
| mandb | Updates man pages |
| metasploit-framework | vulnerability research, exploit development, and the creation of custom security tools |
| ncrack | High-speed network authentication cracking tool |
| nikto | Pluggable web server and CGI scanner |
| nmap | Network Mapper |
| responder | Responder/MultiRelay, an LLMNR, NBT-NS and MDNS poisoner |
| set | Social Engineering Toolkit |
| sherlock | OSINT |
| sqlmap | Detects and take advantage of SQL injection vulnerabilities in web applications |
| steghide | Steganography program which hides bits of a data file |
| the Harvester | Contains a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers). |
| trufflehog | Allows you to find secrets in git repositories |
| uniscan | URL scanner for vuln. + enables directory and dynamic checks |
| wapiti | Allows you to audit the security of your web applications |
| whatmask | Network Admin Helper |
| whatweb | Identifies website |
| wireshark | Network Protocol Analyzer |
| wpscan | Scanner for Wordpress security issues |
| xssRecon | Reflected XSS Scanner |
| xsser | Automation framework to detect XSS |
| yara | Can identify/classify malware samples |
sort -t '[' -k 2,2 -i README.md > sorted.txt