This repo provides an easy way to deploy a clean pentesting environment with Kali linux using vagrant and virtualbox.
I assume you are familiar with virtualbox and vagrant.
Latest pentest-env
release is tested with:
- Virtualbox (5.0.24)
- Vagrant (1.8.5)
Box | SHA256 |
---|---|
Kali 2016.2 | 4c04e28c4fb7b6601cb838fba753af4cffb3ea2f0a9aa4c13f834cabd7e353cb |
Kali 2016.2-light | 5d455bf1cf8d7b2b4f3be7c4b3cc43152ae5cfe09eaf4aaf30ac112aa6bd3b40 |
Kali 2016.2-lxde | d7d534c329d43b6df9b294eeb558f8346b20d9334ef037f4c0360ed2acfeaab6 |
Kali 2016.2-xfce | 4b597aa7ad31179ecad882e80074945155e0017fb465db6474e553f58728486e |
Kali 2016.2-mate | 5f1e06f18714d78dc0310f188bb0a10283c5d257e3d640c1399fa556fe681355 |
Kali 2016.2-e17 | 980c7402bbb8f7c3adafb0544db8430addda4c68918c1756ac031ab333faf66b |
See the documentation page about boxes for more details.
To get started with pentest-env
, clone this repository and run vagrant up
inside the directory.
This will download and run the Kali instance.
You can customize, add targets, create new targets etc.. inside pentest-env
.
Some examples are available in the examples/
directory, to use one simply set the PENTESTRC
environment variable:
> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:
kali running (virtualbox)
metasploitable not created (virtualbox)
primer not created (virtualbox)
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
For more details, visit the documentation pages:
- Installation
- Usage
- Docker
- Openstack
- Customizations
- Instances
- Targets
- Write custom instances and targets
- Debugging
- About boxes
- Known issues
It's recommended to check downloaded box files with provided checksums (SHA256): http://box.hackbbs.org/checksums.txt
Provided boxes run the sshd
service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!
root
password of kali istoor
.- SSH private key is not private! Anyone can use this key to connect to your instance.
- The Kali linux 1.0 box added a
vagrant
user with passwordtnargav
and is in sudoers with no password required.
See COPYING file