This tool provide an easy way to deploy a clean pentesting environment with Kali linux using vagrant and virtualbox.

I assume you are familiar with virtualbox and vagrant.

• https://www.virtualbox.org/
• http://www.vagrantup.com/

Latest pentest-env release is tested with:

• Virtualbox (4.3.30)
• Vagrant (1.7.4)

• http://ftp.sliim-projects.eu/boxes/kali-2.0-amd64.box
• http://ftp.sliim-projects.eu/boxes/kali-2.0-light-amd64.box

Fresh install from kali.org

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind and ssh services at boot.

Please don’t forget to read security warning below !

You will need rake and berkshelf for vm provisionning, you can install it with rubygems:

gem install rake berkshelf

Clone pentest-env repository and its submodules:

git clone https://github.com/Sliim/pentest-env.git
cd pentest-env/
git submodule init
git submodule update

Or in one line:

git clone https://github.com/Sliim/pentest-env.git --recursive

Install cookbooks dependencies:

rake

Pentest-env works with Vagrant, so all you need to know is to use basic vagrant features :) To run kali instance:

vagrant up kali

Since Pentest-env 0.5.0, customizations are stored in $HOME/.pentestrc file as YAML format. An example of configuration file is available at the root of this repository named pentestrc.example

You can copy and edit it for your needs:

cp pentestrc.example ~/.pentestrc

Here is a minimal configuration:

scripts_path: ~/.pentest.d/scripts
targets_path: ~/.pentest.d/targets
targets: []

This setup set your scripts and targets directories used by pentest-env. It also set an empty target list.. if you just want to run a Kali instance..

You can perform many customizations on kali linux instance. Just add kali key in your $HOME/.pentestrc, below the availables customizations:

• packages - An array of apt packages to install
• commands - List of command to run as inline shell script
• scripts - List of scripts to execute. They must be located in scripts_path directory
• synced_folders - Hash for forlders to sync with the instance

Example:

kali:
  packages: [git-core]
  commands:
  - curl https://opscode-omnibus-packages.s3.amazonaws.com/debian/6/x86_64/chef_12.0.3-1_amd64.deb -o chef.deb && sudo dpkg -i chef.deb
  scripts: [openvas.sh]
  synced_folders: {data: /pentest}

You can easily deploy targets with your kali instance. Pentest-env comes with some targets ready to use:

• dvwa - DVWA (Damn Vulnerable Web Application) - http://www.dvwa.co.uk/
• vicnum - OWASP Vicnum - https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
• gruyere - Google Gruyere - http://google-gruyere.appspot.com/
• bricks - OWASP Bricks - https://www.owasp.org/index.php/OWASP_Bricks
• webgoat - OWASP WebGoat - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

To setup targets to deploy, edit your $HOME/.pentestrc and set the targets list:

targets: [dvwa vicnum]

You can add your own targets in your targets_path directory and use them in your targets list.

Targets instance can be customized same as the kali instance, use the target’s name as a key in your configuration file to customize the targets:

dvwa:
  packages: [git-core]
vicnum:
  packages: [git-core]

chef-solo is used as the provisioner. You need to init git submodules to provision your Kali with provided roles in pentest-chef-repo. If this submodule is missing, kali provisioning will be ignored.

You can add/remove some roles to you Kali linux by editing the provisioning section in Vagrantfile For example:

kali.vm.provision :chef_solo do |chef|
  ...
  chef.add_recipe('apt')
  chef.add_role('kali-full')
  chef.add_role('faraday')
end

See pentest-chef-repo for a detailed list of available roles.

Hostonly connection will be reset at first vm creation. To resolve this, disconnect connection in gui mode and run in your vagrant directory:

vagrant reload kali

If you have the following message when you run apt-get update:

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.kali.org kali/updates Release: The foll
owing signatures were invalid: KEYEXPIRED 1425567400 KEYEXPIRED 1425567400 KEYEXPIRED 1425567400

You need to update your kali-archive-keyring:

rm -rf /var/lib/apt/lists
apt-get update
apt-get install kali-archive-keyring

Source: https://forums.kali.org/showthread.php?24687-Problem-with-apt-get-update

pentest-env boxes are also availables in my atlas profile: https://atlas.hashicorp.com/Sliim

• Kali linux 1.0: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0-amd64.box
  • VirtualBox 4.2.10
  • Vagrant 1.0.7
• Kali linux 1.0.4: http://ftp.sliim-projects.eu/boxes/kali-linux-1.0.4-amd64.box
  • VirtualBox 4.2.16
  • Vagrant 1.2.7
• Kali linux 1.1.0: http://ftp.sliim-projects.eu/boxes/kali-1.1.0-amd64-en-layout.box
  • VirtualBox 4.3.20
  • Vagrant 1.7.1
• Kali linux 2.0: http://ftp.sliim-projects.eu/boxes/kali-2.0-amd64.box
  • VirtualBox 4.3.30
  • Vagrant 1.7.4
• Kali linux 2.0 light: http://ftp.sliim-projects.eu/boxes/kali-2.0-light-amd64.box
  • VirtualBox 4.3.30
  • Vagrant 1.7.4

Provided boxes are fresh install of Kali linux with some changes:

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Installation of chef package for provisioning.
• vagrant user was created for provisionning (Password: tnargav).
• admin group don’t require password for sudo.
• vagrant user is in admin group.
• Authorized keys for vagrant user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind, nfs-common and ssh services at boot.

Fresh install from http://cdimage.kali.org/kali-latest/amd64/kali-linux-1.0.4-amd64-mini.iso

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Installation of chef package for provisioning.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind, nfs-common and ssh services at boot.
• Modified /etc/issue for vagrant os detection.
• MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.

Fresh install from http://cdimage.kali.org/kali-1.1.0a/kali-linux-1.1.0a-amd64.iso

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind, nfs-common and ssh services at boot.
• Modified /etc/issue for vagrant os detection.
• MAC address for private network was added in /etc/NetworkManager/NetworkManager.conf to disable auto connect.

Fresh install from http://cdimage.kali.org/kali-2.0/kali-linux-2.0-amd64.iso

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind and ssh services at boot.

Fresh install from http://cdimage.kali.org/kali-2.0/kali-linux-light-2.0-amd64.iso

• Installation of linux kernel headers for vbox guest additions.
• Installation of virtualbox guest additions.
• Authorized keys for root user are stored in ssh-keys/ directory (no passphrase).
• Enabling rpcbind and ssh services at boot.

Virtual machine boot with sshd service running and may cause some security issues:

• Bridged network is enabled by default.
• Default root password of this box is insecure (toor).
• Vagrant user is insecure
  • Private key stored in ssh-keys/.
  • Password known (tnargav).
  • User in sudoers with no password required.

Virtual machine boot with sshd service running and may cause some security issues:

• Bridged network is enabled by default.
• Default root password of this box is insecure (toor).

Same as Kali linux 1.0.4

Same as Kali linux 1.1.0

See COPYING file