Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2025-05-02 14:26:37 -04:00
Code Issues Projects Releases Packages Wiki Activity

Rename directories to match target repo structure

Browse source
This commit is contained in:
Andrew David Wong 2020-12-07 20:00:31 -08:00
parent c7f785452a
commit 0c3f3bacfa
No known key found for this signature in database
GPG key ID: DB4DD3BC39503030
50 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

96
docs/os/pentesting/blackarch.md Normal file
View file

@ -0,0 +1,96 @@
---
layout: doc
title: How to Create a BlackArch VM
permalink: /doc/pentesting/blackarch/
redirect_from:
- /doc/blackarch/
---
**General reminder:**
- The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities.
- Adding additional repositories or tools for installing software extends your trust to those tool providers.
Please keep in mind that using such a VM or VMs based on the template for security and privacy critical tasks is not recommended.
How to Create a BlackArch VM
============================
[BlackArch](https://www.blackarch.org) Linux is an [Arch Linux](https://www.archlinux.org)-based distribution for penetration testers and security researchers. The repository contains [1434](https://www.blackarch.org/tools.html) tools.
- List of [tools](https://www.blackarch.org/tools.html)
- [Installation Instructions](https://www.blackarch.org/downloads.html)
Create ArchLinux Based BlackArch Template
-----------------------------------------
1. Create ArchlLinux Template
- Follow the [Archlinux Template instructions](/doc/building-archlinux-template/)
2. Update Template
sudo pacman -Syyu
3. Clone template
1. Via Qubes VM Manager
2. Via command line
qvm-clone archlinux blackarch
4. Install BlackArch repository
$ curl -O https://blackarch.org/strap.sh
# The SHA1 sum should match: 34b1a3698a4c971807fb1fe41463b9d25e1a4a09
$ sha1sum strap.sh
# Set execute bit
$ chmod +x strap.sh
# Run strap.sh
$ sudo ./strap.sh
5. Install tools
- install all tools
sudo pacman -S blackarch
- or by category:
# list available categories
pacman -Sg | grep blackarch
# install category
sudo pacman -S blackarch-<category>
# example
sudo pacman -S blackarch-forensic
- or specific tool
# Search for tool
pacman -Ss <tool-name>
# Install tool
sudo pacman -S <tool-name>
# Example
pacman -Ss burpsuite
sudo pacman -S burpsuite
6. Create a AppVMs based on the `blackarch` template
- (Optional) Attach necessary devices
Alternative Options to BlackArch
--------------------------------
- [Kali](/doc/pentesting/kali/)
- [PenTester Framework (PTF)](/doc/pentesting/ptf/)
- [Pentesting](/doc/pentesting/)

185
docs/os/pentesting/kali.md Normal file
View file

@ -0,0 +1,185 @@
---
layout: doc
title: How to create a Kali Linux VM
permalink: /doc/pentesting/kali/
redirect_from:
- /doc/kali/
---
How to create a Kali Linux VM
===============================
Warnings
--------------
* The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities.
* Adding additional repositories or tools for installing software extends your trust to those tool providers.
* Please keep in mind that using such a template for security and privacy critical tasks is not recommended.
* Kali Linux distribution is a rolling distribution based on Debian testing release, so it will always have a newer software base than available in the Qubes OS Debian template. Keep in mind that this may result in problems (especially in regard to package dependencies) not covered by this tutorial.
From the official ISO file <a name="hvm4_0"/>
==================================================
Only use this method if you want the full Kali GUI (desktop, fancy menus, etc.).
It comes at the cost of much greater resources consumption.
1. Download the Kali ISO
2. [Create a new HVM][qubes-new-hvm]
3. Start the HVM with attached CD/DVD
```shell_session
$ qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
```
From a Debian template <a name="templatevm-from-debian4_0"/>
================================================================
This is the recommended method.
Easier to maintain and less demanding on resources, but you wont have the full Kali GUI.
If you need to install custom kernel modules (wifi drivers, …) you need to use the kernel provided by Kali instead of the kernel provided by Qubes, see [Managing VM Kernel.](/doc/managing-vm-kernel/)
The steps can be summarized as:
1. Install Qubes stable Debian template
2. Upgrade from Debian `stable` to Debian `testing` for Qubes repositories
3. Add `testing` and `securitytesting` Qubes repositories
4. Replace the content of `/etc/apt/sources.list` file with the Kali repository
5. Update the template
Get Kali Linux PGP key
-----------------------
**CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures].
This website cannot guarantee that any PGP key you download from the Internet is authentic.
In order to obtain a trusted fingerprint, check its value against multiple sources.
Then, check the keys you download against your trusted fingerprint.
This step is required since by (security) default TemplateVM do not have a
direct Internet connectivity. Users understanding the risks of enabling such
access can change this configuration in firewall settings for the TemplateVM.
1. Retrieve the Kali Linux PGP key using a DisposableVM.
```shell_session
$ gpg --keyserver hkps://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
$ gpg --list-keys --with-fingerprint 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
$ gpg --export --armor 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 > kali-key.asc
```
2. **DO NOT TURN OFF** the DisposableVM, the `kali-key.asc` file will be copied in
the Kali Linux template for a further step.
3. Make sure the key is the authentic Kali key.
See the [Kali website] for further advice and instructions on verification.
Create a Kali Linux (rolling) template
----------------------------------------
These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux.
1. (Optional) Check for latest Debian stable template and install it (if not already done)
```shell_session
# qubes-dom0-update --action="search all" qubes-template-debian
# qubes-dom0-update <latest Debian template>
```
2. Clone `debian-X` template
```shell_session
$ qvm-clone debian-<X> kali-rolling
```
3. Check the name of currently used repository in `/etc/apt/sources.list.d/qubes-r<X>.list` and current testing [Debian release][Debian-releases]. Update repository list accordingly
```shell_session
# sed -i 's/<current stable>/<current testing>/g' /etc/apt/sources.list.d/qubes-r<X>.list
```
e.g. in this example we update `buster` stable repository to `bullseye` testing repository
```shell_session
# sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/qubes-r<X>.list
```
4. Enable the QubesOS `testing` and `securitytesting` repositories
In `/etc/apt/sources.list.d/qubes-r<X>.list`, enable the `testing` and `securitytesting` repository.
We do that to reduce the 'dependency hell' between Qubes repository and Kali repository.
5. Copy the Kali PGP key from the DisposableVM to the new template:
```shell_session
$ qvm-copy kali-key.asc
```
The DisposableVM can now be turned off.
6. Add the Kali PGP key to the list of keys trusted to authenticate packages:
```shell_session
# cat /home/user/QubesIncoming/dispXXX/kali-key.asc | apt-key add -
```
This command should return: `OK`.
7. Replace Debian repositories with Kali repository
```shell_session
# echo 'deb https://http.kali.org/kali kali-rolling main non-free contrib' > /etc/apt/sources.list
```
8. Replace `gcc8` to work around a dependency issue
```shell_session
# apt-get remove libgcc-8-dev && apt-get install libc6-dev
```
**Note:** This kind of dependency issue will pop up and disappear without notice.
Such issues arise because of the differences of dependencies in packages from
the Kali repository, the Qubes testing repository and the Debian testing
repository.
So this step [step 8] is currently needed. But it will not always be the case.
9. Update the template
**Note:** During execution of the update, carefully read list of packages to be removed. If it contains `qubes-vm-dependencies` package, terminate operation and try to resolve missing dependencies first. For other `qubes-*` packages, it is up to you to decide if you need them.
10. Ensure a terminal can be opened in the new template.
```shell_session
$ qvm-run -a kali-rolling gnome-terminal
```
Install the Kali tools
------------------------------
At this point you should have a working template and you can install the tools you need.
You can find [a list of Kali Linux `Metapackages` here](https://tools.kali.org/kali-metapackages)
Keep in mind that the tools you will install can easily take more than 10 GB, [so you will need to **grow** the size of the VM system storage.][qubes-resize-disk-image]
Alternative Options to Kali Linux
===================================
* [PenTester Framework][PTF], with [PTF Qubes OS guide][qubes-ptf]
* BlackArch Linux, with [BA Qubes OS guide][qubes-blackarch]
* more on the [Penetration Testing page][qubes-pentesting]
Notes
=============
Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes-issues/issues/1981).
[qubes-verifying-signatures]: /security/verifying-signatures/
[qubes-pentesting]: /doc/pentesting/
[qubes-blackarch]: /doc/pentesting/blackarch/
[qubes-ptf]: /doc/pentesting/ptf/
[qubes-template-debian-install]: /doc/templates/debian/#install
[qubes-resize-disk-image]: /doc/resize-disk-image/
[qubes-new-hvm]: /doc/standalone-and-hvm/
[kali]: https://www.kali.org/
[kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
[kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images
[PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
[katoolin]: https://github.com/LionSec/katoolin
[katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/
[Debian-releases]: https://www.debian.org/releases/
[Debian-security-naming-convention]: https://www.mail-archive.com/debian-security@lists.debian.org/msg41223.html

121
docs/os/pentesting/ptf.md Normal file
View file

@ -0,0 +1,121 @@
---
layout: doc
title: How to create Penetration Testers Framework (PTF) VM
permalink: /doc/pentesting/ptf/
redirect_from:
- /doc/ptf/
---
**General reminder:**
- The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities.
- Adding additional repositories or tools for installing software extends your trust to those tool providers.
Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended.
How to create Penetration Testers Framework (PTF) VM
====================================================
"The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing.
PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine." (source [PTF Readme](https://github.com/trustedsec/ptf/blob/master/README.md))
**Note** PTF works on Debian testing as well as on Debian 8. PTF itself works with Debian 8, but the software tools will have missing dependencies. Metasploit for example requires a newer Ruby version than Debian 8 has in the repositories. Therefore the best way to install PTF is by upgrading a Debian 8 into Debian testing with additional Kali repositories. Instead of installing the tools from Kali, PTF will install and update the newest tools.
Create Debian Based Penetration Testers Framework (PTF) Template
----------------------------------------------------------------
1. Create PTF template
1. Follow [Create Debian Based Kali Template](/doc/pentesting/kali/) till step 7.
2. (Optional) Rename the cloned template to `ptf`
2. Download PTF
sudo apt-get install git
cd /opt
sudo git clone https://github.com/trustedsec/ptf.git
- (Optional) Configure PTF
1. Go to configuration directory
cd /opt/ptf/config
2. Edit the configuration file
for example by using vim:
sudo vim ptf.config
the configuration options are described in the `ptf.config` file
3. Install PTF
cd /opt/ptf
sudo ./ptf
**Note:** the config file has to be in the same directory as the executable. It is not
possible to do sudo ptf/ptf
PTF will put itself into `/usr/local/bin/ptf`. You can use `ptf` from now on.
4. Install/Update modules (tools)
1. Start PTF
sudo ptf
![PTF start banner](/attachment/wiki/PTF/ptf-banner.png)
2. Show available modules (tools)
ptf> show modules
3. Install/Update modules (all/)
- Install/Update all tools
ptf> use modules/install_update_all
- or by category Install/Update
ptf> use modules/code-audit/install_update_all
- or individually (example Metasploit)
1. Search for module
ptf> search metasploit
[*] Search results below:
modules/exploitation/metasploit
2. Use module
ptf> use modules/exploitation/metasploit
ptf:(modules/exploitation/metasploit)>
3. Install module
ptf:(modules/exploitation/metasploit)>install
4. Run Metasploit
ptf:(modules/exploitation/metasploit)>exit
ptf> quit
[*] Exiting PTF - the easy pentest platform creation framework.
sudo msfconsole
5. Create an AppVM based on the `ptf` template
- (Optional) Attach necessary devices
Alternative Options to PTF
--------------------------
- [BlackArch](/doc/pentesting/blackarch/)
- [Kali](/doc/pentesting/kali/)
- [Pentesting](/doc/pentesting/)