From a70c5bdb0a852a452f79e9a473f8921123b26223 Mon Sep 17 00:00:00 2001 From: Neowutran Date: Sun, 10 May 2020 10:09:53 +0200 Subject: [PATCH] [Kali] add positive and negative points for each methods --- os-guides/pentesting/kali.md | 90 ++++++++++++++---------------------- 1 file changed, 34 insertions(+), 56 deletions(-) diff --git a/os-guides/pentesting/kali.md b/os-guides/pentesting/kali.md index cb182c5..940cf5d 100644 --- a/os-guides/pentesting/kali.md +++ b/os-guides/pentesting/kali.md @@ -6,52 +6,32 @@ redirect_from: - /doc/kali/ --- -# How to create a Kali Linux VM +How to create a Kali Linux VM +=============================== +Warnings +-------------- +* The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities. +* Adding additional repositories or tools for installing software extends your trust to those tool providers. +* Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. +* Kali Linux distribution is a rolling distribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. -## Warnings - -- The installation scripts and provided tools may have bugs, be vulnerable to Man in the Middle (MitM) attacks or other vulnerabilities. - -- Adding additional repositories or tools for installing software extends your trust to those tool providers. - -- Please keep in mind that using such a VM or VM's based on the template for security and privacy critical tasks is not recommended. - -- Kali Linux distribution is a rolling distribution based constantly on Debian testing release, so it always will have newer software base than available in Qubes OS debian template. Keep in mind that it may result in problems (especially in regard to package dependency) not covered by this tutorial. - - -## Qubes 4.0 - -### How to Create a Kali Linux VM - -This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (qube) in Qubes OS. - -Kali Linux is the most widely used penetration testing Linux distribution. - -There are multiple ways to create a Kali Linux VM: - - 1. Create a HVM and use the official ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm4_0). - 2. Clone the Qubes OS latest Debian template image and turn it into a Kali Linux distribution: - - using [katoolin]. Explained [here](#katoolin4_0). - - manually. Explained [here](#templatevm-from-debian4_0). - -### Kali Linux HVM +From the official ISO file +================================================== +Only use this method if you want to have the full Kali GUI (desktop, fancy menus, ...), it come at the cost of much greater resources consumption. 1. Download the Kali installation DVD - 2. Create a new HVM - 3. Start the HVM with attached CD/DVD - ```shell_session $ qvm-start --cdrom :/home/user/Downloads/.iso ``` -### Kali Linux TemplateVM from a Debian template +From a Debian template +================================================================ +This is the recommanded method. +Easier to maintain and less demanding on resources, but you won't have the full Kali GUI. -This section will explain how to create your own [Kali] Linux TemplateVM based -on a current stable Debian TemplateVM. The basic idea is to personalize the -template with all the tools needed, and then spin up isolated AppVMs based on -the template. +If you need to install custom kernel modules (wifi drivers, ...) you need use the kernel provided by Kali instead of the kernel provided by Qubes, see [Managing VM Kernel][managing-vm-kernel] The steps can be summarised as: @@ -60,8 +40,8 @@ The steps can be summarised as: 3. Add the Kali repository 4. Update the template -#### Get Kali Linux GPG key - +Get Kali Linux GPG key +----------------------- **CAUTION:** Before proceeding, please carefully read [On Digital Signatures and Key Verification][qubes-verifying-signatures]. This website cannot guarantee that any PGP key you download from the Internet is authentic. Always obtain a trusted key fingerprint via other channels, and always check any key you download against your trusted copy of the fingerprint. @@ -70,7 +50,7 @@ This step is required since by (security) default a TemplateVM do not have a direct Internet connectivity. Users understanding the risks of enabling such access can change this configuration in firewall settings for the TemplateVM. -1. Retrive the Kali Linux GPG key using a DispVM. +1. Retrive the Kali Linux GPG key using a DisposableVM. ```shell_session $ gpg --keyserver hkp://keys.gnupg.net --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 @@ -78,14 +58,14 @@ $ gpg --list-keys --with-fingerprint 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 $ gpg --export --armor 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6 > kali-key.asc ``` -2. **DO NOT TURN OFF** the DispVM, the `kali-key.asc` file will be copied to +2. **DO NOT TURN OFF** the DisposableVM, the `kali-key.asc` file will be copied to the Kali Linux template in a further step. 3. Make sure the key is the authentic Kali key. See the [Kali website] for further advice and instructions on verification. -#### Create a Kali Linux (rolling) template - +Create a Kali Linux (rolling) template +---------------------------------------- These instructions will show you how to upgrade a Debian TemplateVM to Kali Linux. 1. (Optional) Check for latest Debian stable template and install it (if not already done) @@ -125,7 +105,6 @@ $ qvm-clone debian- kali-rolling e.g. in this example we update `buster` stable repository to `bullseye` testing repository - ```shell_session # sed -i 's/buster/bullseye/g' /etc/apt/sources.list # sed -i 's/buster/bullseye/g' /etc/apt/sources.list.d/qubes-r.list @@ -141,13 +120,13 @@ For installation based on Debian 10 stable, please note that the security reposi **Note:** During execution of the update, read carefully list of packages to be removed. If it contains `qubes-*` packages, terminate operation and try to resolve `qubes-*` packages missing dependencies first. -6. Copy the Kali GPG key from the DispVM to the new template: +6. Copy the Kali GPG key from the DisposableVM to the new template: ```shell_session $ qvm-copy kali-key.asc ``` - The DispVM can now be turned off. + The DisposableVM can now be turned off. 7. Add the Kali GPG key to the list of keys trusted to authenticate packages: @@ -174,21 +153,20 @@ EOF $ qvm-run -a kali-rolling gnome-terminal ``` -#### Install the Kali tools - +Install the Kali tools +------------------------------ At this point you should have a working template and you can install the tools you need. -Keep in mind that the tools you will install can easily take more than 10GB, [so you will need to **grow** the size of the VM1][qubes-resize-disk-image] +Keep in mind that the tools you will install can easily take more than 10GB, [so you will need to **grow** the size of the VM][qubes-resize-disk-image] -### Alternative Options to Kali Linux - - * [PenTester Framework][PTF], with [PTF Qubes OS guide][qubes-ptf] - * BlackArch Linux, with [BA Qubes OS guide][qubes-blackarch] - * [KATOOLIN][katoolin-howto] - * more on the [Penetration Testing page][qubes-pentesting] +Alternative Options to Kali Linux +=================================== +* [PenTester Framework][PTF], with [PTF Qubes OS guide][qubes-ptf] +* BlackArch Linux, with [BA Qubes OS guide][qubes-blackarch] +* more on the [Penetration Testing page][qubes-pentesting] -## Notes - +Notes +============= Thanks to the people in [the discussion thread](https://github.com/QubesOS/qubes-issues/issues/1981). [qubes-verifying-signatures]: /security/verifying-signatures/