Merge branch 'master' of https://github.com/lorenzog/qubes-doc

2025-02-17 21:34:17 -05:00 · 2017-01-14 14:30:58 -08:00 · 2017-01-14 14:30:58 -08:00 · 82f43a9a5d
commit 82f43a9a5d
parent bd3c0b96de dc2a854f8e
1 changed files with 160 additions and 54 deletions
--- a/managing-os/pentesting/kali.md
+++ b/managing-os/pentesting/kali.md
@ -17,14 +17,25 @@ Please keep in mind that using such a VM or VM's based on the template for secur
 How to Create a Kali Linux VM
 =============================
-This guide is being created to give guidance on ways in which you could create a [Kali Linux](https://www.kali.org/) penetration testing VM (Qube) in Qubes OS.
+This guide is being created to give guidance on ways in which you could create a [Kali Linux][kali] penetration testing VM (Qube) in Qubes OS.
 Kali Linux is the most widely used penetration testing Linux distribution.
-There are multiple ways to create a Kali Linux VM. One way is to create a HVM and use the offical ISO to install the system or convert a [Virtual Image](https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). Another way is to clone the Qubes OS Debian image and turn it into a Kali Linux distribution.
+There are multiple ways to create a Kali Linux VM:
-Kali Linux HVM
+ 1. Create a HVM and use the offical ISO to install the system or convert a [Virtual Image][kali-vbox]. Explained [here](#hvm).
--------------
+ 2. Clone the Qubes OS Debian image and turn it into a Kali Linux distribution using [katoolin]. Explained [here](#katoolin).
 3. Clone the Qubes OS 'jessie' Debian template, upgrade it to 'stretch'
    (Debian 9.0) and turn it into a Kali linux template. Explained
    [here](#debian-upgrade).
 ## Alternative Options to Kali
 - [BlackArch][qubes-blackarch]
 - [PenTester Framework (PTF)][qubes-ptf]
 - [Pentesting][qubes-pentesting]
 ## Kali Linux HVM <a name="hvm"/>
 1. Download the Kali installation DVD
@ -34,8 +45,9 @@ Kali Linux HVM
        qvm-start <hvm-name> --cdrom <vm-name>:/home/user/Downloads/<iso-name>.iso
-Create Debian Based Kali Template
+## Create Debian Based Kali Template <a name="katoolin"/>
---------------------------------
+
 Katoolin is a script (written in Python) which helps you to install Kali tools.
 1. *(Optional)* Install `debian-8` template (if not already installed)
@ -62,27 +74,7 @@ Create Debian Based Kali Template
        sudo apt-get dist-upgrade
        sudo apt-get autoremove
-    **Note:** From now on there are two possible ways either doing everything manually or automatically with [Katoolin](https://github.com/LionSec/katoolin).
+6. Install Katoolin and add Kali Linux repositories
    Katoolin is a script (written in Python) which helps you to install Kali tools.
 5. *manually* - Add Kali Linux repositories
    1. Add Kali Linux repositories to `/etc/apt/sources.list`
            deb http://http.kali.org/kali kali-rolling main contrib non-free
            deb http://repo.kali.org/kali kali-bleeding-edge main
    2. Add kali signing key
        - The signing key can be found here [Download Kali Linux Images Securely](https://www.kali.org/downloads/)
                sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6
                sudo apt-get update
 6. *katoolin* - Install Katoolin and add Kali Linux repositories
    1. Install Katoolin
@ -152,28 +144,7 @@ Create Debian Based Kali Template
 9. Start image
-10. *manually* - Install tools
+11. Install tools
    **Warning:** `kali-linux` and `kali-linux-full` does currently not work properly. Please use `Katoolin` or `PTF`.
    1. List available packages
            sudo apt-cache search kali-linux
    2. Select and install tools
        - install base system
                sudo apt-get install kali-linux
        - or install all tools
                sudo apt-get install kali-linux-full
        - or select specific (example):
                sudo apt-get install kali-linux-top10 kali-linux-web
 11. *katoolin* - Install tools
    1. View Categories
@ -185,7 +156,7 @@ Create Debian Based Kali Template
    2. Select the categories/tools you want to install
-        - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu](http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/)
+        - For more information on how to use Katoolin see [How to Auto Install All Kali Linux Tools Using “Katoolin” on Debian/Ubuntu][katoolin-howto].
        - **Note:** The `all` option does not work for `Information Gathering`, `Web Apps`, `Forensic Tools`, `Reverse Engineering` and `Extra`.
@ -193,10 +164,145 @@ Create Debian Based Kali Template
    - (Optional) Attach necessary devices
 ## Installing Kali from a Debian template <a name="debian-upgrade"/>
 This section will explain how to create your own [Kali] Linux VM as a VM
 template. The basic idea is to personalize the template with the tools you need
 and then spin up isolated AppVMs based on the template.
 This has been tested on Qubes OS 3.2.
 The steps can be summarised as:
 1. Install Qubes' Debian 8.0 (Jessie) template
 2. Upgrade the template to Debian 9.0 (Stretch)
 3. Install kali through the ``kali-linux-full`` package
 4. Use the template to build appVM so that you can maintain isolation between
   e.g. pentesting jobs
 Steps to build a Kali template
 ------------------------------
 ### Get the GPG key
 1. You'll need to fetch the Kali GPG key from a dispVM as the template you'll
   build won't have direct internet connectivity unless you enable it from the
   firewall:
        # in a dispVM
        gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6
        gpg --list-keys --with-fingerprint 7D8D0BF6 
        gpg --export --armor 7D8D0BF6 > kali.asc
 2. **DO NOT TURN OFF** the dispVM
 3. Make sure the key ID is the valid one listed on the [Kali website]. Ideally,
   verify the fingerprint through other channels as recommended on that link.
 Once you have the key, keep the dispVM on as you'll need to copy the key over
 to the Kali template.
 ### Customize the template
 1. Install [the debian-8 template] if not already installed
 2. Clone the debian template and start a terminal in it:
        # in dom0:
        qvm-clone debian-8 debian-9
        qvm-run -a debian-9 gnome-terminal
        # in the debian-9 template terminal:
        # substitute jessie for stretch in
        sudo -s
        sensible-editor /etc/apt/sources.list
        sensible-editor /etc/apt/sources.list.d/qubes-r3.list
        apt-get update && apt-get dist-upgrade
        # (hat tip: [the Debian wiki])
    Restart the template when done and make sure you can open a terminal.
 3. Prepare the kali template:
        # in dom0:
        qvm-shutdown debian-9
        qvm-clone debian-9 kali-tpl
        qvm-run -a kali-tpl gnome-terminal
 3. Add the sources to install Kali linux to the `kali-tpl` template:
        # in kali-tpl:
        sudo -s
        echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list
 4. Copy the Kali key from the dispVM into the template:
        # in the dispVM:
        qvm-copy-to-vm kali-tpl kali.asc
        # in kali-tpl:
        cat /home/user/QubesIncoming/dispXXX/kali-key.asc | sudo apt-key add -
    The last command should return `OK` on a line by itself.
 5. Update the system:
        # in kali-tpl:
        sudo -s
        apt-get update && apt-get dist-upgrade
 6. Shut down the `kali-tpl` template:
        # in dom0:
        qvm-shutdown kali-tpl
 ### Install the Kali tools
 At this point you should have a working template and you can install the tools you need.
 1. [resize the template] if you plan on installing the full Kali distribution. For example to install `kali-linux-full` you must **grow** the size of the VM system from 10Gb to at least 20Gb.
 1. Install Kali linux:
        # in kali-tpl:
        sudo apt-get install kali-linux-full
 2. [optional] Customise the template's home directory (e.g. install your licensed copy of Burp Suite Professional)
 ### Use the template
 The template is ready to be used. You can now spin up AppVMs based on the `kali-tpl` template.
 Alternative Options to Kali
---------------------------
+===========================
- [BlackArch](/doc/pentesting/blackarch/)
+ * PenTester Framework: [PTF] ([PTF Qubes OS guide])
- [PenTester Framework (PTF)](/doc/pentesting/ptf/)
+ * Black Arch with [BA Qubes OS guide])
- [Pentesting](/doc/pentesting/)
+ * [KATOOLIN]
 Notes
 -----
 Thanks to the people in [the discussion thread].
 [qubes-blackarch]: /doc/pentesting/blackarch/
 [qubes-ptf]: /doc/pentesting/ptf/
 [qubes-pentesting]: /doc/pentesting/
 [kali-vbox]: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
 [kali]: https://www.kali.org/
 [kali website]: https://docs.kali.org/introduction/download-official-kali-linux-images.
 [KATOOLIN]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/ 
 [the debian-8 template]: https://www.qubes-os.org/doc/templates/debian/#install
 [PTF]: https://www.trustedsec.com/may-2015/new-tool-the-pentesters-framework-ptf-released/
 [audio CDs]: https://www.reddit.com/r/Nirvana/comments/3hmra1/the_main_character_in_the_tv_show_mr_robot_has_a/
 [resize the template]: https://www.qubes-os.org/doc/resize-disk-image/
 [the Debian wiki]: https://wiki.debian.org/Qubes#Install_Debian_Templates
 [the discussion thread]: https://github.com/QubesOS/qubes-issues/issues/1981
 [PTF Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/ptf/
 [BA Qubes OS guide]: https://www.qubes-os.org/doc/pentesting/blackarch/
 [katoolin]: https://github.com/LionSec/katoolin
 [katoolin-howto]: http://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/