Pentest Environment Deployer |
This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.
Requirements
I assume you are familiar with virtualbox and vagrant.
Latest pentest-env
release is tested with:
- Virtualbox (6.0.4)
- Vagrant (2.2.3)
Current box
Kali 2018.1
Box | SHA256 |
---|---|
Kali 2018.1 | 407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd |
Kali 2018.1 Light | 1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266 |
Kali 2018.1 KDE | 0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3 |
Kali 2018.1 LXDE | f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a |
Kali 2018.1 Xfce | eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0 |
Kali 2018.1 Mate | 221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c |
Kali 2018.1 E17 | 0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d |
See the documentation page about boxes for more details.
See also others available instances.
Getting started
To get started with pentest-env
, clone this repository and run vagrant up
inside the directory.
This will download and run the Kali instance.
You can customize, add targets, create new targets etc.. inside pentest-env
.
Some examples are available in the examples/
directory, to use one simply set the PENTESTRC
environment variable:
> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:
kali running (virtualbox)
metasploitable2 not created (virtualbox)
primer not created (virtualbox)
This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.
For more details, visit the documentation pages:
- Installation
- Usage
- Docker
- Openstack
- Customizations
- Instances
- Targets
- Write custom instances and targets
- Debugging
- Security
- About boxes
- Known issues
Some configuration examples:
- Configure Kali linux with Tor & proxychains
- Configure Kali linux with Whonix gateway
- Faraday cscan against metasploitable 2 & 3 targets
- Configure a Teamserver
Target examples:
About Security
verify checksums
It's recommended to check downloaded box files with provided checksums (SHA256).
See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.
sshd is running
Provided boxes run the sshd
service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!
root
password of kali istoor
.- SSH private key is not private! Anyone can use this key to connect to your instance.
See the secure the environment page to automatically change these defaults values.
Shared folders symlinks
I recommend to disable SharedFoldersEnableSymlinksCreate
which are enabled by default by vagrant.
More details and source in the Security/Disable SharedFoldersEnableSymlinksCreate section.
Related projects
Here is some projects you can build and integrate easily with pentest-env.
- Metasploitable3 - https://github.com/rapid7/metasploitable3/
- DetectionLab - https://github.com/clong/DetectionLab
- DanderSpritz-Lab - https://github.com/francisck/DanderSpritz_lab
License
See COPYING file