If you ask me about Kali some years ago, I must be thinking about Temple of Doom and if you asked me about hacking I would think about that blind man in Sneakers film :P
But joking apart, what can I say to you about Kali?
Kali is a cooked linux release that allows anyone to test pentesting tools. Could be installed as a virtual machine (VirtualBox, Vagrant...), as a boot partition on your computer or be deployed as EC2/VM instance on AWS/GCP/Azure/whatever cloud. These options are OK but it takes a "lot" of time to run, tweak and maintain a Kali system.
Kali images contains a base image without tools but all them APT repositories are enabled. So it's really easy to install and test anything on them.
First you need to run bash in the Kali docker image:
docker run -ti --rm kalilinux/kali-rolling bash
Now, in this prompted shell we could run as many commands as we need:
Let's start running some APT commands to install our tools:
┌──(root💀616f2bee7ea0)-[/] └─# apt update && apt install nikto sslscan dmitry -y
That's it. Tools are been installed. Let's check that are ready to run:
┌──(root💀616f2bee7ea0)-[/] └─# nikto -Version [...] File Version Last Mod ----------------------------- -------- ---------- Nikto main 2.1.6 [...]
┌──(root💀616f2bee7ea0)-[/] └─# dmitry -version Deepmagic Information Gathering Tool "There be some deep magic going on" Version: DMitry/1.3a (Unix)
- SSL Scan
┌──(root💀616f2bee7ea0)-[/] └─# sslscan --version 2.0.9-static OpenSSL 1.1.1l-dev xx XXX xxxx
Imagine all the possibilities:
- Create your custom Kali images:
FROM kalilinux/kali-rolling RUN apt-get update -qq \ && apt-get install -qq -y --no-install-recommends \ nikto sslscan dmitry metasploit-framework [...]
- Run a Kali image into a Kubernetes cluster:
kubectl run prompt-shell --generator=run-pod/v1 --rm -i --tty --image kalilinux/kali -- bash
There are a lot of possibilities here.
Time to have fun. Enjoy!