DEV Community

loading...
Cover image for Kali on a container

Kali on a container

cosckoya
I am a JRPG fanatic, film devourer and music adventurer; that has been working as system engineer longer than I can remember :D
・2 min read

If you ask me about Kali some years ago, I must be thinking about Temple of Doom and if you asked me about hacking I would think about that blind man in Sneakers film :P

But joking apart, what can I say to you about Kali?

Kali is a cooked linux release that allows anyone to test pentesting tools. Could be installed as a virtual machine (VirtualBox, Vagrant...), as a boot partition on your computer or be deployed as EC2/VM instance on AWS/GCP/Azure/whatever cloud. These options are OK but it takes a "lot" of time to run, tweak and maintain a Kali system.

Imagine that you want to try a Kali tool and you dont want to install Kali Desktop, there is another option: Kali Docker images.

Kali images contains a base image without tools but all them APT repositories are enabled. So it's really easy to install and test anything on them.

Let's try to run some web scanner with Nikto, DMitry and SSLScan.

First you need to run bash in the Kali docker image:

docker run -ti --rm kalilinux/kali-rolling bash
Enter fullscreen mode Exit fullscreen mode

Now, in this prompted shell we could run as many commands as we need:

β”Œβ”€β”€(rootπŸ’€616f2bee7ea0)-[/]
└─# 
Enter fullscreen mode Exit fullscreen mode

Let's start running some APT commands to install our tools:

β”Œβ”€β”€(rootπŸ’€616f2bee7ea0)-[/]
└─# apt update && apt install nikto sslscan dmitry -y
Enter fullscreen mode Exit fullscreen mode

That's it. Tools are been installed. Let's check that are ready to run:

  • Nikto
β”Œβ”€β”€(rootπŸ’€616f2bee7ea0)-[/]
└─# nikto -Version                                  
[...]
File                               Version      Last Mod
-----------------------------      --------     ----------
Nikto main                         2.1.6        
[...]
Enter fullscreen mode Exit fullscreen mode
  • Dmitry
β”Œβ”€β”€(rootπŸ’€616f2bee7ea0)-[/]
└─# dmitry -version
Deepmagic Information Gathering Tool
"There be some deep magic going on"

Version: DMitry/1.3a (Unix)
Enter fullscreen mode Exit fullscreen mode
  • SSL Scan
β”Œβ”€β”€(rootπŸ’€616f2bee7ea0)-[/]
└─# sslscan --version
                2.0.9-static
                OpenSSL 1.1.1l-dev  xx XXX xxxx
Enter fullscreen mode Exit fullscreen mode

Imagine all the possibilities:

  • Create your custom Kali images:
FROM kalilinux/kali-rolling

RUN apt-get update -qq \
 && apt-get install -qq -y --no-install-recommends \
    nikto sslscan dmitry metasploit-framework
[...]
Enter fullscreen mode Exit fullscreen mode
  • Run a Kali image into a Kubernetes cluster:
kubectl run prompt-shell --generator=run-pod/v1 --rm -i --tty --image kalilinux/kali -- bash
Enter fullscreen mode Exit fullscreen mode

There are a lot of possibilities here.

Time to have fun. Enjoy!

Reference

Discussion (1)

Some comments have been hidden by the post's author - find out more