Kali Linux is Missing Many Essential Tools!

Hello Hackers! I hope you found a 0day today. Well, today, I will be addressing most of the people’s favorite distribution, Kali Linux. It’s an awesome distro with outdated tools. Everyone knows Kali Linux distribution. If you don’t know it, it’s basically a Debian-derived Linux distribution designed for digital forensics and penetration testing. It’s an evolved version of backtrack. Kali Linux is one of my favorite Linux distributions. However, in the past years, I started solving HackTheBox challenges, and a lot of these challenges have some smaller patterns where, for example, you start by enumerating ports, then brute-forcing web directories and files. And with time, you get use to these types of challenges, and you want to improve some areas in your techniques and tools. Improving your skillset and techniques is by reading and practice. However, when it comes to the tools, by default, most of the beginners, including myself, stuck with the basic tools in Kali distro, which many of them are outdated and slow.

The problem:

Kali Linux default tools are not the best choice. An example of a tool that is usually used at the beginning of the reconnaissance phase is Dirbuster, which is one of the slowest brute force tools I have seen. Dirbuster is by default in Kali, and it was the first option that comes to my mind when I wanted to brute force web directories and files.

My solution:

I started looking for neat tools in GitHub and collect them, and I decided to write a script to deploy all the collected tools so I can share them easily. I was planning to deploy them using a simple Bash script, but I wanted it to be a usable project, not just a script that will be used just once. As a result, I decided to write an Ansible Playbook for the deployment. If you don’t know Ansible, it is a neat solution to automate deployment remotely and locally. I called the Playbook, Kali-TX. It deploys very helpful chosen tools. All tools listed below.

My motivation behind choosing writing an Ansible Playbook is that in network penetration test engagements, usually, I spawn up new Kali instances before any engagement, so redownloading all the tools I use over and over takes a lot of time. Now, when I prepare for a new engagement, I just need to run this Playbook against all instances, and It will deploy scripts in each instance that will download an updated version of all the selected tools. That prevents wasting time downloading tools that supposed to be already installed.

Kali-TX

Tools

  • Ansible
  • Docker
  • Empire
  • Dirsearch
  • Aquatone
  • Rpivot
  • Tree
  • Pycharm
  • BruteX
  • BlackWidow
  • Gophish
  • Powershell
  • PowerSploit
  • EvilWinrm
  • QSearchSploit
  • Findsploit
  • Crackmapexec
  • IntruderPayloads
  • Invoke-Obfuscation
  • PayloadsAllTheThings
  • Fuzzdb
  • Big-list-of-naughty-strings
  • RobotsDisallowed
  • SecLists
  • Bettercap
  • Unicorn
  • EvilURL

How to install locally

$ git clone https://github.com/M507/Kali-TX.git
$ cd Kali-TX
$ bash deploy_locally.sh

How to deploy remotely

Clone the Playbook

$ git clone https://github.com/M507/Kali-TX.git
$ cd Kali-TX

Edit hosts.ini

[kali:vars]
ansible_connection=ssh
ansible_user=root
ansible_password=toor

[kali]
<ip1>
<ip2>
<ip3>
<ip4>
<ip5>

Deploy

$ cd Kali-TX
$ ansible-playbook deploy_kali.yml -i hosts.ini