Configuring Kali

Kali Linux is a commonly used distribution for penetration testing, since it includes a vast array of tools preinstalled. However, it does not include everything by default, including commonly used tools such as bloodhound.

Particularly if you find yourselves performing security audits without internet access, it’s worth installing the tools listed below in advance.

Kali Repository Tools

The following tools are available in the Kali repositories, but not installed by default;

ToolDescription
bloodhoundActive Directory security audits
bloodhound.pyBloodhound Python Ingester
krb5-userTo work with Kerberos tickets
ipcalcPerforms subnetting calculations
dbbeaverDatabase client that interfaces with multiple types of database, including Oracle
rlwrapAdds flow control to reverse shells
covenant-kbxA C# C2 framework
seclistsA collection of useful wordlists
peassPrivilege escalation tool
eyewitnessScans address ranges for web servers and takes a screenshot
ufwA iptables firewall interface
nishangPowerShell penetration testing scripts
veilAnti-Virus evasion framework
remminaGUI Remote Desktop Client
code-ossVisual Studio Code IDE
chiselFor network traffic tunnelling
hcxdumptoolRequired for wifite wireless penetration testing tool
golang-goThe Go programming language
ghidraReverse engineering tool
gdb-pedaExploit development assistance for GDB
payloadsallthethingsA useful collection of payloads for web application testing
ravenA lightweight web based file transfer tool

The following command will install these tools;

sudo apt install bloodhound bloodhound.py krb5-user ipcalc dbeaver rlwrap covenant-kbx seclists peass eyewitness ufw nishang veil remmina code-oss chisel hcxdumptool golang-go ghidra gdb-peda payloadsallthethings raven

Other Tools

The below tools are very useful, but not available in the Kali repositories at the time of writing.

ToolDescription
CoercerTo perform coerced authentication attacks
MITM6To perform IPv6 MITM attacks
Bloodhound Custom QueriesA query pack for Bloodhound to identify additional attack paths
static-binariesStatic binaries for use on remote systems
sysinternalsuiteMicrosoft systems internals tools (including PSExec, ADExplorer etc)
nmapWindows version of Nmap for use on remote systems
NimScanA fast, portable port scanner written in Nim
pspyMonitor Linux processes
GodPotatoSeImpersonate privilege escalation tool
ScarecrowAnti-Virus evasion framework
HacktricksA collection of pentesting notes
NMap2MDA tool to convert NMap XML files to markdown format

These tools can be installed using the following commands.

mkdir -p /home/kali/Tools/
cd /home/kali/Tools/
git clone https://github.com/vdjagilev/nmap2md
git clone https://github.com/p0dalirius/Coercer
git clone https://github.com/dirkjanm/mitm6
wget https://github.com/ly4k/Certipy/blob/main/customqueries.json
git clone https://github.com/optiv/ScareCrow
cd /home/kali/Tools/ScareCrow
go build ScareCrow.go

mkdir -p /home/kali/Tools/PrivEsc
cd /home/kali/Tools/PrivEsc
ln -s /usr/share/peass/ /home/kali/Tools/PrivEsc/peass
ln -s /usr/share/windows-resources/powersploit /home/kali/Tools/PrivEsc/PowerSploit
ln -s /usr/share/windows-resources/mimikatz /home/kali/Tools/PrivEsc/Mimikatz
git clone https://github.com/andrew-d/static-binaries
wget https://download.sysinternals.com/files/SysinternalsSuite.zip
wget https://nmap.org/dist/nmap-7.92-setup.exe
wget https://github.com/elddy/NimScan/releases/download/1.0.8/NimScan.exe
wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy64
wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy32
wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET4.exe
git clone https://github.com/carlospolop/hacktricks

Cloud Audit Tools

Kali Repository Tools
ToolDescription
trivyA cloud security scanner
kubernetes-clientFor interacting with kubernetes clusters

These tools can be installed with;

sudo apt install trivy kubernetes-client
Other Cloud Tools

Scoutsuite

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.

cd /home/kali/Tools/
git clone https://github.com/nccgroup/ScoutSuite
cd ScoutSuite
virtualenv -p python3 venv
source venv/bin/activate
pip install -r requirements.txt
python scout.py --help

Tools that Require Compiling

These tools will need to be compiled with Visual Studio;

https://github.com/GhostPack/Rubeus
https://github.com/GhostPack/Certify
https://github.com/GhostPack/SharpUp

Wordlists

Kali does include rockyou.txt by default, but the more the better 🙂

NameSizeDownloadNotes
Crackstation15 GBhttps://crackstation.net/Combination of wordlists, including non english words
Rocktastic13 GBhttps://labs.nettitude.com/blog/rocktastic/Nettitude’s permutations of the infamous rockyou wordlist
RockYou2021100 GBhttps://github.com/ohmybahgosh/RockYou2021.txtThe largest collection of compromised passwords, including 8.4 billion entries
SecLists807Mbhttps://github.com/danielmiessler/SecLists/tree/master/PasswordsIncludes a large number of default passwords
Weakpass 2P9.4 Gbhttps://weakpass.com/downloadA password list complaint with the default windows password policy
English Words4.1Mbhttps://github.com/dwyl/english-wordsFor use with rule attacks

Commercial Tools

If you have licenses for the following tools, it’s worth installing them at the same time.


Miscellaneous Tweaks

To fix VIM text editor mouse behaviour, add the following to /home/kali/.vimrc:

set mouse-=a
syntax on

In Conclusion

I would recommend trying to run the tools at least once after installing them to make sure everything is working correctly. Since inevitably something will break, I would also recommend preparing a secondary distribution, such as Parrot OS.