Collection of tools and scripts for penetration testing.
The biggest value for this repo is in installing and configuring tools for an attack host. This is an opinionated setup. The provisioning is broken into scripts so individual tools can be installed.
amd64 and aarch64 architectures are supported. On Apple Silicon, use UTM with Apple Virtualization and Rosetta. Otherwise use VMware Fusion, it's fast and free (even for commercial use).
In attackhost/ there are scripts to provision a host in a variety of ways:
- Kasm Workspaces complete install using Ansible, including multi-arch emulation (i.e. x86_64 on Apple Silicon)
- Vagrant
- Kali and Parrot VMs
- Kali and Parrot Containers
Kasm is the preferred way to provision the attack host. It provides better isolation between engagements, and quicker start up and tear down.
- Create VM based on Ubuntu 24.04 Server or Desktop
- Add public key to VM
~/.ssh/authorized_keys cd attackhost- Copy
hosts.inito.hosts.ini - Configure
[kasm_server]block for the VM ansible-playbook --ask-become-pass -i .hosts.ini kasm.yml- Credentials will be created in
vars/.credentials.yml - In
vars/.networking.[hostname].yml, you'll find the static IP address. - Open
https://[ip]or also the IP assigned to the VM by DHCP.
$ docker exec pia-pia-1 piactl get regions
...
$ docker exec pia-pia-1 piactl set region us-montana
$ docker exec pia-pia-1 piactl monitor connectionstate
Reconnecting
ConnectedThere are quirks with using the clipboard. Copy and paste between host and workspace normally works well, for both text and images. Copy and paste between workspaces is quirky. For text, use the Control Panel > Clipboard. For images, 1) Right-click and paste, OR 2) Open it Preview, Command-A to select all, Command-C to copy. Open the Control Panel > Clipboard, close it. Then Command-V to paste into the application.
In the attackhost directory vagrant up. Only Kali is supported with Vagrant.
This box uses VMWare Fusion for Apple Silicon support. There are specific instructions for the provider: https://developer.hashicorp.com/vagrant/docs/providers/vmware/installation .
$ cd attackhost
$ VAGRANT_PROVIDER=vmware_fusion vagrant upThe kali/container directory contains a docker compose file and related images I use for headless work, generally
for long term scans. It has a "Private Internet Access" VPN.
Start the stack using ./up.sh. Stop it with ./up.sh down.
In the /config/pia-auth.conf file of the kali-pia container, add the username and password on separate lines and
restart the container.
The /data volume in the kali-kali container is intended for pen test artifacts. You'll see I use Dropbox and
the up.sh script searches for my particular folder.
Enter the container for work:
$ docker exec -it --user kali:kali kali-kali-1 /usr/bin/zsh -l