Primary Use Case

This tool is designed for penetration testers and CTF enthusiasts who want to quickly set up a Kali Linux environment with additional useful tools and vulnerable applications for hands-on practice. It automates the installation and configuration process, saving time and ensuring a consistent setup for red teaming and exploitation exercises.

Key Features

Automated installation of extra CTF and pentesting tools on Kali Linux via Ansible

Optional deployment of vulnerable Docker images like OWASP Juice Shop and WebGoat

Pre-configured vulnerable environments including DVWA

Clones and sets up additional useful repositories for privilege escalation and phishing

Supports both vanilla Kali Linux installations and Kali virtual machine images

Provides a customization utility (kali-tweaks) for further environment adjustments

Insights & Recommendations

This tool assumes a fresh Kali Linux installation and requires Ansible to automate setup. Users should have sudo privileges and be familiar with running Ansible playbooks. Installing vulnerable Docker images requires Docker to be installed and running on the host. It is recommended to upgrade packages before running the playbook to avoid dependency issues.

Installation

Ensure a plain vanilla Kali Linux installation, preferably a Kali virtual machine image
Optionally upgrade all installed packages: sudo apt update && sudo apt full-upgrade -y
Install git and ansible: sudo apt update && sudo apt install git ansible -y
If ansible package is unavailable, install ansible-core and required collections:
sudo apt install ansible-core -y
ansible-galaxy collection install ansible.posix community.general community.docker community.crypto
Clone the repository: git clone https://github.com/fazlearefin/kali-ctf-machine-setup.git
Navigate into the cloned directory: cd kali-ctf-machine-setup
Run the Ansible playbook to install tools without vulnerable Docker images:
ansible-playbook -vv -i localhost, -e "{ setup_vuln_docker_images: false }" -e "local_username=$(id -un)" -K main.yml

Usage

ansible-playbook -vv -i localhost, -e "{ setup_vuln_docker_images: false }" -e "local_username=$(id -un)" -K main.yml

Installs extra CTF and pentest tools on Kali Linux without pulling vulnerable Docker images.

ansible-playbook -vv -i localhost, -e "{ setup_vuln_docker_images: true }" -e "local_username=$(id -un)" -K main.yml

Installs extra CTF and pentest tools on Kali Linux including vulnerable Docker images.

docker run --rm -d -p 3000:3000 --name juice-shop bkimminich/juice-shop

Runs the OWASP Juice Shop vulnerable web application container for local testing.

docker run --rm -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=UTC --name webgoat webgoat/webgoat

Runs the OWASP WebGoat vulnerable web application container for local testing.

sudo systemctl start dvwa

Starts the Damn Vulnerable Web Application service on Kali Linux.

kali-tweaks

Launches a utility for further customization of the Kali Linux setup.

Smart Usage Notes

Integrate with CI/CD pipelines to provide automated pentesting environments for developers.Use the vulnerable Docker images for continuous red team training and purple team exercises.Leverage the ansible automation to quickly spin up consistent environments for CTF competitions or red team engagements.Combine with Metasploit or custom exploit scripts to automate exploitation workflows.Use kali-tweaks customization to tailor environments for specific threat emulation scenarios or training needs.

OpenSec Atlas

kali-ctf-machine-setup

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like