Your Basket
Cyber security for any size of business
CREST member company
Team of friendly certified experts
Building a Kali Workstation - 2019 edition

Building a Kali Workstation - 2019 edition

How to build a reliable pentesting workstation with Kali Linux.

This guide should only be used by people who know their way around the Linux command line.

Building the Core OS

apt update && apt upgrade -y

sed -i 's/^#prepend domain-name-servers 127.0.0.1/prepend domain-name-server 9.9.9.9 1.1.1.1 8.8.4.4 8.8.8.8/' /etc/dhcp/dhclient.conf
sed -i 's/^#supersede domain-name "fugue.com home.vix.com"/supersede domain-name hsec.net/' /etc/dhcp/dhclient.conf

apt update && apt upgrade -y
apt dist-upgrade -y
apt autoremove -y
apt install -y ocl-icd-libopencl1 nvidia-driver nvidia-cuda-toolkit
apt install -y kali-linux-web kali-linux-voip kali-linux-wireless
apt install -y git gcc make libpcap-dev ntpdate
apt install -y python3-uritools python3-paramiko nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix sslyze arachni aha libxml2-utils rpcbind cutycapt host whois dnsrecon curl nmap php php-curl hydra wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq golang adb xsltproc libssl-dev python-pip
apt remove -y python3-pip
apt install -y python3-pip xmlstarlet chromium
pip install dnspython colorama tldextract urllib3 ipaddress requests
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
gem install rake
gem install ruby-nmap net-http-persistent mechanize text-table
gem install public_suffix
dpkg-reconfigure ruby

echo "This system is monitored and all keystrokes are recorded." > /etc/banner
echo "There is no anonymity here." >> /etc/banner
echo "If you are not authorised to connect, disconnect immediately. " >> /etc/banner
echo "" >> /etc/banner
echo "" >> /etc/banner

Installing OpenVAS

apt install openvas openvas-cli openvas-manager openvas-manager-common openvas-nasl openvas-scanner greenbone-security-assistant greenbone-security-assistant-common libopenvas-dev libopenvas-doc libopenvas9 -y
openvas-setup
openvasmd –-user=admin –-new-password=$openvaspasswd
for user in $users
do openvasmd --create-user=$user
openvasmd --user=$user --new-password=$password
done
sed -i 's/^ExecStart=\/usr\/sbin\/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390/ExecStart=\/usr\/sbin\/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --allow-header-host $vpnip/' /lib/systemd/system/greenbone-security-assistant.service
systemctl daemon-reload
service greenbone-security-assistant restart
systemctl enable greenbone-security-assistant.service
systemctl enable openvas-scanner.service
systemctl enable openvas-manager.service

Hardening Up SSH

echo "KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256" >> /etc/ssh/sshd_config
echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config
echo "MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256" >> /etc/ssh/sshd_config
echo "Protocol 2" >> /etc/ssh/sshd_config
echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config
echo "HostKey /etc/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config
echo "HostKey /etc/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config
echo "UsePrivilegeSeparation sandbox" >> /etc/ssh/sshd_config
echo "KeyRegenerationInterval 3600" >> /etc/ssh/sshd_config
echo "ServerKeyBits 1024" >> /etc/ssh/sshd_config
echo "SyslogFacility AUTH" >> /etc/ssh/sshd_config
echo "LogLevel INFO" >> /etc/ssh/sshd_config
echo "LoginGraceTime 60" >> /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "AllowGroups admins" >> /etc/ssh/sshd_config
echo "StrictModes yes" >> /etc/ssh/sshd_config
echo "RSAAuthentication yes" >> /etc/ssh/sshd_config
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "IgnoreRhosts yes" >> /etc/ssh/sshd_config
echo "RhostsRSAAuthentication no" >> /etc/ssh/sshd_config
echo "HostbasedAuthentication no" >> /etc/ssh/sshd_config
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config
echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config
echo "X11Forwarding no" >> /etc/ssh/sshd_config
echo "X11DisplayOffset 10" >> /etc/ssh/sshd_config
echo "PrintMotd yes" >> /etc/ssh/sshd_config
echo "PrintLastLog yes" >> /etc/ssh/sshd_config
echo "TCPKeepAlive yes" >> /etc/ssh/sshd_config
echo "AcceptEnv LANG LC_*" >> /etc/ssh/sshd_config
echo "Subsystem sftp /usr/lib/openssh/sftp-server" >> /etc/ssh/sshd_config
echo "UsePAM yes" >> /etc/ssh/sshd_config
systemctl enable ssh.service
/etc/init.d/ssh restart
service ssh restart

Hardening Up Apache

apt-get install -y apache2 libapache2-mod-security2
a2enmod ssl
sed -i 's/^Listen 80/# Listen 80/' /etc/apache2/ports.conf
echo "ServerTokens Full" > /etc/apache2/conf-available/security.conf
echo "ServerSignature On" >> /etc/apache2/conf-available/security.conf
echo "TraceEnable Off" >> /etc/apache2/conf-available/security.conf
echo "FileETag None" >> /etc/apache2/conf-available/security.conf
echo "" >> /etc/apache2/conf-available/security.conf
echo "# Do Header stuff" >> /etc/apache2/conf-available/security.conf
echo "Header unset Pragma" >> /etc/apache2/conf-available/security.conf
echo "Header unset ETag" >> /etc/apache2/conf-available/security.conf
echo "Header always set x-xss-protection \"1; mode=block\"" >> /etc/apache2/conf-available/security.conf
echo "Header always append X-Frame-Options SAMEORIGIN" >> /etc/apache2/conf-available/security.conf
echo "Header always set X-Content-Type-Options nosniff" >> /etc/apache2/conf-available/security.conf
echo "Header always set Referrer-Policy \"no-referrer\"" >> /etc/apache2/conf-available/security.conf
echo "" >> /etc/apache2/conf-available/security.conf
echo "<IfModule mod_ssl.c>" >> /etc/apache2/conf-available/security.conf
echo " Header always set Strict-Transport-Security \"max-age=63072000; includeSubDomains\"" >> /etc/apache2/conf-available/security.conf
echo " SSLCipherSuite EECDH+AESGCM:EDH+AESGCM" >> /etc/apache2/conf-available/security.conf
echo " SSLProtocol ALL -TLSv1.1 -TLSv1 -SSLv2 -SSLv3" >> /etc/apache2/conf-available/security.conf
echo " SSLHonorCipherOrder On" >> /etc/apache2/conf-available/security.conf
echo "</IfModule>" >> /etc/apache2/conf-available/security.conf
echo "" >> /etc/apache2/conf-available/security.conf
echo "<IfModule security2_module>" >> /etc/apache2/conf-available/security.conf
echo " SecServerSignature "PiaB"" >> /etc/apache2/conf-available/security.conf
echo "# Include /usr/share/modsecurity-crs/*.conf" >> /etc/apache2/conf-available/security.conf
echo "# Include /usr/share/modsecurity-crs/activated_rules/*.conf" >> /etc/apache2/conf-available/security.conf
echo "</IfModule>" >> /etc/apache2/conf-available/security.conf
echo "<IfModule mod_ssl.c>" > /etc/apache2/sites-available/000-default.conf
echo " <VirtualHost *:443>" >> /etc/apache2/sites-available/000-default.conf
echo " ServerName piab.hedgehogsecurity.co.uk" >> /etc/apache2/sites-available/000-default.conf
echo " ServerAdmin info@hedgehogsecurity.co.uk" >> /etc/apache2/sites-available/000-default.conf
echo " DocumentRoot \"/var/www/html/\"" >> /etc/apache2/sites-available/000-default.conf
echo " <Directory \"/var/www/html\">" >> /etc/apache2/sites-available/000-default.conf
echo " Options FollowSymLinks" >> /etc/apache2/sites-available/000-default.conf
echo " AllowOverride All" >> /etc/apache2/sites-available/000-default.conf
echo " Require all granted" >> /etc/apache2/sites-available/000-default.conf
echo " </Directory>" >> /etc/apache2/sites-available/000-default.conf
echo " ErrorLog /var/log/apache2/error.log" >> /etc/apache2/sites-available/000-default.conf
echo " CustomLog /var/log/apache2/access.log combined" >> /etc/apache2/sites-available/000-default.conf
echo " SSLEngine on" >> /etc/apache2/sites-available/000-default.conf
echo " SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem" >> /etc/apache2/sites-available/000-default.conf
echo " SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key" >> /etc/apache2/sites-available/000-default.conf
echo " </VirtualHost>" >> /etc/apache2/sites-available/000-default.conf
echo "</IfModule>" >> /etc/apache2/sites-available/000-default.conf
rm -rf /var/www/html/*
rm -f /var/www/html/*
chown -R www-data:www-data /var/www/*
a2enmod headers
systemctl enable apache.service
service apache2 restart

Install and Configure PostFix

cd ~
DEBIAN_FRONTEND=noninteractive apt install postfix libsasl2-modules mailutils -y
echo "smtpd_banner = $unit" > /etc/postfix/main.cf
echo "biff = no" >> /etc/postfix/main.cf
echo "append_dot_mydomain = no" >> /etc/postfix/main.cf
echo "#delay_warning_time = 4h" >> /etc/postfix/main.cf
echo "readme_directory = no" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "tls_random_source=dev:/dev/urandom" >> /etc/postfix/main.cf
echo "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cf
echo "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cf
echo "smtp_sasl_security_options = noanonymous" >> /etc/postfix/main.cf
echo "smtp_sasl_tls_security_options = noanonymous" >> /etc/postfix/main.cf
echo "header_size_limit = 4096000" >> /etc/postfix/main.cf
echo "smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem" >> /etc/postfix/main.cf
echo "smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key" >> /etc/postfix/main.cf
echo "smtpd_use_tls=yes" >> /etc/postfix/main.cf
echo "smtpd_tls_auth_only=yes" >> /etc/postfix/main.cf
echo "smtpd_tls_security_level=encrypt" >> /etc/postfix/main.cf
echo "smtpd_tls_mandatory_ciphers=high" >> /etc/postfix/main.cf
echo "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3" >> /etc/postfix/main.cf
echo "smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache" >> /etc/postfix/main.cf
echo "smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "smtpd_relay_restrictions =" >> /etc/postfix/main.cf
echo " permit_mynetworks," >> /etc/postfix/main.cf
echo " permit_sasl_authenticated," >> /etc/postfix/main.cf
echo " defer_unauth_destination" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "disable_vrfy_command = yes" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "myhostname = hedgehogsecurity.co.uk" >> /etc/postfix/main.cf
echo "alias_maps = hash:/etc/aliases" >> /etc/postfix/main.cf
echo "alias_database = hash:/etc/aliases" >> /etc/postfix/main.cf
echo "mydestination = localhost, localhost.localdomain, localhost" >> /etc/postfix/main.cf
echo "relayhost = [smtp.sendgrid.net]:587" >> /etc/postfix/main.cf
echo "mynetworks = 127.0.0.0/8" >> /etc/postfix/main.cf
echo "mailbox_size_limit = 0" >> /etc/postfix/main.cf
echo "recipient_delimiter = +" >> /etc/postfix/main.cf
echo "inet_interfaces = 127.0.0.1" >> /etc/postfix/main.cf
echo "inet_protocols = all" >> /etc/postfix/main.cf
echo "[smtp.sendgrid.net]:587 uname:pass" >> /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
echo "root: peter" >> /etc/aliases
newaliases
systemctl enable postfix.service
service postfix restart
</pre>

== Add the Users ==
<pre>
groupadd admins
RPASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
echo root:$RPASSWORD > ~/password-list
cat ~/password-list|chpasswd

useradd -G admins,sudo -d /home/peter peter
echo peter:password > ~/password-list
cat ~/password-list|chpasswd

Adding Useful Repos and Tools

cd /opt
git clone https://github.com/danielmiessler/SecLists.git
cd /opt/SecLists/Passwords
wget --header="User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0" --header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" --header="Accept-Language: en-US,en;q=0.5" --header="Accept-Encoding: gzip, deflate" --header="Referer: https://www.hedgehogsecurity.co.uk" https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -o rockyou.txt
cd /opt

git clone https://github.com/gophish/gophish.git

git clone https://github.com/NotSoSecure/password_cracking_rules.git

git clone https://github.com/1N3/Sn1per.git
sed -i 's/^read answer/#read answer/' opt/Sn1per/install.sh
sed -i 's/^CENSYS_APP_ID=""/CENSYS_APP_ID="'$censys-api-id'"/' /opt/Sn1per/sniper.conf
sed -i 's/^CENSYS_APP_SECRET=""/CENSYS_APP_ID="'$censys-api-secret'"/' /opt/Sn1per/sniper.conf
sed -i 's/^HUNTERIO_KEY=""/HUNTERIO_KEY="'$hunter-io'"/' /opt/Sn1per/sniper.conf
sed -i 's/^MSF_LPORT="4444"/MSF_LPORT="8443"/' /opt/Sn1per/sniper.conf
sed -i 's/^OPENVAS_PASSWORD=""/OPENVAS_PASSWORD="'$openvaspasswd'"/' /opt/Sn1per/sniper.conf
sed -i 's/^HUNTERIO="0"/HUNTERIO="1"/' /opt/Sn1per/sniper.conf
cd /opt/Sn1per/ && ./install.sh
cd /opt

git clone https://github.com/portcullislabs/enum4linux.git

git clone https://github.com/jondonas/linux-exploit-suggester-2.git

git clone https://github.com/bitsadmin/wesng.git

git clone https://github.com/swisskyrepo/PayloadsAllTheThings.git

git clone https://github.com/PowerShellMafia/PowerSploit.git

git clone https://github.com/samratashok/nishang.git

git clone https://github.com/michenriksen/gitrob.git

git clone https://github.com/breenmachine/httpscreenshot.git

git clone https://github.com/secretsquirrel/the-backdoor-factory.git

git clone https://github.com/SecWiki/windows-kernel-exploits.git

git clone https://github.com/robertdavidgraham/masscan.git

git clone https://github.com/SpiderLabs/ikeforce.git

git clone https://github.com/1N3/BruteX.git
cd /opt/Brutex && install.sh
cd /opt

git clone https://github.com/1N3/Goohak.git

git clone https://github.com/1N3/BlackWidow
pip install -r /opt/BlackWidow/requirements.txt

git clone https://github.com/Dionach/CMSmap.git

git clone https://github.com/0xsauby/yasuo.git

git clone https://github.com/aboul3la/Sublist3r.git

git clone https://github.com/nccgroup/shocker.git

git clone https://github.com/BishopFox/spoofcheck.git

git clone https://github.com/arthepsy/ssh-audit

git clone https://github.com/1N3/jexboss.git

git clone https://github.com/maurosoria/dirsearch.git

git clone https://github.com/jekyc/wig.git

git clone https://github.com/rbsec/dnscan.git
pip3 install -r /opt/dnscan/requirements.txt

git clone https://github.com/christophetd/censys-subdomain-finder.git
pip install -r/opt/censys-subdomain-finder/requirements.txt

git clone git clone https://github.com/infosec-au/altdns.git
cd /opt/altdns
pip install -r requirements.txt
python2 setup.py install
pip install py-altdns
cd /opt

git clone https://github.com/blechschmidt/massdns.git
cd /opt/massdns
make && make install
cd /opt

git clone https://github.com/ProjectAnte/dnsgen
cd /opt/dnsgen
pip3 install -r requirements.txt
python3 setup.py install
cd /opt

git clone https://github.com/n00py/WPForce.git

git clone https://github.com/S3cur3Th1sSh1t/WinPwn.git

git clone https://github.com/m8r0wn/nullinux.git
cd nullinux
bash setup.sh
cd /opt

git clone https://github.com/vanhauser-thc/THC-Archive.git

git clone https://github.com/m8r0wn/enumdb.git
cd enumdb
pip3 install -r setup/requirements.txt
cd /opt

git clone https://github.com/m8r0wn/ldap_search.git
cd ldap_search
python3 setup.py install
cd /opt

git clone https://github.com/linted/linuxprivchecker.git

git clone https://github.com/hegusung/RPCScan.git

Sign up to our newsletter

Keep up to date with the latest cyber security news and updates with our newsletter