5.1 KiB
| layout | title | permalink |
|---|---|---|
| doc | How to create a Kali Linux VM | /doc/kali/ |
How to Create a Kali Linux VM
This guide will explain how to create your own Kali Linux VM as a VM template. The basic idea is to personalize the template with the tools you need and then spin up isolated appVMs based on the template.
The steps can be summarised as:
- Customize a Debian template with the Kali sources
- Install the Kali tools
- Use the template to build appVM so that you can maintain isolation between e.g. pentesting jobs
IMPORTANT NOTE Following the instructions below and in particular installing kali-linux-full will BREAK YOUR VM. Don't do it. It needs further investigation. The problem is:
- Pinning down xorg doesn't allow installing kali-desktop (or something) which prevents kali-*
Steps to build a Kali template
Get the GPG key
-
You'll need to fetch the Kali GPG key from a dispVM as the template you'll build won't have direct internet connectivity unless you enable it from the firewall:
# in the dispVM gpg --keyserver hkp://keys.gnupg.net --recv-key 7D8D0BF6 gpg --list-keys --with-fingerprint 7D8D0BF6 gpg --export --armor 7D8D0BF6 > kali.asc -
Make sure the key ID is the valid one listed on the Kali website. Ideally, verify the fingerprint through other channels.
Once you have the key, keep the dispVM on as you'll need to copy the key over to the Kali template.
Customize the template
-
Install the debian-8 template (if not already installed)
-
Clone the debian template and start a terminal in it:
# from dom0: qvm-clone debian-8 kali -
Add this line to the
/etc/apt/sources.listfile in the template:# in the 'kali' template sudo -s echo 'deb http://http.kali.org/kali kali-rolling main non-free contrib' >> /etc/apt/sources.list -
Copy the Kali key from the dispVM into the template:
# in the dispVM qvm-copy-to-vm kali kali.asc # in the kali template: sudo -s cat /home/user/QubesIncoming/kali/kali-key.asc | apt-key add -The last command should return
OKon a line by itself. -
Pin the X server into the preferences file: this prevents Kali to installing a new X.org server, for which there would be no qubes-tools available:
# add the following lines to /etc/apt/preferences (you might have to create it) Package: xserver-xorg* Pin: release a=jessie Pin-Priority: 900 Package: xorg* Pin: release a=jessie Pin-Priority: 900 -
Update the system:
sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade -
Now is a good time to stop the template, clone it and see if restarting it allows you to run a terminal:
# from dom0 qvm-clone kali kali-tools
Install the Kali tools
At this point you should have a working template and you can install the tools you need.
Don't forget to resize the template if you plan on installing the full Kali distribution. For example to install kali-linux-full you must grow the size of the VM system from 10Gb to at least 20Gb.
-
Install your tools of choice, for example:
# in the kali-tools template sudo apt-get install kali-linux-full -
If the update process went well, give it a try: shut down the
kali-toolstemplate and create an appVM from it. -
When you are happy you can probably remove the
kalitemplate and its backup copies; then use onlykali-toolsas a template.
Don't forget to back up your appVMs as audio CDs.
Troubleshooting
If the template doesn't start, give it a peek with the console:
# from dom0
sudo xl console kali
Installing via third-party scripts: Katoolin
If you do not want to modify the sources.list file and add the signing keys
yourself, alternatively you can use KATOOLIN after cloning the Debian
Template.
You should probably inspect the script and make sure it does what you want before trusting it blindly.
Alternative Options to Kali
- PenTester Framework: PTF
Notes
Various things tried:
- Forget about pinning: just dist-upgrade, then download qubes-core-agent, then BACKEND_VMM=xen dpkg-buildpackage -b -uc -us
- Also download requirements for debian bootstrapping from https://wiki.debian.org/BuildingTutorial
- And qubes-kernel-vm-support for vchan (I think)