Skip to content

Sliim/pentest-env

Repository files navigation

Pentest Environment Deployer | Build Status

This repo provides an easy way to deploy a clean and customized pentesting environment with Kali linux using vagrant and virtualbox.

Requirements

I assume you are familiar with virtualbox and vagrant.

Latest pentest-env release is tested with:

  • Virtualbox (6.0.4)
  • Vagrant (2.2.3)

Current box

Kali 2018.1

Box SHA256
Kali 2018.1 407b01c550e1f230fc238d12d91da899644bec2cac76a1202d7bab2f9d6cbefd
Kali 2018.1 Light 1f58f62417219ce8fe7d5f0b72dc3a8e0c13c019e7f485e10d27a0f1f096e266
Kali 2018.1 KDE 0f44327c2606ead670679254f27945c82eb7cc2966c4a4f1d3137160dad07fe3
Kali 2018.1 LXDE f3765b918aec03024c2657fc75090c540d95602cd90c0ab8835b4c0a0f1da23a
Kali 2018.1 Xfce eec6b371743467244d3f4f1032c9dc576a1ce482a32ad18b8605bd3013e142a0
Kali 2018.1 Mate 221f1bf6936b560d8980290c2af0702f1e705798eb4ef51acc144e36c89fe51c
Kali 2018.1 E17 0466384e8338e269b441b5f2872c28888528d244a0d31b73c7fb9d15d4f1bd0d

See the documentation page about boxes for more details.

See also others available instances.

Getting started

To get started with pentest-env, clone this repository and run vagrant up inside the directory. This will download and run the Kali instance.

You can customize, add targets, create new targets etc.. inside pentest-env. Some examples are available in the examples/ directory, to use one simply set the PENTESTRC environment variable:

> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:

kali                      running (virtualbox)
metasploitable2           not created (virtualbox)
primer                    not created (virtualbox)

This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.

For more details, visit the documentation pages:

  1. Installation
  2. Usage
  3. Docker
  4. Openstack
  5. Customizations
  6. Instances
  7. Targets
  8. Write custom instances and targets
  9. Debugging
  10. Security
  11. About boxes
  12. Known issues

Some configuration examples:

  1. Configure Kali linux with Tor & proxychains
  2. Configure Kali linux with Whonix gateway
  3. Faraday cscan against metasploitable 2 & 3 targets
  4. Configure a Teamserver

Target examples:

  1. Basic Chef environment
  2. Simple & insecure Kubernetes cluster

About Security

verify checksums

It's recommended to check downloaded box files with provided checksums (SHA256).
See https://raw.githubusercontent.com/Sliim/pentest-env/master/checksums.txt for checksums list.

sshd is running

Provided boxes run the sshd service.
So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!

  • root password of kali is toor.
  • SSH private key is not private! Anyone can use this key to connect to your instance.

See the secure the environment page to automatically change these defaults values.

Shared folders symlinks

I recommend to disable SharedFoldersEnableSymlinksCreate which are enabled by default by vagrant.

More details and source in the Security/Disable SharedFoldersEnableSymlinksCreate section.

Related projects

Here is some projects you can build and integrate easily with pentest-env.

License

See COPYING file