Building a Kali Workstation - 2019 edition

Building a Kali Workstation - 2019 edition

Posted by Peter Bassill on 24/05/2019


How to build a reliable pentesting workstation with Kali Linux.
This guide should only be used by people who know their way around the Linux command line.
Building the Core OS
apt update && apt upgrade -ysed -i 's/^#prepend domain-name-servers 127.0.0.1/prepend domain-name-server 9.9.9.9 1.1.1.1 8.8.4.4 8.8.8.8/' /etc/dhcp/dhclient.confsed -i 's/^#supersede domain-name "fugue.com home.vix.com"/supersede domain-name hsec.net/' /etc/dhcp/dhclient.confapt update && apt upgrade -yapt dist-upgrade -yapt autoremove -yapt install -y ocl-icd-libopencl1 nvidia-driver nvidia-cuda-toolkitapt install -y kali-linux-web kali-linux-voip kali-linux-wirelessapt install -y git gcc make libpcap-dev ntpdateapt install -y python3-uritools python3-paramiko nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix sslyze arachni aha libxml2-utils rpcbind cutycapt host whois dnsrecon curl nmap php php-curl hydra wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq golang adb xsltproc libssl-dev python-pipapt remove -y python3-pipapt install -y python3-pip xmlstarlet chromiumpip install dnspython colorama tldextract urllib3 ipaddress requestscurl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bashgem install rakegem install ruby-nmap net-http-persistent mechanize text-tablegem install public_suffixdpkg-reconfigure rubyecho "This system is monitored and all keystrokes are recorded." > /etc/bannerecho "There is no anonymity here." >> /etc/bannerecho "If you are not authorised to connect, disconnect immediately. " >> /etc/bannerecho "" >> /etc/bannerecho "" >> /etc/banner
Installing OpenVAS
apt install openvas openvas-cli openvas-manager openvas-manager-common openvas-nasl openvas-scanner greenbone-security-assistant greenbone-security-assistant-common libopenvas-dev libopenvas-doc libopenvas9 -yopenvas-setupopenvasmd –-user=admin –-new-password=$openvaspasswdfor user in $users do openvasmd --create-user=$useropenvasmd --user=$user --new-password=$passworddonesed -i 's/^ExecStart=\/usr\/sbin\/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390/ExecStart=\/usr\/sbin\/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --allow-header-host $vpnip/' /lib/systemd/system/greenbone-security-assistant.servicesystemctl daemon-reloadservice greenbone-security-assistant restartsystemctl enable greenbone-security-assistant.servicesystemctl enable openvas-scanner.servicesystemctl enable openvas-manager.service
Hardening Up SSH
echo "KexAlgorithms ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256" >> /etc/ssh/sshd_configecho "Ciphers aes256-ctr" >> /etc/ssh/sshd_configecho "MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256" >> /etc/ssh/sshd_configecho "Protocol 2" >> /etc/ssh/sshd_configecho "HostKey /etc/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_configecho "HostKey /etc/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_configecho "HostKey /etc/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_configecho "HostKey /etc/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_configecho "UsePrivilegeSeparation sandbox" >> /etc/ssh/sshd_configecho "KeyRegenerationInterval 3600" >> /etc/ssh/sshd_configecho "ServerKeyBits 1024" >> /etc/ssh/sshd_configecho "SyslogFacility AUTH" >> /etc/ssh/sshd_configecho "LogLevel INFO" >> /etc/ssh/sshd_configecho "LoginGraceTime 60" >> /etc/ssh/sshd_configecho "PermitRootLogin no" >> /etc/ssh/sshd_configecho "AllowGroups admins" >> /etc/ssh/sshd_configecho "StrictModes yes" >> /etc/ssh/sshd_configecho "RSAAuthentication yes" >> /etc/ssh/sshd_configecho "PubkeyAuthentication yes" >> /etc/ssh/sshd_configecho "IgnoreRhosts yes" >> /etc/ssh/sshd_configecho "RhostsRSAAuthentication no" >> /etc/ssh/sshd_configecho "HostbasedAuthentication no" >> /etc/ssh/sshd_configecho "PermitEmptyPasswords no" >> /etc/ssh/sshd_configecho "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_configecho "X11Forwarding no" >> /etc/ssh/sshd_configecho "X11DisplayOffset 10" >> /etc/ssh/sshd_configecho "PrintMotd yes" >> /etc/ssh/sshd_configecho "PrintLastLog yes" >> /etc/ssh/sshd_configecho "TCPKeepAlive yes" >> /etc/ssh/sshd_configecho "AcceptEnv LANG LC_*" >> /etc/ssh/sshd_configecho "Subsystem sftp /usr/lib/openssh/sftp-server" >> /etc/ssh/sshd_configecho "UsePAM yes" >> /etc/ssh/sshd_configsystemctl enable ssh.service/etc/init.d/ssh restartservice ssh restart
Hardening Up Apache
apt-get install -y apache2 libapache2-mod-security2a2enmod sslsed -i 's/^Listen 80/# Listen 80/' /etc/apache2/ports.confecho "ServerTokens Full" > /etc/apache2/conf-available/security.confecho "ServerSignature On" >> /etc/apache2/conf-available/security.confecho "TraceEnable Off" >> /etc/apache2/conf-available/security.confecho "FileETag None" >> /etc/apache2/conf-available/security.confecho "" >> /etc/apache2/conf-available/security.confecho "# Do Header stuff" >> /etc/apache2/conf-available/security.confecho "Header unset Pragma" >> /etc/apache2/conf-available/security.confecho "Header unset ETag" >> /etc/apache2/conf-available/security.confecho "Header always set x-xss-protection \"1; mode=block\"" >> /etc/apache2/conf-available/security.confecho "Header always append X-Frame-Options SAMEORIGIN" >> /etc/apache2/conf-available/security.confecho "Header always set X-Content-Type-Options nosniff" >> /etc/apache2/conf-available/security.confecho "Header always set Referrer-Policy \"no-referrer\"" >> /etc/apache2/conf-available/security.confecho "" >> /etc/apache2/conf-available/security.confecho "<IfModule mod_ssl.c>" >> /etc/apache2/conf-available/security.confecho " Header always set Strict-Transport-Security \"max-age=63072000; includeSubDomains\"" >> /etc/apache2/conf-available/security.confecho " SSLCipherSuite EECDH+AESGCM:EDH+AESGCM" >> /etc/apache2/conf-available/security.confecho " SSLProtocol ALL -TLSv1.1 -TLSv1 -SSLv2 -SSLv3" >> /etc/apache2/conf-available/security.confecho " SSLHonorCipherOrder On" >> /etc/apache2/conf-available/security.confecho "</IfModule>" >> /etc/apache2/conf-available/security.confecho "" >> /etc/apache2/conf-available/security.confecho "<IfModule security2_module>" >> /etc/apache2/conf-available/security.confecho " SecServerSignature "PiaB"" >> /etc/apache2/conf-available/security.confecho "# Include /usr/share/modsecurity-crs/*.conf" >> /etc/apache2/conf-available/security.confecho "# Include /usr/share/modsecurity-crs/activated_rules/*.conf" >> /etc/apache2/conf-available/security.confecho "</IfModule>" >> /etc/apache2/conf-available/security.confecho "<IfModule mod_ssl.c>" > /etc/apache2/sites-available/000-default.confecho " <VirtualHost *:443>" >> /etc/apache2/sites-available/000-default.confecho " ServerName piab.hedgehogsecurity.co.uk" >> /etc/apache2/sites-available/000-default.confecho " ServerAdmin info@hedgehogsecurity.co.uk" >> /etc/apache2/sites-available/000-default.confecho " DocumentRoot \"/var/www/html/\"" >> /etc/apache2/sites-available/000-default.confecho " <Directory \"/var/www/html\">" >> /etc/apache2/sites-available/000-default.confecho " Options FollowSymLinks" >> /etc/apache2/sites-available/000-default.confecho " AllowOverride All" >> /etc/apache2/sites-available/000-default.confecho " Require all granted" >> /etc/apache2/sites-available/000-default.confecho " </Directory>" >> /etc/apache2/sites-available/000-default.confecho " ErrorLog /var/log/apache2/error.log" >> /etc/apache2/sites-available/000-default.confecho " CustomLog /var/log/apache2/access.log combined" >> /etc/apache2/sites-available/000-default.confecho " SSLEngine on" >> /etc/apache2/sites-available/000-default.confecho " SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem" >> /etc/apache2/sites-available/000-default.confecho " SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key" >> /etc/apache2/sites-available/000-default.confecho " </VirtualHost>" >> /etc/apache2/sites-available/000-default.confecho "</IfModule>" >> /etc/apache2/sites-available/000-default.confrm -rf /var/www/html/*rm -f /var/www/html/*chown -R www-data:www-data /var/www/*a2enmod headerssystemctl enable apache.serviceservice apache2 restart
Install and Configure PostFix
cd ~DEBIAN_FRONTEND=noninteractive apt install postfix libsasl2-modules mailutils -yecho "smtpd_banner = $unit" > /etc/postfix/main.cfecho "biff = no" >> /etc/postfix/main.cfecho "append_dot_mydomain = no" >> /etc/postfix/main.cfecho "#delay_warning_time = 4h" >> /etc/postfix/main.cfecho "readme_directory = no" >> /etc/postfix/main.cfecho "" >> /etc/postfix/main.cfecho "tls_random_source=dev:/dev/urandom" >> /etc/postfix/main.cfecho "smtp_sasl_auth_enable = yes" >> /etc/postfix/main.cfecho "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" >> /etc/postfix/main.cfecho "smtp_sasl_security_options = noanonymous" >> /etc/postfix/main.cfecho "smtp_sasl_tls_security_options = noanonymous" >> /etc/postfix/main.cfecho "header_size_limit = 4096000" >> /etc/postfix/main.cfecho "smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem" >> /etc/postfix/main.cfecho "smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key" >> /etc/postfix/main.cfecho "smtpd_use_tls=yes" >> /etc/postfix/main.cfecho "smtpd_tls_auth_only=yes" >> /etc/postfix/main.cfecho "smtpd_tls_security_level=encrypt" >> /etc/postfix/main.cfecho "smtpd_tls_mandatory_ciphers=high" >> /etc/postfix/main.cfecho "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3" >> /etc/postfix/main.cfecho "smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache" >> /etc/postfix/main.cfecho "smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache" >> /etc/postfix/main.cfecho "" >> /etc/postfix/main.cfecho "smtpd_relay_restrictions =" >> /etc/postfix/main.cfecho " permit_mynetworks," >> /etc/postfix/main.cfecho " permit_sasl_authenticated," >> /etc/postfix/main.cfecho " defer_unauth_destination" >> /etc/postfix/main.cfecho "" >> /etc/postfix/main.cfecho "disable_vrfy_command = yes" >> /etc/postfix/main.cfecho "" >> /etc/postfix/main.cfecho "myhostname = hedgehogsecurity.co.uk" >> /etc/postfix/main.cfecho "alias_maps = hash:/etc/aliases" >> /etc/postfix/main.cfecho "alias_database = hash:/etc/aliases" >> /etc/postfix/main.cfecho "mydestination = localhost, localhost.localdomain, localhost" >> /etc/postfix/main.cfecho "relayhost = [smtp.sendgrid.net]:587" >> /etc/postfix/main.cfecho "mynetworks = 127.0.0.0/8" >> /etc/postfix/main.cfecho "mailbox_size_limit = 0" >> /etc/postfix/main.cfecho "recipient_delimiter = +" >> /etc/postfix/main.cfecho "inet_interfaces = 127.0.0.1" >> /etc/postfix/main.cfecho "inet_protocols = all" >> /etc/postfix/main.cfecho "[smtp.sendgrid.net]:587 uname:pass" >> /etc/postfix/sasl_passwdchmod 600 /etc/postfix/sasl_passwdpostmap /etc/postfix/sasl_passwdecho "root: peter" >> /etc/aliasesnewaliasessystemctl enable postfix.serviceservice postfix restart</pre>== Add the Users ==<pre>groupadd adminsRPASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)echo root:$RPASSWORD > ~/password-listcat ~/password-list|chpasswduseradd -G admins,sudo -d /home/peter peterecho peter:password > ~/password-listcat ~/password-list|chpasswd
Adding Useful Repos and Tools
cd /optgit clone https://github.com/danielmiessler/SecLists.gitcd /opt/SecLists/Passwordswget --header="User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:23.0) Gecko/20100101 Firefox/23.0" --header="Accept: image/png,image/*;q=0.8,*/*;q=0.5" --header="Accept-Language: en-US,en;q=0.5" --header="Accept-Encoding: gzip, deflate" --header="Referer: https://www.hedgehogsecurity.co.uk" https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -o rockyou.txtcd /optgit clone https://github.com/gophish/gophish.gitgit clone https://github.com/NotSoSecure/password_cracking_rules.gitgit clone https://github.com/1N3/Sn1per.gitsed -i 's/^read answer/#read answer/' opt/Sn1per/install.shsed -i 's/^CENSYS_APP_ID=""/CENSYS_APP_ID="'$censys-api-id'"/' /opt/Sn1per/sniper.confsed -i 's/^CENSYS_APP_SECRET=""/CENSYS_APP_ID="'$censys-api-secret'"/' /opt/Sn1per/sniper.confsed -i 's/^HUNTERIO_KEY=""/HUNTERIO_KEY="'$hunter-io'"/' /opt/Sn1per/sniper.confsed -i 's/^MSF_LPORT="4444"/MSF_LPORT="8443"/' /opt/Sn1per/sniper.confsed -i 's/^OPENVAS_PASSWORD=""/OPENVAS_PASSWORD="'$openvaspasswd'"/' /opt/Sn1per/sniper.confsed -i 's/^HUNTERIO="0"/HUNTERIO="1"/' /opt/Sn1per/sniper.confcd /opt/Sn1per/ && ./install.sh cd /optgit clone https://github.com/portcullislabs/enum4linux.gitgit clone https://github.com/jondonas/linux-exploit-suggester-2.gitgit clone https://github.com/bitsadmin/wesng.gitgit clone https://github.com/swisskyrepo/PayloadsAllTheThings.git git clone https://github.com/PowerShellMafia/PowerSploit.git git clone https://github.com/samratashok/nishang.git git clone https://github.com/michenriksen/gitrob.git git clone https://github.com/breenmachine/httpscreenshot.git git clone https://github.com/secretsquirrel/the-backdoor-factory.git git clone https://github.com/SecWiki/windows-kernel-exploits.git git clone https://github.com/robertdavidgraham/masscan.git git clone https://github.com/SpiderLabs/ikeforce.git git clone https://github.com/1N3/BruteX.gitcd /opt/Brutex && install.shcd /optgit clone https://github.com/1N3/Goohak.git git clone https://github.com/1N3/BlackWidow pip install -r /opt/BlackWidow/requirements.txt git clone https://github.com/Dionach/CMSmap.git git clone https://github.com/0xsauby/yasuo.git git clone https://github.com/aboul3la/Sublist3r.git git clone https://github.com/nccgroup/shocker.git git clone https://github.com/BishopFox/spoofcheck.git git clone https://github.com/arthepsy/ssh-audit git clone https://github.com/1N3/jexboss.git git clone https://github.com/maurosoria/dirsearch.git git clone https://github.com/jekyc/wig.git git clone https://github.com/rbsec/dnscan.gitpip3 install -r /opt/dnscan/requirements.txt git clone https://github.com/christophetd/censys-subdomain-finder.git pip install -r/opt/censys-subdomain-finder/requirements.txt git clone git clone https://github.com/infosec-au/altdns.gitcd /opt/altdnspip install -r requirements.txt python2 setup.py installpip install py-altdnscd /optgit clone https://github.com/blechschmidt/massdns.gitcd /opt/massdnsmake && make installcd /optgit clone https://github.com/ProjectAnte/dnsgen cd /opt/dnsgenpip3 install -r requirements.txtpython3 setup.py installcd /optgit clone https://github.com/n00py/WPForce.gitgit clone https://github.com/S3cur3Th1sSh1t/WinPwn.gitgit clone https://github.com/m8r0wn/nullinux.gitcd nullinuxbash setup.shcd /optgit clone https://github.com/vanhauser-thc/THC-Archive.gitgit clone https://github.com/m8r0wn/enumdb.gitcd enumdbpip3 install -r setup/requirements.txtcd /optgit clone https://github.com/m8r0wn/ldap_search.gitcd ldap_searchpython3 setup.py installcd /optgit clone https://github.com/linted/linuxprivchecker.gitgit clone https://github.com/hegusung/RPCScan.git

Contact us



  • Worklab, Europort, Gibraltar

  • +350 540 73836

  • hello@wearehedgehog.com