Skip to content

Kali Linux🔗

Minimal Headless Kali Linux installation - Works for Cloud VM Installation (NO GUI)🔗

This is a simple guide to install Minimal Headless Kali Linux by converting a Debian Linux to Kali Linux distro without any unnecessary tools. Basicity you install the tools you need.

First of all we will need a clean Debian Linux local or at any cloud provider with ssh access

Let's convert! We will install two packages which allow as to replace Debian's repo to kali repo

apt update
apt install -y gnupg gnupg2
apt-key adv --keyserver hkp:// --recv-keys 7D8D0BF6
rm -rf /etc/apt/sources.list
echo "deb kali-rolling main contrib non-free" >> /etc/apt/sources.list

Now after we replaced the repo to Kali we need to install the Basic Kali Linux core

apt -y update
apt-cache search kali-linux
apt install -y kali-linux-core
apt-get -y update
apt-get -y dist-upgrade
apt-get -y autoremove

Reboot the server to complete the conversion process.

In order to test that you are using Kali Linux

uname -a

After we got our new Minimal Kali ready we need to cleanup some Debian's leftovers to finnish

systemctl stop rpcbind.socket
systemctl stop rpcbind
systemctl stop smbd
systemctl disable rpcbind.socket
systemctl disable rpcbind
systemctl disable smbd

That's It, now we can install any package we need from Kali repo.

Here are some of my personal packages I use daily, you can install with

apt install -y \
curl git open-vm-tools net-tools htop docker docker-compose \
dirb wfuzz dirbuster enum4linux gobuster nbtscan nikto nmap \
onesixtyone oscanner smbclient fern-wifi-cracker smbmap \
smtp-user-enum sslscan tnscmd10g whatweb snmpcheck wkhtmltopdf \
sipvicious seclists wordlists hash-identifier hydra lib32z1 \
android-tools-adb android-tools-fastboot realtek-rtl88xxau-dkms \
wifite apktool apksigner

If you need Metasploit, run this to install it

apt install -y metasploit-framework postgresql
systemctl enable postgresql
systemctl start postgresql
msfdb init

AutoRecon Installation🔗

Based on this repo Tib3rius/AutoRecon

Install requirements:

apt install -y \
curl enum4linux gobuster nbtscan nikto seclists git \
nmap onesixtyone oscanner smbclient smbmap smtp-user-enum \
sslscan tnscmd10g whatweb snmpcheck wkhtmltopdf sipvicious
python3 -m pip install git+

Bettercap 1.6.2 Installation🔗

Install Ruby Gem

apt install -y ruby-full libpcap-dev
gem update --system
gem install bettercap

find where gems are installed:

Run and look for "- GEM PATHS:"

gem environment

follow the path and append gem. for example:


Create a environmental symlink to Bettercap to root directory

ln -s /var/lib/gems/2.5.0/gems/bettercap-1.6.2/bin/bettercap /root/bettercap-1.6.2

run from root directory


Basic SSL Strip Example

bettercap-1.6.2 -X -T --proxy

SSL Strip With XSS Example

bettercap-1.6.2 -X -T --proxy --proxy-module injectjs --js-data "<script>alert('SSL STRIP, Script Injection')</script>"


Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.

Compiled file can be found here: Github Subfinder - Releases

Copy the link of the release from above The following exmaple is for release 2.3.3

tar -xvf subfinder-linux-amd64.tar
mv subfinder-linux-amd64 /usr/bin/subfinder

To Update - Repeat the Installation with the latest release

MobSF - Mobile Security Framework Docker🔗

Based on MobSF/Mobile-Security-Framework-MobSF

docker run \
-d \
-it \
-h mobsf \
-v /root/docker/mobSF:/root/.MobSF \
--name mobsf \
--restart always \
-e TZ=Asia/Jerusalem \
-p 50000:8000 \

SSH Broken Pipe in Kali - Fix🔗

nano ~/.ssh/config

add this:

Host *