Kali Linux🔗
Minimal Headless Kali Linux installation - Works for Cloud VM Installation (NO GUI)🔗
This is a simple guide to install Minimal Headless Kali Linux by converting a Debian Linux to Kali Linux distro without any unnecessary tools. Basicity you install the tools you need.
First of all we will need a clean Debian Linux local or at any cloud provider with ssh access
Let's convert! We will install two packages which allow as to replace Debian's repo to kali repo
apt update
apt install -y gnupg gnupg2
apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6
rm -rf /etc/apt/sources.list
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list
Now after we replaced the repo to Kali we need to install the Basic Kali Linux core
apt -y update
apt-cache search kali-linux
apt install -y kali-linux-core
apt-get -y update
apt-get -y dist-upgrade
apt-get -y autoremove
Reboot the server to complete the conversion process.
In order to test that you are using Kali Linux
uname -a
After we got our new Minimal Kali ready we need to cleanup some Debian's leftovers to finnish
systemctl stop rpcbind.socket rpcbind smbd
systemctl disable rpcbind.socket rpcbind smbd
That's It, now we can install any package we need from Kali repo.
Here are some of my personal packages I use daily, you can install with
apt update && apt install -y \
curl wget git dnsutils whois open-vm-tools net-tools htop \
dirb wfuzz dirbuster enum4linux gobuster nbtscan nikto nmap \
onesixtyone oscanner smbclient fern-wifi-cracker crowbar smbmap \
smtp-user-enum sslscan tnscmd10g whatweb snmpcheck wkhtmltopdf \
sipvicious seclists wordlists hash-identifier hydra lib32z1 \
adb fastboot realtek-rtl88xxau-dkms docker docker-compose \
wifite apktool apksigner zipalign default-jre default-jdk \
screenfetch xsltproc binwalk python3-pip screenfetch \
subfinder chrony hcxtools libssl-dev hcxdumptool hashcat bully \
traceroute libpcap-dev npm sqlmap wpscan exploitdb netcat-openbsd \
man-db crunch python2.7-dev zlib1g-dev libpcap-dev
Metasploit Install🔗
apt install -y metasploit-framework postgresql
systemctl enable postgresql
systemctl start postgresql
msfdb init
Start:
msfconsole
AutoRecon Installation🔗
Based on this repo Tib3rius/AutoRecon
Install requirements:
apt install -y \
curl enum4linux gobuster nbtscan nikto seclists git \
nmap onesixtyone oscanner smbclient smbmap smtp-user-enum \
sslscan tnscmd10g whatweb snmpcheck wkhtmltopdf sipvicious
python3 -m pip install git+https://github.com/Tib3rius/AutoRecon.git
Bettercap 1.6.2 Installation🔗
Warning
If you have Bettercap 2.x you should change the environmental path for running both Bettercap versions to run properly
Install Ruby Gem
apt install -y ruby-full libpcap-dev
gem update --system
gem install bettercap
Basic SSL Strip Example
bettercap -X -T 192.168.1.104 --proxy
SSL Strip With XSS Example
bettercap -X -T 192.168.3.104 --proxy --proxy-module injectjs --js-data "<script>alert('SSL STRIP, Script Injection')</script>"
To find that Bettercap installation from ruby gems:
gem environment
the path should be under GEM PATHP for example:
/var/lib/gems/2.7.0/gems/bettercap-1.6.2
MobSF - Mobile Security Framework Docker🔗
Based on MobSF/Mobile-Security-Framework-MobSF
docker run \
-d \
-it \
-h mobsf \
-v /root/docker/mobSF:/root/.MobSF \
--name mobsf \
--restart always \
-e TZ=Asia/Jerusalem \
-p 50000:8000 \
opensecurity/mobile-security-framework-mobsf:latest
SSH Broken Pipe in Kali - Fix🔗
nano ~/.ssh/config
add this:
Host *
IPQoS=throughput