Collection of tools and scripts for penetration testing.
In attackhost/ there are scripts to provision a host in a variety of ways:
- Kasm Workspaces complete install using Ansible
- Vagrant
- Kali and Parrot VMs
- Kali and Parrot Containers
amd64 and aarch64 architectures are supported. Use VMware Fusion, it's fast and free.
Kasm is the preferred way to provision the attack host. It provides better isolation and quicker start up and tear down.
- Create VM based on Ubuntu 24.04 Server or Desktop
- Add public key to VM
~/.ssh/authorized_keys cd attackhost- Copy
hosts.inito.hosts.ini - Configure
[kasm_server]block for the VM ansible-playbook --ask-become-pass -i .hosts.ini kasm.yml- Credentials will be created in
vars/.credentials.yml - In
vars/.networking.[hostname].yml, you'll find the static IP address. - Open
https://[ip]or also the IP assigned to the VM by DHCP.
$ docker exec pia-pia-1 piactl get regions
...
$ docker exec pia-pia-1 piactl set region us-montana
$ docker exec pia-pia-1 piactl monitor connectionstate
Reconnecting
ConnectedIn the attackhost directory vagrant up. Only Kali is supported with Vagrant.
This box uses VMWare Fusion for Apple Silicon support. There are specific instructions for the provider: https://developer.hashicorp.com/vagrant/docs/providers/vmware/installation .
$ cd attackhost
$ VAGRANT_PROVIDER=vmware_fusion vagrant upThe kali/container directory contains a docker compose file and related images I use for headless work, generally
for long term scans. It has a "Private Internet Access" VPN.
Start the stack using ./up.sh. Stop it with ./up.sh down.
In the /config/pia-auth.conf file of the kali-pia container, add the username and password on separate lines and
restart the container.
The /data volume in the kali-kali container is intended for pen test artifacts. You'll see I use Dropbox and
the up.sh script searches for my particular folder.
Enter the container for work:
$ docker exec -it --user kali:kali kali-kali-1 /usr/bin/zsh -l