Installing Kali OS Workstation

Introduction

This guide will help us get our machine ready for the development and exploitation environment. The core Tools and Methodologies used for assessing web applications and performing researches should be applied.

Core Tools and Methodologies

Generally the following tools are required for performing White, Gray and Black box assessments.

Web traffic inspection: burp suite(Setting web testing guide: https://app-sec.gitbook.io/application-security/v/penetration-testing/web-testing/advanced-web-testing-workspace)
Scripting: Python is used to interact and perform web interactions, send/receive requests, changing headers, parameters, meta data
Source code analysis: IDE (Visual Code/ NeoVim), used for debugging and analysis Routes and functions
Compilers and runtime environment: Node.js runtime(+NPM), Java+JDK,

Pre-requisites

In the day to day of penetration testing and exploit development we need access to tools and libraries that allow us to install and deploy several web and API frameworks. Preferably machine should be one of the following:

MacOs with Brew installed
Debian based with RPM (apt)
Windows with WSL or Kali running on a VM

You'd need at least 60GB of storage, at least 16G RAM, and an internet connection.

Preferred OS - Kali

It is preferred to use Kali OS, as it comes pre-built with most of the tools and all of the prerequisites.

Installing Kali

There are several methods to obtain and install Kali Linux on your machine:

Use an ISO image and install it bare metal(either via bootable USB or live bootable USB) if using a dedicated computer.
If using a Windows host machine: install virtualbox or VMware or use Hyper-V and download and load the KaliOS VM
Using Windows 11 - WSL 2 we can use a Linux Kernel inside Hyper-V VM(make sure to allow for nested VM) Follow Kali documentation and commands

Enable virtualization

The following steps are required to enable WSL2 in your windows 11 PC.

For windows 10 follow this guide https://www.omgubuntu.co.uk/how-to-install-wsl2-on-windows-10

Ensure Compatibility: x64 and Arm CPUs, Windows Version above 1809(Follow here if not up to date)
Test if hyper-v is already enabled(Powershell with administrator privliges): Set-VMProcessor -VMName kali -ExposeVirtualizationExtensions $truesprivliges
If Hyper-V isn't enabled continue through the next steps:
Ensure Virtualization is enabled in BIOS. Below is a ThinkPad BIOS example, but you can research your BIOS on google. You can obtain BIOS model by right clicking My Computer> Manage > Device Manager

Ensure the features are enabled in windows features:
1. "Virtual Machine Platform" (a subset of Hyper-V)
2. "Windows Subsystem for Linux"
3. In Start(Ctrl+R) start appwiz.cpl

Restart your computer and ensure Windows is fully up to date.

Install WSL2

Note: The easiest method is to install Kali in WSL2 is Kali Linux via the Microsoft Store Enable WSL2.

Run this in cmd(Win+R > cmd.exe):

wsl --install -d kali-linux

If you get the following error you probably missed a previous step, ensure virtualization is enabled in BIOS.

#commands to get WSL2 Kali up to speed:

# https://www.kali.org/docs/troubleshooting/common-minimum-setup/
sudo apt update # Important for the rest of the guide.
sudo apt full-upgrade -y
sudo apt install -y kali-win-kex

# pick your kali installation: kali-linux-default should suffice
# https://www.kali.org/docs/installation/installation-sizes/oo

sudo apt install -y kali-linux-default

to start kali Win-Kex:

# From windows
wsl -d kali-linux kex --win -s
# In a new shortcut add this:
# C:\Windows\System32\cmd.exe /c wsl -d kali-linux kex --win -s

# Inside Kali WSL:
kex --win -s

Additional Tools

We would require the following:

package manager (brew, updated apt)
node + npm (opt for nvm to control versions)
Java JDK + maven (to run springboot/jersey)
Python3 with Flask and Django

MacOS

If using Mac ensure homebrew is installed:

# Install brew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# Check version to verify installation
npm --version
node --version
which node
# Install NVM
brew install nvm

nvm install 16
nvm use 16

brew install openjdk@21
# Follow brew isntructions to link OpenJDK globaly
# add below to .zshrc
export JAVA_HOME=$(/usr/libexec/java_home -v 21)
export PATH=$JAVA_HOME/bin:$PATH
brew install maven

# Verify
java -version
mvn -version
echo $JAVA_HOME

# python
brew install python
python3 --version
pip3 --version
# Optional: install django and flask in a virtual environment 
python3 -m venv myenv
source myenv/bin/activate

pip install Flask
pip install Django

# Verify
python3 -m flask --version
python3 -m django --version

Debian

Kali includes most of the tools, ensure tools are installed if you're not using kali or missing any

# Check version to verify installation
npm --version
node --version
which node

# Install NVM
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | zsh
nvm install 16
nvm use 16

# verify or install java:
java -version #ensure installed
java --version
# install JDK(Java development Kit)
sudo apt update # if you didn't before hand
sudo apt install default-jdk -y
# Add Java to environment variables
export JAVA_HOME=/usr/lib/jvm/default-java
export PATH=$JAVA_HOME/bin:$PATH
# adds this to .zshrc if using bash use .bashrc
echo 'export JAVA_HOME=/usr/lib/jvm/default-java' >> ~/.zshrc
echo 'export PATH=$JAVA_HOME/bin:$PATH' >> ~/.zshrc
source ~/.zshrc  # or source ~/.bashrc

# Install maven to get java's springboot and jersey ready to be installed
sudo apt install maven -y
mvn -version
java -version #check again that everything works

# get python3 + django + flask if missing
sudo apt install python3 -y
sudo apt install python3-pip -y
sudo apt install python3-venv

# optional: use a virutal env to manage packages
python3 -m venv myenv
source myenv/bin/activate
pip install Flask 
pip install Django

# verify
python3 -m flask --version
python3 -m django --version

Example: Full Personalized Installation

The following commands are the commands necessary to install fonts, NeoVim+VSCode IDEs, ensure java is installed ,GitHub CLI + Lazygit to manage git, and some suggested plugins.

# Install Nerd Font (Download from https://www.nerdfonts.com/font-downloads)
sudo cp ~/Downloads/HackNerdFont-Bold.ttf /etc/fonts/hackNerd.ttf

#update apt
sudo apt update

# Install and login gh CLI
sudo apt install gh -y
gh auth login

# Install NeoVim IDE
sudo apt install neovim -y

# Install AstroNvim configuration
git clone --depth 1 https://github.com/AstroNvim/template ~/.config/nvim
rm -rf ~/.config/nvim/.git

# Install additional AstronVim Dependencies
sudo apt-get install ripgrep -y
npm install tree-sitter-cli

# Install LazyGit
LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep -Po '"tag_name": "v\K[^"]*')
curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz"
sudo curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz"
sudo tar xf lazygit.tar.gz lazygit
sudo install lazygit /usr/local/bin
lazygit --version

# Install Visual Studio Code
# Download: https://code.visualstudio.com/docs/setup/linux
cd Downloads/
sudo apt install ./code_1.93.0-1725459079_amd64.deb -y

# Optionally install oh my zsh for plugins and themes
# https://ohmyz.sh/
# https://github.com/romkatv/powerlevel10k
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
# Insert the Theme to oh-my-zsh
sed -i '/^plugins=/a ZSH_THEME="powerlevel10k/powerlevel10k"' ~/.zshrc

# Add additinal oh-my-zsh plugins (Order metters)
# zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
sed -i 's/^plugins=(\(.*\))/plugins=(\1 zsh-autosuggestions)/' ~/.zshrc
# zsh-syntax-highliting
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
sed -i 's/^plugins=(\(.*\))/plugins=(\1 zsh-syntax-highlighting)/' ~/.zshrc



# Install zoxide to replace cd with a smarter option
sudo apt-install zoxide -y
sudo apt install fzf -y
echo "source <(fzf --zsh)" >> ~/.zshrc
echo 'eval "$(zoxide init zsh --cmd cd)"' >> ~/.zshrc

# Install Node+NPM using nvm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | zsh
# If missing add the following to ~/.zshrc(Should happen automatically)
export NVM_DIR="$HOME/.config/nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion

# Confirm installation
node --version
npm --version

# Install java and maven

# Adds the environment variables to .zshrc if using bash use .bashrc
echo 'export JAVA_HOME=/usr/lib/jvm/default-java' >> ~/.zshrc
echo 'export PATH=$JAVA_HOME/bin:$PATH' >> ~/.zshrc
source ~/.zshrc  # or source ~/.bashrc

# Install maven to get java's springboot and jersey ready to be installed
sudo apt install maven -y

# verify java and mvn
java --version
mvn -version

# Install FF extensions
# https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
# https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/
# https://addons.mozilla.org/en-US/firefox/addon/sponsorblock/
# https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Verify installation

git --version
gh --version
node --version
npm --version
java --version
mvn -version
python3 --version
pip3 --version

PreviousAdvanced web testing workspace

Last updated 1 year ago