Kali Linux is Missing Many Essential Tools!

Written on May 18, 2019

Hello Hackers! I hope you found a 0day today. Well, today, I will be addressing most of the people’s favorite distribution, Kali Linux. It’s an awesome distro with outdated tools.

Everyone knows Kali Linux distribution. If you don’t know it, it’s basically a Debian-derived Linux distribution designed for digital forensics and penetration testing. It’s an evolved version of backtrack.

Kali Linux is one of my favorite Linux distributions. However, in the past years, I started playing a lot of HackTheBox challenges, and a lot of these challenges have some smaller patterns where, for example, you start by enumerating ports, then brute-forcing web directories and files. And with time, you get use to these types of challenges, and you want to improve some areas in your techniques and tools. Improving your skillset and techniques is by reading and practice. However, when it comes to the tools, by default, most of the beginners, including myself, stuck with the basic tools in Kali distro, which many of them are outdated and slow.

The problem:

Kali Linux default tools are not the best choice. An example of a tool that is usually used at the beginning of the reconnaissance phase is Dirbuster, which is one of the slowest brute force tools I have seen. Dirbuster is by default in Kali, and it was the first option that comes to my mind when I want to brute force web directories and files, which I think is an outdated tool I shouldn’t use.

A Solution:

I decided to write my own brute force tool to brute force web directories and files. Check it out. However, that was not a good option due to many factors like the time complexity. Even though I used a good search algorithm (DFS), but I think the main factor that actually makes a big difference is that I used Python and Request library (synchronous library), yes I used Python; unfortunately, I didn’t know that that will make a big difference. But apparently, it does; Dirbuster is much faster than the script I made even tough Dirbuster is written in Java! What I shame lol. I kept reinventing the wheel many times for different kinds of tools without knowing that. I absolutely loved it, but it took too much time to the point I might say I wish I didn’t waste my time writing them. What I learned from these experiences is that my goal is to pentest a site, so no need to spend my time designing tools when they are other excellent tools like Wfuzz, Ffuf, Dirsearch, and Gobuster. That applies to all kinds of tools.

The Right Solution:

I started looking for neat tools in GitHub and collect them, and I decided to write a script to deploy all the collected tools so I can share them easily. I was planning to deploy them using a simple Bash script, but I wanted it to be a neat project. As a result, I decided to write an Ansible Playbook for the deployment. If you don’t know Ansible, it is a neat solution to automate deployment remotely and locally. I called the Playbook, Kali-TX. It deploys very helpful chosen tools. All tools listed below.

My motivation behind choosing writing an Ansible Playbook is that in network penetration test engagements, usually, I spawn up new Kali instances before any engagement, so redownloading all the tools I use over and over takes a lot of time. Now, when I prepare for a new engagement, I just need to run this Playbook against all instances, and It will deploy scripts in each instance that will download an updated version of all the selected tools. That prevents wasting time downloading tools that supposed to be already installed.

Kali-TX

Tools

  • Ansible
  • Docker
  • Empire
  • Dirsearch
  • Aquatone
  • Rpivot
  • Tree
  • Pycharm
  • BruteX
  • BlackWidow
  • Gophish
  • Powershell
  • PowerSploit
  • EvilWinrm
  • QSearchSploit
  • Findsploit
  • Crackmapexec
  • IntruderPayloads
  • Invoke-Obfuscation
  • PayloadsAllTheThings
  • Fuzzdb
  • Big-list-of-naughty-strings
  • RobotsDisallowed
  • SecLists
  • Bettercap
  • Unicorn
  • EvilURL

How to install locally

$ git clone https://github.com/M507/Kali-TX.git
$ cd Kali-TX
$ bash deploy_locally.sh

How to deploy remotely

Clone the Playbook

$ git clone https://github.com/M507/Kali-TX.git
$ cd Kali-TX

Edit hosts.ini

[kali:vars]
ansible_connection=ssh
ansible_user=root
ansible_password=toor

[kali]
<ip1>
<ip2>
<ip3>
<ip4>
<ip5>

Deploy

$ cd Kali-TX
$ ansible-playbook deploy_kali.yml -i hosts.ini