{"id":14638199,"url":"https://github.com/fazlearefin/kali-ctf-machine-setup","last_synced_at":"2025-06-12T11:33:25.775Z","repository":{"id":86293474,"uuid":"380733137","full_name":"fazlearefin/kali-ctf-machine-setup","owner":"fazlearefin","description":"Kali Linux extra useful packages for CTF and Pentest activities","archived":false,"fork":false,"pushed_at":"2025-05-18T06:08:36.000Z","size":407,"stargazers_count":11,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-03T13:16:13.493Z","etag":null,"topics":["ansible","capture-the-flag","ctf","kali","kali-linux","pentest","proxychains","setup","tor"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fazlearefin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-06-27T12:23:43.000Z","updated_at":"2025-05-18T06:08:39.000Z","dependencies_parsed_at":"2025-02-27T05:26:48.222Z","dependency_job_id":"13aa78dc-cfc0-490f-b644-8ebb5c639b5e","html_url":"https://github.com/fazlearefin/kali-ctf-machine-setup","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fazlearefin/kali-ctf-machine-setup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fkali-ctf-machine-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fkali-ctf-machine-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fkali-ctf-machine-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fkali-ctf-machine-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fazlearefin","download_url":"https://codeload.github.com/fazlearefin/kali-ctf-machine-setup/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fazlearefin%2Fkali-ctf-machine-setup/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259456026,"owners_count":22860474,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","capture-the-flag","ctf","kali","kali-linux","pentest","proxychains","setup","tor"],"created_at":"2024-09-10T02:01:56.073Z","updated_at":"2025-06-12T11:33:25.763Z","avatar_url":"https://github.com/fazlearefin.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# kali-ctf-machine-setup\n\n![screenshot](.images/screenshot.png)\n\nThis repo contains Ansible playbooks to install extra tools on top of Kali Linux for CTF (Capture The Flag) and pentest activities.\n\nThese tools are useful when playing CTF in platforms such as [Hack The Box](https://www.hackthebox.com/), [TryHackMe](https://tryhackme.com/), etc.\n\n## Howto?\n\n### 0. Setup Kali Linux\n\nIt is assummed that you have a plain vanilla installation of Kali Linux. This README is tailored for [Kali virtual machine images](https://www.kali.org/get-kali/#kali-virtual-machines)\n\n### 1. Upgrade packages\n\nThis step is optional as the ansible playbook takes care of this. But it is highly recommended you upgrade all the installed packges at this stage to avoid issues later.\n\n```zsh\nsudo apt update\nsudo apt full-upgrade -y\n```\n\n### 2.   Install git and ansible-core\n\n```zsh\nsudo apt update\nsudo apt install git ansible -y\n\n# only if ansible package is NOT avaiable, install ansible-core and the required collections below\nsudo apt install ansible-core -y\n# install the additional ansible collections (do not use `sudo` here)\nansible-galaxy collection install ansible.posix \\\n  community.general \\\n  community.docker \\\n  community.crypto\n```\n\n### 3. Clone this repo\n\n```zsh\ngit clone https://github.com/fazlearefin/kali-ctf-machine-setup.git\ncd kali-ctf-machine-setup\n```\n\n### 4. Run the ansible playbook to install the extra tools\n\nEnter the password for the user (`kali`) when asked for a password (your user ID might be different if it is a custom installation).\n\nRun one of the commands below depending on whether you want the vulnerable docker images to be pulled or not.\n\n#### Install WITHOUT docker vulnerable images\n\n```zsh\nansible-playbook -vv -i localhost, -e \"{ setup_vuln_docker_images: false }\" -e \"local_username=$(id -un)\" -K main.yml\n```\n\n#### Install WITH docker vulnerable images\n\n```zsh\nansible-playbook -vv -i localhost, -e \"{ setup_vuln_docker_images: true }\" -e \"local_username=$(id -un)\" -K main.yml\n```\n\n### 5. Further customizations (optional)\n\nFurther customizations to the installation can be done by running the command below:\n\n```zsh\nkali-tweaks\n```\n\n---\n\n## Bundled docker vulnerable images\n\n*Docker vulnerable images* are docker containers to running deliverately vulnerable services. The following vulnerable images are installed so that you can practice within your own Kali installation:\n\n- [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)\n- [OWASP WebGoat](https://owasp.org/www-project-webgoat/)\n\n### Running the vulnerable docker images\n\n#### OWASP Juice Shop\n\n```zsh\ndocker run --rm -d -p 3000:3000 --name juice-shop bkimminich/juice-shop\n# use web browser to go to http://localhost:3000 in Kali host\n```\n\n#### OWASP WebGoat\n\n```zsh\ndocker run --rm -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=UTC --name webgoat webgoat/webgoat\n# use web browsser to go to http://127.0.0.1:8080/WebGoat in Kali host\n```\n\n#### DVWA (Damn Vulenerable Web Application)\n\n```zsh\nsudo systemctl start dvwa\n# navigate to http://localhost:42001\n# default creds are admin:password\n# Security Level can be changed in `/etc/dvwa/config/config.inc.php`\n```\n\n---\n\n## Additional Git Repos\n\nAdditional git repos cloned locally at these locations:\n\n- [`/opt/GitTools`](https://github.com/internetwache/GitTools): A repository with 3 tools for pwn'ing websites with .git repositories available\n- [`/opt/zphisher`](https://github.com/htr-tech/zphisher): An automated phishing tool with 30+ templates\n- [`/opt/vulhub`](https://github.com/vulhub/vulhub): Pre-Built Vulnerable Environments Based on Docker-Compose\n- [`/opt/privesc-scripts/LinEnum`](https://github.com/rebootuser/LinEnum): Scripted Local Linux Enumeration \u0026 Privilege Escalation Checks\n- [`/opt/privesc-scripts/linux-exploit-suggester`](https://github.com/The-Z-Labs/linux-exploit-suggester): Linux privilege escalation auditing tool\n- [`/opt/privesc-scripts/linux-smart-enumeration`](https://github.com/diego-treitos/linux-smart-enumeration): Linux enumeration tool for pentesting and CTFs with verbosity levels Topics\n- [`/opt/privesc-scripts/PEASS-ng`](https://github.com/carlospolop/PEASS-ng): PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)\n- [`/opt/WEF`](https://github.com/D3Ext/WEF): Wi-Fi Exploitation Framework\n\n---\n\n## Kali Linux Useful Links\n\n- [Kali Tools](https://www.kali.org/tools/)\n- [Kali Linux Metapackages](https://www.kali.org/tools/kali-meta/)\n- [Kali's Default Credentials](https://www.kali.org/docs/introduction/default-credentials/)\n\n## Other Useful Links\n\n- **[HackTricks](https://book.hacktricks.xyz/)** ⭐\n- **[HackTricks Cloud](https://cloud.hacktricks.xyz/)** ⭐\n- [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/)\n- [OWASP Web Security Testing Guide](https://owasp.org/www-project-web-security-testing-guide/latest/)\n- [Payloads All The Things](https://swisskyrepo.github.io/PayloadsAllTheThings/)\n- [GTFOBins](https://gtfobins.github.io/)\n- [CyberChef](https://gchq.github.io/CyberChef/) - Encode/decode data\n- [CrackStation](https://crackstation.net/) - Hash Rainbow List\n- [Reverse Shell Generator](https://www.revshells.com/)\n- [CI/CD Goat](https://github.com/cider-security-research/cicd-goat)\n- [h4cker](https://github.com/The-Art-of-Hacking/h4cker)\n- [PortSwigger Web Security Academy](https://portswigger.net/web-security/all-materials)\n- [Recommended WiFi Adapters for Kali Linux](https://github.com/morrownr/USB-WiFi/blob/main/home/Recommended_Adapters_for_Kali_Linux.md)\n\n---\n\n## Donations\n\nIf you think my work helped you in some way saving you time and effort, I am happy to receive any amount of donation. However, the code in this repo is completely free.\n\nBitcoin (BTC): `bc1qzlhpm94vtk2ht67etdutzcy2g5an5v6g36tp0m`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffazlearefin%2Fkali-ctf-machine-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffazlearefin%2Fkali-ctf-machine-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffazlearefin%2Fkali-ctf-machine-setup/lists"}