This repo contains Ansible playbooks to install extra tools on top of Kali Linux for CTF (Capture The Flag) and pentest activities.
These tools are useful when playing CTF on platforms such as Hack The Box, TryHackMe, etc.
It is assumed that you have a plain vanilla installation of Kali Linux. This README is tailored for Kali virtual machine images
This step is optional as the Ansible playbook takes care of it. However, it is highly recommended to upgrade all installed packages at this stage to avoid issues later.
sudo apt update
sudo apt full-upgrade -ysudo apt update
sudo apt install git ansible -y
# Only if the ansible package is NOT available, install ansible-core and the required collections below
sudo apt install ansible-core -y
# Install the additional ansible collections (do not use `sudo` here)
ansible-galaxy collection install ansible.posix \
community.general \
community.docker \
community.cryptogit clone https://github.com/fazlearefin/kali-ctf-machine-setup.git
cd kali-ctf-machine-setupEnter the password for the user (kali) when prompted (your user ID might be different if it is a custom installation).
Run one of the commands below depending on whether you want the vulnerable Docker images to be pulled or not.
ansible-playbook -vv -i localhost, -e "{ setup_vuln_docker_images: false }" -e "local_username=$(id -un)" -K main.ymlansible-playbook -vv -i localhost, -e "{ setup_vuln_docker_images: true }" -e "local_username=$(id -un)" -K main.ymlFurther customizations to the installation can be done by running the command below:
kali-tweaksDocker vulnerable images are Docker containers running deliberately vulnerable services. The following vulnerable images are installed so that you can practice within your own Kali installation:
docker run --rm -d -p 3000:3000 --name juice-shop bkimminich/juice-shop
# Use a web browser to go to http://localhost:3000 in the Kali hostdocker run --rm -it -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=UTC --name webgoat webgoat/webgoat
# Use a web browser to go to http://127.0.0.1:8080/WebGoat in the Kali hostsudo systemctl start dvwa
# Navigate to http://localhost:42001
# Default creds are admin:password
# Security level can be changed in `/etc/dvwa/config/config.inc.php`Additional Git repos are cloned locally at the following locations:
/opt/GitTools: A repository with 3 tools for pwning websites with exposed.gitdirectories/opt/zphisher: An automated phishing tool with 30+ templates/opt/vulhub: Pre-built vulnerable environments based on Docker Compose/opt/privesc-scripts/LinEnum: Scripted local Linux enumeration & privilege escalation checks/opt/privesc-scripts/linux-exploit-suggester: Linux privilege escalation auditing tool/opt/privesc-scripts/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels/opt/privesc-scripts/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)/opt/WEF: Wi-Fi Exploitation Framework
- HackTricks ⭐
- HackTricks Cloud ⭐
- OWASP Cheat Sheet Series
- OWASP Web Security Testing Guide
- Payloads All The Things
- GTFOBins
- CyberChef – Encode/decode data
- CrackStation – Hash rainbow list
- Reverse Shell Generator
- CI/CD Goat
- h4cker
- PortSwigger Web Security Academy
- Recommended WiFi Adapters for Kali Linux
If you think my work helped you in some way and saved you time and effort, I’m happy to receive any amount of donation. However, the code in this repo is completely free.
Bitcoin (BTC): bc1qzlhpm94vtk2ht67etdutzcy2g5an5v6g36tp0m