Pentest Environment Deployer

This repo provides an easy way to deploy a clean pentesting environment with Kali linux using vagrant and virtualbox.

Requirements

I assume you are familiar with virtualbox and vagrant.

• https://www.virtualbox.org/
• http://www.vagrantup.com/

Latest pentest-env release is tested with:

• Virtualbox (5.0.24)
• Vagrant (1.8.5)

Current box

Kali 2016.2

See the documentation page about boxes for more details.

Getting started

To get started with pentest-env, clone this repository and run vagrant up inside the directory. This will download and run the Kali instance.

You can customize, add targets, create new targets etc.. inside pentest-env. Some examples are available in the examples/ directory, to use one simply set the PENTESTRC environment variable:

> PENTESTRC=examples/ctf.pentestrc vagrant status
Current machine states:

kali                      running (virtualbox)
metasploitable            not created (virtualbox)
primer                    not created (virtualbox)

This environment represents multiple VMs. The VMs are all listed
above with their current state. For more information about a specific
VM, run `vagrant status NAME`.

For more details, visit the documentation pages:

1. Installation
   
2. Usage
   
3. Docker
   
4. Openstack
   
5. Customizations
   
6. Instances
   
7. Targets
   
8. Write custom instances and targets
   
9. Debugging
   
10. About boxes
    
11. Known issues
    

About Security

verify checksums

It's recommended to check downloaded box files with provided checksums (SHA256): http://box.hackbbs.org/checksums.txt

sshd is running

Provided boxes run the sshd service. So if you plan to run the Kali linux with a Bridged interface, default setup can be dangerous!

• root password of kali is toor.
• SSH private key is not private! Anyone can use this key to connect to your instance.
• The Kali linux 1.0 box added a vagrant user with password tnargav and is in sudoers with no password required.

License

See COPYING file