Skip to main content

Using Vagrant to Standardize your Ethical Hacking Environment

· 3 min read
Devin Paden

Background

I've been using Kali linux as my main ethical hacking OS for several years. I use it in the classroom and in ethical hacking ranges such as hackthebox. One issue is the best way to consistently store tools, proven exploit code and target information.

Vagrant allows you to consistently configure your VM to your specifications to include folders that are synchronized between guest and host. Simply do a git clone on your tools and exploit directories on your host and capture target data in the synchronized folder on your guest, and you end up with one consistent repository of data rather than having key resources trapped in a VM that you may not use again.

Proof of Concept

  • Install Vagrant and provider

  • Place Vagrantfile and provision-kali.yml in the same directory (example uses vmware provider)

  • create a shared_directory directory

  • run vagrant up

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
config.vm.box = "kalilinux/rolling"
config.vm.provision :ansible do |ansible|
ansible.limit = "all"
ansible.playbook = "provision-kali.yml"
end
config.vm.provider "vmware_desktop" do |v|
v.gui=true
v.vmx["memsize"] = "8192"
v.vmx["numvcpus"] = "2"
end
config.vm.synced_folder "shared_directory", "/host_data"

end

provision-kali.yml

- name: provision
hosts: all
tasks:

- name: upgrade all packages
become: yes
apt:
upgrade: yes
update_cache: yes

- name: install chrome
become: yes
apt:
deb: "https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb"

- name: install chrome remote desktop
become: yes
apt:
deb: "https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb"

- name: install misc kali packages
become: yes
apt:
pkg:
- seclists
- curl
- feroxbuster
- nbtscan
- oscanner
- redis-tools
- smbclient
- snmp
- sslscan
- sipvicious
- tnscmd10g
- wkhtmltopdf
- python3-venv
- python3-pip
- gobuster
- xlsx2csv
- mingw-w64
- flameshot
- atftp
- remmina
- gcc-multilib
- crowbar
- libssl-dev
- zlib1g-dev
- libbz2-dev
- libreadline-dev
- libsqlite3-dev
- wget
- llvm
- libncurses5-dev
- libncursesw5-dev
- xz-utils
- tk-dev
- liblzma-dev
- git

- name: add microsoft key
become: yes
apt_key:
url: https://packages.microsoft.com/keys/microsoft.asc
state: present

- name: add vscode repo
become: yes
apt_repository:
repo: deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main
- name: install vscode
become: yes
apt:
name: code
update_cache: yes
state: latest

- name: pip install nmap to csv
pip:
name: nmaptocsv


- name: pip install csv to md
pip:
name: csv2md

- name: download pyenv installer
get_url:
url: https://pyenv.run
dest: /tmp/pyenv.run
mode: 'u+rwx'

- name: run pyenv installer
shell: /tmp/pyenv.run
args:
creates: "/home/vagrant/.pyenv/README.md"

- name: modify user path for pip and pyenv
lineinfile:
path: "/home/vagrant/.zshrc"
line: "{{ item }}"
state: present
mode: 0644
create: yes
with_items:
- 'export PATH=$PATH:/home/vagrant/.local/bin'
- 'export PYENV_ROOT="$HOME/.pyenv"'
- 'export PATH="$PYENV_ROOT/bin:$PATH"'
- 'if command -v pyenv 1>/dev/null 2>&1; then; eval "$(pyenv init --path)";fi'

- name: install pyenv for python 2.7.18
shell: "/home/vagrant/.pyenv/bin/pyenv install 2.7.18"
args:
creates: "/home/vagrant/.pyenv/versions/2.7.18/include/python2.7/Python.h"

- name: reboot your box
become: yes
reboot:

  • run vagrant reload