Most security professionals (and pen testers especially) use virtual machines every day. This is for many reasons, such as segmentation, keeping all client work in one location and sometimes security tools have an ironically less secure configuration or require weird dependencies that they may not want to stick around after they are done using their tools.
But virtual machines are not always the best tool for the job. Things like containers and docker can allow you to have all the the flexibility and most of the segmentation of a virtual machine, without having to run a full fledged virtual machine. It also doesn’t require you to carve of a section of your hard drive and memory to the same extent as with a virtual machine. This means you can run Kali or other software packages such as empire without a virtual machine. This is especially useful when you have some hardware like an embedded device or a laptop which is not powerful enough to run a full fledged virtual machine. This article will get you up and running with running the official Kali docker image.
Installing Docker on Linux
First up we need to install docker. Make sure on Ubuntu derivatives you are installing the package docker.io as “docker” is something else.
$ sudo apt install docker.io
Next up we need to add our normal user to the docker group in order to be able to start docker images as a normal user. Then log out and back in to have your group membership re-evaluated.
$ sudo usermod -a -G docker $USER
Installing Docker on Windows and OS X
Installing Docker on Windows or OS X is actually a pretty straight forward process. Windows requires a reboot as it turns on some virtualization technology within windows. But the defaults during the installer will probably serve you fine. Once installed and running you can run docker commands as outlined below from any OS X terminal or Windows Powershell prompt.
Pulling down the Kali Docker image
Next up we have to pull down the docker image. This is a lightweight template kind of like a virtual machine image. It is actually pulled down in layers, each change to the image creates a new layer.
$ docker pull kalilinux/kali-linux-docker
By running “docker image ls” we can see the image that we just downloaded. In this example it takes up less than 2 gigabytes of space
Running the Kali Docker image
Before we get up and running with our docker image we are going to make a folder on our host filesystem that will allow us to pull data out of the running image. One of the benefits of docker images, the fact that things are not persistent, can be a drawback if you need to keep data or logs from the work you do within the image. To be able to sync a folder in and out of a docker image we are going to create a folder in our home folder called “Pentest” that we can use to shuttle information in and out of the image.
$ mkdir ~/Pentest
Next we are going to actually run our new docker image! The “-v” parameter that you pass to docker in the following command is essentially what does the folder sync. Think of it like this: “-v <host direcoty>:<container directory>”. Meaning that when we are in the container we can copy files in and out of “/Pentest/”.
$ docker run -v ~/Pentest:/Pentest -t -i kalilinux/kali-linux-docker /bin/bash
Install Kali tools
Unlike the normal distribution of kali, our docker image doesn’t have a GUI, and it doesn’t come with most of the kali tools pre-installed. But you can easily install one or many using apt. Let’s install the metasploit framework.
# apt update # apt install metasploit-framework # msfconsole
Once you are done, simply type “exit” and you are back to your normal machine!
Ever since getting up and running with docker images it has improved a lot of my workflows. If you are new to docker I hope this is the first step on your journey to learning more about docker and using it for your projects.
Leave me a comment and check out our other articles!