Tired of the repetitive process of setting up a new Linux virtual machine for pen testing? Do you ever find yourself creating snapshots to avoid configuration mistakes, only to forget to do so and end up reinstalling everything? This blog post introduces you to Vagrant andG Ansible, a powerful combination that lets you automate VM provisioning and configuration, saving you time and frustration.
Disclaimer: This guide is designed for users with GNU/Linux(akshually) based systems who are familiar with basic command-line operations.
Prerequisites:
- A computer running Debian, Ubuntu, or a similar GNU/Linux distribution.
- An internet connection.
What We'll Build:
We'll create a Vagrantfile to define our virtual machine configuration and an Ansible playbook to automate the installation of essential pen testing tools on a Kali Linux VM.
Installation
1. Vagrant:
wget-O- https://apt.releases.hashicorp.com/gpg |sudogpg--dearmor-o /usr/share/keyrings/hashicorp-archive-keyring.gpgecho"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com$(lsb_release-cs) main" |sudo tee /etc/apt/sources.list.d/hashicorp.listsudoapt update&&sudoaptinstallvagrant2. Ansible:
sudoapt updatesudoaptinstallsoftware-properties-commonsudoadd-apt-repository--yes--update ppa:ansible/ansiblesudoaptinstallansible3. VirtualBox:
sudoapt update# Uncomment the line corresponding to the desired VirtualBox version:# Older version# sudo apt install virtualbox# Latest version (at the time of writing)# sudo apt install virtualbox-7.0Alternative Installation Methods:
While these instructions cover Debian/Ubuntu, you can find installation guides for other operating systems on the official websites of Vagrant, Ansible, and VirtualBox:
- Vagrant:https://developer.hashicorp.com/vagrant/install
- Ansible:https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
- VirtualBox:https://www.virtualbox.org/wiki/Downloads
Getting Started
We'll use Vagrant and Ansible to provision a Kali Linux virtual machine for pen testing.
1. Initialize the Project:
First, create a new directory for your project and navigate to it:
mkdirvagrant_kalicdvagrant_kalior a use my oneliner:
mkcd vagrant_kaliTip of the Day:
The
mkcdfunction is a handy shortcut that creates a directory and changes the directory in one step. You can add this function to your~/.bashrcor~/.zshrcfile for future use:mkcd(){mkdir-p--"$1"&&cd-P--"$1"}
Now, initialize the project with Vagrant:
vagrant init kalilinux/rollingThis command creates aVagrantfile pre-populated with comments and examples.
2. Understanding Vagrant Boxes:
A Vagrant box is a pre-configured virtual machine image. We'll use thekalilinux/rolling box, which provides a ready-to-use Kali Linux installation. You can search for boxes for different operating systems on theHashiCorp's Vagrant Cloud box catalog.
3. Vagrantfile Breakdown:
Vagrant.configure("2")do|config|config.vm.box="kalilinux/rolling"config.vm.box_version="2024.2.0"config.vm.network"private_network",ip:"192.168.56.10"config.vm.hostname="machine"config.ssh.insert_key=falseconfig.vm.disk:disk,size:"35GB",primary:trueconfig.vm.provider"virtualbox"do|v|# set up vm name in virtualboxv.name="kali-machine"# Display the VirtualBox GUI when booting the machinev.gui=truev.memory=8192v.cpus=6end# Set the name of the VM. See: http://stackoverflow.com/a/17864388/100134config.vm.define:kali_machinedo|kali_machine|end# Ansible configconfig.vm.provision"ansible"do|ansible|# Ansible playbook pathansible.playbook="provisioning/playbook.yml"# Minimum version of ansibleansible.compatibility_mode="2.0"# enables priviliege escation(sudo) for ansibleansible.become=trueendendTheVagrantfile defines the configuration for your virtual machine. Here's a breakdown of some key options:
| Option | Description |
|---|---|
config.vm.box | Specifies the name of the Vagrant box (e.g.,kalilinux/rolling). |
config.vm.box_version (Optional) | Sets the specific version of the box to use. |
config.vm.network | Configures network settings for the VM (e.g., private network, forwarded port). |
config.vm.hostname | Sets the hostname for the VM. |
config.vm.disk | Defines the size and type of the virtual disk. |
config.vm.provider "virtualbox" | Configures settings specific to the VirtualBox provider. |
config.vm.provision | Enables provisioning tools like Ansible to automate VM configuration. |
Ansible Playbook
Now that we have the Vagrantfile defining our VM configuration, let's create an Ansible playbook to automate the installation of essential pen testing tools on our Kali Linux VM.
1. Playbook Structure:
We'll create a directory structure to organize our Ansible playbook and roles:
.├── provisioning│ ├── playbook.yml│ └── roles│ └── kali-init│ └── tasks│ ├── main.yml│ ├── packages.yml│ └── tor.yml└── Vagrantfileprovisioning: This directory holds our Ansible playbook (playbook.yml).roles: This directory contains reusable Ansible roles. In this case, we have a single role namedkali-initthat holds the tasks for our playbook.tasks: This directory within thekali-initrole contains our Ansible tasks defined in YAML files.
2. playbook.yml:
This file defines the overall structure of our Ansible playbook:
-hosts:allbecome:yesroles:-kali-inithosts: all: This specifies that the tasks in the playbook should run on all hosts managed by Ansible (in this case, our single Kali Linux VM).become: yes: This enables privilege escalation (using sudo) for the tasks in the playbook to perform administrative actions.roles: This section defines the roles that will be applied to the target hosts. Here, we reference thekali-initrole.
3. kali-init Role:
Thekali-init role contains the actual tasks that will be executed on the VM. These tasks are defined in YAML files within thetasks directory of the role.
4. Tasks:
The tasks for installing packages and configuring Tor are divided into separate YAML files for better organization:
main.yml: This file coordinates task execution and includes the other task files.
-import_tasks:packages.ymlbecome:yes-import_tasks:tor.ymlbecome:yespackages.yml: This file defines the installation of essential pen testing tools using theaptpackage manager.
-name:Download packages using aptapt:update_cache:yesname:-neovim-curl-wget-git-tmux-apt-transport-https-maltego-metasploit-framework-burpsuite-wireshark-aircrack-ng-hydra-nmap-beef-xss-nikto-nmap-wireshark-proxychainsstate:presentbecome:yestor.yml: This file configures the Tor anonymization service for improved security during pen testing activities.> tor is available in kali's repositories but is not always up-to-date and something as sensitive as anonymizition software should be installed directly from source
----name:Add Tor project repository to sources listcopy:dest:/etc/apt/sources.list.d/tor.listcontent:|deb https://deb.torproject.org/torproject.org stable maindeb-src https://deb.torproject.org/torproject.org stable main-name:Add Tor project GPG keyapt_key:url:https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.ascstate:present-name:Update apt package listsapt:update_cache:yes-name:Install Tor and keyringapt:name:-tor-deb.torproject.org-keyringstate:present-name:Ensure Proxychains is installedapt:name:proxychainsstate:present-name:Ensure tor is installedapt:name:torstate:present-name:Enable tor serviceansible.builtin.systemd:name:torstate:startedenabled:true-name:Backup current proxychains.confcopy:src:/etc/proxychains.confdest:/etc/proxychains.conf.bakremote_src:yes-name:Uncomment dynamic_chainreplace:path:/etc/proxychains.confregexp:'^#dynamic_chain'replace:'dynamic_chain'-name:Uncomment proxy_dnsreplace:path:/etc/proxychains.confregexp:'^#proxy_dns'replace:'proxy_dns'-name:Comment random_chainreplace:path:/etc/proxychains.confregexp:'^random_chain'replace:'#random_chain'-name:Comment strict_chainreplace:path:/etc/proxychains.confregexp:'^strict_chain'replace:'#strict_chain'-name:Modify proxychains configurationlineinfile:path:/etc/proxychains.confline:'socks5127.0.0.19050'state:present-name:Modify proxychains configurationlineinfile:path:/etc/proxychains.confline:'socks4127.0.0.19050'state:presentinstall_syncthing.yml: This file installs the Syncthing service.
-name:Add Syncthing GPG keyapt_key:url:https://syncthing.net/release-key.txtstate:present-name:Add Syncthing repository to sources listapt_repository:repo:'debhttps://apt.syncthing.net/syncthingstable'state:present-name:Create preferences file for Syncthingcopy:dest:/etc/apt/preferences.d/syncthingcontent:|Package: *Pin: origin apt.syncthing.netPin-Priority: 1001-name:Update apt package listsapt:update_cache:yes-name:Install Syncthingapt:name:syncthingstate:present5. Security Considerations:
Whilebecome: yes simplifies Ansible tasks, it's crucial to understand the security implications. Only grant privileges as needed and review the tasks carefully before running them.
6. Using Vagrant:
With everything set up, let's provision and start our Kali Linux VM:
- Navigate to the project directory (
vagrant_kali). - Run the command
vagrant upto bring up the VM and execute the Ansible playbook.
Vagrant will provision and start the Kali Linux VM. If configured, the VirtualBox GUI will be displayed.
This is the Ansible playbook output, indicating successful completion.
The Kali VM is up and running!
N.B
default user isvagrantand default password is alsovagrant
Vagrant Commands:
Here's a quick reference for some common Vagrant commands:
vagrant up: Provisions and starts the virtual machine.vagrant provision: Runs provisioning playbook.vagrant halt: Pauses the virtual machine.vagrant destroy: Completely removes the virtual machine and its associated resources.
Conclusion:
By combining Vagrant and Ansible, you can automate the process of setting up Linux VM for pen testing, development..., saving you time and effort. This blog post provides a basic framework to get you started. Remember to customize the tools and configurations in the Ansible playbook to suit your specific needs.
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
