鉴于 Kali 里面的很多工具集都是偏海外以及是英文版的原因,导致其中有很多工具集我们是很少用的,用的最多的无异于MSF、sqlmap、nmap这些耳熟能详的工具了。本文安装配置主要摘自 @ffffffff0x 团队分享的 “Kali系统基础设施配置” 软文 -> 传送门
为了将现代的多款主流、常用的工具集整合进来,我们需要安装好依赖、环境以及配置好源。需要整合进去的工具如下:
- Volatility
- distorm
- RustScan
- hashcat、7z2hashcat
- unyaffs
- ffuf
- JSFinder
- SecretFinder
- WebAliveScan
- OneForAll
- ksubdomain
- AWV-13
- AWVS-13 + Nessus
0x1 基本配置建设
# /pentest 作为存放渗透工具的文件夹
# /tmp/test 作为存放临时文件的文件夹
mkdir /pentest
mkdir /tmp/test
# apt mirror
tee /etc/apt/sources.list <<-'EOF'
deb https://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src https://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
EOF
rm -rf /var/cache/apt/archives/lock
rm -rf /var/lib/dpkg/lock-frontend
rm -rf /var/lib/dpkg/lock
rm /var/lib/dpkg/lock
rm /var/lib/apt/lists/lock
apt update
# SSH
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
systemctl start ssh
systemctl enable ssh
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_rsa_key
# 安装依赖 (install dependence)
apt install -y gcc g++
apt install -y make cmake
apt install -y vim git curl lrzsz wget unzip resolvconf p7zip-full rlwrap
apt install -y apt-transport-https
apt install -y ca-certificates
apt install -y software-properties-common
apt install -y build-essential
apt install -y jq
apt install -y gdb socat telnet tree tcpdump iptraf iftop nethogs openssl libssl-dev libssh2-1-dev
# Change DNS
echo "nameserver 223.5.5.5" > /etc/resolvconf/resolv.conf.d/head
resolvconf -u
# Proxychains-ng
cd /tmp/test
# rz upload a proxychains-ng.zip
unzip proxychains-ng.zip
cd proxychains-ng-master
./configure
make && make install
cp ./src/proxychains.conf /etc/proxychains.conf
cd .. && rm -rf proxychains-ng
vim /etc/proxychains.conf # Change it to your proxy.
# pip
wget https://bootstrap.pypa.io/get-pip.py
python2 get-pip.py
python2 -m pip install --upgrade pip
apt-get install -y python-dev
apt-get install -y python3-dev
# 安装中文字体 (Install fonts)
apt install -y xfonts-intl-chinese ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy
# pip3
cd /tmp/test
wget https://bootstrap.pypa.io/get-pip.py
python3 get-pip.py
# GO
cd /tmp/test
# rz upload a go1.13.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.13.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
export GOROOT=/usr/local/go
export GOPATH=$HOME/Applications/Go
source $HOME/.profile
source ~/.bash_profile
ln -s /usr/local/go/bin/go /usr/bin/go
go version
# Docker
apt remove docker docker-engine docker.io
apt update
apt install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common \
gnupg
curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | apt-key add -
echo 'deb https://download.docker.com/linux/debian stretch stable'> /etc/apt/sources.list.d/docker.list
apt update
apt install -y docker-ce
docker version
systemctl start docker
systemctl enable docker
# Docker-Compose
cd /tmp/test
wget https://github.com/docker/compose/releases/download/1.25.5/docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
0x2 更换源 & 配置源
# pip mirrors
mkdir -p ~/.pip/
tee ~/.pip/pip.conf <<-'EOF'
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
[install]
trusted-host=mirrors.aliyun.com
EOF
# Docker mirrors
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
systemctl enable docker
systemctl restart docker
systemctl daemon-reload
# GO Proxy
go env -w GO111MODULE=on
go env -w GOPROXY="https://goproxy.io,direct"
0x3 主流工具集整合安装配置
mkdir /tmp/test
cd /tmp/test
# AboutSecurity
cd /pentest
git clone https://github.com/ffffffff0x/AboutSecurity.git
# Misc Tools
apt install -y foremost parallel owasp-mantra-ff btscanner
apt install -y rarcrack
apt install -y powershell
apt install -y redis
apt install -y xdot
gem install zsteg
# python module
pip install PyJWT pyshark requests sqlparse threadpool urllib3 lxml pyzbar bs4
pip install ftfy
pip3 install updog
python2 -m pip install yara pycrypto openpyxl ujson pil
python2 -m pip install Crypto
python2 -m pip install pycryptodome
python2 -m pip install pytz
python2 -m pip install Pillow
python3 -m pip install ciphey --upgrade
# distorm
cd /tmp/test
git clone https://github.com/gdabah/distorm
cd distorm
python2 -m pip install distorm3
# Volatility
cd /pentest
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
python setup.py build
python setup.py install
python vol.py --info
# hashcat、7z2hashcat
cd /pentest
wget https://hashcat.net/files/hashcat-6.1.1.7z --no-check-certificate
wget https://raw.githubusercontent.com/philsmd/7z2hashcat/master/7z2hashcat.pl
7za x hashcat-6.1.1.7z && rm -rf hashcat-6.1.1.7z
cd hashcat-6.1.1 && chmod +x hashcat.bin && cp hashcat.bin hashcat
ln -s /pentest/hashcat-6.1.1/hashcat /usr/sbin/hashcat
# RustScan
cd /tmp/test
wget https://github.com/RustScan/RustScan/releases/download/1.10.0/rustscan_1.10.0_amd64.deb
dpkg -i rustscan_1.10.0_amd64.deb
# ncat
apt install -y ncat
update-alternatives --set nc /usr/bin/ncat
# binwalk
cd /tmp/test
git clone https://github.com/ReFirmLabs/binwalk.git && cd binwalk
sudo ./deps.sh && python setup.py uninstall && python setup.py install
# unyaffs
cd /tmp/test
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/unyaffs/unyaffs
mv unyaffs /usr/local/bin/
chmod +x /usr/local/bin/unyaffs
unyaffs
# ffuf
cd /tmp/test
wget https://github.com/ffuf/ffuf/releases/download/v1.1.0/ffuf_1.1.0_linux_amd64.tar.gz
tar -zxvf ffuf_1.1.0_linux_amd64.tar.gz
mv ffuf /usr/local/bin/
chmod +x /usr/local/bin/ffuf
ffuf -V
# JSFinder
cd /pentest
git clone https://github.com/Threezh1/JSFinder.git
# SecretFinder
cd /pentest
git clone https://github.com/m4ll0k/SecretFinder.git
cd SecretFinder
python3 -m pip install -r requirements.txt
python3 SecretFinder.py
# WebAliveScan
cd /pentest
git clone https://github.com/broken5/WebAliveScan.git
cd WebAliveScan/
pip3 install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
python3 webscan.py
# oneforall
cd /pentest
git clone https://github.com/shmilylty/OneForAll
cd OneForAll/
python3 -m pip install -U pip setuptools wheel -i https://mirrors.aliyun.com/pypi/simple/
pip3 install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
python3 oneforall.py --help
# ksubdomain
cd /tmp/test
apt install -y libpcap-dev
wget https://github.com/knownsec/ksubdomain/releases/download/v0.5.1/ksubdomain_linux.zip
unzip ksubdomain_linux.zip
mv ksubdomain /usr/local/bin/
chmod +x /usr/local/bin/ksubdomain
ksubdomain
# Impacket
cd /pentest
git clone https://github.com/SecureAuthCorp/impacket.git
cd impacket
pip3 install .
python3 setup.py install
# AWVS-13
docker pull secfa/docker-awvs
docker run -it -d -p 13443:3443 secfa/docker-awvs
# 容器的相关信息 (Information about the container)
# awvs13 username: admin@admin.com
# awvs13 password: Admin123
# AWVS Version:13.0.200217097
# browser access:https://127.0.0.1:13443/
# AWVS13+nessus
docker pull leishianquan/awvs-nessus:v03
docker run -it -d -p 13443:3443 -p 8834:8834 leishianquan/awvs-nessus:v03 /bin/bash
docker ps -a
docker start [docker_id]
docker exec -it [docker_id] /bin/bash
/etc/init.d/nessusd start
cp /home/license_info.json /home/acunetix/.acunetix/data/license/
# Nessus:
# https://127.0.0.1:8834/#/
# nessus username:leishi
# nessus password:leishianquan
# Awvs13.0.200625101:
# https://127.0.0.1:13443/
# awvs13 username: leishi@leishi.com
# awvs13 password: Leishi123
谢谢你的关注,为小伙伴们持续输出高质量文章。