This is a somewhat customised set of Docker images of Kali Linux, for both platforms amd64 (Docker Desktop on Windows, cloud, etc.) and arm64 (Raspberry Pi, Apple Silicon Mac, etc.), and two flavors, kali-rolling (kali is the same image) and kali-bleeding-edge. Out-of-the-box tools for all needs!

• upstream the base image built with the Phusion's base image project modifications

• base Image with basic tools, TOR, and kalitorify (forked from the upstream repo to add Dockerfile and pull requests)

  • nano
  • lynx
  • tor
  • make
  • iptables
  • kali-linux-wsl

• desktop Base desktop (XFCE) without further tools. Includes Firefox

  • kali-desktop-xfce
  • xrdp
  • dbus-x11

• latest top10 desktop-top10 Most used set of tools on top of Desktop image

  • kali-linux-top10
    • maltego (not installed by default in kali-tools-top10 but installed by default here)

• headless Tools that dont require graphical environment (large)

  • kali-linux-headless

• labs exploitable vulnerable Intentionally vulnerable web applications: Damn Vulnerable Web Application and OWASP Juice Shop

  • kali-linux-labs
    • dvwa
    • juice-shop

• nethunter The Kali Linux NetHunter system

  • kali-linux-nethunter

• tools The kali-tools-* packages on top of Desktop Top 10 (latest) image

  • kali-tools-crypto-stego
  • kali-tools-database
  • kali-tools-detect
  • kali-tools-exploitation
  • kali-tools-forensics
  • kali-tools-fuzzing
  • kali-tools-gpu
  • kali-tools-hardware
  • kali-tools-identify
  • kali-tools-information-gathering
  • kali-tools-passwords
  • kali-tools-post-exploitation
  • kali-tools-protect
  • kali-tools-reporting
  • kali-tools-respond
  • kali-tools-reverse-engineering
  • kali-tools-reverse-engineering
  • kali-tools-sniffing-spoofing
  • kali-tools-social-engineering
  • kali-tools-voip
  • kali-tools-vulnerability
  • kali-tools-web
  • kali-tools-windows-resources
  • kali-tools-wireless

• Just download docker-compose.yml, place at an empty directory, and run docker-compose up -d. This will start the latest and labs containers (if you use Windows, be sure to replace the incoming port to 13389 do avoid conflicts with the local Remote Desktop port).

• Access the shell: docker exec -it --user kali desktop bash (omit --user kali to acces as root).

• Connect to the desktop environment using your Remote Desktop client. Available users are root and kali (password is kali for both). You may use the root username when running GUI apps that require root permissions.

• Inside the Desktop environment, browse the vulnerble webapps at the Vulnerable container:

  • http://vulnerable:42000 OWASP Juice Shop.
  • http://vulnerable:42001 Damn Vulnerable Web Application.

  Or use the tools available to attemp to exploit those web apps.

Note: Due to limitations related to file permissions on mounted volumes on rootless Podman, you need to connect to the instance (via console or RDP) using the root account.

The image depends on a Kali Linux base image built using the instructions on the Phusion's base image repo.

docker build --build-arg KALI_VER=<version> --build-arg TOOL=<tool> --target <target> -t amitie10g/kali-linux:<tag> .

Where build arg,

• KALI_VER The kali edition: rolling, bleeding-edge, last-release or experimental (if unsure, choose rolling)
• TOOL One of the packages starting with kali-tools-
• --target The desired target:
  • base Just the base image
  • desktop The Desktop (XFCE, without tools) image
  • desktop-top10 The desktop experience plus the top 10 tools
  • labs The vulnerable webapps
  • headless The cli-only tools
  • nethunter The Kali Nethunter system
  • tool The target for build the desired tool

Edit the Dockerfile to fit your needs.

• Q: Why you created this project
  A: I'm preparing for diploma in cybersecurity, and as my hobby is create Docker containers, I created this as part of my tasks. As this will be useful for everyone, I'be compromised to maintain this project.

• Q: Why s6-overlay
  A: Because this eases the process of bringing required services for tools (eg. Postgres for Metasploit).

• Q: Why XRDP instead o VNC?
  A: a) most of the users uses Windows, and the Remote Desktop client is integrated, and runs seamlessly; and b) performance.

• Everything in the GitHub repo (excluding submodules like Kalitorify) is released into the Public domain (the Unlicense)
• Kalitorify is licensed under the GNU General Public License v3.0
• The software built into the container images are released under their respective licenses

• kalitorify