If you ask me about Kali some years ago, I must be thinking about Temple of Doom and if you asked me about hacking I would think about that blind man in Sneakers film :P

But joking apart, what can I say to you about Kali?

Kali is a cooked linux release that allows anyone to test pentesting tools. Could be installed as a virtual machine (VirtualBox, Vagrant...), as a boot partition on your computer or be deployed as EC2/VM instance on AWS/GCP/Azure/whatever cloud. These options are OK but it takes a "lot" of time to run, tweak and maintain a Kali system.

Imagine that you want to try a Kali tool and you dont want to install Kali Desktop, there is another option: Kali Docker images.

Kali images contains a base image without tools but all them APT repositories are enabled. So it's really easy to install and test anything on them.

Let's try to run some web scanner with Nikto, DMitry and SSLScan.

First you need to run bash in the Kali docker image:

docker run -ti --rm kalilinux/kali-rolling bash

Now, in this prompted shell we could run as many commands as we need:

┌──(root💀616f2bee7ea0)-[/]
└─# 

Let's start running some APT commands to install our tools:

┌──(root💀616f2bee7ea0)-[/]
└─# apt update && apt install nikto sslscan dmitry -y

That's it. Tools are been installed. Let's check that are ready to run:

• Nikto

┌──(root💀616f2bee7ea0)-[/]
└─# nikto -Version                                  
[...]
File                               Version      Last Mod
-----------------------------      --------     ----------
Nikto main                         2.1.6        
[...]

• Dmitry

┌──(root💀616f2bee7ea0)-[/]
└─# dmitry -version
Deepmagic Information Gathering Tool
"There be some deep magic going on"

Version: DMitry/1.3a (Unix)

• SSL Scan

┌──(root💀616f2bee7ea0)-[/]
└─# sslscan --version
                2.0.9-static
                OpenSSL 1.1.1l-dev  xx XXX xxxx

Imagine all the possibilities:

• Create your custom Kali images:

FROM kalilinux/kali-rolling

RUN apt-get update -qq \
 && apt-get install -qq -y --no-install-recommends \
    nikto sslscan dmitry metasploit-framework
[...]

• Run a Kali image into a Kubernetes cluster:

kubectl run prompt-shell --generator=run-pod/v1 --rm -i --tty --image kalilinux/kali -- bash

There are a lot of possibilities here.

Time to have fun. Enjoy!

Reference

• DockerHub