Last reviewed

Beginner

Kali Linux Setup Guide

Configure your Kali Linux attack machine with essential tools, optimized settings, and custom configurations for professional penetration testing.

Lab Runbook

Use this page as a controlled lab build, not a production hardening guide. Validate isolation before running exercises and write down the cleanup command before starting.

Low risk Beginner 45-90 min

Plan

4 GB minimum, 8 GB preferred; 80 GB. Free. Isolation: NAT for updates, host-only for targets.

Build

  • - Updated Kali VM
  • - Tooling baseline
  • - Engagement folder template

Validate

  • - System updates complete without held packages
  • - NAT internet works
  • - Host-only adapter reaches target network

Exercise

Run only the exercises tied to this lab and save screenshots, command output, logs, and timestamps outside disposable VMs.

Clean Up

  • - Remove unused tool repos monthly
  • - Rotate test credentials
  • - Export notes before deleting snapshots

Installation Options

ISO

Virtual Machine

Recommended for beginners. Easy snapshots and isolation.

  • ✓ VMware / VirtualBox
  • ✓ Pre-built OVA available
  • ✓ 4GB RAM minimum
  • ✓ 80GB disk recommended
VM

Bare Metal

Best performance for resource-intensive tasks.

  • ✓ Native hardware access
  • ✓ WiFi adapter support
  • ✓ Dual-boot option
  • ✓ Full GPU access
Container

Docker

Lightweight for specific tool needs.

  • ✓ Quick deployment
  • ✓ Minimal overhead
  • ✓ Tool isolation
  • ✗ Limited hardware access

Post-Installation Setup

1. Update System

bash 
# Full system update
sudo apt update && sudo apt full-upgrade -y

# Clean up
sudo apt autoremove -y && sudo apt autoclean
# Full system update
sudo apt update && sudo apt full-upgrade -y

# Clean up
sudo apt autoremove -y && sudo apt autoclean

2. Install Essential Packages

bash 
# Development tools
sudo apt install -y git curl wget vim tmux htop tree jq

# Python tools
sudo apt install -y python3-pip python3-venv pipx
pipx ensurepath

# Network tools
sudo apt install -y net-tools dnsutils whois traceroute

# Additional pentest tools
sudo apt install -y seclists wordlists bloodhound neo4j netexec evil-winrm
# Development tools
sudo apt install -y git curl wget vim tmux htop tree jq

# Python tools
sudo apt install -y python3-pip python3-venv pipx
pipx ensurepath

# Network tools
sudo apt install -y net-tools dnsutils whois traceroute

# Additional pentest tools
sudo apt install -y seclists wordlists bloodhound neo4j netexec evil-winrm

3. Configure Shell (ZSH + Oh My ZSH)

bash 
# Install Oh My ZSH
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

# Install useful plugins
git clone https://github.com/zsh-users/zsh-autosuggestions ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-syntax-highlighting ~/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting

# Edit ~/.zshrc and add plugins:
# plugins=(git zsh-autosuggestions zsh-syntax-highlighting sudo)
# Install Oh My ZSH
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

# Install useful plugins
git clone https://github.com/zsh-users/zsh-autosuggestions ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-syntax-highlighting ~/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting

# Edit ~/.zshrc and add plugins:
# plugins=(git zsh-autosuggestions zsh-syntax-highlighting sudo)

4. Create Project Structure

bash 
# Create organized workspace
mkdir -p ~/pentests/{clients,tools,wordlists,exploits,notes}

# Symlink common wordlists
ln -s /usr/share/wordlists ~/pentests/wordlists/system
ln -s /usr/share/seclists ~/pentests/wordlists/seclists

# Set up project template
cat > ~/pentests/template.sh << 'EOF'
#!/bin/bash
PROJECT=$1
mkdir -p ~/pentests/clients/$PROJECT/{recon,scans,exploits,loot,notes,report}
echo "Project created: ~/pentests/clients/$PROJECT"
cd ~/pentests/clients/$PROJECT
EOF
chmod +x ~/pentests/template.sh
# Create organized workspace
mkdir -p ~/pentests/{clients,tools,wordlists,exploits,notes}

# Symlink common wordlists
ln -s /usr/share/wordlists ~/pentests/wordlists/system
ln -s /usr/share/seclists ~/pentests/wordlists/seclists

# Set up project template
cat > ~/pentests/template.sh << 'EOF'
#!/bin/bash
PROJECT=$1
mkdir -p ~/pentests/clients/$PROJECT/{recon,scans,exploits,loot,notes,report}
echo "Project created: ~/pentests/clients/$PROJECT"
cd ~/pentests/clients/$PROJECT
EOF
chmod +x ~/pentests/template.sh

Essential Tools

Reconnaissance

bash 
# Install recon tools via pipx
pipx install subfinder
pipx install httpx-toolkit
pipx install nuclei

# Install from apt
sudo apt install -y amass masscan rustscan
# Install recon tools via pipx
pipx install subfinder
pipx install httpx-toolkit
pipx install nuclei

# Install from apt
sudo apt install -y amass masscan rustscan

Web Testing

bash 
# Install web tools
sudo apt install -y feroxbuster ffuf gobuster
pipx install sqlmap

# Install Burp Suite (if not included)
# Download from portswigger.net
# Install web tools
sudo apt install -y feroxbuster ffuf gobuster
pipx install sqlmap

# Install Burp Suite (if not included)
# Download from portswigger.net

Active Directory

bash 
# AD tools
sudo apt install -y bloodhound neo4j
pipx install impacket
pipx install certipy-ad
pipx install bloodyAD
pipx install coercer

# Install Rubeus, Mimikatz (Windows tools)
# Download from GitHub releases
# AD tools
sudo apt install -y bloodhound neo4j
pipx install impacket
pipx install certipy-ad
pipx install bloodyAD
pipx install coercer

# Install Rubeus, Mimikatz (Windows tools)
# Download from GitHub releases

Password Cracking

bash 
# Cracking tools
sudo apt install -y hashcat john

# Download wordlists
cd ~/pentests/wordlists
wget https://github.com/danielmiessler/SecLists/archive/master.zip
unzip master.zip && rm master.zip
# Cracking tools
sudo apt install -y hashcat john

# Download wordlists
cd ~/pentests/wordlists
wget https://github.com/danielmiessler/SecLists/archive/master.zip
unzip master.zip && rm master.zip

C2 & Tunneling

bash 
# Ligolo-ng (modern tunneling/pivoting)
# Download from: github.com/nicocha30/ligolo-ng/releases
wget https://github.com/nicocha30/ligolo-ng/releases/latest/download/proxy_linux_amd64 -O ligolo-proxy
chmod +x ligolo-proxy

# Sliver C2 (BishopFox)
curl https://sliver.sh/install | sudo bash

# Start Sliver
sliver-server
# Ligolo-ng (modern tunneling/pivoting)
# Download from: github.com/nicocha30/ligolo-ng/releases
wget https://github.com/nicocha30/ligolo-ng/releases/latest/download/proxy_linux_amd64 -O ligolo-proxy
chmod +x ligolo-proxy

# Sliver C2 (BishopFox)
curl https://sliver.sh/install | sudo bash

# Start Sliver
sliver-server

tmux Configuration

Why tmux?

tmux allows you to maintain persistent terminal sessions, split screens, and keep tools running even if your SSH connection drops.
bash 
# ~/.tmux.conf - Pentest optimized config
# Set prefix to Ctrl+a
unbind C-b
set -g prefix C-a
bind C-a send-prefix

# Enable mouse
set -g mouse on

# Start windows/panes at 1
set -g base-index 1
setw -g pane-base-index 1

# Easy split commands
bind | split-window -h -c "#{pane_current_path}"
bind - split-window -v -c "#{pane_current_path}"

# Quick reload config
bind r source-file ~/.tmux.conf \; display "Config reloaded!"

# Status bar styling
set -g status-bg black
set -g status-fg green
set -g status-right '#[fg=cyan]%Y-%m-%d %H:%M'

# Increase scrollback
set -g history-limit 50000
# ~/.tmux.conf - Pentest optimized config
# Set prefix to Ctrl+a
unbind C-b
set -g prefix C-a
bind C-a send-prefix

# Enable mouse
set -g mouse on

# Start windows/panes at 1
set -g base-index 1
setw -g pane-base-index 1

# Easy split commands
bind | split-window -h -c "#{pane_current_path}"
bind - split-window -v -c "#{pane_current_path}"

# Quick reload config
bind r source-file ~/.tmux.conf \; display "Config reloaded!"

# Status bar styling
set -g status-bg black
set -g status-fg green
set -g status-right '#[fg=cyan]%Y-%m-%d %H:%M'

# Increase scrollback
set -g history-limit 50000

Useful Aliases

bash 
# Add to ~/.zshrc or ~/.bashrc

# Quick scans
alias quicknmap='nmap -sC -sV -oA nmap_quick'
alias fullnmap='nmap -sC -sV -p- -oA nmap_full'
alias udpnmap='sudo nmap -sU --top-ports 100 -oA nmap_udp'

# Web enumeration
alias dirsearch='feroxbuster -u'
alias fuzz='ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u'

# Listeners
alias listen='sudo nc -lvnp'
alias webserv='python3 -m http.server 80'

# Copy to clipboard (install xclip)
alias copy='xclip -selection clipboard'

# Quick IP
alias myip='curl -s ifconfig.me'
alias localip='hostname -I | cut -d" " -f1'

# Start services
alias startdb='sudo systemctl start postgresql'
alias startneo4j='sudo neo4j start'

# Quick notes
alias note='vim ~/pentests/notes/$(date +%Y-%m-%d).md'
# Add to ~/.zshrc or ~/.bashrc

# Quick scans
alias quicknmap='nmap -sC -sV -oA nmap_quick'
alias fullnmap='nmap -sC -sV -p- -oA nmap_full'
alias udpnmap='sudo nmap -sU --top-ports 100 -oA nmap_udp'

# Web enumeration
alias dirsearch='feroxbuster -u'
alias fuzz='ffuf -w /usr/share/seclists/Discovery/Web-Content/common.txt -u'

# Listeners
alias listen='sudo nc -lvnp'
alias webserv='python3 -m http.server 80'

# Copy to clipboard (install xclip)
alias copy='xclip -selection clipboard'

# Quick IP
alias myip='curl -s ifconfig.me'
alias localip='hostname -I | cut -d" " -f1'

# Start services
alias startdb='sudo systemctl start postgresql'
alias startneo4j='sudo neo4j start'

# Quick notes
alias note='vim ~/pentests/notes/$(date +%Y-%m-%d).md'

Low-Resource Environments

Don't Have 32GB RAM?

You can still run an effective pentest lab on limited hardware. These tips help you maximize performance with 8-16GB RAM.

WSL2 Alternative

Run Kali inside WSL2 on Windows — no hypervisor overhead. Great for tool-only usage.

  • wsl --install -d kali-linux
  • ✓ Uses ~500MB RAM vs 4GB for a VM
  • ✓ Access Windows filesystem at /mnt/c/
  • ✗ No GUI by default (install Win-KeX)
  • ✗ Limited networking (no bridged/host-only)

Thin Provisioning

Allocate disk dynamically so VMs only use what they need.

  • ✓ Use thin-provisioned disks (VMware/VBox default)
  • ✓ Linked clones for multiple similar VMs
  • ✓ Share base images — 3 Windows VMs from one base
  • ✓ Docker labs use minimal disk (pull-on-demand)

RAM-Saving Tips

  • Run labs sequentially, not simultaneously — shutdown web lab before starting AD lab
  • Reduce Kali RAM to 2GB for basic scanning (4GB only needed for heavy tools like Burp)
  • Use Server Core for Windows Server — saves ~1GB RAM vs Desktop Experience
  • • Keep host protections enabled; tune only disposable lab VMs when a tool conflict is confirmed
  • Use Docker for web labs — much lighter than full VMs
  • Consider Proxmox for bare-metal hypervisor — no host OS overhead

VM Optimizations

Kali Purple

Kali now offers a Kali Purple variant with pre-installed SOC and defensive tools (Arkime, CyberChef, Elastic, TheHive, Malcolm, Suricata, Zeek). Consider it if you're building purple team or detection labs alongside your offensive environment.

VMware

  • ✓ Install open-vm-tools
  • ✓ Enable 3D acceleration
  • ✓ Allocate 4+ CPU cores
  • ✓ Use SSD storage
  • ✓ Shared folders for file transfer

VirtualBox

  • ✓ Install Guest Additions
  • ✓ Enable PAE/NX
  • ✓ Use VBoxSVGA adapter
  • ✓ Bidirectional clipboard
  • ✓ USB 3.0 controller

Troubleshooting FAQ

Tools not found after install
  • Run sudo apt update && sudo apt install -y kali-linux-default for the standard toolset
  • Check if tool is in PATH: which toolname or apt search toolname
  • Some tools moved to pipx: pipx list to check installed Python tools
  • Restart terminal or run hash -r to refresh PATH
No network connectivity in VM
  • Check VM network adapter is set to NAT or Bridged in hypervisor settings
  • Restart NetworkManager: sudo systemctl restart NetworkManager
  • Verify IP assigned: ip addr show
  • For VMware: reinstall open-vm-tools
Kali GUI slow or laggy
  • Enable 3D acceleration in VM settings
  • Allocate 2+ CPU cores and 4GB+ RAM
  • Switch to lighter desktop: sudo apt install kali-desktop-xfce
  • Use SSH instead of GUI for most tasks: sudo systemctl enable ssh

Go Deeper After Setup

Web Pentesting Use the Kali baseline against web targets. Internal Pentest Extend the same notes structure into internal network work.

Operational Safety Baseline

Apply these rules before running any lab command on this page.

  • Work only on systems you own or have explicit authorization to test.
  • Keep vulnerable services off your home LAN and off public interfaces.
  • Take clean snapshots before every exercise and before every vulnerable configuration change.
  • Use dedicated cloud accounts, subscriptions, and projects with billing alerts before deployment.
  • Write down the teardown command before you run the setup command.

Validation Checkpoints

  • -System updates complete without held packages
  • -NAT internet works
  • -Host-only adapter reaches target network
  • -Snapshot named clean-baseline exists

Cleanup And Rollback

  • -Remove unused tool repos monthly
  • -Rotate test credentials
  • -Export notes before deleting snapshots

Practice Next

Web App Lab Vulnerable VMs

Related Topics

Vulnerable VMs

Practice targets to attack

Nmap Cheatsheet

Network scanning reference

Web Pentest Guide

Start web testing

Internal Pentest Guide

Network penetration testing

AD Attack Paths

Active Directory attack techniques