How to use kali docker image as a red-teamer

In 2015, Kali announced their official docker image, which is a great move towards making Kali easier, faster to install and list resource consuming than a VMware or VirtualBox images.

In this article, I’m going to explain how to install docker on both Linux and Windows, Download Kali image, run Kali’s container, make changes and save/commit.

Resources

• Official Docker page
• Official Github repository
• Official announcement

Installing docker on linux

The best step by step and complete resource I found is from digitalocean here.

Installing docker on windows

For Windows, I found the official documentation is pretty good here.

Download and run kali image

Download the image by:

$ docker pull kalilinux/kali-linux-docker

You’ll get a similar output

Using default tag: latest
latest: Pulling from kalilinux/kali-linux-docker
014a6d74f96c: Pull complete 
9febb14563a0: Pull complete 
c38f04972c6b: Pull complete 
9d39d049d5d0: Pull complete 
4e80058918bf: Pull complete 
ccd85f0810ad: Pull complete 
Digest: sha256:ddb33d548851d58a5ac351ac5ad3579fb7af5c6e17d7b70bbf49102d9865a1a3
Status: Downloaded newer image for kalilinux/kali-linux-docker:latest

Run and interact with Kali command-line

$ docker run -it kalilinux/kali-linux-docker /bin/bash

Write a file then exit the container

$ echo "TheCyberDaemons" >> /tmp/TechArch.txt
$ exit

Now run kali again, and check if TechArch.txt exists

$ docker run -it kalilinux/kali-linux-docker /bin/bash
$ cat /tmp/TechArch.txt
cat: /tmp/TechArch: No such file or directory

The issue is that the container runs it’s system and content from Kali image which acts exactly as an ISO image. So once container exits, all changes get lost.

Work with kali and save changes

Step 1: Run Kali As a Daemon

$ docker run -dit --name kali_base kalilinux/kali-linux-docker /bin/bash

Step 2: Attach To Kali Container

List all currently running containers

$ docker container ls

Attach to Kali container

$ docker exec -it kali_base /bin/bash

Or to make the command more generic

$ docker exec -it $(docker container ls | grep -i kali | awk '{print $NF}') /bin/bash

Step 3: Make Changes to The Container

Let’s update kali and install Metasploit

$ apt-get update && apt-get install metasploit-framework

Step 4: Commit Your Changes

Now, it’s time to save our changes that applied to the running container to have a new image contains the changes. So, no need to install Metasploit each time we run Kali container

The main syntax to commit/save your changes is:

$ docker commit [CONTAINER] [NEWNAME:TAG]

Let’s try it now

$ docker images | grep -i kali

results to

docker images | grep -i kali
kali-v1.0                    latest  a9440ab040c9   About a minute ago 1.66GB
kalilinux/kali-linux-docker  latest  7356c5d67c32    4 days ago    625MB

List all commit you’ve done on your modified image

$ docker history kali-v1.0:latest | grep -v missing

The result is

MAGE          CREATED        CREATED BY   SIZE       COMMENT
a9440ab040c9  7 minuts ago   /bin/bash    1.03GB     installing metasploit 
7356c5d67c32  6 days ago     /bin/sh -c #(nop)  CMD ["bash"]  0B

To Delete Kali Container

$ docker stop kali-v1.0
$ docker rm kali-v1.0

To Delete Kali Image

$ docker rmi [IMAGENAME]

You can also have your own image on docker hub.

Happy Hacking!