Extra Tools
While Kali does come with a plethora of tools for completing the labs, there are several that I've found to be extremely helpful that need to be added manually. There are also many many tools that are installed specifically for certain challenges, but I'm not covering those here.
Note: I provision a lot of these tools on a fresh Kali box with an Ansible script. It needs a few edits at this point, but it should give you an idea of what I add at a glance. Here I am highlighting several specific tools I use heavily that aren't in the default Kali image.
Tools / Software
- VSCodium: as with my main machine VSCodium is very nice to have, though in this case more for editing payloads and writing scripts.
- Vivaldi: Firefox is the Kali default, but it's helpful to have a Chromium based browser and Vivaldi is excellent.
- Terminator: it's a good terminal multiplexer and has built-in logging as mnetioned in the setup. A good alternative if you live in
tmux
and don't need the multiplexer function is Alacritty. - Rustscan: Wicked fast port scanner
- Feroxbuster: Fuzzing tool that I prefer for most use cases over
gobuster
. - Docker: many tools, including Rustscan, can be run via Docker containers so it's super handy to have this ready to go.
- Browser proxy: to get ZAP and Burp to talk to the browser a proxy plugin is recommended. On Firefox I use FoxyProxy and for Vivaldi I have Proxy SwitchyOmega both configured for localhost:8080 as the listening port.
- Wappalyzer: A browser plugin that tries to figure out what tech stack a website is using.
- HackTools: Handy extension to help generate reverse shells, among other abilities.
Lastly both Rustscan and Feroxbuster are Rust based tools, so you will need to install Rust in order to use them.