Kali Tools Request

[m1j09830]

💡 Summary

Request for missing and additional tools to be added to Kali AMI build

Motivation and context

Per discussions with @jsf9k there appear to be some tools that weren't present on the latest AMI build that need to be explicitly added. This issue is to provide a listing of the tools that we noticed were missing including some additional tools that we are consistently using on our engagements.

Implementation notes

We would like to include the following tools and environment variables on the Kali instances:

• nmap
• vim
• Feroxbuster
• Subfinder
• jq
• assetfinder
• cargo
• ripgen
• waybackurls
• gau
• GO environment variables setup as shown here

Acceptance criteria

How do we know when this work is done?

• [x] All tools and environment variables listed above have been installed along with their dependencies.

[jsf9k]

There are Kali packages available for the following tools. Are you OK with me installing the Kali package instead of installing from source for any of these?

• feroxbuster
• subfinder
• jq (This one in particular should be fine to install via the package.)
• assetfinder
• cargo (This is another one where the packaged version should be fine.)
• gau

Also, can you let me know how you are using go and cargo? If you're using them to install Go- and Rust-based tools from GitHub then I wanted to make sure you knew that cisagov/ansible-role-assessment-tool now supports Go and Rust, so those tools could also be pre-installed into the AMI.

[jsf9k]

FWIW, there are a lot of tools that are currently installed into the AMI via GitHub for which Kali packages exist. I would prefer to install via the Kali package, since things tend to break less often that way, but in the past the Tech Council has stated that they want the latest and greatest.

In many cases, even if applications are installed via GitHub, it probably makes more sense to install from a tag or commit hash than to install the latest version on the main branch. That way things are much less likely to randomly break just because I rebuild the AMI. But that would require assessments to identify those tags/commit hashes and update them as appropriate.

[m1j09830]

@jsf9k FYSA this is something the TC is currently working towards figuring out. We haven't quite got to that point yet so for now which ever is easiest for you (through the kali packages or the github repository) works for us. When TC figures out the process for determining which versions we'll be using for version control we'll likely be relying on Github for that but we're still a ways out from getting that ironed out.

[jsf9k]

@m1j09830, I was looking at the Go environment variable example you pointed to:

export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

I noticed that GOPATH=$HOME/go, and thus it expects a Go installation in the home directory. Do you want me to just install the golang package on the AMI? I believe that would negate the need for you to install Go in the home directory, as well as the need to set any environment variables.

If not, do you at least want me to go ahead and install Go in the home directory? If so, then what version?

[m1j09830]

@m1j09830, I was looking at the Go environment variable example you pointed to:

export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

I noticed that GOPATH=$HOME/go, and thus it expects a Go installation in the home directory. Do you want me to just install the golang package on the AMI? I believe that would negate the need for you to install Go in the home directory, as well as the need to set any environment variables.

If not, do you at least want me to go ahead and install Go in the home directory? If so, then what version?

@jsf9k if installing the golang package will prevent the need to set any environment variables then I'm all for it. We can readdress if it's not allowing us to perform the actions the teams typically use them for which can range from installing tools to modifying and testing payloads for engagements. As for version, whatever the current package is will be fine for our purposes.

[jsf9k]

After installing the golang package, this command shows that GOROOT and GOPATH are already set to the correct values:

$ go env
<snip>
GOPATH="/home/vnc/go"
<snip>
GOROOT="/usr/lib/go-1.19"                                                                                                                                                                                                                  
<snip>

$GOPATH/bin does need to be added to the PATH, though, so I'll take care of that.