An Ansible-based automation tool for spinning up a fully configured Kali Linux environment — inspired by IppSec's parrot-build and adapted for Kali.
Designed to get a fresh VM from zero to ready as fast as possible. Run it once on a new VM and you're good to go.
- APT packages —
jq,pipx,flameshot,exiftool,rsyslog,curl, Docker CE - GitHub releases — Chisel (Linux + Windows), LinPEAS/WinPEAS, Chainsaw, BloodHound
- GitHub repos — SharpCollection, SecLists
- Python (pipx) — Impacket, NetExec, Certipy-AD, BloodHound.py (CE)
- Ruby gems — Evil-WinRM and its full dependency chain
- Kerbrute — via
go install - BloodHound CE — Docker Compose deployment on port 8088
- Terminal — Custom bash prompt with VPN/IP awareness (HTB 10.x detection), color aliases, sensible history settings
- Tmux — Pre-configured
.tmux.conf - Firefox — Policy-based configuration via
policies.json - Burp Suite — Auto-downloads CA cert, installs extras (Jython, Montoya API), applies community config template
- Logging — UFW with SYN logging, auditd with custom rules, Laurel for structured JSON audit logs
- VS Code — Installed via Ansible role with extensions: Python, PHP Tools, GitHub Copilot, Snyk, Code Spell Checker
- Kali Linux (rolling)
- A regular user with
sudoaccess (do not run as root) goinstalled if you want Kerbrute- Internet access
sudo apt update && sudo apt install ansible git -y
git clone https://github.com/pluribus/kali-build.git
cd kali-build
ansible-galaxy install -r requirements.yml
ansible-playbook main.yml --ask-become-passbash install-safe.shansible-playbook main-tools-only.yml --ask-become-passAPT packages → roles/install-tools/tasks/apt-stuff.yml
GitHub releases → add to the loop in roles/install-tools/tasks/github-repos.yml:
- { repo: "owner/repo", regex: "_linux_amd64", location: "/opt/mytool" }pipx tools → roles/install-tools/tasks/python-tools.yml
Laurel version → roles/configure-logging/defaults/main.yml:
laurel_version: "v0.5.3"The sudoers task is commented out by default for safety. To enable passwordless sudo, uncomment the task in roles/configure-system/tasks/configure-sudoers.yml.
kali-build/
├── main.yml # Full build playbook
├── main-tools-only.yml # Tools only (no UI config)
├── install.sh # Bootstrap script
├── install-safe.sh # Safe bootstrap (non-destructive)
├── requirements.yml # Ansible Galaxy requirements
└── roles/
├── install-tools/ # APT, pip, gem, GitHub downloads
├── configure-tmux/ # Tmux config
├── customize-terminal/ # Bash prompt, aliases, .bashrc
├── customize-browser/ # Firefox policies, Burp Suite setup
├── configure-logging/ # UFW, auditd, Laurel
└── configure-system/ # Sudoers (optional)
- BloodHound CE is deployed via Docker on port 8088 (moved from default 8080 to avoid conflicts). Initial credentials are saved to
/opt/bloodhound/server/initial-password.txtafter first run. - The GitHub download script (
githubdownload.py) is unauthenticated — GitHub's rate limit is 60 requests/hour. If downloads fail, wait and re-run. - Burp Suite extras (Jython, Montoya) are downloaded with checksums — update these in
roles/customize-browser/vars/main.ymlwhen new versions release.
Original configuration by IppSec. This repo adapts his work for Kali Linux with additional tooling and safe-mode options.
MIT