Overview
This Ansible playbook automates the setup and configuration of a Kali Linux system, including installation of security tools, repository configuration, system hardening, and common development utilities. Perfect for quickly provisioning fresh Kali instances or maintaining consistent configurations across multiple machines.
Prerequisites
- Ansible installed on control node
- SSH access to target Kali Linux machine(s)
- Python 3 on target machine
- Sudo privileges on target machine
Install Ansible (Control Node)
1
2
3
4
5
6
7
8
| # Create virtual environment for python
python3 -m venv .ansible-venv
# Python pip
pip install ansible
# Verify installation
ansible --version
|
Project Structure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| ansible-kali-setup/
├── playbook.yml
├── inventory.ini
├── group_vars/
│ └── kali.yml
├── roles/
│ ├── tools/
│ │ ├── tasks/main.yml
│ │ └── vars/main.yml
│ ├── hardening/
│ │ └── tasks/main.yml
│ └── config/
│ └── tasks/main.yml
└── README.md
|
Inventory File
Create inventory.ini:
1
2
3
4
5
6
7
| [kali]
kali-vm ansible_host=192.168.1.100 ansible_user=kali
kali-lab ansible_host=192.168.1.101 ansible_user=kali
[kali:vars]
ansible_python_interpreter=/usr/bin/python3
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
Or use SSH config:
1
2
3
4
5
6
| [kali]
kali-vm
kali-lab
[kali:vars]
ansible_python_interpreter=/usr/bin/python3
|
Main Playbook
Create playbook.yml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
| ---
- name: Configure Kali Linux System
hosts: kali
become: yes
gather_facts: yes
vars:
update_system: true
install_security_tools: true
install_dev_tools: true
configure_firewall: true
tasks:
- name: Update apt cache
apt:
update_cache: yes
cache_valid_time: 3600
when: update_system | bool
- name: Upgrade all packages
apt:
upgrade: dist
autoremove: yes
autoclean: yes
when: update_system | bool
- name: Install essential packages
apt:
name:
- curl
- wget
- git
- vim
- tmux
- htop
- net-tools
- build-essential
- python3-pip
- python3-venv
state: present
- name: Install security tools
apt:
name: ""
state: present
loop:
- nmap
- wireshark
- tcpdump
- netcat
- metasploit-framework
- burpsuite
- sqlmap
- nikto
- gobuster
- dirb
- hydra
- john
- hashcat
- aircrack-ng
- wireshark
- volatility3
- volatility
- ghidra
- radare2
- gdb
- strace
- ltrace
when: install_security_tools | bool
- name: Install development tools
apt:
name: ""
state: present
loop:
- docker.io
- docker-compose
- nodejs
- npm
- golang-go
- rustc
- cargo
- openjdk-17-jdk
- maven
when: install_dev_tools | bool
- name: Install Python security tools via pip
pip:
name: ""
state: present
loop:
- pwntools
- requests
- scapy
- impacket
- pycryptodome
- paramiko
- pyftpdlib
become_user: root
- name: Install Go security tools
shell: |
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/tomnomnom/waybackurls@latest
go install -v github.com/tomnomnom/assetfinder@latest
go install -v github.com/tomnomnom/ffuf/v2@latest
environment:
PATH: "/go/bin:"
become_user: ""
args:
creates: "/go/bin/nuclei"
- name: Add Go binaries to PATH
lineinfile:
path: /etc/profile.d/go.sh
line: 'export PATH="$HOME/go/bin:$PATH"'
create: yes
mode: '0644'
- name: Configure UFW firewall
ufw:
rule: ""
port: ""
proto: ""
state: ""
loop:
- { rule: allow, port: '22', state: enabled }
- { rule: allow, port: '80', state: enabled }
- { rule: allow, port: '443', state: enabled }
when: configure_firewall | bool
- name: Create common directories
file:
path: ""
state: directory
mode: '0755'
loop:
- /opt/tools
- /opt/scripts
- /opt/labs
- /opt/notes
- name: Configure tmux
copy:
content: |
# Tmux configuration
set -g default-terminal "screen-256color"
set -g history-limit 10000
set -g mouse on
bind-key -n C-h select-pane -L
bind-key -n C-j select-pane -D
bind-key -n C-k select-pane -U
bind-key -n C-l select-pane -R
dest: /home//.tmux.conf
owner: ""
group: ""
mode: '0644'
- name: Configure vim
copy:
content: |
set number
set relativenumber
set tabstop=2
set shiftwidth=2
set expandtab
set autoindent
syntax on
dest: /home//.vimrc
owner: ""
group: ""
mode: '0644'
- name: Configure bash aliases
blockinfile:
path: /home//.bashrc
block: |
# Ansible managed aliases
alias ll='ls -alF'
alias la='ls -A'
alias l='ls -CF'
alias ..='cd ..'
alias ...='cd ../..'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
alias ports='netstat -tulanp'
alias update='sudo apt update && sudo apt upgrade -y'
marker: "# {mark} ANSIBLE MANAGED BLOCK"
owner: ""
group: ""
- name: Install Docker group membership
user:
name: ""
groups: docker
append: yes
- name: Enable and start Docker service
systemd:
name: docker
enabled: yes
state: started
when: install_dev_tools | bool
- name: Display installed tools summary
debug:
msg: "Kali Linux configuration completed successfully!"
|
Advanced: Using Roles
For better organization, create roles:
roles/tools/tasks/main.yml
1
2
3
4
5
6
7
8
9
10
11
| ---
- name: Install security tools
apt:
name: ""
state: present
loop: ""
- name: Install via pip
pip:
name: ""
loop: ""
|
roles/tools/vars/main.yml
1
2
3
4
5
6
7
8
9
10
| security_tools:
- nmap
- wireshark
- metasploit-framework
- burpsuite
pip_tools:
- pwntools
- requests
- impacket
|
Updated playbook.yml with roles:
1
2
3
4
5
6
7
8
| ---
- name: Configure Kali Linux
hosts: kali
become: yes
roles:
- tools
- hardening
- config
|
Usage
Basic Execution
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| # Test connectivity
ansible kali -i inventory.ini -m ping
# Run playbook
ansible-playbook -i inventory.ini playbook.yml
# Run with specific tags
ansible-playbook -i inventory.ini playbook.yml --tags "tools,config"
# Run with verbose output
ansible-playbook -i inventory.ini playbook.yml -v
# Dry run (check mode)
ansible-playbook -i inventory.ini playbook.yml --check
|
Using Vault for Sensitive Data
1
2
3
4
5
6
7
8
| # Create encrypted vault file
ansible-vault create group_vars/kali/vault.yml
# Edit vault
ansible-vault edit group_vars/kali/vault.yml
# Run playbook with vault
ansible-playbook -i inventory.ini playbook.yml --ask-vault-pass
|
Using SSH Keys
1
2
3
4
5
6
| # Use specific SSH key
ansible-playbook -i inventory.ini playbook.yml --private-key ~/.ssh/kali_key
# Or configure in inventory
[all:vars]
ansible_ssh_private_key_file=~/.ssh/kali_key
|
Customization
Variables File (group_vars/kali.yml)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| ---
# System configuration
update_system: true
configure_firewall: true
# Tool installation flags
install_security_tools: true
install_dev_tools: true
install_pentest_tools: true
# Custom tool lists
custom_security_tools:
- custom-tool-1
- custom-tool-2
# User configuration
default_user: kali
home_directory: /home/kali
|
Conditional Execution
1
2
3
4
5
| - name: Install optional tools
apt:
name: ""
loop: ""
when: install_optional_tools | bool
|
Best Practices
- Idempotency: All tasks should be idempotent (safe to run multiple times)
- Tags: Use tags to organize tasks (
--tags "tools") - Handlers: Use handlers for service restarts
- Templates: Use templates for configuration files
- Vault: Encrypt sensitive data with Ansible Vault
- Testing: Test in a VM before production use
- Version Control: Keep playbooks in Git
Troubleshooting
Common Issues
1
2
3
4
5
6
7
8
9
10
11
| # Python not found
# Solution: Install python3-minimal on target
ansible kali -i inventory.ini -m raw -a "apt-get install -y python3-minimal"
# Permission denied
# Solution: Ensure user has sudo without password
ansible kali -i inventory.ini -m raw -a "echo 'kali ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/kali"
# Connection timeout
# Solution: Check SSH connectivity and firewall
ansible kali -i inventory.ini -m ping -vvv
|
Next Steps
- Add system hardening tasks (fail2ban, logwatch)
- Configure automated backups
- Set up monitoring and alerting
- Create playbooks for specific tool configurations
- Integrate with CI/CD pipelines
Resources
