The Dark Arts Of Cyber Security: Kali Linux In Docker

30 May 2025
The Dark Arts Of Cyber Security: Kali Linux In Docker

Are you versed in the dark arts of cyber security?

At last week’s Friday Tech talk on fending off massive cyber attacks using AWS Web Application Firewall I needed to simulate some malicious hackery. So I booted up Kali Linux for some fun.

Now this is super easy and any “script kiddy” can do it so it’s not like I am telling you how to crack into a bank or anything like that. But still for legal reasons here is a disclaimer: DO NOT USE THIS FOR ANYTHING ILLEGIAL OR MALACIOUS.This is just for fun and educational purposes.

Enter Docker:

I’m no info sec ninja but I do know when doing your hackery you want to keep a clean workspace. This means not having a bunch of random junk from your last exercises cluttering your workspace. I also like to have everything checked into version control so next time I feel like spinning it up I can just re-build a clean image.

So I decided to boot up the docker image. This was easy enough but what I found is that the vanilla Docker image didn’t have any of the packages installed by default. It took me a minute to figure out what was going on but after a little googling I found that they had the exact tools I needed to DoS and SQL Inject myself in a package called kali-tools-web. So I whipped up a little Dockerfile and within minutes I was able to simulate attacks against my website.

docker-compose.yml

version: "3.9"

services:
  kali:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: kali
    tty: true
    stdin_open: true
    entrypoint: ["/bin/sh"]

Dockerfile

FROM kalilinux/kali-rolling:latest
RUN apt update
RUN apt full-upgrade -y
RUN apt install -y kali-tools-web

There is no CMD since the docker-composer.yml specifies that entry point.

Hint Of More To Come:

Being as I run a business that simulates cloud infrastructure going down I would be silly not to incorporate these tools into the actual Cloud War Game live events. So consider this your warning/hint if you plan to participate in a CWG event: Kali tools are fair game. (Plus I always feel like a bad ass when I get to do some cyber security red teaming).

What Kali Linux Tools Are You Using?

Have you used Kali Linux to secure your infrastructure from cyber threats? If so, what tools have you used? Any tips?