What is PimpMyKali?
PimpMyKali is a post-installation script that automates the setup, customization, and configuration of tooling within Kali Linux. From installing essential penetration test tooling to configuring system settings to streamlining the setup process, PimpMyKali is a tested script that takes the headache, research, and guesswork out of proper Kali installation and tuning.
Find the code repo here:
Introducing PMK v2.0
The pentesting tooling landscape is dynamic. Over time, tooling evolves: some tools become obsolete or deprecated, while new tooling emerges. Additionally, GitHub repository URLs may change, or installation methods can be updated or changed. One of the cardinal rules of cyber security is “update and patch” and this applies to your pentest tools as well.
PimpMyKali v2.0 is an update for installed tooling and installation methods and addresses any issues prior to the v2.0 release ensuring the environment stays current and effective.
What are the Benefits/What’s New?
New Features
Added menu option verification before execution (feature request)
- On-screen notification of which menu option is selected
- y or Y to continue
- n or N returns to main menu
Defaults to python3 and pip for python3
Updated ‘is package installed’ lookup to use apt-cache
- speed improvement on lookup of installed/not installed packages
Added speedrun variable to bypass menu and prompts (feature request)
Added –auto command line switch, uses speedrun var (feature request)
- Sets speedrun var to 1
- Bypasses menu and prompts
- Enables root login
Added –autonoroot command line switch (feature request)
- Sets speedrun var to 1
- Bypasses menu and prompts
- Bypass enable root login
Added exit status checks on most functions
- Checks conducted via case statement
Updated –help menu with new command line switches
- –auto, –autonoroot, –bloodhound, –netexec, –cme, and many others
- sudo ./pimpmykali.sh –help (to view list and descriptions)
Added waybackrust to fix_all and fix_missing (feature request)
- Installs to /usr/bin/waybackrust
- Command line switch –wayback
Added plumhound
- Installs to /opt/PlumHound
- symlinks created /usr/local/bin/PlumHound.py and /usr/local/bin/plumhound
- Command line switch –plumhound
Added setup_binfmt_mount_service (feature request)
- Creates service to mount on boot /proc/sys/fs/binfmt_misc
- Added –binfmt command line switch
- Included setup_binfmt_mount_service in fix_missing
Added functions
- is_installed, is_installed_remove, is_installed_reinstall
- Reduces redundant code
- Adds exit status checks
install_pip2
- Installs pip2 if not already installed
- /usr/bin/pip2
install_pip3
- Installs pip3 if not already installed
- /usr/bin/pip
install_pipx
- Installs pipx
- pipx ensurepath
install_pip2_modules
- Installs required pip2 modules for older tooling
install_pip3_modules
- Checks for required modules, installs if not installed
check_dmidecode function
- Used in check_vm / fix_virtualbox function
Updated Functions
make_rootgreatagain updated with speedrun var
- If –auto is used, menu is bypassed
- The only prompt will be to set the password for the root account
- Moved make_rootgreatagain to the earliest part of the script in fix_all function
Nuke Impacket updated
- fix_sead_warning, fix_impacket_array, install_old_impacket
- Installs Impacket 0.9.19 side by side with Impacket latest
- Python3 and pip3 are the system-wide default
- /bin/python
- /usr/bin/pip
- Python2 and pip2 for python2
- /bin/python2
- /usr/bin/pip2
- –nukeimpacket command line arg uses speedrun var, bypasses prompts
fix_cme
- Installs crackmapexec from the Kali repo
fix_netexec, fix_nxc_symlinks
- Installs from github
- Creates symlinks
fix_seclists
- Installs from Kali repo
fix_smb function
- Checks /etc/samba/smb.con for client min protocol = lanman1
Install_golang
- Replaces function fix_golang
check_vm
- Ensures linux-headers are installed
fix_virtualbox
- Installs guest additions for the detected version of VirtualBox on the host-os
- Uses check_dmidecode function
fix_gowitness
- Installs the latest release from github
fix_pyftpdlib
- Installs pyftpdlib for python3
Replaced Functions
- python_pip_curl replaced with install_pip2
- fix_pipxlrd, fix_python_requests replaced with install_pip2_modules
Updated Menu
Removed deprecated menu items
Reduced over all number of menu items by using command line switches
Menu option N – New VM Setup
- Removed apt upgrade from function
Menu option 5 – Install Impacket
- Function will install Impacket latest from Kali repo
Updated Course Setup Installations
- Practical Bug Bounty
- C# 101 for Hackers
- Hacking IoT
- PEH WebLabs
- Hacking API
How to Install or Upgrade PimpMyKali
# Remove existing pimpmykali folder
rm -rf pimpmykali/
# Clone pimpmykali repository & enter the folder
git clone https://github.com/Dewalt-arch/pimpmykali
cd pimpmykali
# Execute the script - For a new Kali VM, run menu option 'N'
# (The script must be run with root privileges)
sudo ./pimpmykali.sh
# Or use one of the new command line switches
sudo ./pimpmykali.sh --auto
Issues, Suggestions or Feature Requests
Several of the quality-of-life features that improve the experience of using PimpMyKali were suggested by the community, so if you have an idea or have found an issue please let me know!
Please open an issue on the PimpMyKali Github at:
https://github.com/Dewalt-arch/pimpmykali/issues
Conclusion
From seasoned professionals to those just starting their cybersecurity journey, PimpMyKali has something for everyone. The beauty lies in the ability to simplify complex tasks without sacrificing functionality. It is an indispensable resource for anyone who uses Kali Linux regularly, with a significant impact on productivity. The time and effort saved are invaluable, making it an essential tool for penetration testers and digital forensic professionals.
About TCM Security
TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.
Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.