fbpx

What is PimpMyKali?

PimpMyKali is a post-installation script that automates the setup, customization, and configuration of tooling within Kali Linux. From installing essential penetration test tooling to configuring system settings to streamlining the setup process, PimpMyKali is a tested script that takes the headache, research, and guesswork out of proper Kali installation and tuning.

Find the code repo here:

https://github.com/Dewalt-arch/pimpmykali

Introducing PMK v2.0

The pentesting tooling landscape is dynamic. Over time, tooling evolves: some tools become obsolete or deprecated, while new tooling emerges. Additionally, GitHub repository URLs may change, or installation methods can be updated or changed. One of the cardinal rules of cyber security is “update and patch” and this applies to your pentest tools as well.

PimpMyKali v2.0 is an update for installed tooling and installation methods and addresses any issues prior to the v2.0 release ensuring the environment stays current and effective.

What are the Benefits/What’s New?

New Features

Added menu option verification before execution (feature request)

  • On-screen notification of which menu option is selected
  • y or Y to continue
  • n or N returns to main menu

Defaults to python3 and pip for python3

Updated ‘is package installed’ lookup to use apt-cache

  • speed improvement on lookup of installed/not installed packages

Added speedrun variable to bypass menu and prompts (feature request)

Added –auto command line switch, uses speedrun var (feature request)

  • Sets speedrun var to 1
  • Bypasses menu and prompts
  • Enables root login

Added –autonoroot command line switch (feature request)

  • Sets speedrun var to 1 
  • Bypasses menu and prompts
  • Bypass enable root login

 Added exit status checks on most functions

  • Checks conducted via case statement

Updated –help menu with new command line switches

  • –auto,  –autonoroot, –bloodhound, –netexec, –cme, and many others 
  • sudo ./pimpmykali.sh –help  (to view list and descriptions) 

Added waybackrust to fix_all and fix_missing (feature request) 

  • Installs to /usr/bin/waybackrust
  • Command line switch –wayback

Added plumhound 

  • Installs to /opt/PlumHound
  • symlinks created /usr/local/bin/PlumHound.py and /usr/local/bin/plumhound
  • Command line switch –plumhound

Added setup_binfmt_mount_service (feature request)

  • Creates service to mount on boot /proc/sys/fs/binfmt_misc
  • Added –binfmt command line switch
  • Included setup_binfmt_mount_service in fix_missing

Added functions

  • is_installed, is_installed_remove, is_installed_reinstall
  • Reduces redundant code
  • Adds exit status checks

install_pip2

  • Installs pip2 if not already installed
  • /usr/bin/pip2

install_pip3

  • Installs pip3 if not already installed
  • /usr/bin/pip

install_pipx

  • Installs pipx
  • pipx ensurepath

install_pip2_modules

  • Installs required pip2 modules for older tooling

install_pip3_modules

  • Checks for required modules, installs if not installed

check_dmidecode function

  • Used in check_vm / fix_virtualbox function

Updated Functions

make_rootgreatagain updated with speedrun var

  • If –auto is used, menu is bypassed
  • The only prompt will be to set the password for the root account
  • Moved make_rootgreatagain to the earliest part of the script in fix_all function

Nuke Impacket updated 

  • fix_sead_warning, fix_impacket_array, install_old_impacket
  • Installs Impacket 0.9.19 side by side with Impacket latest 
  • Python3 and pip3 are the system-wide default
    • /bin/python
    • /usr/bin/pip
  • Python2 and pip2 for python2
    • /bin/python2
    • /usr/bin/pip2
  • –nukeimpacket command line arg uses speedrun var, bypasses prompts

fix_cme

  • Installs crackmapexec from the Kali repo

fix_netexec, fix_nxc_symlinks

  • Installs from github
  • Creates symlinks

fix_seclists

  • Installs from Kali repo

fix_smb function

  • Checks /etc/samba/smb.con for client min protocol = lanman1

Install_golang

  • Replaces function fix_golang

check_vm

  • Ensures linux-headers are installed

fix_virtualbox

  • Installs guest additions for the detected version of VirtualBox on the host-os 
  • Uses check_dmidecode function

fix_gowitness

  • Installs the latest release from github

fix_pyftpdlib 

  • Installs pyftpdlib for python3

Replaced Functions

  • python_pip_curl replaced with install_pip2
  • fix_pipxlrd, fix_python_requests replaced with install_pip2_modules

Updated Menu

Removed deprecated menu items

Reduced over all number of menu items by using command line switches

Menu option N – New VM Setup 

  • Removed apt upgrade from function

Menu option 5 – Install Impacket

  • Function will install Impacket latest from Kali repo

Updated Course Setup Installations

  • Practical Bug Bounty
  • C# 101 for Hackers
  • Hacking IoT
  • PEH WebLabs
  • Hacking API

How to Install or Upgrade PimpMyKali

# Remove existing pimpmykali folder
rm -rf pimpmykali/

# Clone pimpmykali repository & enter the folder
git clone https://github.com/Dewalt-arch/pimpmykali
cd pimpmykali

# Execute the script - For a new Kali VM, run menu option 'N'
# (The script must be run with root privileges)
sudo ./pimpmykali.sh

# Or use one of the new command line switches
sudo ./pimpmykali.sh --auto

Issues, Suggestions or Feature Requests

Several of the quality-of-life features that improve the experience of using PimpMyKali were suggested by the community, so if you have an idea or have found an issue please let me know!

Please open an issue on the PimpMyKali Github at:
https://github.com/Dewalt-arch/pimpmykali/issues

Conclusion

From seasoned professionals to those just starting their cybersecurity journey, PimpMyKali has something for everyone. The beauty lies in the ability to simplify complex tasks without sacrificing functionality. It is an indispensable resource for anyone who uses Kali Linux regularly, with a significant impact on productivity. The time and effort saved are invaluable, making it an essential tool for penetration testers and digital forensic professionals.

About TCM Security

TCM Security is a veteran-owned, cybersecurity services and education company founded in Charlotte, NC. Our services division has the mission of protecting people, sensitive data, and systems. With decades of combined experience, thousands of hours of practice, and core values from our time in service, we use our skill set to secure your environment. The TCM Security Academy is an educational platform dedicated to providing affordable, top-notch cybersecurity training to our individual students and corporate clients including both self-paced and instructor-led online courses as well as custom training solutions. We also provide several vendor-agnostic, practical hands-on certification exams to ensure proven job-ready skills to prospective employers.

Pentest Services: https://tcm-sec.com/our-services/
Follow Us: Blog | LinkedIn | YouTube | Twitter | Facebook | Instagram
Contact Us: sales@tcm-sec.com

See How We Can Secure Your Assets

Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.

 

tel: (877) 771-8911 | email: info@tcm-sec.com