I've been occasionally called upon to do more offensive security work.
Traditionally, the basic toolset would be Kali Linux in a virtual machine.
However, a few years ago it become possible to run it directly in Windows under WSL2, as a much neater and quicker approach.
Later, for an even lighter solution, Docker images of Kali became available.
Earlier this year, Apple released native containerisation support in MacOS, and running Kali containers on Macs becames an intriguing option.
Background
Official summary can be found in the Apple announcement
In short, the announcement states that "The Containerization framework enables developers to create, download, or run Linux container images directly on Mac.".
Examples of some use cases are provided.
More details are available on container Github page
To sum up:
- It's well integrated and fast
- One VM & IP per container
- No
docker compose
- Officially supported only in the next MacOS release
- Some networking limitations
- That I have not yet been able to replicate
- Some other teething problems (see below)
Trying to figure it out
Searching around published posts brings exactly the same guidance in each, as a simple 1-2-3 sequence:
install the container framework (install any extras too):
brew install --cask container
start the container services:
container system start
Launch Kali Linux container - same syntax as docker
:
container run --rm -it kalilinux/kali-rolling
Or, same but with a local directory mount (aka shared folder):
container run --rm -it -v $(pwd):/mnt -w /mnt kalilinux/kali-rolling
However... that doesn't quite work.
The Missing Parts
The install works fine and Kali launches.
However there are no tools at all.
Searching for a bit will show the official docs suggest that while rolling
is the correct choice, we need to install the kali-linux-headless
package to get the tools.
Before going ahead with that - actually trying to do so will throw up this error:
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module)
Ignoring that leads to a forced "choose your keymap" dialog and there is no English option available.
One solution is to suppress the dialogs like so:
apt install apt-utils
echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
Once that's done, we can go ahead and make Kali functional:
apt update && apt -y install kali-linux-headless
With the above done, we now have the default tools such as nmap, various msf* utilities, and so on.
Initial experience
The good
With the install out of the way: this thing flies.
The launch is almost instant, tools run fast, and the first few minutes are very promising.
The container
commands appear to be exactly the same as docker
terminal commands, so there is container ls
to list what's running, container stop
etc - this makes this very easy jump into if your familiar with Docker. It's basically that, without compose, but quicker.
The not so good
As reported elsewhere, there are some teething problems with networking, that I have yet to replicate.
In my case however, I've ran into issues stopping containers, which is clearly another teething problem. Neither stop
nor kill
options would do anything, even container system stop
hangs.
Being an early, actively developed piece of software, there are bound to be issues - as can be seen from the Github issues page.
Summary
I am looking forward to seeing where this goes. The performance is great.
Like any new project, there are abound to be issues - and especially as the expected platform is the next MacOS release, not the current one, there are definitely going to be issues that would require an OS upgrade to address.
In the mean time, I am going to continue to rely on a VM for my use cases but will watch this development with keen interest.