NixOS tailored for pentesting.
Think Kali / Parrot, but being a customisation of NixOS instead of being based on Debian.
It is meant to be installed and run from a NixOS host, using a qemu virtual machine.
# Pull the configuration
git clone git@github.com:Pamplemousse/tangerinixos.git
# Optional, to speed-up evaluation.
cachix use tangerinixos
# Build and run the VM
nix-shell -p nixos-generators --run "nixos-generate -f vm -c ./tangerinixos.nix --run"
- Use tangerinixos.cachix.org (updated using GitHub Actions) to speed-up the build by pulling cached binaries;
- Shared folder: Host's
/run/user/$(id -u)/nix-vm.<ID>
is mounted as/tmp/xchg
in VM; - SSH traffic is forwarded from host:
ssh rpaulson@127.0.0.1 -p 8022
to connect to the VM.
- VM configuration:
Is defined by the
nixos-generate -f vm
command given above, with no control over the image parameters, or the starting script. It would be great to be able define alternative networking options (interfacing, mapping of ports between host and guest, etc.). - Customizability:
It requires manual editing of files after the
clone
. It would be nice to offer higher level options. - Lack of packages:
Are We Hackers Yet? keeps track of the effort of bringing Kali packages into
Nixpkgs
. Not all are yet available, but it's getting there! Be part of the effort by contributing to NixOS for Pentesting Overview. - Too many packages (for maintenance):
Not all the packages from Kali available in
Nixpkgs
evaluate properly... Increasing the number of packages fortangerinixos
implies increasing the risk of evaluation (hence building) failures.
- The logo uses:
- A picture shared by Doudoulolita, CC BY-SA 3.0 https://creativecommons.org/licenses/by-sa/3.0, via Wikimedia Commons;
- Artwork from the NixOS organisation, CC BY 4.0, https://creativecommons.org/licenses/by/4.0/.