Easily set up a complete Kali Linux penetration testing environment for CTFs and security research using GitHub Codespaces or Vagrant.
The easiest way to get started! Click the button below to launch a fully configured Kali Linux environment in your browser:
- β Zero Setup: No local installation required
- β Browser-Based: Works on any device with a web browser
- β Pre-configured: All CTF tools installed and ready to use
- β Fast: Powerful cloud VMs for resource-intensive tasks
- β Perfect for CTFs: Access from anywhere, collaborate easily
Once your Codespace launches (takes ~3-5 minutes for initial setup):
- Open the integrated terminal (it should open automatically)
- You'll see a welcome message with available tools
- Run
ctf-envto verify your environment is ready - Start hacking! π₯
This environment comes pre-loaded with essential CTF and penetration testing tools:
- BurpSuite Community Edition
- OWASP ZAP
- SQLMap
- Nikto
- Gobuster, Dirb, FFuF, WFuzz
- Nmap
- Netcat
- Wireshark, TCPDump
- DNSUtils, Whois
- Subfinder, HTTPx
- John the Ripper
- Hashcat
- Hydra
- Ghidra
- Radare2
- GDB with pwndbg
- Python pwntools
- ROPgadget, Ropper
- Volatility 3
- Binwalk
- Foremost
- Steghide
- ExifTool
- Metasploit Framework
- SearchSploit (Exploit-DB)
- Python z3-solver
- OpenSSL
- Base64, URL encoding/decoding tools
- Python 3 with pip (pwntools, pycryptodome, requests, scapy, angr)
- Go (latest)
- Java (OpenJDK 17)
- OWASP Juice Shop (pre-loaded)
# Start OWASP Juice Shop
juice-shop
# Access at http://localhost:3000 (port will auto-forward)# Start HTTP server on port 8000
python3 -m http.server 8000
# Or use alias
serve# Basic Nmap scan
nmap -sV -sC target.com
# Directory fuzzing
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt# John the Ripper
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
# Hashcat
hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt# Open in Ghidra
ghidra
# Use Radare2
r2 binary_file
# Debug with GDB
gdb binary_filesearchsploit apache 2.4msfconsole/root/
βββ ctf/
β βββ challenges/ # Store CTF challenges here
β βββ tools/ # Custom tools and scripts
β βββ scripts/ # Your solution scripts
β βββ wordlists/ # Custom wordlists
β βββ notes/ # CTF notes and writeups
βββ shared/ # Persistent files (synced with repo)
ll- Detailed file listingports- Show listening portsserve- Start HTTP servermyip- Get your public IPdecode64/encode64- Base64 encoding/decodingurldecode/urlencode- URL encoding/decodingjuice-shop- Start OWASP Juice Shop
SecLists wordlists are available in /usr/share/wordlists/seclists/
Common CTF ports (3000, 4444, 8000, 8080, 9000) are auto-forwarded. You can forward additional ports in the "Ports" tab in VS Code.
If you prefer running Kali Linux locally with VirtualBox:
# Start and provision the VM
vagrant up
# SSH into the VM
vagrant ssh
# Stop the VM
vagrant halt
# Destroy the VM
vagrant destroyThe Vagrant setup will:
- Download Kali Linux Rolling
- Configure 4GB RAM and 2 CPUs
- Install additional tools (Docker, VSCode, Tor)
- Set up custom shell aliases
- Mount
./shareddirectory to/home/vagrant/shared
Found a tool that should be included? Want to add helpful scripts or documentation? Contributions are welcome!
- Fork this repository
- Create a feature branch
- Add your improvements
- Submit a pull request
- GitHub Codespaces: Free tier includes 60 hours/month. Perfect for CTFs!
- Resource Usage: Some tools (like Hashcat) work best with GPU acceleration, which may not be available in Codespaces
- Persistent Storage: Files in
/root/shared/persist across Codespace rebuilds - Tool Updates: Run
apt update && apt upgradeto get latest versions
This environment is for educational purposes, authorized security testing, and CTF competitions only. Always ensure you have permission before testing any systems you don't own.
- Kali Linux Documentation
- CTFTime - Find CTF competitions
- HackTheBox - Practice platform
- TryHackMe - Guided learning
- PicoCTF - Beginner-friendly CTFs
Happy Hacking! π If you find this useful, give it a β!