dotfiles-Kali

Role Stable

The Kali node — Core + apt OS layer + a unique offensive role layer for authorized engagements.

Highlights

  • engagement scaffolding
  • scope-first workflow
  • NetExec / BloodHound CE
  • WSL2 mirrored net

How it fits

The Role layer — Operator role — offensive or defensive — stacked on top of an OS layer. It builds on Core, which is vendored into its core/ directory. See the three-layer model for how the layers compose.

Getting started

git clone https://github.com/dotgibson/dotfiles-Kali ~/dotfiles-Kali
cd ~/dotfiles-Kali
./bootstrap.sh                 # apt base + offensive tools + symlinks
wsl.exe --shutdown             # from Windows, after dropping windows.wslconfig.example

Built for Kali on WSL2. Flags: --no-offensive (skip the heavy tool install), --links-only.

What actually bites

  • Three layers, not two — Kali adds an offensive stage to the zsh loader (… os offensive local), slotted after os so paths/clipboard resolve first and before local so a machine override still wins. It is Debian-family (apt) and its own lineage — not stamped from Fedora.
  • Engagement data never lives in the repo — Everything goes under ~/engagements (outside any git tree); the paranoid .gitignore is only a backstop. mkengagement writes scope/scope.txt first — installing a tool is not permission to point it at anything.
  • The naming changes that bite — CrackMapExec is gone — it is nxc (NetExec) now, the single highest-leverage tool in the kit. BloodHound is Community Edition; the bhce helper drives nxc’s --bloodhound module for a CE-ready collection.
  • WSL2 is NAT’d — A listener / reverse shell / C2 in Kali is not LAN-reachable until you set networkingMode=mirrored in the Windows-side %UserProfile%\.wslconfig (Win11 22H2+) — not /etc/wsl.conf.

Read next