Kali config script and Dotfiles explained

Updated on 2026-02-14

TLDR: Personal Kali Linux configuration (dotfiles, terminal/prompt config, browser policies/extensions and Burp/BApps settings).

Use at your own risk on a fresh Kali install pasting the following commands on the terminal:

1
git clone https://github.com/haxowl/kaliconfig.git
2
cd kaliconfig
3
chmod 777 install.sh
4
./install.sh

⣿⣿⣿⣿⣿⣿⣿⣿⣿⣟⡟⢿⡿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢟⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠄⠐⠛⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠁⠄⢾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡉⡀⠄⠄⣀⠛⠛⠉⠁⠄⠄⠈⠉⠛⠛⣀⠤⠄⢀⢩⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡠⠄⠑⣿⣅⡀⠄⢐⢂⡰⡀⡀⣄⣼⣿⠊⠄⢰⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⢁⢔⠄⠄⠛⣿⣶⣮⠛⢟⣤⣾⡿⠛⠄⡀⡢⡈⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡁⠎⣼⡇⠄⣶⣷⠉⠹⠃⠸⠏⠉⣶⣦⠄⢸⣧⢱⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⠄⢆⢿⣿⣄⡈⠁⣀⡼⢡⡄⢕⣀⡈⢁⣠⣿⡛⡸⠄⣹⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠈⠢⣙⡛⠻⠟⠛⠃⢸⡇⠘⠟⠻⠛⢋⣉⠜⠁⠰⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠄⠄⠈⠉⠋⠛⠉⠶⡘⢁⠶⠙⠙⠙⠉⠁⢀⠄⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠄⠄⠄⠐⡽⡰⠄⡠⡄⠄⠁⠈⣀⢠⢀⣐⣄⠻⠢⠄⠄⠠⢻⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡏⠄⠄⠄⠄⠃⠗⡜⣿⣿⣽⡄⠰⣯⣿⣿⠢⠹⠔⠄⠄⠄⠄⢽⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⡯⢢⠂⠄⠄⠄⠄⠄⠘⢇⠉⣸⣼⣻⢇⢇⡸⠁⠄⠄⠄⠄⠄⠐⡄⣟⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣧⠄⠄⠄⠄⠄⠄⠄⠄⠄⠑⢄⢻⡟⠠⢉⠁⠄⠄⠄⠄⠄⠄⠄⢸⣾⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⡧⠤⠁⠄⠄⠄⠄⠄⠄⠄⠄⠄⠊⠁⠁⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⢻⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣶⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠐⣾⣾⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣗⣠⡆⢐⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠄⠆⢰⡐⣺⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣯⡷⠠⢰⠁⡀⠄⠄⠄⠄⠄⠄⠄⠄⡀⠄⠄⠄⡄⠈⢷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣾⣀⣗⣶⠃⡐⠈⠂⠄⠄⠄⠄⠘⠁⢀⠈⣶⣧⡀⢷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣾⣿⣿⣾⣶⡅⠄⠢⡄⢠⡔⠄⢿⣤⣧⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣾⣶⣿⣶⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿

This is my personal config, nothing fancy and far from perfect but it works for me and it might work for you too.

Tested on Kali 2025.4 running on VMWare Workstation 17.x

My main intention for this project is to have a ready-to-go kali VM for each new client.

Credits: thegoodhackertv ippsec pimpmykali blacklanternsecurity

About the files

README.md - usage notes and quick instructions. It instructs cloning the repo and running install.sh.

install.sh - bash script to perform the setup, full details below.

zshrc , p10k.zsh , kitty.conf , qterminal.ini , tmux.conf.local - shell prompt and shell config: full prompt setup, ZSH plugins, terminal config and tmux shortcuts.

policies.json , UserConfigCommunity.json - Firefox / BurpSuite policies: installs specific Firefox extensions and configures Firefox prefs, same for Burp.

install.sh dissection

A Kali Linux post-install automation script
Installs red-team toolkit
Customizes XFCE desktop
Configures Zsh + tmux
Sets up Burp, Metasploit, AD tools
Adds privilege escalation binaries
Tweaks system settings

1
#!/bin/bash

Tells the system to run the script using Bash.

1
if [ "$UID" -eq 0 ]; then
2
    echo "Cannot run as root."
3
    exit 1
4
if [ -n "$SUDO_USER" ]; then
5
    echo "Do not use sudo"
6
    exit 1

If current user is root, stop execution.
If script is launched with sudo, stop execution.
The script wants to run as a normal user, and only use sudo internally.

1
RPATH=`pwd`

Stores current working directory in variable RPATH.
Used later to copy config files from the script’s directory.

1
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/presentation-mode -s true --create --type bool
2
xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/show-tray-icon -s true --create --type bool

Enables presentation mode.
Shows power manager tray icon.
Prevents sleep/auto-lock/screensaver.

1
sudo apt update -y
2
sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y

Updates package lists.
Upgrades all installed packages.
Avoids interaction during installation.

1
sudo apt remove -y python3-httpx

Removes python3-httpx to avoid conflict prevention.

1
sudo DEBIAN_FRONTEND=noninteractive apt install -y python3 python3-pip feh scrot scrub xclip xsel fastfetch wmname acpi imagemagick python3-pip lsd bpython open-vm-tools-desktop open-vm-tools pipx git python3-argcomplete netexec bat bloodhound gowitness eaphammer seclists bettercap jq kitty rlwrap font-manager cyberchef gobuster nuclei neovim golang subfinder docker.io docker-compose bloodyad certipy-ad feroxbuster oscanner redis-tools sipvicious tnscmd10g libpcap-dev sshpass sliver nishang ssh-audit dnsx airgeddon wifiphisher autorecon coercer openfortivpn libpcap-dev

Installs:
Core tools: python3, pip, git, golang
Recon tools: nuclei, gobuster, subfinder, dnsx
AD tools: bloodhound, certipy-ad
Wireless tools: airgeddon, wifiphisher
Offensive tools: bettercap, sliver
Docker
Editors: neovim
Terminal tools: kitty, bat, lsd
And many more

1
rm -rf ~/.oh-my-zsh
2
yes | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
3
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
4
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
5
rm -f ~/.zshrc
6
cp -v $RPATH/zshrc ~/.zshrc

Deletes existing Oh My Zsh.
Installs fresh version automatically.
Adds shell autocompletion & syntax highlighting.
Replaces user’s .zshrc config with custom one.

1
rm -rf ~/.tmux
2
git clone https://github.com/gpakosz/.tmux.git ~/.tmux
3
ln -s -f ~/.tmux/.tmux.conf ~/
4
cp -v $RPATH/tmux.conf.local ~/.tmux.conf.local

Installs popular tmux config.
Applies custom configuration.

1
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k
2
rm -f ~/.p10k.zsh
3
cp -v $RPATH/p10k.zsh ~/.p10k.zsh

Installs fancy Zsh theme.
Applies config.

1
sudo timedatectl set-timezone "Europe/Madrid"

Changes system timezone.

1
mkdir /tmp/fonts
2
wget https://github.com/ryanoasis/nerd-fonts/releases/download/v3.3.0/Hack.zip -O /tmp/fonts/Hack.zip
3
unzip /tmp/fonts/Hack.zip -d /tmp/fonts
4
sudo font-manager -i /tmp/fonts/*.ttf

Downloads Hack Nerd Font:
Install via font-manager

1
sudo msfdb init

Sets up Metasploit database.

1
sudo git clone https://github.com/Flangvik/SharpCollection /opt/sharpcollection
2
sudo git clone https://github.com/dirkjanm/krbrelayx /opt/krbrelayx
3
sudo git clone https://github.com/coffinxp/loxs.git /opt/loxs
4
sudo pip3 install -r /opt/loxs/requirements.txt --break-system-packages
5
sudo wget https://download.sysinternals.com/files/SysinternalsSuite.zip -O /opt/SysinternalsSuite.zip
6
sudo unzip /opt/SysinternalsSuite.zip -d /opt/SysinternalsSuite
7
sudo rm /opt/SysinternalsSuite.zip
8
sudo wget https://cdn.sanity.io/files/r09655ln/production/c3f3789f35a16bbf88fa6a656a2cdab2369c3b3c.zip -O /opt/pingcastle.zip
9
sudo unzip /opt/pingcastle.zip -d /opt/pingcastle
10
sudo rm /opt/pingcastle.zip

Clones tools into /opt/, including:
SharpCollection
krbrelayx
pingcastle
sysinternalssuite

1
sudo mkdir /opt/misc
2
sudo wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh -O /opt/misc/linpeas.sh
3
sudo wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEAS.bat -O /opt/misc/winPEAS.bat
4
sudo wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASany.exe -O /opt/misc/winPEASany.exe
5
sudo wget https://github.com/peass-ng/PEASS-ng/releases/latest/download/winPEASx64.exe -O /opt/misc/winPEASx64.exe
6
sudo wget https://github.com/itm4n/PrivescCheck/releases/latest/download/PrivescCheck.ps1 -O /opt/misc/PrivescCheck.ps1
7
sudo wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy32 -O /opt/misc/pspy32
8
sudo wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy32 -O /opt/misc/pspy64
9
sudo wget https://raw.githubusercontent.com/gladiatx0r/Powerless/refs/heads/master/Powerless.bat -O /opt/misc/Powerless.bat
10
sudo wget https://raw.githubusercontent.com/The-Z-Labs/linux-exploit-suggester/refs/heads/master/linux-exploit-suggester.sh -O /opt/misc/linux-exploit-suggester.sh
11
sudo git clone https://github.com/carlospolop/cloudpeass /opt/cloudpeass
12
sudo wget https://github.com/ohpe/juicy-potato/releases/download/v0.1/JuicyPotato.exe -O /opt/misc/JuicyPotato.exe
13
sudo wget https://raw.githubusercontent.com/topotam/PetitPotam/refs/heads/main/PetitPotam.py -O /opt/misc/PetitPotam.py
14
sudo wget https://github.com/topotam/PetitPotam/raw/refs/heads/main/PetitPotam.exe -O /opt/misc/PetitPotam.exe
15
sudo wget https://raw.githubusercontent.com/maaaaz/nmaptocsv/refs/heads/master/nmaptocsv.py -O /opt/misc/nmaptocsv.py
12 collapsed lines
16
sudo wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET4.exe -O /opt/misc/GodPotato-NET4.exe
17
sudo wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET35.exe -O /opt/misc/GodPotato-NET35.exe
18
sudo wget https://github.com/BeichenDream/GodPotato/releases/download/V1.20/GodPotato-NET2.exe -O /opt/misc/GodPotato-NET2.exe
19
sudo wget https://github.com/jpillora/chisel/releases/download/v1.11.3/chisel_1.11.3_linux_amd64.gz -O /opt/misc/chisel_1.11.3_linux_amd64.gz
20
sudo wget https://github.com/jpillora/chisel/releases/download/v1.11.3/chisel_1.11.3_windows_amd64.gz -O /opt/misc/chisel_1.11.3_windows_amd64.gz
21
sudo gunzip /opt/misc/chisel_1.11.3_linux_amd64.gz
22
sudo gunzip /opt/misc/chisel_1.11.3_windows_amd64.gz
23
sudo chmod 777 /opt/misc/chisel_1.11.3_linux_amd64
24
sudo mv /opt/misc/chisel_1.11.3_windows_amd64 /opt/misc/chisel.exe
25
sudo wget https://raw.githubusercontent.com/jakehildreth/Locksmith/refs/heads/main/Invoke-Locksmith.ps1 -O /opt/misc/Invoke-Locksmith.ps1
26
sudo wget https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_linux_amd64 -O /opt/misc/kerbrute
27
sudo chmod 777 /opt/misc/kerbrute

Creates /opt/misc and downloads:
linpeas
winPEAS
PrivescCheck
pspy
PetitPotam
JuicyPotato
GodPotato
chisel
kerbrute
nmaptocsv
Locksmith
These are red-team / pentest utilities.

1
go install github.com/projectdiscovery/naabu

Installs port scanner.

1
sudo wget -O code-latest.deb 'https://code.visualstudio.com/sha/download?build=stable&os=linux-deb-x64'
2
sudo DEBIAN_FRONTEND=noninteractive apt install -y ./code-latest.deb
3
sudo rm code-latest.deb

Install VSCode.

1
nuclei
2
sudo nuclei

Initialize Nuclei Templates

1
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ""

Creates SSH keypair with empty passphrase.

1
sudo mkdir /usr/local/lib/BurpSuite
2
sudo wget https://repo1.maven.org/maven2/org/jruby/jruby-complete/9.4.9.0/jruby-complete-9.4.9.0.jar -O /usr/local/lib/BurpSuite/jruby-complete.jar
3
sudo wget https://repo1.maven.org/maven2/org/python/jython-standalone/2.7.4/jython-standalone-2.7.4.jar -O /usr/local/lib/BurpSuite/jython-standalone.jar
4
sudo chmod 0644 /usr/local/lib/BurpSuite/jruby-complete.jar
5
sudo chmod 0644 /usr/local/lib/BurpSuite/jython-standalone.jar
6
/bin/bash -c "timeout 45 /usr/lib/jvm/java-21-openjdk-amd64/bin/java -Djava.awt.headless=true -jar /usr/share/burpsuite/burpsuite.jar < <(echo y) &"
7
sleep 30
8
curl http://localhost:8080/cert -o /tmp/cacert.der
9
sudo cp -v /tmp/cacert.der /usr/local/share/ca-certificates/BurpSuiteCA.der
10
sudo chmod 0644 /usr/local/share/ca-certificates/BurpSuiteCA.der
11
sudo rm /tmp/cacert.der
12
sudo cp -v $RPATH/UserConfigCommunity.json ~/.BurpSuite/UserConfigCommunity.json

Creates /usr/local/lib/BurpSuite
Downloads:
jruby
jython
Generates Burp CA certificate:
Launches Burp headless
Extracts cert
Installs into system CA store
Copies custom Burp config.

1
sudo cp -v $RPATH/policies.json /usr/share/firefox-esr/distribution/policies.json

Installs Burp certificate into Firefox.
Installs extensions.

1
mkdir ~/.config/kitty
2
cp -v $RPATH/kitty.conf ~/.config/kitty/kitty.conf
3
cp -v $RPATH/qterminal.ini ~/.config/qterminal.org/qterminal.ini

Terminal Config
kitty.conf
qterminal.ini

1
mkdir ~/tmuxlogs
2
echo "tmux pipe-pane -o 'cat >>~/tmuxlogs/tmux.#H.#S.#I.#P_%Y.%m.%d_%H.%M.%S.log'" >> ~/tmux_start_logging.sh
3
chmod 777 ~/tmux_start_logging.sh

Logs all tmux sessions automatically.

1
xfconf-query -c xfce4-panel -p /plugins/plugin-5/items -t string -a -s 'kali-burpsuite.desktop' --create
2
xfconf-query -c xfce4-panel -p /plugins/plugin-6/items -t string -a -s 'xfce-text-editor.desktop' --create
3
xfconf-query -c xfce4-panel -p /plugins/plugin-7/items -t string -a -s 'firefox-esr.desktop' --create
4
xfce4-panel --add=launcher
5
xfconf-query -c xfce4-panel -p /plugins/plugin-23/items -t string -a -s 'code.desktop' --create
6
xfce4-panel --add=launcher
7
xfconf-query -c xfce4-panel -p /plugins/plugin-24/items -t string -a -s 'kitty.desktop' --create
8
xfconf-query -c xfce4-panel -p /panels/panel-1/plugin-ids -a -t int -s 1 -t int -s 2 -t int -s 3 -t int -s 4 -t int -s 5 -t int -s 6 -t int -s 7 -t int -s 23 -t int -s 24 -t int -s 8 -t int -s 9 -t int -s 10 -t int -s 11 -t int -s 12 -t int -s 13 -t int -s 14 -t int -s 15 -t int -s 16 -t int -s 17 -t int -s 18 -t int -s 19 -t int -s 20 -t int -s 21 -t int -s 22
9
xfconf-query -c xfce4-panel -p /plugins/plugin-19/digital-layout -t int -s 1
10
xfconf-query -c xfce4-panel -p /plugins/plugin-1/favorites -a -n -t string -s 'kitty.desktop' -t string -s 'firefox-esr.desktop' -t string -s 'code.desktop' -t string -s 'kali-burpsuite.desktop' -t string -s 'xfce-text-editor.desktop' -t string -s 'xfce4-terminal-emulator.desktop' -t string -s 'root-terminal.desktop' -t string -s 'xfce4-file-manager.desktop' -t string -s 'exploit-database.desktop' -t string -s 'vulnhub.desktop'
11
xfconf-query -c thunar -p /last-show-hidden -t bool -s true --create
12
xfconf-query -c xfce4-panel -p /plugins/plugin-11/show-labels -t bool -s true --create
13
xfconf-query -c xfce4-panel -p /plugins/plugin-11/grouping -t bool -s false --create

Uses xfconf-query to:
Add launchers:
Burp
Firefox
VSCode
Kitty
Reorder panel
Set clock layout
Add favorites to menu
Show hidden files
Adjust window button behavior

1
sudo cp -v $RPATH/idorfuzz.txt /usr/share/seclists/idorfuzz.txt

Adds custom wordlist to SecLists.

1
sudo wget https://github.com/bol-van/zapret/releases/download/v72.9/zapret-v72.9.zip
2
sudo unzip zapret-v72.9.zip
3
sudo mv zapret-v72.9 /opt/zapret

Downloads zapret DPI Bypass.

1
sudo updatedb

Update locate Database

1
sudo runuser -u postgres -- psql -c 'ALTER DATABASE postgres REFRESH COLLATION VERSION; ALTER DATABASE template1 REFRESH COLLATION VERSION;'

Fix PostgreSQL Collation.
Fixes locale mismatch issues.

1
sudo rm -rf ~/github
2
sudo rm -rf $RPATH

Cleanup
Deletes:
~/github
Entire directory where script was run

1
echo -e "\n[+] Input new ROOT password!\n"
2
sudo passwd root
3
echo -e "\n[+] Input new KALI password!\n"
4
sudo passwd kali

Prompts user to:
Set root password
Set kali password