You down with SOE?... Yeah you know me!

Every engagement I perform I have a standard set of tools I use. Many of these tools are included in popular Penetration Testing Linux Distros, such as Kali Linux, but as I have been testing longer, I find that many of the tools I do not need. I have also found issue with Kali's stability between builds and tools always working. A few months ago I decided to start rolling my own distro, and this is what has become of it.

To start, I am using a xUbuntu 18.04 base image. This lets me use most of the tools I regularly use without much setup, and is the distribution I am most comfortable with using. I simply install the base xUbuntu image in a new VM and setup the primary account and change the root password. I then place my SSH public key in the ~/.ssh/authorized_keys file on the xUbuntu image, install SSH, and set SSH to start on boot by issuing the command sudo systemctl enable ssh. At this point I test to make sure SSH is working, then I shut down the VM, and create a OVA file.

The OVA file is an Open Virtualization Archive and essentially zips up the machine so you can deploy when you want to. I got tired of manually rolling the new VM per engagement, and installing all my tools beforehand made the OVA about 8GB (base install is around 4GB). I created a Python wrapper script to do a few things:

  1. Clone a template folder to a new "customer" folder (Named based on user input).
  2. Clone the Template OVA to a new customer VM which is placed inside the customer folder.
  3. Start the new VM.
  4. Discover the IP address of the new VM.
  5. Run an ansible playbook against the new VM to update, install tools, and configure the environment so it is ready for a new engagement.
The script is released here:

Currently the script is designed for a Mac base OS, but I will be updating to work using Ubuntu as a base OS as well.

The Setup:
To setup, just clone the repo

git clone
cd SOE_Deploy

Modify the config.txt file for your environment

basePath = /home/[username]/Documents/customers
OVATemplate = xUbuntu-64-master.ova
privKeyLoc = /home/[username]/.ssh/id_rsa_soe
SOEuser = [soe_username]

At this point, simply run the SOE_setup script

[Enter Customer Name]
... Wait ...

When finished, you should have a fully configured SOE for your next engagement.

Have thoughts or suggestions for improvement? Let me know or submit a pull request!

Popular Posts