We have worked on Kaboxer for 18 months. Now, just before Kali2021.1, the Kaboxer is ready to greet “Hello World”, and start shipping your applications .
The bottom line – What’s the deal?
Kaboxer, what is his name? Kali Application Boxer
This is what it means. Applications in containers for packages, which are a solution for those applications that can’t be packaged properly. They are not standalone containers but rather integrated in the Kali package management system and can be used to install/remove via standard apt commands.
Okay. What does Kaboxer do? Kaboxer packages not every tool. You need to satisfy many criteria, including some bizarre dependency trees and system modifications. It may be necessary to access a legacy library or to modify a configuration that could cause problems in another program. How do you go about it? To make things easier for tool writers, we work late trying to fix it or are unable to pack it.
Enter Kaboxer. Containers allow us to put non-standard packages into containers, integrate them with other parts of the operating system and then bundle them up in the packaging ecosystem. You can simply apt-install the Kaboxer program without any additional steps.
What does Kaboxer do for me? Kaboxer can be used in a variety of situations, depending on the person using it.
- It is transparent, so it will not be noticed by anyone using Kali Linux. There are more options!
- This is an exciting time for Kali developers.
- .
- There is still hope for tool authors who want to have their software translated into Kali.
What is the downside to Kaboxer’s software? Because it uses containers, the size of the application may be bigger. Although the package itself will not be large, it will automatically download all the necessary containers. This can even happen for simple applications.
What’s the future of Kaboxer and Kali Linux? Do you know that Kaboxer is allowing you to use these tools via Kali Linux? These tools won’t be included in our default install because of the increased size for ISO images.
Overview
Many tools are useful for Kali users but they have problems shipping as *.deb
package. The tools could also be the reason.
- They are not designed with system integration and packaging in mind. These people assume that they are able to install certain versions of libraries or patch libraries or get pieces of software during runtime, rather than installing them at installation time. It is against software engineering standards.
-
They may feel that they have the right to use any application or operating system they like. This should be forbidden and software must be kept separate. These actions have been seen:
- Create users with particular UIDs/GIDs
- Use paths which are not compatible with the Filesystem Hierarchy Standard.
- TCP and UDP ports can be used to access services that are normally affected by other services.
- Convert existing services.
- The software cannot trust itself if it interacts with other servers, even if this is by an insecure way. It may therefore be wise to separate such software from sensitive or valuable data.
Containerization is a way to achieve the above mentioned isolation. Containerization allows an application to run in isolation, with greatly reduced interactions with other parts of the system such as users, services and files. ).
Design choices
We are open to supporting other containers solutions but we chose to use Docker. The Docker container is widely known and well-proven. It also benefits from an extensive ecosystem of images that will ensure its continued viability. You can configure Docker containers in numerous ways so that you have the integrations that you need between the containers and the host system.
Kaboxer’s value lies in its ability to connect docker containers and the host system using the standard docker features like port redirections and mount points, as well as integration with menu entries on the desktop. In one YAML file, all these integrations are described, along with instructions for building or retrieving the docker images.
This is the single YAML file in the .deb
packages that are provided in Kali. The post-installation script for those packages will transparently down load the image and make the application ready to use.
Images of the Build of Docker
Kaboxer also facilitates the build of docker images. However, there is no magic. It boils down to calling Docker Build
on a particular Dockerfile
using a few variables.
The packager must create the Dockerfile. However, this step is not necessary if the upstream project has either a Dockerfile already or a ready to use docker image.
Publication Docker images
We have made this step so tedious that GitLab CI has automated it. will automatically rebuild and store the docker images associated with each change we make to a repository for a “kaboxed”, such as covenant.
Incorporation of images in the system
After the app has been containerized we need to still make it accessible to the user seamlessly. It shouldn’t be obvious to the user that an app is running in a container.
As we have already stated, users can still interact with Kali packages for installing and removing containerized apps. However, those packages are mostly empty shells that run Kaboxer commands from the maintainer scripts. You can also get and.desktop
files to allow applications to be launched from your desktop. They can also be used as command-line tools so they can be run from a terminal, without needing to be familiar with Kaboxer.
Users need elevated permissions to be able run docker containers. We modified Kali to give these permissions automatically to those users who were created during initial installation. Other users will need to be added the Kaboxer group ( Adduser $USER Kaboxer
).
Kaboxer allows users to create volumes that are shared between containers and hosts. This provides persistence, even when containers fail to last. Depending on your application type, you may need additional integrations.
- We need to have the socket host X11 available in order for GUI applications to work.
- Web applications require that the HTTP port be exposed and the browser at the correct URL is started.
These basic functions are met by the Kaboxer’s current features, but there is a possibility that additional integrations may be needed in the future.
If you still want to learn more about Kaboxer, please see its
, and
.
You can see examples of real-world applications in our “Kaboxed” apps:
- is a framework that highlights the attack surface for.NET. Covenant is a Web application that runs in the browser and a server called Covenant.
- is a browser. We chose it because it’s a large, complex GUI application.
- is the official NMAP GUI. Zenmap uses deprecated libraries, which aren’t available under Kali Linux.
Do you want to try it?
[email protected]:~$ sudo apt update && sudo apt -y install covenant-kbx ... [email protected]:~$ [email protected]:~$ covenant-kbx Usage: covenant-kbx start|stop [email protected]:~$ [email protected]:~$ covenant-kbx start >>> Initializing user data in ~/.local/covenant/data >>> Starting covenant Please wait during the start, it can take a long time... >>> Opening https://127.0.0.1:7443 with a web browser covenant/default started Press ENTER to exit [email protected]:~$ [email protected]:~$ ss -at | grep 7443 LISTEN 0 4096 0.0.0.0:7443 0.0.0.0:* [email protected]:~$
Do not forget to open up https://localhost:7443
in a web browser!
You can explore Kaboxer and discover what’s going on under the hood.
[email protected]:~$ kaboxer usage: kaboxer [-h] [-v] run,start,stop,get-meta-file,get-upstream-version,prepare,upgrade,list,ls,build,install,clean,push,save,load,purge ... kaboxer: error: the following arguments are required: action [email protected]:~$ [email protected]:~$ kaboxer ls App Installed version Available version Packaging revision from YAML Packaging revision from image -------- ------------------- ------------------- ------------------------------ ------------------------------- covenant 0.6 - 1 1 [email protected]:~$
You can also search packages that end with or -kbx
to see which programs use Kaboxer in Kali.
:~$ apt-cache search --names-only '-kbx$' covenant-kbx - .NET command and control framework firefox-developer-edition-en-us-kbx - Mozilla Firefox web browser - Developer Edition - en-US zenmap-kbx - The Network Mapper Front End :~$