Knowledgebase
  • Welcome!
  • Threats
    • Software
      • Malware
      • Ransomware
      • Macros
    • Hardware
      • Flipper Zero
        • Firmware
          • 🐬flipperzero
            • Getting Started
          • 🐬flipper-xtreme
            • Wiki
              • Key Combos
              • Generic Guides
              • iButton key file format
              • SubGhz
              • How to add new SubGHz frequencies
              • Sub-GHz Remote
              • LF RFID key file format
              • NFC Flipper File Formats
              • Infrared Flipper File Formats
              • BadKB
              • Asset Packs
              • Unit tests
              • OTA Updates
              • How To Build
              • Hardware Targets
              • Flipper Build Tool
              • FAP (Flipper Application Package)
              • Flipper Application Manifests (.fam)
          • 🐬roguemaster
          • 🐬unleashed
    • Human
      • Advanced Persistent Threats (APTs)
      • Social engineering
      • Phishing
      • Typosquatting
    • Disinformation
      • Black Propaganda
      • White Propaganda
      • Grey Propaganda
      • Info Warfare
      • Political Warfare
      • Astroturfing
      • Greenwashing
      • Bluewashing
      • Whisper Campaigns
      • Push Polling
      • "Joe Jobs"
      • False Flags
      • Deep Fakes
  • About
    • Ports
      • 20
      • 21
      • 22
      • 23
      • 25
      • 587
      • 2323
      • 53
      • 80
      • 194
  • Tools
    • Radio Frequency & SubGHZ
      • gnuradio
      • hackrf
    • Digital Forensics
      • afflib
    • Reverse Engineering
      • binwalk
      • radare2
    • Hardware & Virtualization
      • qemu
      • freerdp2
      • util-linux
      • lvm2
    • VPN Providers
      • ProtonVPN
      • NordVPN
      • ExpressVPN
      • Surfshark
      • CyberGhost
      • Private Internet Access
    • Database, Cloud, & Firewalls
      • sqlmap
      • cewl
      • gobuster
      • fwbuilder
      • clamav
    • Enumeration & Lists
      • crunch
      • aflplusplus
      • ffuf
      • maltego
        • maltego-teeth
      • getallurls
    • Penetration Testing
      • beef-xss
      • wifite
      • burpsuite
      • metasploit-framework
    • Passwords & Auth
      • john
      • hashcat
      • hydra
      • cryptsetup
    • Surface Intelligence
      • theharvester
      • subfinder
      • dsniff
      • dnsrecon
      • dirb
      • nikto
      • legion
      • spiderfoot
    • Networks & Wireless
      • nmap
      • impacket-scripts
      • tcpdump
      • traceroute
      • wireshark
      • responder
      • aircrack-ng
      • netcat
      • kismet
      • ubertooth
      • routersploit
      • apache2
      • ettercap
      • bettercap
      • bettercap-ui
      • freeradius
      • bind9
      • samba
      • net-snmp
      • tcpreplay
    • Social Media
      • sherlock
    • Miscellaneous
      • git
      • libnfc
      • llvm-defaults
  • Operating Systems
    • Ubuntu
      • Installation
        • Switching
          • From Windows
          • From macOS
          • From a different Linux
        • Applications
        • Ubuntu PreInstalled
    • Linux Mint
      • Installation Guide
        • Verify your ISO image
        • Choose the right edition
        • Boot Linux Mint
        • Create the bootable media
        • Install Linux Mint
        • Hardware drivers
        • Language support
        • EFI
        • Multimedia codecs
        • System snapshots
        • Pre-installing Linux Mint (OEM Installation)
        • Where to find help
        • Boot options
        • Partitioning
        • Multi-boot
      • User Guide
        • Grub Boot Menu
        • Snap Store
        • Chromium
        • Bluetooth
        • Windows ISOs and multiboot USB
        • How to upgrade to Linux Mint 20
        • Edge ISO Images
        • Lost Password
        • Upgrades
        • Printers and Scanners
        • How to upgrade to Linux Mint 21
      • Troubleshooting Guide
        • Expectation
        • Responsibility
        • Change
        • Reproducibility
        • Observation
        • Environment
        • What
        • When
        • Why
        • Errors
        • Where
        • How
      • Translation Guide
        • Using Launchpad
        • Verify your translations
        • Localization
      • Developer Guide
        • Getting Started
          • Setup
          • Technology
        • Mint Tools
        • Cinnamon
        • XApps
        • Development
          • Daily Builds
          • Coding Guidelines
          • Optimizing JS with Cinnamon
          • Building
    • Kali Linux
      • Installation
        • Installing Kali Linux
        • Bare-bones Kali
        • Installing Kali on Mac Hardware
        • Dual Booting Kali with Linux
        • Making a Kali Bootable USB Drive
        • Dual Booting Kali with macOS/OS X
        • Dual Booting Kali with Windows
        • BTRFS Install (Kali Unkaputtbar)
        • Deploying Kali over Network PXE/iPXE Install
      • Virtualization
        • Running Kali Linux as a Virtual Machine in Windows
        • Installing VMware on Apple Silicon (M1/M2) Macs (Host)
        • Customizing a Kali Vagrant Vagrantfile
        • Kali inside Proxmox (Guest VM)
        • Installing VMware on Kali (Host)
        • Installing VirtualBox on Kali (Host)
        • Import Pre-Made Kali VMware VM
        • Kali inside Parallels (Guest VM)
        • Kali inside Vagrant (Guest VM)
        • Kali inside VMware (Guest VM)
        • Kali inside VirtualBox (Guest VM)
        • Import Pre-Made Kali VirtualBox VM
        • Kali inside Hyper-V (Guest VM)
        • Kali inside UTM (Guest VM)
        • Kali inside QEMU/LibVirt with virt-manager (Guest VM)
        • Improving Virtual Machine Performance for VMware
        • Installing VMware Tools (Guest Tools)
        • Installing VirtualBox Guest Addition (Guest Tools)
        • Installing Hyper-V Enhanced Session Mode (Guest Tools)
        • Converting VMX to an OVA
      • USB
        • Making a Kali Bootable USB Drive (Linux)
        • Making a Kali Bootable USB Drive (macOS/OS X)
        • Updating Kali Linux on USB
        • Making a Kali Bootable USB Drive on Windows
        • Standalone Kali Linux 2021.4 Installation on a USB Drive, Fully Encrypted
        • Adding Persistence to a Kali Linux Live USB Drive
        • Adding Encrypted Persistence to a Kali Linux Live USB Drive
        • USB Boot in VirtualBox
        • USB Boot in VMware
      • Kali On ARM
        • BeagleBone Black
        • Acer Tegra Chromebook 13" (Nyan)
        • ASUS Chromebook Flip (Veyron)
        • Banana Pro
        • Banana Pi
        • CubieBoard2
        • CuBox-i4Pro
        • CubieTruck (CubieBoard3)
        • Gateworks Newport
        • CuBox
        • Gateworks Ventana
        • NanoPi NEO Plus2
        • NanoPi2
        • Mini-X
        • NanoPC-T3
        • ODROID-C0/C1/C1+
        • ODROID-XU3
        • ODROID-U2/U3
        • ODROID-C2
        • Pinebook
      • Containers
        • Kali Linux LXC/LXD Images
        • Official Kali Linux Docker Images
        • Installing Docker on Kali Linux
        • Using Kali Linux Docker Images
        • Using Kali Linux Podman Images
      • WSL
        • Win-KeX SL
        • Win-KeX ESM
        • Preparing a system for WSL
        • Win-KeX
        • Win-KeX Win
      • Cloud
        • Digital Ocean
        • AWS
        • Azure
        • Linode
      • Kali NetHunter
        • Installing NetHunter On the OnePlus 7
        • Installing NetHunter On the Gemini PDA
        • Installing NetHunter
        • Installing NetHunter On the TicWatch Pro 3
        • Installing NetHunter On the TicWatch Pro
        • NetHunter Application - Terminal
        • NetHunter BadUSB Attack
        • NetHunter Bluetooth-Arsenal
        • NetHunter Chroot Manager
        • NetHunter Components
        • NetHunter Custom Commands
        • NetHunter Home Screen
        • NetHunter DuckHunter Attacks
        • NetHunter HID Keyboard Attacks
        • NetHunter Exploit Database SearchSploit
        • NetHunter Kali Services
        • NetHunter MAC Changer
        • NetHunter MANA Evil Access Point
        • NetHunter Man In The Middle Framework
        • NetHunter KeX Manager
      • Tools
        • Installing Tor Browser on Kali Linux
        • Kali Tools
        • Installing snapd on Kali Linux
        • Metasploit Framework
        • Installing Flatpak on Kali Linux
        • Submitting tools to Kali
        • Removed Tools From Kali
      • Troubleshooting
        • Discovering Problems With Download Speed
        • Common Cloud Based Setup Information
        • The Basics of Troubleshooting
        • Troubleshooting Installations Failures
        • Troubleshooting Wireless Drivers
        • Minimum Install Setup Information
      • Kali Development
        • Contributing run-time tests with autopkgtest
        • Custom CuBox Image
        • Custom Beaglebone Black Image
        • Custom EfikaMX Image
        • Custom Chromebook Image
        • Custom MK/SS808 Image
        • Custom Raspberry Pi Image
        • Custom ODROID X2 U2 Image
        • Setting up a system for packaging
        • Intermediate packaging step-by-step example
        • Introduction to packaging step-by-step example
        • Getting the best out of the Kali Bot
        • Advanced Packaging Step-By-Step Example (FinalRecon & Python-icmplib)
        • Generate an Updated Kali ISO
        • Creating A Custom Kali ISO
        • Building Custom Kali ISOs
        • Rebuilding a Source Package
        • Recompiling the Kali Linux Kernel
        • ARM Build Scripts
        • Preparing a Kali Linux ARM chroot
    • Arch Linux
      • Installation Guide
      • Frequently Asked Questions
      • General Recommendations
      • Applications
        • Office & Docs
        • Internet
        • Multimedia
        • Science
        • Security
        • Utilities
        • Others
      • Arch compared to other distributions
    • NetBSD
      • Calls and Errors
      • Libraries
      • Lua Modules
      • Devices and Drivers
  • Law, Policy, and Ethics
    • Fair Use
    • DMCA
      • 🗄️Notable Cases
        • MGM Studios Inc. v. Grokster, Ltd.
        • Viacom International, Inc v YouTube, Inc
        • Capitol Records, Inc. v. Thomas-Rasset
        • Perfect 10, Inc. v. Amazon.com
        • Recording Industry Association of America (RIAA) v. Diamond Multimedia Systems, Inc.
        • A&M Records, Inc. v. Napster, Inc.
        • BMG Music v. Gonzalez
        • Sony Computer Entertainment America (SCEA) v. Connectix Corp.
        • Columbia Pictures Industries, Inc. v. Fung
        • Warner Bros. Entertainment Inc. v. RDR Books
        • BMG Music v. John Doe
        • Universal Music Group v. Veoh Networks, Inc.
        • Universal Music Group v. MySpace, Inc.
        • UMG Recordings, Inc. v. MP3.com, Inc.
        • Cartoon Network LP v. CSC Holdings, Inc.
        • Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd.
        • Viacom International Inc. v. Google Inc.
        • Tiffany (NJ) Inc. v. eBay Inc.
        • Perfect 10, Inc. v. Visa International Service Association
        • Universal City Studios Productions LLLP v. Reimerdes
        • Recording Industry Association of America (RIAA) v. Lime Group LLC
        • Sony BMG Music Entertainment v. Tenenbaum
        • Viacom International Inc. v. Time Warner Cable Inc.
        • UMG Recordings, Inc. v. Shelter Capital Partners LLC
        • Sony Computer Entertainment America Inc. v. Bleem LLC
        • Universal City Studios, Inc. v. Corley
        • Ticketmaster Corp. v. Tickets.com, Inc.
        • Authors Guild, Inc. v. Google, Inc.
        • Perfect 10, Inc. v. Cybernet Ventures, Inc.
        • Tiffany (NJ) Inc. v. Ningbo Beyond Home Textile Co., Ltd.
        • Google Inc. v. American Blind & Wallpaper Factory, Inc.
        • Columbia Pictures Industries, Inc. v. Redd Horne, Inc.
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Operating Systems
  2. Kali Linux
  3. Kali Development

Creating A Custom Kali ISO

PreviousGenerate an Updated Kali ISONextBuilding Custom Kali ISOs

Last updated 2 years ago

Was this helpful?

An Introduction to Building Your Own Kali ISO

Building a customized Kali Linux image is not as complex as you may be thinking. It is easy, fun, and rewarding! Kali Linux traditionally, has been a Live Image, but since an Installer Image was introduced. Both these images have , and are also built in different ways.

  • Live Image - allows you to try Kali, without altering the system (making it great for ). It is created using

  • Installer Image - allows for you to customize Kali by picking packaging during installation, such as picking the as well as what get installed. This image is powered by (which uses debian-cd to make Debian-Installer).

You can configure virtually any aspect of your Kali ISO build, such as adding packages from outside of Kali network repositories, unattended installations to changing the default wallpaper. Our build-scripts provides a framework that uses a configuration set to automate and customize all aspects of building the images. The Kali Linux development team use the same build-scripts to produce the official Kali ISO releases.

Where Should You Build Your ISO?

Ideally, you should build your custom Kali ISO from within a pre-existing Kali environment, as there is less chance of items going wrong. However, it is possible to generate the images on a Non-Kali but still a Debian-Based system.

Kali EnvironmentGetting Ready - Setting Up The build-script Kali System

We first need to prepare the Kali ISO build environment by installing and setting up the required packages with the following commands:

:~$ sudo apt update
:~$ sudo apt install -y git live-build simple-cdd cdebootstrap curl
:~$
:~$ git clone https://gitlab.com/kalilinux/build-scripts/live-build-config.git

Building an Updated Live Image

Now you can simply build an updated Kali ISO (with our default configuration) by entering the live-build-config/ directory and running our build.sh wrapper script, as follows:

:~$ cd live-build-config/
:~/live-build-config$ ./build.sh --verbose
[...]
***
GENERATED KALI IMAGE: ./images/kali-linux-rolling-live-amd64.iso
***
:~$

The build.sh script will take a while to complete, as it downloads all of the required packages needed to create your ISO. Good time for a drink.

Building an Updated Installer Image

By default, it will generate a Live Image. If you want an Installer Image, add --installer:

:~/live-build-config$ ./build.sh --verbose --installer

We are using the --verbose to output more on the screen rather than it being captured in just the build.log output. If you want even more output, you can use --debug instead, which will then give even more information.


Non-Kali Debian-Based EnvironmentSetting Up The build-script Non-Kali Debian-Based System

You can build an Kali ISO on a Debian-based systems other than Kali Linux. The instructions below have been tested to work with both Debian and Ubuntu.

First, we prepare the system by ensuring it is fully updated, then proceed to download the Kali archive keyring and packages:

$ sudo apt update
$ sudo apt full-upgrade -y
$
$ wget https://http.kali.org/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb
$ wget https://http.kali.org/kali/pool/main/l/live-build/live-build_20230131+kali4_all.deb

Note: You must check thatkali-archive-keyring_20YY.X_all.deb & live-build_20YYMMDD+kaliX_all.deb are the latest files.

With that completed, we install some additional dependencies and the previously downloaded files:

$ sudo apt install -y git live-build simple-cdd cdebootstrap curl
$
$ sudo dpkg -i kali-archive-keyring_2022.1_all.deb
$ sudo dpkg -i live-build_20230131+kali4_all.deb

With the environment all prepared, we start the process by setting up the build-script profile and clone out the build config:

$ cd /usr/share/debootstrap/scripts/
$ (echo "default_mirror http://http.kali.org/kali"; sed -e "s/debian-archive-keyring.gpg/kali-archive-keyring.gpg/g" sid) > /tmp/kali
$ sudo mv /tmp/kali .
$ sudo ln -s kali kali-rolling
$
$ cd ~/
$ git clone https://gitlab.com/kalilinux/build-scripts/live-build-config.git
$
$ cd live-build-config/

At this point, depending on the host OS and its version, we may need to edit build.sh to bypass a version check for debootstrap. We do this by commenting out the exit 1 below:

$ cat build.sh
[...]
		ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
		if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
			echo "ERROR: You need debootstrap (>= 1.0.97), you have $ver_debootstrap" >&2
			exit 1
		fi
[...]
$

With the above change made, build.sh should look similar:

$ cat build.sh
[...]
		ver_debootstrap=$(dpkg-query -f '${Version}' -W debootstrap)
		if dpkg --compare-versions "$ver_debootstrap" lt "1.0.97"; then
			echo "ERROR: You need debootstrap (>= 1.0.97), you have $ver_debootstrap" >&2
			#exit 1
		fi
[...]
$

At this point, we can build our ISO as normal:

$ ./build.sh --verbose

Re-building the Latest Kali Image

:~$ time ./build.sh \
  --verbose \
  --installer \
  --distribution kali-last-snapshot \
  --version 2022.4 \
  --subdir kali-2022.4
[...]
***
GENERATED KALI IMAGE: ./images/kali-2022.4/kali-linux-2022.4-installer-amd64.iso
***
:~$

Configuring The Kali ISO Build (Optional)

Building Kali Live With Different Desktop Environments

:~/live-build-config$ # These are the different Desktop Environment build options:
:~/live-build-config$ #./build.sh --variant {xfce,gnome,kde,mate,e17,lxde,i3wm} --verbose
:~/live-build-config$
:~/live-build-config$ # To build a Gnome ISO:
:~/live-build-config$ ./build.sh --variant gnome --verbose
:~/live-build-config$
:~/live-build-config$ # To build a KDE ISO:
:~/live-build-config$ ./build.sh --variant kde --verbose

This is not required with the installer images, as it includes Xfce, Gnome and KDE by default. You can add others by including their packages as explained in the section below.

Controlling The Packages Included In Your Build

The list of packages included in your build will be present in the the respective kali-config/ directory. For example, if you’re wanting to edit:

  • The default Installer ISO, you would use the following package lists file - kali-config/installer-default/packages

  • The default Live ISO, you would use the following package lists file - kali-config/variant-default/package-lists/kali.list.chroot

  • A non-default Live ISO desktop environment, such as Gnome - kali-config/variant-gnome/package-lists/kali.list.chroot (You can replace Gnome with any supported desktop environments)

Overlaying Files In Your Build

With Live images, you have the option to include additional files or scripts in your build by overlaying them on the existing file-system, inside the includes.{chroot,binary,installer} directories, respectively.

For example, if we wanted to include our own custom script into the /root/ directory of the ISO (this would correspond to the chroot stage), then we would drop this script file in the kali-config/common/includes.chroot/ directory before building the ISO.

Build Hooks, Binary and Chroot

As an example, we recommend you check out the existing hooks in kali-config/common/hooks/.


Building a Kali Linux ISO for Different Architectures (Optional)

By default, the build-script will generate the Kali image based on the architectures of the current operating system. If you wish to alter this:

  • x64: ./build.sh --verbose --arch amd64

  • x86: ./build.sh --verbose --arch i386

Building a Kali Linux ISO for Older i386 Architectures

The Kali Linux i386 ISO has PAE enabled. If you require a default kernel for older hardware with PAE disabled, you will need to rebuild a Kali Linux ISO. The rebuilding process is much the same as described above, except that the 686-pae parameter needs to be changed to 686 in auto/config before building:

:~/live-build-config$ sed -i 's/686-pae/686/g' auto/config
:~/live-build-config$
:~/live-build-config$ ./build.sh --verbose --arch i386

Using A Custom Network Mirror For Building (Optional)

If you build multiple images, you will find you are often waiting on build.sh to finish. There are a few ways to speed up the build process, such as:

  • Building Installer images as they often build quicker than Live images

  • Have less packages included (such as switching kali-linux-default to kali-linux-top10)

  • Improve access to packages

We can instruct the build-script to use a different mirror, by doing the following (assuming our network mirror is located at http://192.168.0.101/kali):

:~/live-build-config$ echo "http://192.168.0.101/kali/" > .mirror
:~/live-build-config$ ./build.sh --verbose

Help Screen

You can see all the available command-line options by doing --help:

:~/live-build-config$ ./build.sh --help
Usage: ./build.sh [<option>...]

  --distribution <arg>
  --proposed-updates
  --arch <arg>
  --verbose
  --debug
  --salt
  --installer
  --live
  --variant <arg>
  --version <arg>
  --subdir <arg>
  --get-image-path
  --no-clean
  --clean
  --help

More information: https://www.kali.org/docs/development/live-build-a-custom-kali-iso/
:~/live-build-config$

Testing Built Image

:$ sudo apt update
:$ sudo apt install -y qemu qemu-system-x86 ovmf

Next we produce a hard disk to use:

:$ qemu-img create \
  -f qcow2 \
  /tmp/kali-test.hdd.img \
  20G

Afterwards, to boot from the image produced (we will be using the Live image on x64):

:$ qemu-system-x86_64 \
  -enable-kvm \
  -drive if=virtio,aio=threads,cache=unsafe,format=qcow2,file=/tmp/kali-test.hdd.img \
  -cdrom /home/kali/live-build-config/images/kali-linux-rolling-live-amd64.iso \
  -boot once=d

The above will be a “BIOS” boot. For a “UEFI” boot:

:$ qemu-system-x86_64 \
  -enable-kvm \
  -drive if=virtio,aio=threads,cache=unsafe,format=qcow2,file=/tmp/kali-test.hdd.img \
  -drive if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_CODE.fd \
  -drive if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_VARS.fd \
  -cdrom /home/kali/live-build-config/images/kali-linux-rolling-live-amd64.iso \
  -boot once=d

Note: We have set UEFI configuration file to be read only

By using the branch, you are able to re-create the latest distributed image. We can do this by using --distribution kali-last-snapshot:

If you want to customize your Kali Linux ISO, this section will explain some of the details. Through the kali-config/ directory, there are a wide range of customization options, which are well-documented for page. Simple-CD is a little more limited with options. For the impatient, here are some of the highlights.

Since , we now support built in configurations for various , including Xfce (default), Gnome, KDE, E17, I3WM, LXDE, MATE. To build any of these, you would use syntax similar to the following:

By default, these lists will includes the , as well as some others. These can be commented out and replaced with a manual list of packages to include in the ISO for greater granularity.

For more information see the .

For live images, live-build supports hooks allows us to “hook scripts” in various stages of the Kali ISO live image. For more detailed information about hooks and how to use them, refer to the .

You often find that you are waiting on packages to be pulled down. You can either setup a local proxy on the same machine (such as apt-cacher or apt-cacher-ng). Alternatively, you can setup a .

After producing the issue, you can treat it like any Kali base image, so you can it (either on bare metal or ), or copy to a CD/DVD/.

If you are wanting to quickly test the image before putting it “in production”, we can use (and for UEFI). First we install the packages:

Kali 2020.1
different functions
USB
live-build
desktop environment
metapackages
simple-cdd
kali-last-snapshot
live-build
Kali 2.0
desktop environments
kali-linux-default metapackage
live-build documentation
live-build manual
local network mirror
install
virtually
USB
qemu
ovmf