KaliTool — Kali Arsenal
KaliTool is the primary interface to 2,400+ Kali Linux security tools, deployed inside a Docker container. It is the first tool to reach for in every pentest phase.
Container Architecture
A single Docker image (ghcr.io/allyseclabs/allysec-kali-full:latest) contains the full Kali Linux toolchain. The container runs with host networking and auto-deploys on first use — no manual setup required.
| Feature | Detail |
|---|---|
| Image | ghcr.io/allyseclabs/allysec-kali-full:latest |
| Networking | Host mode |
| Privileged | Required for raw socket tools (nmap -sS, etc.) |
| Auto-deploy | ALLYSEC_AUTO_DEPLOY=1 (default) |
| Auto-install | ALLYSEC_AUTO_INSTALL=1 (default) |
Actions
| Action | Purpose |
|---|---|
run | Execute a named Kali tool with arguments |
list | Show available tools (filterable by stage or category) |
recommend | Get the best tool for a specific purpose with fallbacks |
search | Query the container for installed tools matching a keyword |
Pentest Stages
Tools are mapped to 7 stages for phase-aware routing:
| Stage | Purpose |
|---|---|
recon-passive | OSINT, passive fingerprinting, DNS enumeration |
recon-active | Port scanning, service discovery, live host detection |
enumeration | Service fingerprinting, directory brute force, subdomain enumeration |
vuln-analysis | Vulnerability scanning, fuzzing, misconfig detection |
exploitation | Exploit execution, payload delivery, shell access |
post-exploitation | Privilege escalation, credential dumping, lateral movement |
pivoting | Tunneling, proxy chains, route manipulation |
reporting | Evidence collection, report generation |
Usage
Recommending a tool
When unsure which tool to use, always use recommend first:
KaliTool(action="recommend", purpose="port scanning", stage="recon-active")Running a tool
KaliTool(tool="nmap", args=["-sT", "-Pn", "-p", "80,443,8080", "target.com"])Searching for tools
KaliTool(action="search", tool="kerberos", stage="post-exploitation")Tool discovery
KaliTool(action="list", stage="enumeration")Tool Selection Priority
- KaliTool — first choice for recon, enumeration, and vuln-analysis phases
- RedTeamScript — when KaliTool can't cover a specific attack scenario
- ExploitTool — for confirmed exploitation of findings
- AttackImproviseTool — on first failure of any registered exploit
- Raw Bash — last resort for glue operations
Environment Variables
| Variable | Purpose |
|---|---|
ALLYSEC_KALI_IMAGE | Override the default image |
ALLYSEC_KALI_CONTAINER | Override container name |
ALLYSEC_AUTO_DEPLOY | 1 = auto-deploy (default), 0 = disable |
ALLYSEC_AUTO_INSTALL | 1 = auto-install missing tools (default), 0 = disable |
GHCR_TOKEN | GitHub Container Registry token for pulling images |