How To Set Up A PC For Hacking (Guide)
- Biohazard

- 2 days ago
- 7 min read

Setting Up A PC For Hacking
I'll take you through a complete pentest workstation build — from bare metal to engagement-ready. This setup assumes you'll use it as your primary attack machine. This is a guide on how to set up a PC for hacking.
Phase 1: OS Selection
Three practical options, all Linux-based:
OS | Best For | Downsides |
Kali Linux | All-around pentesting, largest tool repo | Heavy, runs as root by default |
Parrot OS | Similar to Kali, lighter, better daily driver | Smaller community, some tools missing |
Ubuntu/Debian + tools | Custom minimal build, better OPSEC | Manual tool installation, more work |
Recommendation: Kali Linux for a dedicated pentest box. If this doubles as your daily driver, use Ubuntu LTS and install tools selectively to avoid the bloat and root-by-default behavior of Kali.
Kali Installation
bash
# 1. Download ISO: kali.org/get-kali → Kali Linux Live (or Installer)
# 2. Flash to USB:
dd if=kali-linux-2024.X-live-amd64.iso of=/dev/sdX bs=4M status=progress
# 3. Boot from USB, select "Graphical Install"
# 4. Partitioning:
# - If single OS: Guided → use entire disk → encrypted LVM (recommended)
# - If dual boot: Manual → separate /, /home, swap
# 5. Choose XFCE or KDE (XFCE is lighter, KDE has better multi-monitor)
# Post-install: update everything
apt update && apt full-upgrade -y
Critical: Create a Non-Root User
Kali defaults to root. For daily use and to avoid accidents, create a standard user:
bash
useradd -m -G sudo,netdev,kvm,vboxsf pentest
passwd pentest
# Log out, log back in as "pentest"Phase 2: Essential Tools - Full Toolchain
Kali ships with 600+ tools, but most engagements need a core set. Here's the install script for what actually gets used:
bash
#!/bin/bash
# pentest-tools.sh — Install and update essential pentest toolchain
# Run on fresh Kali or Ubuntu/Debian
set -e
echo "[*] Updating system..."
apt update && apt full-upgrade -y
# ===== RECON =====
echo "[*] Installing recon tools..."
apt install -y \
nmap \
masscan \
rustscan \
amass \
subfinder \
dnsrecon \
dnsenum \
fierce \
theharvester \
gobuster \
ffuf \
feroxbuster \
dirb \
whatweb \
wafw00f \
eyewitness \
aquatone
# Install additional recon tools not in apt
# httpx (fast HTTP probing)
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
cp ~/go/bin/httpx /usr/local/bin/
# nuclei (template-based vulnerability scanner)
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
cp ~/go/bin/nuclei /usr/local/bin/
# ===== EXPLOITATION =====
echo "[*] Installing exploitation tools..."
apt install -y \
metasploit-framework \
exploitdb \
searchsploit \
sqlmap \
burpsuite \
zaproxy \
beef-xss \
commix \
routersploit
# ===== POST-EXPLOITATION =====
echo "[*] Installing post-exploitation tools..."
apt install -y \
crackmapexec \
impacket-scripts \
bloodhound \
neo4j \
mimikatz \
powershell-empire \
evil-winrm \
chisel \
socat \
proxychains4
# NetExec (crackmapexec successor)
pip3 install netexec
# Ligolo-ng (pivoting)
wget https://github.com/nicocha30/ligolo-ng/releases/latest/download/ligolo-ng_proxy_linux_amd64.tar.gz
wget https://github.com/nicocha30/ligolo-ng/releases/latest/download/ligolo-ng_agent_linux_amd64.tar.gz
tar xzf ligolo-ng_proxy_linux_amd64.tar.gz -C /usr/local/bin/
tar xzf ligolo-ng_agent_linux_amd64.tar.gz -C /usr/local/bin/
# ===== CRACKING =====
echo "[*] Installing cracking tools..."
apt install -y \
hashcat \
john \
hydra \
hash-identifier \
fcrackzip \
pdfcrack
# Wordlists
if [ ! -f /usr/share/wordlists/rockyou.txt ]; then
echo "[*] Extracting rockyou..."
gunzip /usr/share/wordlists/rockyou.txt.gz 2>/dev/null || true
fi
# SecLists (comprehensive wordlists)
if [ ! -d /opt/SecLists ]; then
git clone --depth 1 https://github.com/danielmiessler/SecLists.git /opt/SecLists
fi
# ===== WIRELESS & RF =====
echo "[*] Installing wireless/RF tools..."
apt install -y \
aircrack-ng \
reaver \
bully \
hcxdumptool \
hcxtools \
bettercap \
kismet
# ===== EVASION & OBFUSCATION =====
echo "[*] Installing evasion tools..."
apt install -y \
veil \
shellter \
upx \
packer
# ScareCrow (ETW/AMSI patching loader)
wget https://github.com/Tylous/ScareCrow/releases/latest/download/ScareCrow_linux_amd64 \
-O /usr/local/bin/scarecrow && chmod +x /usr/local/bin/scarecrow
# ===== WEB APP TESTING EXTRAS =====
echo "[*] Installing web app tools..."
apt install -y \
nodejs \
npm
# wfuzz
pip3 install wfuzz
# Arjun (HTTP parameter discovery)
pip3 install arjun
# ===== REPORTING =====
apt install -y \
cherrytree \
keepassxc \
flameshot \
peek \
gimp
# Ghostwriter (report generation)
# git clone https://github.com/GhostManager/Ghostwriter.git /opt/ghostwriter
# ===== CONTAINER TOOLS =====
apt install -y \
docker.io \
docker-compose
systemctl enable docker --now
usermod -aG docker $USER
echo "[+] Tool installation complete. Reboot or re-log for group changes."Phase 3: Terminal and Shell Configuration
Your terminal is your primary interface. Invest in making it efficient.
Tmux — Session Management
bash
apt install -y tmux
cat > ~/.tmux.conf << 'EOF'
# Modern tmux config for pentesting
set -g mouse on
set -g history-limit 50000
set -g status-bg black
set -g status-fg green
set -g status-left '#[fg=red]#H #[fg=white]| #[fg=cyan]#(whoami)'
set -g status-right '#[fg=yellow]%Y-%m-%d %H:%M'
set -g window-status-current-format '#[fg=green,bold]#I:#W'
set -g window-status-format '#[fg=white]#I:#W'
# Split panes with | and -
bind | split-window -h -c "#{pane_current_path}"
bind - split-window -v -c "#{pane_current_path}"
# Quick window creation
bind c new-window -c "#{pane_current_path}"
# Vim-style pane navigation
bind h select-pane -L
bind j select-pane -D
bind k select-pane -U
bind l select-pane -R
EOF
Zsh + Oh-My-Zsh (Better Shell)
bash
apt install -y zsh
# Oh-My-Zsh
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
# Plugins
git clone https://github.com/zsh-users/zsh-autosuggestions \
${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-syntax-highlighting \
${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
# Enable plugins in ~/.zshrc:
# plugins=(git zsh-autosuggestions zsh-syntax-highlighting docker tmux sudo)
chsh -s $(which zsh)
Shell Aliases (Pentest-Specific)
Append to ~/.zshrc or ~/.bash_aliases:
bash
# ===== RECON =====
alias scan-quick='nmap -T4 -F'
alias scan-full='nmap -T4 -A -p- -oA nmap_full'
alias scan-udp='nmap -sU -T4 --top-ports 200 -oA nmap_udp'
alias rustscan-all='rustscan -a $1 --ulimit 5000 -- -A -oA rustscan_full'
# ===== WEB =====
alias ffuf-dir='ffuf -w /opt/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -u $1/FUZZ -ac'
alias gobuster-dir='gobuster dir -w /opt/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -u $1'
# ===== POST-EXPLOIT =====
alias cme='crackmapexec'
alias smb-null='crackmapexec smb $1 --shares -u "" -p ""'
alias smb-spray='crackmapexec smb $1 -u users.txt -p passwords.txt --continue-on-success'
alias winrm='evil-winrm -i $1 -u $2 -p $3'
# ===== SMB =====
alias smb-list='smbclient -L //$1 -N'
alias smb-mount='mount -t cifs //$1/$2 /mnt/smb -o username=$3,password=$4'
# ===== NETWORK =====
alias myip='curl -s ifconfig.me && echo'
alias tunip='ip addr show tun0 | grep "inet " | awk "{print \$2}"'
alias serve='python3 -m http.server 8080'
alias serve-ssl='python3 -c "import http.server, ssl; http.server.HTTPServer((\"0.0.0.0\", 443), http.server.SimpleHTTPRequestHandler).socket = ssl.wrap_socket(http.server.HTTPServer((\"0.0.0.0\", 443), http.server.SimpleHTTPRequestHandler).socket, certfile=\"cert.pem\", keyfile=\"key.pem\", server_side=True); http.server.HTTPServer((\"0.0.0.0\", 443), http.server.SimpleHTTPRequestHandler).serve_forever()"'
# ===== BLOODHOUND =====
alias neo4j-start='neo4j console'
alias bloodhound-start='bloodhound --no-sandbox'
# ===== NOTES & LOGGING =====
alias logs='cd ~/pentest/logs'
alias notes='cd ~/pentest/notes'
# ===== ENGAGEMENT SETUP =====
# Creates directory structure for a new engagement
new-engagement() {
mkdir -p ~/pentest/$1/{recon/{nmap,web,dns,osint},exploitation,loot,logs,notes,evidence,reports}
cd ~/pentest/$1
echo "[+] Engagement directory: ~/pentest/$1/"
tree -L 2
}
# Quick HTTP share from current directory
alias share-http='printf "Serving on:\n http://$(ip addr show tun0 2>/dev/null | grep "inet " | awk "{print \$2}" | cut -d/ -f1 || ip addr show eth0 | grep "inet " | awk "{print \$2}" | cut -d/ -f1):8080\n" && python3 -m http.server 8080'
Phase 4: Workspace Organization
Standardized directory structure prevents chaos during engagements:
bash
mkdir -p ~/pentest
mkdir -p ~/pentest/tools # Custom scripts, downloaded tools
mkdir -p ~/pentest/wordlists # Custom wordlists
mkdir -p ~/pentest/templates # Report templates, email templates
mkdir -p ~/pentest/certs # SSL certs for phishing/hosting
mkdir -p ~/pentest/iso # OS ISOs for VMs
# Create structure for a specific engagement:
new-engagement() {
local name="$1"
mkdir -p ~/pentest/$name/{recon/{nmap,web,dns,osint},exploitation,loot,logs,notes,evidence,reports}
echo "# $name — Engagement Notes" > ~/pentest/$name/notes/notes.md
echo "[+] Created ~/pentest/$name/"
}Phase 5: Burp Suite Setup
Your primary web testing tool needs proper configuration:
bash
# 1. Launch Burp Suite Community or Pro
burpsuite &
# 2. Configure proxy listener:
# Proxy → Options → Add listener
# Bind to: 127.0.0.1:8080
# Check: "Support invisible proxying"
# 3. Install useful extensions (Extender → BApp Store):
# - Autorize (automated auth testing)
# - ActiveScan++ (improved active scanning)
# - JWT Editor (JWT manipulation)
# - Turbo Intruder (fast brute force)
# - Param Miner (parameter discovery)
# - Backslash Powered Scanner
# 4. Configure browser:
# Install FoxyProxy extension
# Add Burp proxy (127.0.0.1:8080)
# Install Burp's CA certificate in browser trust storePhase 6: Virtualization
Isolate targets, test environments, and tools:
bash
# Install VirtualBox
apt install -y virtualbox virtualbox-ext-pack
# Or install VMware Workstation (better performance, snapshots)
# Download from vmware.com, install .bundle
# Create a snapshot template VM with common targets:
# - Windows 10/11 (test client-side attacks)
# - Windows Server 2019/2022 (AD lab)
# - Ubuntu Server (test Linux targets)
# - Metasploitable / DVWA / Juice Shop (web app practice)
# Docker for quick service testing:
docker pull bkimminich/juice-shop # OWASP Juice Shop
docker pull vulnerables/web-dvwa # DVWA
docker pull webgoat/goatandwolf # WebGoatPhase 7: Security Hardening
Your pentest machine holds client data, credentials, and exploit code. Protect it:
bash
# === Full Disk Encryption ===
# Enable during OS install (LUKS + LVM)
# Verify:
lsblk
# Should show "crypt" or "LUKS" on root partition
# === Firewall ===
ufw default deny incoming
ufw default allow outgoing
ufw enable
# Allow specific services if hosting payloads:
# ufw allow 443/tcp
# ufw allow 80/tcp
# === Auto-Screen Lock ===
# XFCE: Settings → Power Manager → Security → Lock screen after sleep
# KDE: Settings → Workspace Behavior → Screen Locking → Enable
# === SSH Hardening (if running SSH server) ===
sed -i 's/^#PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sed -i 's/^#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd
# === Separate Engagement Data ===
# Store each client's data in separate encrypted containers
# Use LUKS containers mounted per-engagement:
dd if=/dev/urandom of=~/pentest/engagement.enc bs=1M count=2048 # 2GB
cryptsetup luksFormat ~/pentest/engagement.enc
cryptsetup luksOpen ~/pentest/engagement.enc engagement_vault
mkfs.ext4 /dev/mapper/engagement_vault
mount /dev/mapper/engagement_vault ~/pentest/$CLIENT_NAME/
# When done: umount + luksClose
# === USBGuard (prevent BadUSB attacks against YOU) ===
apt install -y usbguard
usbguard generate-policy > /etc/usbguard/rules.conf
systemctl enable usbguard --nowPhase 8: Essential Git Repos to Clone
bash
# Tool repositories worth having locally
cd /opt
# Payload frameworks
git clone https://github.com/BC-SECURITY/Empire.git
git clone https://github.com/n1nj4sec/pupy.git
git clone https://github.com/trustedsec/trevorc2.git
# Windows exploitation
git clone https://github.com/S3cur3Th1sSh1t/PowerSharpPack.git
git clone https://github.com/GhostPack/Seatbelt.git
git clone https://github.com/GhostPack/SharpUp.git
# Linux enumeration
git clone https://github.com/carlospolop/PEASS-ng.git
git clone https://github.com/rebootuser/LinEnum.git
# Active Directory
git clone https://github.com/ShawnDEvans/smbmap.git
git clone https://github.com/BloodHoundAD/BloodHound.git
# Phishing
git clone https://github.com/kgretzky/evilginx2.git
git clone https://github.com/gophish/gophish.git
# Post-exploitation
git clone https://github.com/carlospolop/PEASS-ng.git
git clone https://github.com/gentilkiwi/mimikatz.gitPhase 9: VPN / C2 Infrastructure Quick Setup
If this machine also hosts your C2 or acts as a redirector:
bash
# WireGuard for infrastructure VPN
apt install -y wireguard
# Quick server setup
wg genkey | tee /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key
cat > /etc/wireguard/wg0.conf << 'EOF'
[Interface]
Address = 10.99.0.1/24
ListenPort = 51820
PrivateKey = <SERVER_PRIVATE_KEY>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
EOF
systemctl enable wg-quick@wg0Phase 10: Final Checklist
Run this before your first engagement:
[ ] OS installed and fully updated (apt update && apt full-upgrade)
[ ] Non-root user created and in use
[ ] Full disk encryption verified (lsblk)
[ ] Core tools installed (recon, exploit, post-exploit, cracking)
[ ] Wordlists available (rockyou, SecLists)
[ ] Tmux configured with custom config
[ ] Shell aliases set up in ~/.zshrc or ~/.bash_aliases
[ ] Engagement directory structure scripted
[ ] Burp Suite configured with extensions
[ ] Browser with FoxyProxy + Burp CA cert
[ ] Virtualization working (VirtualBox or VMware)
[ ] Firewall enabled (ufw enable)
[ ] SSH hardened (key-only, no root login)
[ ] KeepassXC installed for credential management
[ ] CherryTree or equivalent note-taking tool ready
[ ] WireGuard installed for C2 infrastructure
[ ] Test internet connectivity through VPN/tunnel
[ ] git repos cloned to /opt
[ ] Take a system snapshot or backup




Comments