Custom Kali Linux ISO — part 2

In part 1 of this (mini) series I described what I did to be able to build an ISO image using Vagrant. Now it’s time to actually customize it.

I’ll show what I have done and will provide links to the official documentation for more in-depth information. This post is mainly for my own reference in the future, but others might benefit from it as wel.

The basis is an existing Kali Linux environment which is setup with the build script. See the Getting Ready section of the documentation. Long story short:

sudo apt install -y git live-build simple-cdd cdebootstrap curl
git clone
cd live-build-config

Additional packages

You can include extra packages on your custom Live ISO. If these are available in the Kali repos, it is quite simple. As described in the documentation you can edit the files (in case of the default Live ISO) in kali-config/variant-default/package-lists/kali.list.chroot. I decided to put the additional packages in a new file:

echo "# Custom packages
" > kali-config/variant-default/package-lists/custom.list.chroot

Additional APT repositories

A bit harder was the case where I wanted to add Visual Studio Code. This package requires a separate APT repository. So let’s start there first.

To be able to add the files needed, you need to create an additional directory:

mkdir -p kali-config/common/archives

Now you can configure the repository:

echo "deb [arch=amd64] stable main" > kali-config/common/archives/vscode.list.chroot
cp kali-config/common/archives/vscode.list.chroot kali-config/common/archives/vscode.list.binary

The first command creates a file with the .chroot extension and is used during the chroot stage. To also have this file on the live system (to be able to use APT later on to update the packages), I copy the .chroot file to one ending in .binary. For more information on this subject, see the Debian documentation pages Customization overview and Customizing package installation.

The APT repository signing key also needs to be stored in the same directory:

curl -s -o kali-config/common/archives/vscode.key

There’s one more change that needs to be made. To make sure the build process can actually use the packages from the added repository, you’ll need to include a few more packages at boot time.

To do this, edit the file auto/config and add an --include option to the debootstrap-options line. Concretely this means changing this line:

--debootstrap-options "--keyring=/usr/share/keyrings/kali-archive-keyring.gpg" \

into this:

--debootstrap-options "--include=apt-transport-https,ca-certificates,openssl --keyring=/usr/share/keyrings/kali-archive-keyring.gpg" \

After that you are good to go. Just do not forget to add the package you want to install (in this case code) to the list of packages. In my case this meant updating kali-config/variant-default/package-lists/custom.list.chroot.