I’ll show what I have done and will provide links to the official documentation for more in-depth information. This post is mainly for my own reference in the future, but others might benefit from it as wel.

The basis is an existing Kali Linux environment which is setup with the build script. See the Getting Ready section of the documentation. Long story short:

sudo apt install -y git live-build simple-cdd cdebootstrap curl
git clone https://gitlab.com/kalilinux/build-scripts/live-build-config.git
cd live-build-config

Additional packages

You can include extra packages on your custom Live ISO. If these are available in the Kali repos, it is quite simple. As described in the documentation you can edit the files (in case of the default Live ISO) in kali-config/variant-default/package-lists/kali.list.chroot. I decided to put the additional packages in a new file:

echo "# Custom packages
chromium
torbrowser-launcher
" > kali-config/variant-default/package-lists/custom.list.chroot

Additional APT repositories

A bit harder was the case where I wanted to add Visual Studio Code. This package requires a separate APT repository. So let’s start there first.

To be able to add the files needed, you need to create an additional directory:

mkdir -p kali-config/common/archives

Now you can configure the repository:

echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > kali-config/common/archives/vscode.list.chroot
cp kali-config/common/archives/vscode.list.chroot kali-config/common/archives/vscode.list.binary

The first command creates a file with the .chroot extension and is used during the chroot stage. To also have this file on the live system (to be able to use APT later on to update the packages), I copy the .chroot file to one ending in .binary. For more information on this subject, see the Debian documentation pages Customization overview and Customizing package installation.

The APT repository signing key also needs to be stored in the same directory:

curl -s -o kali-config/common/archives/vscode.key https://packages.microsoft.com/keys/microsoft.asc

There’s one more change that needs to be made. To make sure the build process can actually use the packages from the added repository, you’ll need to include a few more packages at boot time.

To do this, edit the file auto/config and add an --include option to the debootstrap-options line. Concretely this means changing this line:

--debootstrap-options "--keyring=/usr/share/keyrings/kali-archive-keyring.gpg" \

into this:

--debootstrap-options "--include=apt-transport-https,ca-certificates,openssl --keyring=/usr/share/keyrings/kali-archive-keyring.gpg" \

After that you are good to go. Just do not forget to add the package you want to install (in this case code) to the list of packages. In my case this meant updating kali-config/variant-default/package-lists/custom.list.chroot.

The Kali documentation contains a nice page about creating a custom Kali ISO. That page states that [i]deally, you should build your custom Kali ISO from within a pre-existing Kali environment, […] so I decided to use Vagrant to create a virtual machine which I could use.

The basic configuration for that box:

Vagrant.configure("2") do |config|
  config.vm.box = "kalilinux/rolling"

  config.vm.provider "virtualbox" do |vb|
    # Do not display the VirtualBox GUI when booting the machine
    vb.gui = false
  end
end

When I started building the ISO, the default 40G disk filled up and the process could not be completed.

To solve this, the first step was to have Vagrant resize the disk for the machine. You can do this by adding a single line to your configuration. (For details see the relevant Vagrant documentation.)

Vagrant.configure("2") do |config|
  config.vm.box = "kalilinux/rolling"
  config.vm.disk :disk, size: "50GB", primary: true

  config.vm.provider "virtualbox" do |vb|
    # Do not display the VirtualBox GUI when booting the machine
    vb.gui = false
  end
end

While this increases the size of the disk, I still had to increase the partition in the OS. This was a bit more involved, but by adding a couple of commands in a config.vm.provision section, I got it working without needing to reboot the machine afterwards:

Vagrant.configure("2") do |config|
  config.vm.box = "kalilinux/rolling"
  config.vm.disk :disk, size: "50GB", primary: true

  config.vm.provider "virtualbox" do |vb|
    # Do not display the VirtualBox GUI when booting the machine
    vb.gui = false
  end
  config.vm.provision "shell", inline: <<-SHELL
    apt-get update
    apt-get install -y cloud-guest-utils
    swapoff -a
    echo '+10G,' | sfdisk --move-data --force /dev/sda -N 2
    partprobe
    growpart /dev/sda 1
    resize2fs /dev/sda1
    swapon -a
  SHELL
end

Running “vagrant up” now does all the heavy lifting for you. Do note that resizing the disk and making the extra space available to the OS takes significantly more time when creating the machine (compared to using a machine with the default disk size). Then again: if you know this, you can plan to have a cup of coffee (or tea if you are like me) in that time.

The end result:

┌──(vagrant㉿kali)-[~]
└─$ df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            942M     0  942M   0% /dev
tmpfs           197M  896K  196M   1% /run
/dev/sda1        48G   14G   32G  31% /
tmpfs           983M     0  983M   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           197M  116K  197M   1% /run/user/126
vagrant         232G  173G   59G  75% /vagrant
tmpfs           197M  112K  197M   1% /run/user/1000

Time to create a custom Kali ISO… See part 2 for how I added extra packages to the ISO.