Exegol is a containerized penetration testing environment built with docker, git and python that can be installed on Windows, Linux and Mac. It comes preloaded with the same level of tooling you get from a Kali or Parrot install, along with convenient ease-of-use features, such as an extensive, pre-populated command history and quite a few custom Bloodhound Cypher Queries. I’ve tried Kali and Parrot running inside a docker container on both Linux and Mac. While they almost worked, there were too many obstacles that needed to be overcome to make them usable. Exegol has solved all of those issues so that performing a penetration test from within a Docker container is feasible. I’ve run Exegol inside an Ubuntu 22 VM, on a 2015 MacBook Pro running Ubuntu 22 as the main OS, and on a Mac M2 running Mac OS. Installation in all instances was mostly hassle-free by following the documentation. So far I haven’t run into any limitations, aside from the not unexpected license issue using Burp Suite Professional inside a limited life span container. If I do need to use Burp Suite Pro, I run that outside of Exegol.

Before installing Exegol, installation of git, zsh, curl, tmux, vim, and python3-pip was required for my minimal Ubuntu 22 installation. Below are the configurations I typically run when setting up a new machine.

Either run the following as individual commands or save them as a script.

#!/bin/bash
sudo apt install git zsh curl tmux vim python3-pip
sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

# Make sure the shell is set to zsh
sudo chsh -s /usr/bin/zsh
source ~/.zshrc

Save that as initial-setup.sh and then run:

chmod u+x initial-setup.sh
./initial-setup.sh

Exegol requires Python 3, which I believe comes pre-installed on just about everything these days, but if it isn’t make sure to install it.

The tmux configuration I use and instructions for installing that can be found here.

Install zsh plugins, aliases and custom vim setup.

These are my personal preferences. Follow the same procedure as a above saving the following as a script or running as individual commands.

#!/bin/bash
# from https://gist.github.com/dogrocker/1efb8fd9427779c827058f873b94df95
git clone https://github.com/zsh-users/zsh-autosuggestions.git /home/$USER/.oh-my-zsh/custom/plugins/zsh-autosuggestions

git clone https://github.com/zsh-users/zsh-syntax-highlighting.git /home/$USER/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting

# add (zsh-autosuggestions zsh-syntax-highlighting tmux git-prompt) to .zshrc
sed -i -e 's/plugins=(git)/plugins=(zsh-autosuggestions zsh-syntax-highlighting tmux git-prompt)/g' ~/.zshrc
# tmux and git-prompt are pre-installed with oh my zsh.

# change the OMZ theme 
sed -i -e 's/ZSH_THEME="robbyrussell"/ZSH_THEME="mikeh"/g' ~/.zshrc

echo "alias la='ls -lah'" >> ~/.zshrc

# vim setup
git clone --depth=1 https://github.com/amix/vimrc.git ~/.vim_runtime
sh ~/.vim_runtime/install_awesome_vimrc.sh

Occasionally some of the above commands need to be run again or files need to be edited directly, but most of the time those scripts run without error. You’ll need to restart your VM or computer for all changes to take effect.

Exegol can also be installed on Windows and Mac M2s but there are a few workarounds required because of limitations with Docker Desktop related to sharing your host system’s interface. If you do some Googling you’ll find a few write ups showing how to overcome those limitations. I haven’t yet tried installing Exegol directly on Windows, but based on what I’ve read it doesn’t seem too difficult. I have installed Exegol on a Mac M2 and there were no problems using Docker Desktop, and any GUI applications launched from the Docker container ran fine via XQuartz. On my first installation attempt I tried using OrbStack instead of Docker Desktop without success, but that might’ve been due to my complete lack of familiarity with OrbStack.

Below are all the commands I ran to install docker, add my user to the docker group and then begin installation of Exegol from source (make sure to change the username as indicated below):

#!/bin/bash
curl -fsSL "https://get.docker.com/" -o get-docker.sh
sh get-docker.sh

sudo usermod -aG docker $(id -u -n)
newgrp

Restart your vm or computer.

#!/bin/bash
cd /opt
sudo git clone "https://github.com/ThePorgs/Exegol"
sudo chown -R gregscharf:gregscharf ./Exegol  # that should be your user not gregscharf
cd Exegol
python3 -m pip install --user --requirement "./requirements.txt"
sudo ln -s "$(pwd)/exegol.py" "/usr/local/bin/exegol"

exegol install

Adding custom configurations and tools

Any custom configs you want to use need to be added in ~/.exegol/my-resources/setup. For example, if you want your Tmux config file (.tmux.conf) to Exegol you will need to do the following.

cp ~/.tmux.conf ~/.exegol/my-resources/setup/tmux/tmux.conf

Note that any configuration files need to have the initial . removed from the filename, so tmux.conf shown above is correctly named.

To add your own tools and scripts so they are available inside the Exegol container, those will need to be copied to ~/.exegol/my-resources/bin, for example:

cp /opt/linux-scripts/pspy64 ~/.exegol/my-resources/bin/

OpenVPN

Below is an example of creating an OpenVPN connection when starting the container. In any subsequent terminals, run exegol start HTB-VPN to avoid creating multiple interfaces with the same OpenVPN config. Below is how to start up an Exegol container, which I named HTB-VPN:

exegol start HTB-VPN nightly -cwd --vpn "~/Dev/hackthebox/gregscharf.ovpn"

nightly is the name of the image to use and the -cwd switch mounts your current working directory in the container.

tmux, zsh and vim setup

Most of the initial work getting Exegol setup revolved around getting tmux, vim and zsh configurations working within the container.

As mentioned previously, all of your custom config files need to be added to the following directories on your local host. In other words, don’t make these changes while inside the Exegol container:

~/.exegol/my-resources/setup/tmux
~/.exegol/my-resources/setup/vim
~/.exegol/my-resources/setup/zsh

For zsh their documentation states

To not change the configuration for the proper functioning of exegol but allow the user to add aliases and custom commands to zshrc, additional configuration files will be automatically loaded by zsh to take into account the customization of the user .

When copying configuration files over to the ~/.exegol/my-resources/ directory the initial . needs to be removed from the filenames, for example:

sudo cp ~/.tmux.conf ~/.exegol/my-resources/setup/tmux/tmux.conf

After adding my tmux config file, tmux would start a bash shell rather than the default zsh. This only happened on the Ubuntu 22 VM install and not on the Mac install. This could be because of something I accidentally broke during the setup or maybe there is a setting to ensure the SHELL environment variable is set to /usr/bin/zsh; however, when I ran echo $SHELL inside the container, the SHELL environment variable was empty/not set. For now, I fix that be starting Exegol using -e SHELL=/usr/bin/zsh, which sets the SHELL environment variable inside the container:

exegol start THM-VPN nightly -cwd --vpn "~/Dev/tryhackme/gregscharf.ovpn" -e SHELL=/usr/bin/zsh

There are probably explanations for the above and most likely common fixes but for now adding the shell environment variable when creating the container works fine. I tried setting the SHELL variable inside my custom zsh config but that did not work. Again, that could be because of something I either broke during fiddling with things or a configuration step that I’m not aware of.
To add my Vim configuration I ran:

sudo cp ~/.vimrc ~/.exegol/my-resources/setup/vim/vimrc
sudo cp -r ~/.vim_runtime ~/.exegol/my-resources/setup/vim/

Final thoughts

There is usually a bit of a learning curve when adopting a new framework and workflow, but conducting offensive security activities using Exegol was surprisingly easy and alterations to my workflow were minimal.

I didn’t have to augment Exegol much, as it contained all the tools typically found in a Penetration Testing distribution. As a broader evaluation, I gave Exegol a test run against an Active Directory lab to see if the usual tools were available and functional. Impacket (Responder.py, PsExec.py, etc), Evl-Winrm, Crackmapexec, Neo4j and Bloodhound all worked fine.

Additional highlights:

  • All GUI applications spawned from within the Exegol container ran seamlessly.
  • Unlike earlier versions of Exegol, Ghidra and Burp Suite Community Edition now start up without requiring any further configuration.
  • The Exegol developers added a lot of useful, custom Cypher Queries to the installed version of Bloodhound.
  • Exegol comes with a pre-populated command shell history that has the syntax for just about any command you might want to run. Crtl+r and then typing the start of a command will bring up a scroll-able list of matching syntax as you type.
  • Firefox is installed by default and can be started by running firefox &> /dev/null & from the command line. Additionally, extensions for FoxyProxy, Wappalyzer and Dark Reader are already installed.
  • There’s a functioning version of Python 2 installed. Kali has completely removed Python 2. Nobody likes it, but from time to time you’ll need to run an old exploit script written in Python 2.
  • Unlike creating VMs from scratch, your custom configuration and tools will be present in any new Exegol container you create.

Ultimately, using Exegol is the quickest and easiest method for creating and eventually deleting a clean, pre-configured environment when starting a new engagement.