Documentation Index
Fetch the complete documentation index at: https://mintlify.com/V0rt3xS0urc3/RedTeam-Portfolio/llms.txt
Use this file to discover all available pages before exploring further.
run-kali.sh is the single entry point for launching the Kali Portable container. It accepts one argument — normal or wpa2 — which determines the privilege level, hardware access, and intended workload of the resulting Docker container. Both modes share a common base of network capabilities, volume mounts, and optional GPU acceleration; the difference is that wpa2 appends --privileged so tools like hcxdumptool can reach raw USB WiFi hardware.
Normal Mode
Normal mode is the default. If you run./run-kali.sh with no argument it resolves to normal. This mode gives you everything needed for web exploitation, network scanning, Active Directory attacks, and GUI tools like Burp Suite and Wireshark — without the security risks of a fully privileged container.
Normal mode is the recommended default for any engagement that does not require live WiFi packet injection. It still has full network host access and raw packet capabilities via
--cap-add.Docker flags used
| Flag | Purpose |
|---|---|
--network host | Container shares the host network stack — no NAT, real interface names |
--cap-add NET_RAW | Allows raw socket operations (nmap, tcpdump, Wireshark) |
--cap-add NET_ADMIN | Allows network configuration changes inside the container |
--gpus all | GPU passthrough for Hashcat (added only if NVIDIA is detected) |
--rm | Container is removed automatically on exit |
-it | Interactive terminal |
Volume mounts
| Host path | Container path | Mode |
|---|---|---|
./data | /root/pentest | read-write |
./scripts | /root/pentest/scripts | read-only |
/usr/share/wordlists | /host-wordlists | read-only |
/tmp/.X11-unix | /tmp/.X11-unix | read-write (X11) |
./data directory is created automatically with the following subdirectory structure if it does not already exist:
WPA2 Mode
WPA2 mode adds--privileged to the Docker command. This flag removes all container isolation from the Linux kernel and is required by hcxdumptool, which needs direct access to the USB WiFi adapter’s kernel driver in order to perform active packet injection and handshake capture.
What changes in WPA2 mode
The script appends--privileged to the base command before the image name:
--privileged is added.
GPU Auto-Detection
Before building the Docker command,run-kali.sh probes for an NVIDIA GPU using two checks in sequence:
Check for nvidia-smi on the host
The script calls
command -v nvidia-smi. If the binary is not found in PATH, GPU support is skipped.Run a test container with --gpus all
If This confirms that the NVIDIA Container Toolkit is correctly configured and Docker can actually pass the GPU through.
nvidia-smi exists, the script runs a lightweight test:X11 Forwarding
Before launching the container, the script enables X11 forwarding so GUI applications (Burp Suite, Wireshark) can open windows on the host display:DISPLAY variable and the X11 socket volume mount:
Environment Variables Inside the Container
The following environment variables are set by the scripts running inside the container:| Variable | Path |
|---|---|
LOOT_DIR | /root/pentest/loot |
RULES_DIR | /root/pentest/rules |
WORDLISTS_DIR | /root/pentest/wordlists |
./data volume mount, so everything written there persists on your host machine between container runs.