Docker container for WiFi Penetration Testing, based on Kali Linux

Docker container for WiFi Penetration Testing, based on Kali Linux


3 min read

We released a container for WiFi Penetration Testing based on Kali Linux: finchsec/kali. Available for x86 and ARM CPUs, and rebuilt daily.

A container a way to package software with all its dependencies. While most of time they package a single application, such as Apache, Redis, or others, and are commonly used with orchestration systems such as Kubernetes (K8s), they can also be used as a lightweight virtual machine, and contain a collection of software.

Enter Kali Linux

Kali Linux has become the de facto Linux distribution for penetration testing for information security professionals thanks to its large and up to date package offering, that it can run across different platforms and CPU architectures, and in a lot of different ways. It is also customizable.

Kali Linux is a rolling release distribution, and it uses debian testing as a base.

While a rolling distribution has the advantage of offering the latest versions of software available and it is stable for the most part, it can sometimes break unexpectedly.

Why use a container?

While Kali is a great distribution for penetration testing, it isn't meant to be used as a daily driver. They provide a container, which allows us to use Kali tools on any Linux distribution of your choice.

That's where using a container is an advantage. You can choose whichever Linux distribution you are comfortable with, and use all the Kali packages/tools you have been accustomed to. That includes GUI applications, but that requires a bit more work.

Our container

We built a container that has most of the tools used for WiFi penetration testing: finchsec/kali. It is refreshed daily and you may use it as is, or customize it further (we have an example where we add a SSH server in our repository). It is available not only on x86 computers, but also for ARM CPUs, such as Raspberry Pi.

Using it is like being in a Kali terminal with all the tools you need to audit and exploit WiFi networks.

Basic container usage

Using Docker, run the following command to start it:

sudo docker run --rm -it --privileged --net=host --pid=host finchsec/kali

This will start the container finchsec/kali (and download it if it isn't present on your system) and open a terminal (-it). Once exited, it will clean up the resources (--rm).

WiFi require access to the network interfaces (--net=host), and more privileges than what a container is normally granted (--privileged).

By default, even when privileged, a container doesn't show the process list of the host. Some of the tools, such as airmon-ng need it (--pid=host), as it is recommended to kill processes that can interfere with the rest of the tools.


Data will get deleted when the container is stopped, so you may want to attach storage for all the files generated by the different tools.

To attach storage, and save files in a directory on our system, we have a number of optons. We can use a bind mount as such:

sudo docker run --it --privileged --net=host --pid=host -v ~/data/:/root/ finchsec/kali

This mounts the data/ directory inside our home directory, and links it to /root inside the container. On subsequent runs, we will find the same files in the docker container in the /root directory.

Note: we cannot just specify data/, as a relative path, Docker requires the full path.


Additionally, for Linux systems running SELinux, we need to append :Z, otherwise we won't be able to do access the files:

sudo docker run --it --privileged --net=host --pid=host -v ~/data/:/root:Z finchsec/kali

Sources, bug reports, and suggestions

We love open source software (OSS), and you can find the sources in GitHub.

If you have any question about it, start a thread in the Discussions tab. And for bugs, or suggestions, open a new issue.