kismanage Use Cases

This script allows:

setting up and testing KIS
managing the database (re-creation, creating backups, restoring backups, etc.)
creating workspaces, networks, host names, emails, companies, etc.
importing Nmap, Nessus, and Masscan scan results
defining the scope

Initialize the database for the first time

docker exec -it kaliintelsuite kismanage database --init

Empty the database for a new project

docker exec -it kaliintelsuite kismanage database --drop --init

Obtain list of existing workspaces

docker exec -it kaliintelsuite kismanage -l

Create a new workspace

ws=
docker exec -it kaliintelsuite kismanage workspace --add $ws

Define the engagement's scope

Refer to the wiki page Scoping in KIS for some practical examples.

Database backup and restore

see Common Docker Container Commands

Import scan results into KIS

Ideally, we have already the scan results of several scanners (e.g., Nmap and Nessus) available before performing any KIS collections. This increases the robustness of the available service information based on which all consecutive collections are based.

Nmap

Copy Nmap scan results (XML format) to the Docker container volume kis_data and import nmap scan results into workspace $ws:

# Create a directory for our current engagement
sudo mkdir /var/lib/docker/volumes/kaliintelsuite_kis_data/_data/scan1

# Copy the XML output file of Nmap to the newly created engagement directory
sudo cp nmap-tcp.xml /var/lib/docker/volumes/kaliintelsuite_kis_data/_data/scan1

If we are working on Microsoft Windows, then we have to replace the above path by:

\\wsl$\docker-desktop-data\version-pack-data\community\docker\volumes\docker_kis_data\_data\scan1

Import the Nmap scan results into KIS:

If we import a single XML file, then the following command is sufficient:
```
docker exec -it kaliintelsuite kismanage scan -w $ws --nmap /kis/scan1/nmap-tcp.xml -s Open Closed
```
Note that the following command only imports open and closed ports as specified by option -s.

If we import several XML files, then the following command is better:

docker exec -it kaliintelsuite bash                                                                     
(.venv) kis_shell> kismanage scan -w $ws --nmap /kis/scan1/*.xml -s Open Closed
[...]
(.venv) kis_shell> exit

Note that the following command only imports open and closed ports as specified by option -s.

Nessus

Export the Nessus database (XML format) from Nessus.
Copy the Nessus database file to the Docker container volume kis_data. Refer to step 1 of the Nmap use case for more information.
Import the Nessus scan results into KIS:

If we import a single Nessus file, then the following command is sufficient:

docker exec -it kaliintelsuite kismanage scan -w $ws --nessus /kis/scan1/nessus-results.nessus

If we import several Nessus files, then the following command is better:

docker exec -it kaliintelsuite bash                                                                     
(.venv) kis_shell> kismanage scan -w $ws --nessus /kis/scan1/*.nessus
[...]
(.venv) kis_shell> exit

Home
Installation
- Installing KIS
- Updating KIS
  - Updating KIS database
Overview
- Scoping in KIS
- List of Collectors
Use Cases

Provide feedback

Saved searches

Use saved searches to filter your results more quickly