Skip to content

MÓDULO KALI.Art + DoYour.Art — primer

Help Center primer for the offensive testing suite. Pairs with ADR 0025.

What it is

Two complementary MÓDULOs for offensive (red-team) testing through your DUT:

  • KALI.Art — full Kali Linux pen-test pod (600+ tools)
  • DoYour.Art — operator-crafted custom tests (Scapy / Go / PCAP)

Both are Team+ tier-gated and run in gVisor sandboxes for defense in depth.

When to use which

Use KALI.Art when...

  • You need standard pen-test tools (nmap, sqlmap, hydra, metasploit)
  • You want a real Kali rolling distro experience
  • You need 600+ tools available, not curated
  • You want browser-accessed terminal (ttyd) + GUI tools (noVNC)

Use DoYour.Art when...

  • You're crafting custom packets / traffic patterns Kali doesn't have
  • You want to share / fork your scenario with the community
  • You're testing a DUT response to specific Scapy-crafted edge cases
  • You're replaying a captured PCAP with header modifications

KALI.Art access

Element Value
Slot OOBI .82
URL https://dashboard.tlsstress.art/admin/kali
UI ttyd terminal in browser (port 7681) + noVNC (port 6080)
Persistent home kali-home PVC per operator

Bundled tools include nmap, masscan, sqlmap, hydra, john, hashcat, metasploit-framework, set, burp suite, wireshark, tcpdump.

AI Companion (K-13)

Sidebar in the terminal UI runs an MCP-based AI companion that watches your terminal output + can suggest next commands. Default backend: Claude (when Internet available via OBP). Air-gap fallback: Ollama with Llama 3.3 / Mistral / WhiteRabbitNeo.

Tool Quick-Launch (K-14)

Curated panel — 5 categories × 4-5 tools each. One click loads the tool with sane defaults. Useful for operators who want speed over flexibility.

DoYour.Art access

Element Value
Slot OOBI .81
URL https://dashboard.tlsstress.art/admin/doyour
UI Art Studio with 3 modes
Free tier 1 piece per 5 min
Premium unlimited (Team+ minimum)

3 modes

  1. Scapy mode — drag-drop or write Scapy snippets. Run against synthetic personas; capture DUT response.
  2. Go embed mode — Go playground-style UI. Write gopacket-based traffic generators. Compiled in sandbox + executed.
  3. PCAP replay mode — upload a PCAP, modify L2/L3/L4 headers via UI, replay through DUT.

Share your pieces or fork community pieces. Default visibility: your team. Public visibility opt-in.

Hard rules (both MÓDULOs)

  1. gVisor sandbox mandatory (defense in depth above K8s pod isolation)
  2. NetworkPolicy ferro — MÓDULOs cannot reach Internet directly; all egress via CLONER (audit logged)
  3. DOM-awareproduction mode hard-blocks both unless DDPB chain unlock + audit reason
  4. Token escrow for DoYour.Art (see token economy when published)
  5. Audit log mandatory + encrypted at rest with 90-day retention

DUT response auto-capture

When you run a test from KALI or DoYour, SPAN.Art captures the wire-side DUT response in parallel. The result appears as an annex in your PDF report:

Annex K — Offensive Test
├ Test command (KALI nmap output OR DoYour piece)
├ DUT response (NGFW logs from SYSLOG.Art)
├ Wire trace (SPAN.Art TLS/HTTP metadata)
├ Cross-correlation summary
└ Audit hash

Common workflows

KALI nmap + report into PURE Discovery Hub

  1. Open KALI terminal
  2. nmap -sV --top-ports 100 <persona-IP> — basic service scan
  3. Output lands in /output/nmap.json
  4. Click "Import to Discovery Hub" → URLs flow into PURE pipeline as source #8 (KALI nmap import)

DoYour Scapy DUT edge case

  1. Open DoYour Art Studio → Scapy mode
  2. Write packet: IP(dst="...")/TCP(sport=12345, dport=80, flags="SF")/Raw(load="...")
  3. Send → DUT response captured
  4. Save as community piece → others can fork

Air-gap KALI with local LLM

  1. Operator chose air-gap install → Ollama sidecar deployed (K-15)
  2. AI Companion uses local LLM (Llama 3.3 / Mistral / WhiteRabbitNeo)
  3. Suggestions less polished than cloud LLM but functional offline

Common questions

Why Team+ tier-gated? Offensive tools require more careful operator authorization. Free tier is read-only telemetry; paid tiers unlock state-changing operations.

Can I install custom Kali tools? Yes — kali-home PVC is yours. apt install your favorites. They persist across sessions.

What's the gVisor performance overhead? ~10% for I/O-heavy workloads. Negligible for CPU-bound tools (nmap, hashcat).

Does production mode really block KALI? Yes — explicitly hard-blocked. KALI/DoYour are categorically destructive; running them on a production DUT requires DDPB unlock + audit reason + acceptance of risk.