Kasm is a web application security research and testing tool.
Kasm Workspaces is DaaS (Desktop as a Service) using Docker containers instead of virtual machines.
This promising project has already gained popularity in the circles of security researchers and developers.
In this article, I will tell you about the main features of this tool.
VDI
VDI, or Virtual Desktop Infrastructure, is a virtual desktop infrastructure. To the undeniable advantages of VPM (VDI)
From the point of view of IT in a corporate environment, it can be attributed to:
– safety
– savings on licenses
– automation (control and installation of software and updates)
There are also disadvantages worth mentioning. Most products on the VDI market (VMware, Citrix and others) are designed for large businesses,
which means an appropriate licensing policy and a closed codebase.
Kasm
Kasm, unlike corporate VDI systems, is designed to solve completely different problems.
If you list the main features, then these are:
With NVIDIA GPU support, Kasm can be used to centrally manage remote developer and data engineer workspaces.
Trainings and educational courses – easy access through a web browser is a huge plus.
Security research, bag hunting and manual testing of web applications.
The project is commercial, but with a completely open code base, generous licensing (no more than 5 open sessions at the same time in the free version)
and a number of unique features, so it’s not a sin to make a small advertisement for it.
Technologies
Kasm did not invent anything revolutionary, systems like Apache Guacamole designed for streaming remote desktops through a browser,
well known to those skilled in the art.
There is nothing groundbreaking in using Docker containers to isolate GUI applications either:
https://www.digitalocean.com/community/tutorials/how-to-remotely-access-gui-applications-using-docker-and-caddy-on-ubuntu-20-04
But Kasm managed to put all these components together into a single platform, with a nice web interface for administration and API.
https://github.com/kasmtech/KasmVNC
Possibilities
After installing Kasm, the user is given access to dozens of base Docker images right out of the box.
which include the full version of Kali Linux, Chrome:
and other images:
It is possible to add your own images or customize existing ones.
Through the web console, you can add files (for example, scripts for testing),
which, when the desktop starts, will be mounted to the container:
For example, a script to discover kube-apiserver:
Installing Kasm
Download Docker Kasm Workspaces images, this may take 10-15 minutes:
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.13.1.421524.tar.gz
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_service_images_amd64_1.13.1.421524.tar.gz
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_workspace_images_amd64_1.13.1.421524.tar.gz
Unpack the downloaded archive:
tar -xf kasm_release_1.13.1.421524.tar.gz
We start the installation process in offline mode:
sudo bash kasm_release/install.sh --offline-workspaces /tmp/kasm_release_workspace_images_amd64_1.13.1.421524.tar.gz --offline-service /tmp/kasm_release_service_images_amd64_1.13.1.421524.tar.gz
Press the Y key to accept the user agreement:
Installation may take 10-15 minutes:
After installation, passwords for default accounts will be automatically generated. Copy them:
Log in to the Kasm web console using the administrator account (admin@kasm.local):
https://
Find out the IP address of the server:
hostname --ip-address
This message means that Kasm is using a self-signed certificate. You need to skip the verification by clicking “Trust this website”:
At this point, you need to use the administrator credentials generated by the installation script to log in:
Control Panel:
Sign up for a course “Basic Kubernetes”.
