23h • General discussion
How I battle tested my latest app, with Kali Linux and Claude
For all of you uber-geeks, script kiddies, wannabe h4x0rs, you'll love this one.
For everyone else, it's a lesson in how important site / app security can be.
Just like the video, I'll start with the tldr;
I built a new app: https://hellomolly.pro
Ran it through some local security audits. Fixed what was found.
Then pulled out the 44 magnum of security testing suites - Kali Linux - plugged Claude into it, and set it loose on HelloMolly.
Found stuff that were critical holes, fixed them.
HelloMolly is locked down.
A few weeks ago, on the AIS+ Saturday Chill Call, mentioned he has "Red Team" commands that he uses for locking down the security of his apps. At the time, I had 2 basic security audit commands that I used. This got me thinking... maybe I should investigate more robust security audits (slash commands). Pulled up Claude.ai and started brainstorming. Ended up with 14 unique (12 new ones plus my original 2) security commands, covering pretty much anything you could think of.
Next, because I've always wanted to play with Kali Linux, but never had a reason to, I popped into Claude Code and started planning how to create and run a "Kali Claude" (my term) instance. I didn't want to partition my primary machine's harddrive and boot into a separate partition, I wanted a bootable USB drive. That way, if things got out of hand, I could just pull the plug... literally. (Just because you're paranoid, don't me they're not after you)
Settled on an external NVMe drive, instead of a USB drive. Biggest reason is speed. NVMe drives are ridiculously fast, so as long as your cable and your port supports the read / write speeds, it's pretty much indistinguishable from your native hard drive.
My laptop and tower both use NVMe drives, so I'm a little spoiled already.
Got a USB drive also to write the ISO to. Then booted into the USB, followed the instructions for installing Kali Linux on a removable device, and about 8 hours later was ready to go to town. It really takes HOURS to set it up. Maybe the USB device was horribly slow, or it's just that big (I think it's 7gb installed). So, be prepared to just walk away while it does what it needs to.
SIDENOTE: you need both a USB drive (8gb is plenty) and the drive you intend to use. Download https://www.kali.org/get-kali/#kali-installer. Use something to extract and write that to the USB drive (I used https://rufus.ie/en/). Boot into the USB drive to install Kali Linux to your NVMe external drive (https://www.amazon.com/s?k=external+nvme+drive). Then go get silly.
Once it was installed, updated, and Claude was installed, we got to penetration testing.
While Kali Claude is doing its thing, it would ask me "Hey, can you paste in the anon key so I can test this..." and my response every time was "No. Go find it yourself. This is meant to simulate a real world attack scenario." Kali Claude's response was "fair enough" and it went to town.
Kali Linux alone is a powerful tool. Couple it with Claude Code and it becomes an absolute terror.
When Kali Claude couldn't access something through normal vectors, it would try a different direction, then if that didn't work, it would install additional tools. Rinse, repeat.
The total time Kali Claude spent attacking HelloMolly was close to two hours.
In the end it found 2 critical items, 2 high priority items, 2 medium and 2 low. See attached report from Kali Claude. I'm not worried about posting it here since these have been plugged, and I'm going to throw Kali Claude against the fixes.
Long story short... if you're not serious about your security, you risk someone else taking advantage of that.
Cheers!
2
2 comments
How I battle tested my latest app, with Kali Linux and Claude
powered by
skool.com/ai-for-life-3967
Claude Code lessons for Mac users. Operators share automation frameworks that work in production. Discover the highest-ROI automation opportunities.
Suggested communities
Powered by