unman has provided templates for Kali-enthusiasts to QubesOS (v. 4.1 only) and you need to enable the repository in /etc/qubes/repo-templates/qubes-templates.repo. The mentioned command using “enable-repo …” mentioned in the forum did not work for me, so I had to edit the 1 directly in the file 🙂
Edit the repo-file:
Install the template:
Then I created an AppVM based on the Kali template and vupti, everything works perfectly.
That is except for reverse shell 🙂
I had an issue with reverse shell’s not working on Qubes Kali AppVM, due to firewall restrictions even though I disabled the firewall following these instructions(Spoiler:NOT working in Qubes AppVM).
I got no SYN-ACK to my SYN’s, and with the firewall “disabled” I tried searching elsewhere for answers. It turned out that disabling the local firewall in Kali is not enough and I am afraid to mess up security by following the guides incorrectly.
To resolve the issue, clean out the firewall rules on the local AppVM (or template VM for persistance):
I did this once before on Qubes 4.0 with help From Frédéric Pierret, but left Qubes on my NUC for Xubuntu due to too many issues with hardware. Intel NUC is not overly Linux friendly friendly. Microsoft is their primary focus.
Then today(of all days) I snuck an install of the promising Qubes 4.1rc3 on the box, and if started with a single error during final install [Start failed: internal error: Unable to reset PCI device 0000:00:1f.6: no FLR, PM reset or bus reset available, see /var/log/libvirt/libxl/libxl-driver.log for details”:
No networking was available upon startup. Disabling the PCI device in question [00:1f.6 Ethernet Controller….] in sys-net, made booting of sys-net possible and luckily wifi worked out-of-the-box.
Hope the above solution might help others in same situation.