Setting Up a Kali Linux VM on Debian Using QEMU/KVM

I had an old mini server collecting dust under my desk. Still reliable, still quiet — perfect for small lab testing.

So I decided to repurpose it as a KVM host and spin up a Kali Linux VM for penetration testing and security experiments.

The host runs Debian 12, and I manage it remotely over SSH from my laptop.

Since it has limited space under /, I use /home/nour for my VM images — it’s larger and keeps things clean.

This guide walks through creating a headless Kali VM with QEMU/KVM, UEFI boot, and a bridge network (br0) so it can access the LAN directly — all without locking yourself out.

Step 1 — Install Required Packages

Update your Debian host and install the base virtualization stack:

sudo apt update
sudo apt install -y qemu-system-x86 libvirt-daemon-system libvirt-clients bridge-utils virt-manager ovmf

Package overview

• qemu-system-x86 — QEMU hypervisor for x86 virtual machines
• libvirt-daemon-system & libvirt-clients — Libvirt service and command-line utilities (e.g., virsh, virt-install)
• bridge-utils — Tools for creating and managing Linux bridge interfaces
• virt-manager — Optional GUI; useful if you later enable X11/VNC
• ovmf — UEFI firmware required for modern guest OS boot

Step 2 — Download the Kali Linux Installer ISO

You can grab the latest release directly:

cd /home/nour/vm/kali
wget https://cdimage.kali.org/kali-2025.3/kali-linux-2025.3-installer-amd64.iso

Step 3 — Verify Networking and Bridge Setup

In my case, I had already set up a bridge interface (br0) earlier while preparing this server for lab use.

It allows virtual machines to appear as regular devices on the LAN — perfect for Kali, which needs full network visibility for testing and scanning.

If you haven’t configured one yet, check out my previous write-up on Linux networking and bridge setup (link) — it walks through creating br0 safely and understanding how Linux network services work.

Before attaching your VM, confirm what’s managing your host’s interfaces:

systemctl is-active systemd-networkd
systemctl is-active NetworkManager

On most Debian 12 servers, systemd-networkd handles the configuration.

You can check details with:

networkctl status

Example output:

2: enp3s0
      Type: ether
     State: routable (configured)
      Path: pci-0000:03:00.0
    Driver: igc
    Master: br0
    Address: 192.168.70.82/24
    Gateway: 192.168.70.254

Step 4 — Create the Kali Disk Image

Use the efficient qcow2 format:

qemu-img create -f qcow2 /home/nour/vm/kali/kali-new.qcow2 40G

This creates a sparse, grow-on-demand disk up to 40 GB.

Step 5 — Install Kali Linux with Virt-Install

Now you’re ready to boot the installer in headless mode:

virt-install \
  --name kali \
  --memory 4096 \
  --vcpus 4 \
  --cdrom /home/nour/vm/kali/kali-linux-2025.3-installer-amd64.iso \
  --disk path=/home/nour/vm/kali/kali-new.qcow2,format=qcow2,bus=virtio \
  --network bridge=br0,model=virtio \
  --graphics vnc,listen=0.0.0.0 \
  --boot uefi

This will start the VM and open a VNC session on your Debian host.

Step 6 — Connect via SSH Port Forwarding

Since this is a headless setup, you’ll view the installer remotely using VNC over SSH.

From your laptop:

ssh -L 5900:127.0.0.1:5900 [email protected]

Then open your favorite VNC client (mine is Realvnc)and connect to:

localhost:5900

You should now see the Kali graphical installer.

Step 7 — Post-Install and Autostart

After installation completes:

virsh list --all
virsh start kali
virsh autostart kali

The VM will now boot automatically with your host.

Bonus — Handy QEMU & Networking Commands

# Check all active VMs
virsh list --all

# Stop or start a VM
virsh shutdown kali
virsh start kali

# View VNC display port
virsh vncdisplay kali

# Inspect bridge interfaces
ip -br addr show
bridge link show


# View link status and errors
ethtool enp3s0
ethtool -S enp3s0 | grep -i error

# Display libvirt logs (if VM fails to start)
journalctl -u libvirtd -xe

Closing Thoughts

Setting up Kali Linux under QEMU/KVM is surprisingly smooth once you understand how Linux networking ties everything together.

By combining a bridge interface, UEFI boot, and VNC access via SSH, you get a fast, secure, headless lab that behaves just like a real workstation on your LAN.