Running Kali Linux with Apple Container on ARM-based Macs
Overview
In 2026, Apple computers powered by Apple Silicon handle Kali Linux virtualization really well. That said, in penetration testing scenarios, there are situations when you just need to spin up Kali quickly and use a specific tool without the overhead of launching a full virtual machine.
That’s where containerization comes in. Instead of relying on heavyweight VMs, you can use a much lighter and faster approach. In this post, I’ll walk you through how to set up Apple Container for Kali Linux and create handy aliases, so managing your containers becomes a matter of seconds.
Preparation
First things first, you’ll need to install Apple Container. The easiest way to do that is via Homebrew:
brew update && brew install container
Now that we have Apple Container installed, we can move on to setting up the script needed for quick and efficient Kali management.
Script
Configuration of the Kali Linux container:
- CPU allocation: 4
- Memory allocation: 4 GB
- Shared directory mounted between macOS and the container for seamless file access and exchange
Basically, the only thing you need to adjust in the script is the SHARE_PATH variable. Just replace the existing value with the path to a directory on your Mac. This variable defines the shared directory between macOS and the Kali Linux container, and it will serve as the container’s main working directory.
#!/bin/bash
CONTAINER_NAME="kali"
CONTAINER_CPUS="4"
CONTAINER_MEMORY="4096m"
SHARE_PATH="$HOME/share-container"
kali_install() {
container rm $CONTAINER_NAME 2>/dev/null
container image rm kalilinux/kali-rolling 2>/dev/null
container run --interactive --tty --name $CONTAINER_NAME --volume "$SHARE_PATH:/share" --workdir "/share" --cpus $CONTAINER_CPUS --memory $CONTAINER_MEMORY kalilinux/kali-rolling
}
kali_start() {
container start $CONTAINER_NAME --interactive
}
kali_shell() {
container exec --interactive --tty $CONTAINER_NAME /bin/bash
}
container system start || true
if [ ! -d "$SHARE_PATH" ]; then
mkdir -p "$SHARE_PATH"
fi
case "$1" in
install)
kali_install
;;
start)
kali_start
;;
shell)
kali_shell
;;
esac
Save this script as kali-container.sh and place it in a directory of your choice, e.g. ~/Scripts.
Configuration
Aliases
The only thing left to do is create aliases. Below is the list of aliases and what each one does:
kali-install- removes existing container and image files (if any), pulls the latest image, creates a new container with the parameters defined in the script, and then starts it,kali-start- starts the container (if it was previously created using kali-install),kali-shell– opens an additional shell inside the currently running container.
Add aliases at the end of your .zshrc file (remember to adjust the script path):
alias kali-install="~/Scripts/kali-container.sh install"
alias kali-start="~/Scripts/kali-container.sh start"
alias kali-shell="~/Scripts/kali-container.sh shell"
Fresh container script
If you have tools that you frequently use and want to install quickly after creating a new version of the container, it’s worth creating a script called, for example, start.sh, and placing it in the shared directory.
Every time you remove and pull a fresh version of Kali Linux, you can simply run this script to install everything you need right away.
An example script is shown below.
#!/bin/bash
apt update && apt install -y ca-certificates git curl vim wget && update-ca-certificates
Final words
And that’s pretty much it. You now have a quick and lightweight way to run Kali Linux on Apple Silicon without spinning up a full VM every time.
Feel free to tweak the setup, add your own tools, and adapt it to your workflow. The goal is speed and convenience during real-world pentesting work.
