Snapshotting and Committing a Live Custom Docker Image

This walkthrough shows a simple way to take a running Kali container, install what you need, and then “freeze” it into a reusable Docker image with docker commit. It is not the cleanest method (a Dockerfile is better for repeatability), but it is quick and works well for a personal lab image.

1) Start a Kali container and mount a workspace

Create a container and mount a local folder into the container so you have a place to keep scripts and notes.

docker run -it --name kali-ready-lab \
  -v ~/kali-lab-docker:/root/lab \
  kalilinux/kali-rolling bash

• --name kali-ready-lab gives you a predictable container name for later commit.

• -v ~/kali-lab-docker:/root/lab keeps your lab folder persistent on the host.

2) Create the setup script inside the container

Inside the Kali shell:

apt install nano
nano setup-kali.sh

Paste the script below and save it:

#!/usr/bin/env bash

set -e

# Avoid interactive debconf prompts inside the container
export DEBIAN_FRONTEND=noninteractive

echo "[*] Updating package lists..."
apt update

echo "[*] Upgrading system packages..."
apt -y full-upgrade

# Default to the standard Kali toolset meta package
TOOLS_PACKAGE="${1:-kali-linux-default}"

echo "[*] Installing Kali tools package: ${TOOLS_PACKAGE} ..."
if ! apt install -y "${TOOLS_PACKAGE}"; then
    echo "[!] Failed to install ${TOOLS_PACKAGE}."
    echo "[!] Here are some common Kali meta packages you can try instead:"
    apt-cache search '^kali-linux-' | head -n 20 || true
    exit 1
fi

echo "[*] Completed successfully."

3) Run it

chmod +x setup-kali.sh
./setup-kali.sh

This will update the package lists, upgrade the base system, then install the Kali meta package (kali-linux-default by default).

4) Exit the container and snapshot it into a new image

Exit the container:

exit

On the host, commit the container into a new image:

docker commit kali-ready-lab my-kali-fullv:lab

Confirm it exists:

docker image ls

IMAGE                           ID             DISK USAGE   CONTENT SIZE   EXTRA
kalilinux/kali-rolling:latest   c931576bf792        121MB             0B    U
my-kali-fullv:lab               0545b7625fa0       11.8GB             0B
uzyexe/nmap:latest              1166ff5a6b0a       18.5MB             0B


docker ps -a
CONTAINER ID   IMAGE                    COMMAND   CREATED       STATUS                      PORTS     NAMES
9459f2077bdc   kalilinux/kali-rolling   "bash"    2 hours ago   Exited (0) 33 minutes ago

When you are done with the old container, remove it:

docker rm kali-ready-lab

5) Run your new image

Basic run:

docker run -it --rm my-kali-fullv:lab bash

If you hit capability or sandbox restrictions (common when running certain tools), start it with fewer guardrails:

docker run -it --rm \
  --privileged \
  --security-opt seccomp=unconfined \
  --name kali-full \
  my-kali-fullv:lab bash

Notes worth knowing

• docker commit captures the container filesystem state, not the history of how you got there. Great for speed, not great for documentation or rebuilding later.

• --privileged and seccomp=unconfined reduce isolation. Use it only when you need it, and avoid it on production machines unless you enjoy explaining incidents.

• If you want the “clean” version later: convert this into a Dockerfile so the image build is repeatable and reviewable.