diff --git a/converge.yml b/converge.yml
index e6e3a0f8..55e2264f 100644
--- a/converge.yml
+++ b/converge.yml
@@ -30,19 +30,19 @@
     - name: ClamAV
       ansible.builtin.import_tasks: tasks/clamav.yml
       # Slackware has ClamAV in SBo
-      when: ansible_distribution == "Debian"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
     - name: AIDE
       ansible.builtin.import_tasks: tasks/aide.yml
-      when: ansible_distribution == "Debian"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
     - name: Debian packages
       ansible.builtin.import_tasks: tasks/debian_packages.yml
     # rkhunter needs to be ran after Debian packages, as it installs usbguard which affect rkhunter.conf
     - name: rkhunter
       ansible.builtin.import_tasks: tasks/rkhunter.yml
-      when: ansible_distribution == "Debian"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
     - name: Lynis
       ansible.builtin.import_tasks: tasks/lynis.yml
-      when: ansible_distribution == "Debian"
+      when: ansible_distribution == "Debian" or ansible_distribution == "Kali"
     - name: Banners
       ansible.builtin.import_tasks: tasks/banners.yml
     - name: PAM
@@ -60,7 +60,7 @@
     - name: Misc
       ansible.builtin.import_tasks: tasks/misc.yml
       # Debian Docker image does not have systemd (and systemctl)!
-      when: ansible_distribution != "Debian"
+      when: ansible_distribution != "Debian" and ansible_distribution != "Kali"
     - name: Cgroup
       ansible.builtin.import_tasks: tasks/cgroup.yml
     - name: Display manager
diff --git a/molecule/kali/create.yml b/molecule/kali/create.yml
new file mode 100644
index 00000000..1b028745
--- /dev/null
+++ b/molecule/kali/create.yml
@@ -0,0 +1,79 @@
+- name: Create
+  hosts: localhost
+  gather_facts: false
+  vars:
+    molecule_inventory:
+      all:
+        hosts: {}
+        molecule: {}
+  tasks:
+    - name: Create a container
+      community.docker.docker_container:
+        name: "{{ item.name }}"
+        image: "{{ item.image }}"
+        state: started
+        command: sleep 1d
+        log_driver: json-file
+      register: result
+      loop: "{{ molecule_yml.platforms }}"
+
+    - name: Print some info
+      ansible.builtin.debug:
+        msg: "{{ result.results }}"
+
+    - name: Fail if container is not running
+      when: >
+        item.container.State.ExitCode != 0 or
+        not item.container.State.Running
+      ansible.builtin.include_tasks:
+        file: tasks/create-fail.yml
+      loop: "{{ result.results }}"
+      loop_control:
+        label: "{{ item.container.Name }}"
+
+    - name: Add container to molecule_inventory
+      vars:
+        inventory_partial_yaml: |
+          all:
+            children:
+              molecule:
+                hosts:
+                  "{{ item.name }}":
+                    ansible_connection: community.docker.docker
+      ansible.builtin.set_fact:
+        molecule_inventory: >
+          {{ molecule_inventory | combine(inventory_partial_yaml | from_yaml, recursive=true) }}
+      loop: "{{ molecule_yml.platforms }}"
+      loop_control:
+        label: "{{ item.name }}"
+
+    - name: Dump molecule_inventory
+      ansible.builtin.copy:
+        content: |
+          {{ molecule_inventory | to_yaml }}
+        dest: "{{ molecule_ephemeral_directory }}/inventory/molecule_inventory.yml"
+        mode: "0600"
+
+    - name: Force inventory refresh
+      ansible.builtin.meta: refresh_inventory
+
+    - name: Fail if molecule group is missing
+      ansible.builtin.assert:
+        that: "'molecule' in groups"
+        fail_msg: |
+          molecule group was not found inside inventory groups: {{ groups }}
+      run_once: true # noqa: run-once[task]
+
+# we want to avoid errors like "Failed to create temporary directory"
+- name: Validate that inventory was refreshed
+  hosts: molecule
+  gather_facts: false
+  tasks:
+    - name: Check uname
+      ansible.builtin.raw: uname -a
+      register: result
+      changed_when: false
+
+    - name: Display uname info
+      ansible.builtin.debug:
+        msg: "{{ result.stdout }}"
diff --git a/molecule/kali/molecule.yml b/molecule/kali/molecule.yml
new file mode 100644
index 00000000..6530e87e
--- /dev/null
+++ b/molecule/kali/molecule.yml
@@ -0,0 +1,13 @@
+dependency:
+  name: galaxy
+  options:
+    requirements-file: requirements.yml
+platforms:
+  # https://www.kali.org/docs/containers/official-kalilinux-docker-images/
+  - name: molecule-kali
+    image: kalilinux/kali-rolling
+provisioner:
+  name: ansible
+  # This playbook needs to reside in the project root directory so that the all the files and templates are found properly
+  playbooks:
+    converge: ../../converge.yml
diff --git a/molecule/kali/prepare.yml b/molecule/kali/prepare.yml
new file mode 100644
index 00000000..d67e0088
--- /dev/null
+++ b/molecule/kali/prepare.yml
@@ -0,0 +1,7 @@
+---
+- name: Prepare
+  hosts: molecule
+  gather_facts: false
+  tasks:
+    - name: Install Python, python3-apt & Sudo
+      ansible.builtin.raw: apt-get update && apt-get install -y python3-minimal python3-apt sudo