PentestBox - portable assembly of popular security utilities

To date, the most popular penetration testing distributions are * nix-like distributions: Kali Linux , BlackArch Linux, Pentoo, Whonix and many others. They can be used both in a virtual environment and as a live system or be installed as a desktop OS in general.

Windows users were until recently deprived (virtual machines are not taken into account) with such assemblies until the magic box appeared - PentestBox .


')
PentestBox is not like other security distributions that run on virtual machines. The idea of ​​its creation was visited by the author Aditya Agrawal after studying statistics - more than 50% of users who downloaded distributions used Windows:

• Samurai Web Testing Framework - 66% downloaded.
• Santoku Linux - 60% downloaded.
• Parrot OS - 59% downloaded.

What makes PentestBox different?

Simple to use. Download 2.5 gigabytes from the site, unpack and everything is ready for use. Not as demanding as a virtual machine instance. No dependencies, all utilities, standard commands - everything is installed. Also, Mozilla Firefox is installed with the most popular add-ons for auditing web applications .

PentestBox is pretty easy to customize - add the utilities you need to python / ruby ​​/ executable file and prescribe aliases. Updates also do not make any difficulties. The interface is designed as a command line with a “classic” green font on a black background, old school.



PentestBox contains a fairly large number of popular tools that facilitate the process of penetration testing. Utilities are divided into groups, which facilitate their search and use - from information gathering and intelligence, web scanners, bruteforce utilities, to utilities for analyzing Android applications, and Wi-Fi.

The assembly does not contain one of the main "combines" used by security specialists and hackers - the Metasploit framework. The author indicates that for installation, there is a fully working Windows version of this product, which perfectly fulfills its purpose in its native form.

The utility author’s website is presented by sections, there are overlapping positions, so I placed the utilities, classifying them according to the use / impact method. Some utilities on the original site contain incorrect links / descriptions, keep this in mind.

Collection and analysis of information

This section contains utilities for preliminary research purposes.

dirs3arch - bruteforce (dictionary search) directories and file names.

nikto is a utility for finding and operating known vulnerabilities and incorrect configuration of a web server.

DirBuster is a multithreaded directory and file scanner.

Angry IP Scanner - easy to use IP / port scanner.

dnsrecon is a utility that facilitates the collection of information about the DNS of the system under investigation

Instarecon - automation of preliminary reconnaissance of the server under investigation - zone dns, whois, shodan and google queries to search for possible targets for an attack.

Knock - search for possible subdomains in the dictionary.

Nmap is a network mapper, the most powerful port scanner. Many modes and uses. Legend of hack software.

SnmpWalk - find and identify SNMP devices.

SSLyze - identify SSL configuration errors.

SSLScan is the robustness of the SSL / TLS algorithms used.

Subbrute - search for possible subdomains in the dictionary and with the help of open DNS resolvers.

Tekdefense-Automater - collect information about the URL / IP address.

The Harvester is a utility for collecting information from the attacked node: email, employee names, hidden resources.

Web Application Audit

This section contains almost all existing popular (open source) utilities for researching vulnerabilities of web applications.

Burp Suite is one of the most popular tools for analyzing web application vulnerabilities. Consists of several modules that complement each other. A handy utility for automation in the "manual" study.

Commix is a simple utility written in python for operating command injection attacks.

dirs3arch - bruteforce (dictionary search) directories and file names.

fimap - search and exploit vulnerabilities Local File Include / Remote File Include. May use google dork.

Golismero is a web application testing framework.

IronWasp is a framework for searching for vulnerabilities, elevating privileges. Contains a module to attack the web interfaces of WiFi routers.

jSQL is a lightweight utility for sql-injection operation.

PadBuster is a utility for operating Padding Oracle Attack .

SqlMap is a Swiss army knife operating sql-injection.

Vega is a platform for testing web application security, there is a GUI.

Wpscan is one of the most popular tools for finding vulnerabilities on WordPress sites.

Xenotix XSS is a framework for exploiting XSS vulnerabilities.

Yasuo is a small ruby ​​script for exploiting server platform vulnerabilities.

Zaproxy - Zed Attack Proxy is one of the most popular tools for auditing web applications.

Beef Project is a powerful utility for executing various attacks exploiting XSS vulnerabilities.

Password Recovery Tools

Here are collected popular tools for selecting passwords for online services and means of decrypting (selecting) hashes.

CryptoHaze is a fast, CUDA-based and OpenCL-based utility for selecting MD5, SHA1, LM, NTLM hashes.

Findmyhash is a utility for searching hashes using several online services.

HashIdentifier is a utility for determining the type of hash.

Hashcat is one of the fastest utilities (CPU) for selecting a password from a hash.

John the Ripper is one of the most well known multiplatform password retrieval utilities.

Patator is a popular utility for selecting passwords to ftp / ssh / mysql / http and many others.

RainbowCrack - a utility for selecting passwords using rainbow tables .

THC Hydra is one of the oldest and most effective utilities for password selection ftp / ssh / mysql / http and many others.

Android security

Several utilities and frameworks for analyzing applications of one of the most popular mobile operating systems.

Androguard is a utility for analyzing malware applications.

Androwarn is a utility for detecting potentially malicious application behavior.

ApkTool - analysis of encrypted resources, rebuilding, debugger.

dex2jar - converter .dex> .class

drozer is one of the popular frameworks for finding vulnerabilities in Android applications and devices.

Introspy is a utility for analyzing and identifying potential vulnerabilities.

JD-GUI - GUI utility for analyzing java sources of .class files.

Pidcat is a utility for analyzing and ranking log files.

Jad is a console utility for extracting source code from .class files.

Smali / Baksmali is a tool for analyzing and working with dalvik instances.

Stress testing

Utilities impact on attacked applications and devices.

Doona is a utility for checking applications for buffer overflow.

Termineter is a framework for testing measuring instruments that work according to the C1218 and C1219 protocols.

THC-SSL-DOS is a utility for testing server configuration for SSL renegotiation .

Forensic

Utilities for collecting “digital evidence”, forensic analysis, collecting evidence.

Autopsy - framework for extracting deleted files, surfing the web, etc.

Bulk Extractor - scanning and analyzing files, folders, and building histograms from the received data.

CapTipper - detecting malicious HTTP traffic, analyzing .pcap files.

DumpZilla is a utility for extracting information from the Firefox, Iceweasel and Seamonkey browsers.

Loki is a utility for detecting the presence of a so-called. digital weapons and harmful code distributed during APT ( targeted attacks ).

PDF tools - search and detection of suspicious objects in PDF documents, analysis of PDF elements.

PeePDF - analysis of objects, elements and streams contained in PDF files.

Origami is a utility for analyzing and working with infected pdf (used for drive-by attacks).

pype32 , pyew , pedump - utilities for working with PE / PE + files.

RAT Decoders - extracting configuration data from popular remote control systems (here in the context of backdoors).

rekall is a utility for extracting and analyzing information from RAM.

Volatility is a powerful framework for collecting and analyzing artifacts extracted from RAM.

WiFi

Utilities for attacking wireless networks. (Conducting such attacks in the Win environment is rather doubtful, substantial dances with a tambourine may be required, I warned you :)

Aircrack-ng is a package of utilities for monitoring, analyzing and attacking the wireless networks around you.

Wifi Honey is a utility for creating Rogue AP - fake access points .

miscellanea

In this section, everything else, mainly for local attacks.

SET - Social Engineer Toolkit, a platform for conducting sociotechnical attack methods.

SSlStrip is a downstream proxy server for intercepting HTTPS traffic.

Responder is a fake server for intercepting HTTP / SMB / MSSQL / FTP / LDAP authorizations.

UrlCrazy is a utility for phishing attacks.

Wireshark is a powerful traffic analyzer (sniffer).

LaZagne is a utility for extracting locally stored passwords - from browsers, ftp-clients, WiFi and other things.

JavaSnoop is a utility for testing Java applications.

OLLY Debugger - Win32 debugger with a huge number of necessary functions, plug-ins and settings.

Radare2 - a set of utilities for working with binary data, reversing.

DNSChef - DNS proxy to intercept and filter requests.

Ettercap is a network sniffer with the possibility of attacks on changing ARP table entries.

Conclusion

The project is very promising in view of the ability to add your own modules and a good initial set of opensource / free tools. You can work quite comfortably in this ecosystem - there is an atom, vim, browser, most linux commands work. If it is too redundant for you, you can customize it to your liking, leaving and adding only the tools you need that you can always have on hand, for example, on a USB flash drive.