Bento – A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications
A bento (弁当, bentō) is a solitary-part consider-out or residence-packed meal of Japanese origin.
Bento Toolkit is a basic and minimal docker container for penetration testers and CTF players.
It has the portability of Docker with the addition of X, so you can also run GUI software (like burp).
Conditions
To operate bento you want Docker and a Xorg server on your host equipment. On Home windows you can use vcxsrv, xming, cygwin.
We examined this config with vcxsrv and cygwin.
vcxsrv: just get started XLaunch and adhere to the setupcygwin: you have to put in xorg 1st, then start out XLaunch.
Installation
git clone https://github.com/higatowa/bento && cd ./bento- deliver keypair and put
licensed_keys, that contains your general public important, in./keys. docker make -t bento .- Considering that we require to ahead X to our machine we need 1st to get its ip, and then to execute:
docker run --cap-include=Web_ADMIN --machine /dev/net/tun --sysctl web.ipv6.conf.all.disable_ipv6= -p 22:22 -d bento - Connect via ssh to the docker equipment and forward port 6000 (Xorg) with
ssh -R 6000:localhost:6000 -L 8080:localhost:8080 tamago@bentoip - On 1st login you will be asked to alter the password.
For GUI equipment just run them from the terminal:
Present-day instruments and utilities
We never like bloated distros so we are maintaining this container as negligible as feasible, adding only tools helpful for web and infrastructure PT and CTF but, try to remember, we are always open to tips.
Right here is a record of resources and utilities: burp suite, gobuster, seclist, odat, impacket, sqlmap, sqlplus, mysql-consumer, openvpn, bytecode-viewer, ghidra.
