Jump to content
Nytro

PenTBox

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

PenTBox

PenTBox is a security suite that can be used in penetration testing engagements to perform a variety of activities.Specifically these activities include from cracking hashes,DNS enumeration and stress testing to HTTP directory brute force.In this article we will see this tool in action and what kind of results we can have.

pentbox.png?w=645

PenTbox – Menu

Cryptography Tools

PenTBox currently includes the following four cryptography tools:

  1. Base64 Encoder & Decoder
  2. Multi-Digest
  3. Hash Password Cracker
  4. Secure Password Generator

Especially in web application penetration tests we often discover encoded Base64 strings.Such strings can contain important information that’s why we need to have a decoder in our tool repository.Many tools now have integrated a Base64 Encoder-Decoder like Burp but PenTBox has also a Base64 decoder in his suite.

1.png?w=645&h=244

Base64 Encoder-Decoder

In case that we have obtain a password hash PenTBox provides a module that can crack different types of password hashes.The Hash Password Cracker can crack common password hashes very fast so it is a good practice to try it in any case.In the next image we can see that the Hash Password Cracker has managed to crack an MD5 hash.

2.png?w=645&h=662

Hash Cracker Module – PenTBox

Network Tools

In this category there are tools for stress testing,fuzzing and information gathering.Specifically the tools that we can find here are the following:

  1. Net DoS Tester
  2. TCP Port Scanner
  3. Honeypot
  4. Fuzzer
  5. DNS and Host Gathering
  6. MAC Address Geo-location

Even though that most penetration testers will use Nmap for their port scanning activities a simple TCP port scanner is available and through PenTBox.

3.png?w=645

PenTBox – TCP Port Scanner

Also a very fast module that can collect information about a specific host can be used for our information gathering activities.A sample of the output of this module can be seen in the next image:

4.png?w=645

DNS & Host Gathering – PenTBox

Web

PenTBox includes also and tools for web reconnaissance.Specifically it contains two tools for directory brute forcing and for discovering common files that exists in web servers.In the next image you can see the directory brute forcing tool in action.

6.png?w=645

Directory Brute Force – PenTBox

Video:

Conclusion

PenTBox is a framework that has written in ruby and offers some good tools that a penetration tester can use in an engagement.Of course there are better and more complex tools that can perform these activities but PenTBox offers the flexibility that contains many tools and it is very easy to use.For that reason this suite recommended for penetration testers with less experience.

Sursa: PenTBox

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...