PentestBox Tools

Below are the tools which are not installed by default in PentestBox.
Tools listed below can be installed via ToolsManager.
To check tools which are already in todo list for addition in ToolsManager, visit todo.pentestbox.org

Exploitation Tools

• clusterd - inclusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack.
  Author: bryan alexander License: MIT

• dnsteal - This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
  Author: Mitch \x90

• jexboss - JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.
  Author: João F M Figueiredo
  License: Apache 2.0

• RouterSploit - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:

  • exploits - modules that take advantage of identified vulnerabilities
  • creds - modules designed to test credentials against network services
  • scanners - modules that check if target is vulnerable to any exploit

  
  Author: Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
  License: BSD

• Weevely - Weevely is a command line web shell dynamically extended over the network at runtime, designed for remote administration and penetration testing. It provides a ssh-like terminal just dropping a PHP script on the target server, even in restricted environments.
  Author: Emilio
  License: GPLv3

Forensics

• Exe2Image - A simple utility to convert EXE files to JPEG images and vice versa.
  Author: Osanda Malith
  

• USBTracker - USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS.
  Author: Alain S.

Information Gathering

• cangibrina - Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt.
  Author: Franco Colombino
  License: GPLv2

• Cloudflare Enumeration Tool - A simple tool to allow easy querying of Cloudflare’s DNS data written in Python.
  Author: Matthew Bryant

• dnstwist - dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered.
  Author: Marcin Ulikowski

• gin - a Git index file parser.
  Author: Sean B. Palmer
  Thanks to Yue Du for providing python2 version of gin.

• gobuster - Alternative directory and file busting tool written in Go. *
  Author: OJ Reeves
  License: Apache 2.0

• ircsnapshot - Tool to gather information from IRC servers.
  Author: Brian Wallace
  License: MIT

• knockpy - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
  Author: Gianni Amato

• masscan - This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.
  Author: Robert David Graham
  License: GNU Affero General Public License version 3

• Metagoofil - Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.This information could be useful because you can get valid usernames, people names, for using later in bruteforce password attacks (vpn, ftp, webapps), the tool will also extracts interesting “paths” of the documents, where we can get shared resources names, server names, etc.
  Author: Christian Martorella
  License: GPLv2

• shocker - A tool to find and exploit servers vulnerable to Shellshock.
  Author: Tom Watson
  License: GPLv3

• Whatportis - a command to search port names and numbers.
  Author: Nicolas Crocfer
  License: MIT

• WhoIs - Whois performs the registration record for the domain name or IP address that you specify.

Password Attack

• CeWl - CeWL is custom wordlist generator.
  Author: Robin Wood
  License: Creative Commons Attribution-Share Alike 2.0

• hashID - Identify the different types of hashes used to encrypt data and especially passwords.
  Author:psypanda

• oclhashcat - Worlds fastest password cracker and only GPGPU based rule engine. There are two version of oclhashcat, one for amd and another one for nvidia.
  

Privacy

• SpoofMAC - Spoof your MAC address.
  Author: Feross Aboukhadijeh

Reverse Engineering

• binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  License: MIT License

Sniffing

• evilfoca - Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
  

• evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.
  Author: Francisco Amato
  

• Intercepter-NG - Intercepter-NG is a multifunctional network toolkit for various types of IT specialists.The main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.

  • Sniffing passwords\hashes of the types: ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\ TELNET\MRA\DC++\VNC\MYSQL\ORACLE\NTLM\KRB5\RADIUS
  • Sniffing chat messages of: ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA
  • Reconstructing files from: HTTP\FTP\IMAP\POP3\SMTP\SMB
  • Promiscuous-mode\ARP\DHCP\Gateway\Port\Smart Scanning
  • Capturing packets and post-capture (offline) analyzing\RAW Mode
  • Remote traffic capturing via RPCAP daemon and PCAP Over IP
  • NAT\SOCKS\DHCP
  • ARP\DNS over ICMP\DHCP\SSL\SSLSTRIP\WPAD\SMB Relay\SSH MiTM SMB Hijack, LDAP Relay, MySQL LOAD DATA Injection
  • ARP Watch, ARP Cage, HTTP Injection, Heartbleed exploit, Kerberos Downgrade, Cookie Killer
  • DNS\NBNS\LLMNR Spoofing
    Author: Intercepter-NG

• Mitmproxy - An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed.
  Author: Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer

• Netcat - Netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP.
  Note: Compiled version taken from here

• NightHawk - Nighthawk is an experimental implementation of ARP/ND spoofing, password sniffing and simple SSL stripping for Windows.
  License: GPLv3

Stress Testing

• LOIC - Low Orbit Ion Cannon - An open source network stress tool, written in C# Based on Praetox’s loic project.
  Author: Jorge Oliveira
  License: Read End User License Agreement
  Note: It requires Microsoft .NET framework Service Pack 1 for functioning. Dowload from here.

Vulnerability Analysis

• dnsteal - This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
  Author: Mitch \x90

• routerhunter - The RouterhunterBR is an automated security tool that finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers.
  Author: Jhonathan Davi

Web Application Analysis

• Arachni - Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.\
  Author: Tasos Laskos
  License: Arachni Public Source License v1.0

• Arachi_web - Web Interface for Arachni Web Scanner. Author: Tasos Laskos
  License: Arachni Public Source License v1.0

• BSQLinjector - BSQLinjector uses blind method to retrieve data from SQL databases.
  Author: Jakub Pałaczyński

• Cansina - Cansina is a Web Content Discovery Application.
  Author: David García
  License: GPLv3

• HQLmap - HQLmap, Automatic tool to exploit HQL injections.
  Author: Paul
  License: MIT

• hsecscan - A security scanner for HTTP response headers.
  Author: Ricardo Iramar dos Santos

• imagejs - Small tool to package javascript into a valid image file.
  License: GPLv3

• LFiFreak - A unique automated LFi Exploiter with Bind/Reverse Shells.
  License: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
  Author: Osanda Malith

• joomlavs - A black box, Ruby powered, Joomla vulnerability scanner.
  Author: Rob
  License: GPLv3

• JoomlaScan - A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.
  Author: Andrea Draghetti
  License: GPLv3

• NoSQLMap - NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.
  

• wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
  Author: Sandro Gauci

• whatweb - WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
  Author: Andrew Horton
  License: GPLv2

• XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  Author: Jakub Pałaczyński

• xssless - An automated XSS payload generator written in python.
  Author: Matthew Bryant

• xsssniper - xsssniper is an handy xss discovery tool with mass scanning functionalities.
  Author: Gianluca Brindisi