Hi,
This is the first major release of PentestBox. Too much refractoring and structural changes are done. Before talking about new features and changes i would like to share intent behind creating PentestBox.
When i started in infosec, i used to run linux pentesting distro in Virtual Machines. After some time i realised that i only require only very small set of tools, so i searched if they are available on windows or not. Some of them were, but still some important tools were missing. I searched about portability of such tools and found that this problem is not new. Many people want to use those tools directly on windows but there are no ways they can do it. If there are ways, they no longer work.
Above are some of the examples of users requiring support for these awesome projects on windows. So this project was made for fellow users like me who want to use pentesting tools directly on windows operating system.
I would like to thank everyone for their awesome feedback i received from the day i released this project. Also there is always demand for more tools in PentestBox. Keeping that in mind, i have included some features(toolsmanager) in this version. You can read about them below. Next major thing i need to do is to provide support for Wireless Pentesting Tools, there are too many problems, didn’t want to discuss it here, let me know if you have suggestion in this regard.
I would also request PentestBox users to share about it. Also if you want to demonstrate PentestBox at some local meetup or conference, let me know at aditya@manifestsecurity.com, i can provide you slides/documentation and other resources if required.
Scroll down to end of the post to view demo video of PentestBox v2.0 .
Below are list of some of the changes:-
-
Currently PentestBox contain efficient and popular security tools in their respective categories, but some users require more tools and including every tool is not possible because of size constraint. Keeping that in mind, i have included a toolsmanager in this version which can install/update/remove tools which are included by default in PentestBox. Check about this feature here.
-
Consider a environment where you want to use PentestBox on many computers like office, lab, etc. Instead of installing PentestBox on each and every computer, you can just install that on one computer and share that folder as a drive to other computers on the same network. Check about this feature here.
-
Earlier we faced an issue with wpscan when because of some recent commit, it stopped working on windows operating systems. I shared about that issue on Facebook and Twitter. To prevent such things happening in future, i forked tools which can have problem in future and now will be served through PentestBox github repo. So, now every saturday new commits will be checked and then only will be pushed.
Tl;dr : No more tools brekage. -
From this version PentestBox supports 32 bits PC as well, also the tools inside it. Most users aren’t concerened about above thing, as most of the people uses 64 bit systems. But this was introduced to make low-end systems in to a Pentesting Environment. Just to give an idea, i have tested PentestBox on this $200 machine, and it ran on it very smoothly.
-
Tools Added – dotdotpwn, joomscan, sublist3r, CMSmap, droopescan, CrackMapExec, Androbugs Framework, ByteCodeViewer, Windump – windows version of tcpdump
-
Structural changes
- Python 2.7.11(32 bit) added.
- Clink 0.4.7(32 and 64 bit added, automatically detect)
- Ruby 2.1.8-i386-minigw2 added.
- Strawberry perl-5.22.1.3-32 bit added.
- curl 7.34.0-win32 added (newest version had some issue with ruby).
Thanks!