Bento - A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications
A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin.
Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players.
It has the portability of Docker with the addition of X, so you can also run GUI application (like burp).
To run bento you need Docker
and a Xorg server
on your host machine. On Windows you can use vcxsrv, xming, cygwin.
We tested this config with vcxsrv
and cygwin
.
vcxsrv
: just start XLaunch and follow the setupcygwin
: you have to install xorg first, then start XLaunch.
Installation
git clone https://github.com/higatowa/bento && cd ./bento
- generate keypair and put
authorized_keys
, containing your public key, in./keys
. docker build -t bento .
- Since we need to forward X to our machine we need first to get its ip, and then to execute:
docker run --cap-add=NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -p 22:22 -d bento
- Connect via ssh to the docker machine and forward port 6000 (Xorg) with
ssh -R 6000:localhost:6000 -L 8080:localhost:8080 tamago@bentoip
- On first login you will be asked to change the password.
For GUI tools just run them from the terminal:
Current tools and utilities
We don't like bloated distros so we are keeping this container as minimal as possible, adding only tools useful for web and infrastructure PT and CTF but, remember, we are always open to suggestions.
Here is a list of tools and utilities: burp suite
, gobuster
, seclist
, odat
, impacket
, sqlmap
, sqlplus
, mysql-client
, openvpn
, bytecode-viewer
, ghidra
.