A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin. Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players.
It has the portability of Docker with the addition of X, so you can also run GUI application (like burp).
We tested this config with
vcxsrv: just start XLaunch and follow the setup
cygwin: you have to install xorg first, then start XLaunch.
Installation With Docker
git clone https://github.com/higatowa/bento && cd ./bento
- generate keypair and put
authorized_keys, containing your public key, in
docker build -t bento .
- Since we need to forward X to our machine we need first to get its ip, and then to execute:
docker run --cap-add=NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -p 22:22 -d bento
- Connect via ssh to the docker machine and forward port 6000 (Xorg) with
ssh -R 6000:localhost:6000 -L 8080:localhost:8080 tamago@bentoip
- On first login you will be asked to change the password.
For GUI tools just run them from the terminal:
Installation With Docker Compose
To be able to quickly deploy multiple instances of bento we decided to write a
This isn’t only for style but we also added a collaborative pad,
During our work we have the need to share informations on the target so we decided to implement in bento the solution we use daily.
The pad is exposed by default on port
Replace the step
Installation with Docker chapter with:
docker-compose build and
in the project directory.
If you wanto to deploy only
docker-compose up bento
- Burp embededed browser is not working if run as user. We addressed this in issue #3. We found the issue and while we are waiting for the Portswigger team to fix it, we wrote a small workaround, just run the
rootand it will fix it.
Current Tools & Utilities
Here is a list of tools and utilities: