Bento : A Minimal Fedora-Based Container For Penetration Tests

A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin. Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players.

It has the portability of Docker with the addition of X, so you can also run GUI application (like burp).

Prerequisites

To run bento you need Docker and a Xorg server on your host machine. On Windows you can use vcxsrv, xming, cygwin.

We tested this config with vcxsrv and cygwin.

  • vcxsrv: just start XLaunch and follow the setup
  • cygwin: you have to install xorg first, then start XLaunch.

Installation With Docker

  • git clone https://github.com/higatowa/bento && cd ./bento
  • generate keypair and put authorized_keys, containing your public key, in ./keys.
  • docker build -t bento .
  • Since we need to forward X to our machine we need first to get its ip, and then to execute: docker run --cap-add=NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -p 22:22 -d bento
  • Connect via ssh to the docker machine and forward port 6000 (Xorg) with ssh -R 6000:localhost:6000 -L 8080:localhost:8080 tamago@bentoip
  • On first login you will be asked to change the password.

For GUI tools just run them from the terminal:

Installation With Docker Compose

To be able to quickly deploy multiple instances of bento we decided to write a docker-compose file.

This isn’t only for style but we also added a collaborative pad, codimd.

During our work we have the need to share informations on the target so we decided to implement in bento the solution we use daily.

The pad is exposed by default on port 3000.

Replace the step 3 and 4 of Installation with Docker chapter with:

docker-compose build and docker-compose up

in the project directory.

If you wanto to deploy only bento without codimd:

docker-compose up bento

Known Issues

  • Burp embededed browser is not working if run as user. We addressed this in issue #3. We found the issue and while we are waiting for the Portswigger team to fix it, we wrote a small workaround, just run the /home/tamago/burp_fix/burp_fix.sh as root and it will fix it.

Current Tools & Utilities

We don’t like bloated distros so we are keeping this container as minimal as possible, adding only tools useful for web and infrastructure PT and CTF but, remember, we are always open to suggestions.

Here is a list of tools and utilities:

Download
R K

Share
Published by
R K
Tags: Bentofedorapenetration test
3 years ago

Recent Posts

Bad Py — A Simple Bad Tool : A Seemingly Straightforward Tool That Embodies

A tool crafted with simplicity in mind but harboring its own set of flaws. Despite…

2 hours ago

CyberSentry – Automated Web Vulnerability Scanner

CyberSentry is a robust automated scanning tool designed for web applications. It helps security professionals, ethical…

2 hours ago

DARKARMY – A Comprehensive Overview Of Tools For Cybersecurity Professionals

Delve into the world of DARKARMY, a potent arsenal of cybersecurity tools designed to empower…

2 hours ago

League Of Legends Cheat – Enhancing Your Gameplay With Advanced Features

Evade (Evasion) - this feature helps you to evade spells of enemies directed at you…

2 hours ago

Cazador – A Comprehensive Toolkit For Bug Hunters

Step into the world of bug hunting with Cazador, a powerful toolkit designed to equip…

2 hours ago

Download Among Us MOD MENU 2024 For PC – Unleash Chaos With Enhanced Features!

Prepare to take your Among Us gaming experience to the next level with the latest…

13 hours ago