PentestBox Tools

Below are the tools which are not installed by default in PentestBox.
Tools listed below can be installed via ToolsManager.
To check tools which are already in todo list for addition in ToolsManager, visit todo.pentestbox.org

Exploitation Tools

clusterd - inclusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack.
Author: bryan alexander License: MIT
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>clusterd
dnsteal - This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
Author: Mitch \x90
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>dnsteal
jexboss - JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.
Author: João F M Figueiredo
License: Apache 2.0
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>jexboss
RouterSploit - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.It consists of various modules that aids penetration testing operations:
- exploits - modules that take advantage of identified vulnerabilities
- creds - modules designed to test credentials against network services
- scanners - modules that check if target is vulnerable to any exploit
Author: Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
License: BSD
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>rsf
Weevely - Weevely is a command line web shell dynamically extended over the network at runtime, designed for remote administration and penetration testing. It provides a ssh-like terminal just dropping a PHP script on the target server, even in restricted environments.
Author: Emilio
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>weevely

Forensics

Exe2Image - A simple utility to convert EXE files to JPEG images and vice versa.
Author: Osanda Malith

cmd.exe
C:\Users\Aditya Agrawal\Desktop
>exe2image
USBTracker - USBTracker is a quick & dirty coded incident response and forensics Python script to dump USB related information and artifacts from a Windows OS.
Author: Alain S.
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>usbtracker

Information Gathering

cangibrina - Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt.
Author: Franco Colombino
License: GPLv2
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>cangibrina
Cloudflare Enumeration Tool - A simple tool to allow easy querying of Cloudflare’s DNS data written in Python.
Author: Matthew Bryant
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>cloudflare_enum
dnstwist - dnstwist takes in your domain name as a seed, generates a list of potential phishing domains and then checks to see if they are registered.
Author: Marcin Ulikowski
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>dnstwist
gin - a Git index file parser.
Author: Sean B. Palmer
Thanks to Yue Du for providing python2 version of gin.
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>gin
gobuster - Alternative directory and file busting tool written in Go. *
Author: OJ Reeves
License: Apache 2.0
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>gobuster
ircsnapshot - Tool to gather information from IRC servers.
Author: Brian Wallace
License: MIT
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>ircsnapshot
knockpy - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.
Author: Gianni Amato
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>knockpy
masscan - This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.
Author: Robert David Graham
License: GNU Affero General Public License version 3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>masscan
Metagoofil - Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.This information could be useful because you can get valid usernames, people names, for using later in bruteforce password attacks (vpn, ftp, webapps), the tool will also extracts interesting “paths” of the documents, where we can get shared resources names, server names, etc.
Author: Christian Martorella
License: GPLv2
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>metagoofil
shocker - A tool to find and exploit servers vulnerable to Shellshock.
Author: Tom Watson
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>shocker
Whatportis - a command to search port names and numbers.
Author: Nicolas Crocfer
License: MIT
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>whatportis
WhoIs - Whois performs the registration record for the domain name or IP address that you specify.
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>whois

Password Attack

CeWl - CeWL is custom wordlist generator.
Author: Robin Wood
License: Creative Commons Attribution-Share Alike 2.0
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>cewl
hashID - Identify the different types of hashes used to encrypt data and especially passwords.
Author:psypanda
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>hashid
oclhashcat - Worlds fastest password cracker and only GPGPU based rule engine. There are two version of oclhashcat, one for amd and another one for nvidia.

cmd.exe
C:\Users\Aditya Agrawal\Desktop
>oclhashcat64

Privacy

SpoofMAC - Spoof your MAC address.
Author: Feross Aboukhadijeh
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>spoof-mac

Reverse Engineering

binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
License: MIT License
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>binwalk

Sniffing

evilfoca - Evil Foca is a tool for security pentesters and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.

cmd.exe
C:\Users\Aditya Agrawal\Desktop
>evilfoca
evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.
Author: Francisco Amato

cmd.exe
C:\Users\Aditya Agrawal\Desktop
>evilgrade
Intercepter-NG - Intercepter-NG is a multifunctional network toolkit for various types of IT specialists.The main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
- Sniffing passwords\hashes of the types: ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\ TELNET\MRA\DC++\VNC\MYSQL\ORACLE\NTLM\KRB5\RADIUS
- Sniffing chat messages of: ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA
- Reconstructing files from: HTTP\FTP\IMAP\POP3\SMTP\SMB
- Promiscuous-mode\ARP\DHCP\Gateway\Port\Smart Scanning
- Capturing packets and post-capture (offline) analyzing\RAW Mode
- Remote traffic capturing via RPCAP daemon and PCAP Over IP
- NAT\SOCKS\DHCP
- ARP\DNS over ICMP\DHCP\SSL\SSLSTRIP\WPAD\SMB Relay\SSH MiTM SMB Hijack, LDAP Relay, MySQL LOAD DATA Injection
- ARP Watch, ARP Cage, HTTP Injection, Heartbleed exploit, Kerberos Downgrade, Cookie Killer
- DNS\NBNS\LLMNR Spoofing
  Author: Intercepter-NG
  cmd.exe
  C:\Users\Aditya Agrawal\Desktop
  >intercepter-ng
Mitmproxy - An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed.
Author: Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>mitmweb
Netcat - Netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP.
Note: Compiled version taken from here
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>nc
NightHawk - Nighthawk is an experimental implementation of ARP/ND spoofing, password sniffing and simple SSL stripping for Windows.
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>nighthawk

Stress Testing

LOIC - Low Orbit Ion Cannon - An open source network stress tool, written in C# Based on Praetox’s loic project.
Author: Jorge Oliveira
License: Read End User License Agreement
Note: It requires Microsoft .NET framework Service Pack 1 for functioning. Dowload from here.
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>loic

Vulnerability Analysis

dnsteal - This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.
Author: Mitch \x90
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>dnsteal
routerhunter - The RouterhunterBR is an automated security tool that finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers.
Author: Jhonathan Davi
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>routerhunter

Web Application Analysis

Arachni - Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.\
Author: Tasos Laskos
License: Arachni Public Source License v1.0
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>arachni
Arachi_web - Web Interface for Arachni Web Scanner. Author: Tasos Laskos
License: Arachni Public Source License v1.0
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>arachni_web
BSQLinjector - BSQLinjector uses blind method to retrieve data from SQL databases.
Author: Jakub Pałaczyński
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>bsqlinjector
Cansina - Cansina is a Web Content Discovery Application.
Author: David García
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>cansina
HQLmap - HQLmap, Automatic tool to exploit HQL injections.
Author: Paul
License: MIT
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>hqlmap
hsecscan - A security scanner for HTTP response headers.
Author: Ricardo Iramar dos Santos
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>hsecscan
imagejs - Small tool to package javascript into a valid image file.
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>imagejs
LFiFreak - A unique automated LFi Exploiter with Bind/Reverse Shells.
License: Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
Author: Osanda Malith
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>lfifreak
joomlavs - A black box, Ruby powered, Joomla vulnerability scanner.
Author: Rob
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>joomlavs
JoomlaScan - A free and open source software to find the components installed in Joomla CMS, built out of the ashes of Joomscan.
Author: Andrea Draghetti
License: GPLv3
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>joomlascan
NoSQLMap - NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.

cmd.exe
C:\Users\Aditya Agrawal\Desktop
>nosqlmap
wafw00f - WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.
Author: Sandro Gauci
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>wafw00f
whatweb - WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
Author: Andrew Horton
License: GPLv2
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>whatweb
XXEinjector - Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
Author: Jakub Pałaczyński
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>xxeinjector
xssless - An automated XSS payload generator written in python.
Author: Matthew Bryant
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>xssless
xsssniper - xsssniper is an handy xss discovery tool with mass scanning functionalities.
Author: Gianluca Brindisi
cmd.exe
C:\Users\Aditya Agrawal\Desktop
>xsssniper