PenTBox 1.5 information from pentestlab

PenTBox is a security suite that can be used in penetration testing engagements to perform a variety of activities.Specifically these activities include from cracking hashes,DNS enumeration and stress testing to HTTP directory brute force.In this article we will see this tool in action and what kind of results we can have.























Cryptography Tools

PenTBox currently includes the following four cryptography tools:
Base64 Encoder & Decoder
Multi-Digest
Hash Password Cracker
Secure Password Generator

Especially in web application penetration tests we often discover encoded Base64 strings.Such strings can contain important information that’s why we need to have a decoder in our tool repository.Many tools now have integrated a Base64 Encoder-Decoder like Burp but PenTBox has also a Base64 decoder in his suite.














Base64 Encoder-Decoder

In case that we have obtain a password hash PenTBox provides a module that can crack different types of password hashes.The Hash Password Cracker can crack common password hashes very fast so it is a good practice to try it in any case.In the next image we can see that the Hash Password Cracker has managed to crack an MD5 hash.





















Hash Cracker Module – PenTBox

Network Tools

In this category there are tools for stress testing,fuzzing and information gathering.Specifically the tools that we can find here are the following:
Net DoS Tester
TCP Port Scanner
Honeypot
Fuzzer
DNS and Host Gathering
MAC Address Geo-location

Even though that most penetration testers will use Nmap for their port scanning activities a simple TCP port scanner is available and through PenTBox.




















PenTBox – TCP Port Scanner
 
Also a very fast module that can collect information about a specific host can be used for our information gathering activities.A sample of the output of this module can be seen in the next image:













DNS & Host Gathering – PenTBox

Web
PenTBox includes also and tools for web reconnaissance.Specifically it contains two tools for directory brute forcing and for discovering common files that exists in web servers.In the next image you can see the directory brute forcing tool in action.



















Directory Brute Force – PenTBox
Conclusion

PenTBox is a framework that has written in ruby and offers some good tools that a penetration tester can use in an engagement.Of course there are better and more complex tools that can perform these activities but PenTBox offers the flexibility that contains many tools and it is very easy to use.For that reason this suite recommended for penetration testers with less experience.