PenTBox is a security suite that can be used in penetration testing engagements to perform a variety of activities.Specifically these activities include from cracking hashes,DNS enumeration and stress testing to HTTP directory brute force.In this article we will see this tool in action and what kind of results we can have.
PenTBox currently includes the following four cryptography tools:
- Base64 Encoder & Decoder
- Hash Password Cracker
- Secure Password Generator
Especially in web application penetration tests we often discover encoded Base64 strings.Such strings can contain important information that’s why we need to have a decoder in our tool repository.Many tools now have integrated a Base64 Encoder-Decoder like Burp but PenTBox has also a Base64 decoder in his suite.
In case that we have obtain a password hash PenTBox provides a module that can crack different types of password hashes.The Hash Password Cracker can crack common password hashes very fast so it is a good practice to try it in any case.In the next image we can see that the Hash Password Cracker has managed to crack an MD5 hash.
In this category there are tools for stress testing,fuzzing and information gathering.Specifically the tools that we can find here are the following:
- Net DoS Tester
- TCP Port Scanner
- DNS and Host Gathering
- MAC Address Geo-location
Even though that most penetration testers will use Nmap for their port scanning activities a simple TCP port scanner is available and through PenTBox.
Also a very fast module that can collect information about a specific host can be used for our information gathering activities.A sample of the output of this module can be seen in the next image:
PenTBox includes also and tools for web reconnaissance.Specifically it contains two tools for directory brute forcing and for discovering common files that exists in web servers.In the next image you can see the directory brute forcing tool in action.
PenTBox is a framework that has written in ruby and offers some good tools that a penetration tester can use in an engagement.Of course there are better and more complex tools that can perform these activities but PenTBox offers the flexibility that contains many tools and it is very easy to use.For that reason this suite recommended for penetration testers with less experience.