03 Feb

PenTBox is a security suite that can be used in penetration testing engagements to perform a variety of activities.Specifically these activities include from cracking hashes,DNS enumeration and stress testing to HTTP directory brute force.In this article we will see this tool in action and what kind of results we can have.

pentbox - Menu

PenTbox – Menu

Cryptography Tools

PenTBox currently includes the following four cryptography tools:

  1. Base64 Encoder & Decoder
  2. Multi-Digest
  3. Hash Password Cracker
  4. Secure Password Generator

Especially in web application penetration tests we often discover encoded Base64 strings.Such strings can contain important information that’s why we need to have a decoder in our tool repository.Many tools now have integrated a Base64 Encoder-Decoder like Burp but PenTBox has also a Base64 decoder in his suite.

Base64 Encoder-Decoder

Base64 Encoder-Decoder


In case that we have obtain a password hash PenTBox provides a module that can crack different types of password hashes.The Hash Password Cracker can crack common password hashes very fast so it is a good practice to try it in any case.In the next image we can see that the Hash Password Cracker has managed to crack an MD5 hash.

Hash Cracker Module - PenTBox

Hash Cracker Module – PenTBox


Network Tools

In this category there are tools for stress testing,fuzzing and information gathering.Specifically the tools that we can find here are the following:

  1. Net DoS Tester
  2. TCP Port Scanner
  3. Honeypot
  4. Fuzzer
  5. DNS and Host Gathering
  6. MAC Address Geo-location

Even though that most penetration testers will use Nmap for their port scanning activities a simple TCP port scanner is available and through PenTBox.

PenTBox - TCP Port Scanner

PenTBox – TCP Port Scanner


Also a very fast module that can collect information about a specific host can be used for our information gathering activities.A sample of the output of this module can be seen in the next image:

DNS & Host Gathering - PenTBox

DNS & Host Gathering – PenTBox



PenTBox includes also and tools for web reconnaissance.Specifically it contains two tools for directory brute forcing and for discovering common files that exists in web servers.In the next image you can see the directory brute forcing tool in action.

Directory Brute Force - PenTBox

Directory Brute Force – PenTBox




PenTBox is a framework that has written in ruby and offers some good tools that a penetration tester can use in an engagement.Of course there are better and more complex tools that can perform these activities but PenTBox offers the flexibility that contains many tools and it is very easy to use.For that reason this suite recommended for penetration testers with less experience.


Posted by on February 3, 2013 in Tools


Tags: , , ,

7 responses to “PenTBox

  1. Pingback: PenTBox | MixLoL
  2. Mistah Meow

    February 4, 2013 at 2:22 pm

    Thanks for another informative post❤

  3. Jeremy

    February 4, 2013 at 4:27 pm

    How can this tool be downloaded?

  4. netbiosX

    February 4, 2013 at 9:32 pm

    You can download PenTBox from the official site:

  5. Nirav

    February 5, 2013 at 6:15 am

    in http directory brute-force i got error.
    Error connecting.

    [*] Module execution finished.

  6. Thanos

    February 17, 2013 at 1:36 pm

    excellent tutorial


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: