By William Kleinhenz –
PentestBox is a new penetration testing environment created in 2015 by Aditya Agrawal. With Kali and other Linux distro created for the same purpose, it might seem like there may not have been a need for another distro of this type however, PentestBox stands out by using Windows as its attack platform. While Windows is the focus, PentestBox does not get rid of Linux completely it provides access to bash commands and other common Linux utilities which it combines with many often-used pen testing tools which range from Recon to exploitation and even includes forensics and android security. In addition to the already included tools, PentestBox allows for customization using either the included tools manager or by providing support for Python, Ruby, executable or Java based tools.
Other than the fact that it uses Windows, PentestBox provides some interesting features that are not necessarily included with Kali Linux. Unlike Kali or other Pentesting Linux distro which are commonly run as VMs or in a dual boot configuration, PentestBox can be installed directly on the currently running Windows OS or on a flash drive and requires around 2 MB of RAM and can fit on a 6 GB hard drive this allows for PentestBox to be quickly and silently deployed in most situations. In addition, to having a small memory and hard disk footprint, PentestBox can also be shared as a network share allowing it to be used across multiple machines. Lastly the main difference is that due to PentestBox being a Windows application, it benefits from direct Windows Driver support allowing it to better utilize graphics cards for hash and password cracking and from not requiring the use of additional virtualization software.
Many of the tools included with PentestBox are the same as the one you would see in Kali. These included tools like Burpsuite, sslstrip, Aircrack-ng, and Volatility, but PentestBox also includes some tools that have not been included with Kali at the time being. One such tool is instarecon, an automated tool for performing web reconnaissance on a domain. Leveraging DNS, WHOIS and Shodan lookups along with Google dorks instarecon can quickly provide information about a target domain and its subdomain.
So, to use instarecon one must specify a target domain, ip address or network range, which can be coupled with some options as shown by the help output below.
Now to show off the depth of instarecon we can run it against Google. It takes a few seconds, but after running instarecon present a bunch of useful information. This information includes the domains, CIDR range, IP addresses and MX records, subdomains along with their IP address and pages, and a possible linkedin account.
Figure 1: the possible Linkden and some of the sub domains for google.com
Figure 2: MX records for Google.com
Instarecon runs quickly and I could see this tool providing some valuable inflation for the being of a penetration test. I found that this tool required a little extra setup and had to be run from the file in which it exist but this seems to be an issue with PentestBox.
The next tool is called LaZagne, which is used to retrieve stored passwords from a local computer. While this tool can be used on both windows and Linux, it seems that its focus is on Windows. The type of passwords that can be recovered range from system passwords like LM/NT password to passwords saved in web browsers to password saved in applications like FileZilla or Skype and even also custom scripts to be created for non-supported software. It performs the password recover in two ways, either by stealing process tokens of processes running on the system or by browsing system files to find passwords. To perform the retrieval of passwords one simply runs the command with the type of application LaZagne should target or to target all passwords. LaZange will then find and display any retrieved passwords and/or hashes.
Lastly, PentestBox allows users to add some tools quickly and easily using tool manager. Using this a user can quickly add tools depending on the situation that they encounter. The process itself is straightforward. First you enter the tool manager menu
Then you select the category of tools and then select the tool itself.
It appears that the tool manager has a limited supply of additional tools, other tools can be added if they run using Python, Ruby, Java or are a Windows executable file.
In my opinion, PentestBox is an interesting tool and could be useful, however I feel that as a main penetration testing tool I feel that PentestBox is lacking in terms total number of preinstalled tools and may not be fully useful in a disconnected environment. Although I do feel the lack of tools makes it less likely to use over Kali I can see that using PentestBox to pivot around a network would be a great way to use it, specifically using tools like the previously mentioned Lazagne tool to gain network privileges. In conclusion, I don’t think will be dropping Kali as my main pentesting/hacking OS but I think PentestBox allows for quick deployment and testing on Windows based environments and will be interesting to see what the developers change in the future.