A Portable Penetration Testing Distribution for Windows: PentestBox
PentestBox is not like other Penetration Testing Distributions which runs on virtual machines. It is created because more than 70% of penetration testing distributions users uses windows and provides an efficient platform for Penetration Testing on windows.
Less Memory Usage
PentestBox runs on host machine without any need for virtual machine. So it only need’s 20 MB for launching compared to at least 2GB of RAM need for running virtual machine distributions. Plus it only needs around 2GB disk space compared to at least 10GB in virtual machines.No Dependencies Needed
All the dependencies required by tools are inside PentestBox, and you can even run PentestBox on freshly installed windows without any hassle.Portable
PentestBox is entirely portable, so now you can carry your own Penetration Testing Environment on a USB stick. It will take care of dependencies required to run tools which are inside it.Best Performance
PentestBox directly runs on host machine instead of virtual machines.
No Metasploit ?
Metasploit Contains exploits/payloads inside it, so when installed on windows machines nearly all anti-viruses and firewalls put up warnings. Metasploit officially instruct users to disable anti-viruses and firewalls while using it. It’s your call. If you willing to switch off your antiviruses program and want to use Metsaploit on Windows, you can download windows installer for Metsaploit from officially Metsaploit website.PentestBox throwing up red flags ?
PentestBox is packed by UPX which is identified as malware by some antivirus softwares. You can scan PentestBox.exe with virtustotal.com and see the result. As an alternative there is a PentestBox.bat file in the same directory which upon running won’t show any warnings. There are some ruby gems also which can also flag as virus/malware, you can remove those of your antivirus are flagging it. Also THC-SSL-DOS will also be flagged because of it’s action against SSL servers.If you worried about those warnings then you can allow your Antivirus to remove those files, in that case you can start PentestBox through PentestBox.bat file and THC-SSL-DOS will not work. Rest other tools/products will work normally.How to include your own Tool
If you want to include a tool which is not currently present in PentestBox then below are the ways to include it.- If it is Python based program
- Place that folder in PentestBox_Directory/bin or in any folder inside bin.
- As Python is configured inside PentestBox, you can directly go to that directory and then run that program by prepending python to the filename.
- But if you want to set an alias for that program then please follow How to add an alias
- If it is Ruby Based Program
- Place that folder in PentestBox_Directory/bin or in any folder inside bin.
- As Ruby is configured inside PentestBox, you can directly go to that directory and then run that program by prepending ruby to the filename.
- But if you want to set an alias for that program then please follow How to add an alias
- It it is Executable file
- Place that folder in PentestBox_Directory/bin or in any folder inside bin.
- You can directly access by moving to that folder and typing the filename.
- But if you want to set an alias for that program then please follow How to add an alias
Source && Download
![[WAF-FLE] Web application firewall: fast log and event console](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNUiNj5SjQeu8VhkRyfVjV4mP1bHFkRLpos0NqOznjOFmrqXmnTaqDd-0btKDqtpn3Ay_K8B6Vy75b8yyJyCeSZrUY7NJPG0GRBfEbdmFs1A7fpWMRKQa5jzzm8JOrTc3zAC7GIumQmTk/s72-c/waf-fle.png "[WAF-FLE] Web application firewall: fast log and event console")
0 comments: