Awesome Open Source
Awesome Open Source




PwnBox2

Perfect for doing Capture-The-Flag challenges and Pentesting on any platform, without needing a clunky, fat, resource hungry virtual machine. PwnBox2 provides a wide array of tools at your very own fingertips, powered by Arch Linux!


Contents

  1. Download
  2. Usage
  3. Screenshot
  4. Tools
  5. License

Download

Download and Install PwnBox2

PwnBox2 can be downloaded using the git command

git clone https://gitlab.com/PlatyPew/PwnBox2.git
# Build image locally
./p2 build
# Pull pre-built image from docker hub (Updated once a week) ./p2 update

You can get basic autocompletion by sourcing the _p2-autocomplete.zsh file in your zshrc


Usage

How to operate PwnBox2

General

You might want to alias p2 in your bashrc/zshrc

$ p2
USAGE:
  p2 <SUBCOMMAND>

SUBCOMMAND:
  build     Build Docker image
  attach    Attach into container
  rm        Remove container and its volumes
  kill      Stop container from running
  volume    Enter into container's volume
  ls        List pwnboxes
  update    Update image to the latest build

HELP:
  p2 build -h
  p2 attach -h
  p2 rm -h

Screenshot

PwnBox2 Workflow


Tools

List of all the tools installed in PwnBox2

Included Infosec Tools

Tools Description
afl State-of-the-art fuzzer.
autorecon Wrapper around multiple scanning tools for quick enumeration
binwalk Firmware (and arbitrary file) analysis tool.
dirsearch Web path scanner.
exiftool Meta information reader/writer.
exploitdb The official Exploit Database repository.
factordb Factorise primes using online database.
featherduster An automated, modular cryptanalysis tool.
foremost File carver.
gdb GNU Project debugger.
gobuster URI and DNS subdomain bruteforcer
hexedit Terminal-based hex editor
hydra Multi-purpose brute-forcer
jad Java decompiler
john Password cracker
libc-database Build a database of libc offsets to simplify exploitation.
metasploit Platform for developing, testing, and executing exploits.
mitmproxy A TUI-based proxy for http and https protocols
ngrok Secure introspectable tunnels to localhost webhook development tool and debugging tool
nmap Nmap free security scanner, port scanner, & network exploration tool.
one_gadget Magic gadget search for libc.
pwncat A post-exploitation platform for Linux targets
pwndbg Makes debugging with GDB suck less
pwntools Useful CTF utilities.
pycrypto Python cryptography toolkit.
radare2 The best disassembler (Not an opinion)
ropper Gadget finder.
rsactftool RSA attack tool (mainly for CTFs)
rustscan The Modern Port Scanner. Find ports quickly (3 seconds at its fastest)
shellnoob A shellcode writing toolkit.
sqlmap Automatic SQL injection and database takeover tool
wcc A collection of compilation tools to perform binary black magic on the GNU/Linux and other POSIX platforms.
xortool XOR analysis tool.
yafu Yafu factor input integers in a completely automated way.
z3 Theorem prover from Microsoft Research.
zsteg Detect stegano-hidden data in PNG & BMP.

Included QoL Tools

Software Description
autojump A cd command that learns
fzf A fuzzy finder
gmpy2 A C-coded Python extension module that supports multiple-precision arithmetic
mlocate A Unix utility which serves to find files on filesystems
neovim Best code editor ever (Not an opinion)
netcat TCP/IP swiss army knife
nodejs A JavaScript runtime built on Chrome's V8 JavaScript engine
oh-my-zsh Beautiful zsh shell with agnoster theme
openvpn A virtual private network manager
python An interpreted, high-level, general-purpose programming language
ripgrep Grep but fasstttt
ruby Another interpreted, high-level, general-purpose programming language.
sagemath A computer algebra system with includes algebra, combinatorics, graph theory, numerical analysis, number theory, calculus and statistics
tmux Allows multiple terminal sessions to be accessed simultaneously in a single window
zsh-autopair Automatically pairs quotations marks and brackets when typing commands
zsh-autosuggestions Suggests commands that you've used before
zsh-syntax-highlighting Beautiful highlighting while typing commands
zsh-vimode-visual Allow vim visual mode to work within the prompt

License

This project is released under the MIT License

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Shell (171,385
Scanner (13,982
Cryptography (10,758
Hacking (7,732
Zsh (7,274
Penetration Testing (3,138
Pentesting (3,137
Capture The Flag (2,481
Reverse Engineering (2,314
Gdb (2,201
Nmap (1,506
Gadget (1,159
Libc (1,044
Hacking Tool (1,002
Zshrc (721
Web Security (410
Password Cracking (220
Binary Exploitation (41