Bento Toolkit
Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players. It has the portability of Docker with the addition of X, so you can also run GUI applications (like Burp) on a remote machine. It includes a range of tools and utilities for web and infrastructure penetration testing and CTF, including Burp Suite, gobuster, SecLists, odat, impacket, sqlmap, sqlplus, mysql-client, openvpn, bytecode-viewer, and ghidra. The toolkit is designed to be lightweight and easy to use, with a focus on simplicity and portability. To use the toolkit, you'll need to have Docker and a Xorg server installed on your machine. You can then use the toolkit to run GUI applications and access a range of tools and utilities for penetration testing and CTF.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A guide to bypassing RFID card reader security mechanisms using specialized hardware
A collaborative, multi-platform, red teaming framework for simulating attacks and testing defenses.
A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing
Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.
Data exfiltration & infiltration tool using text-based steganography to evade security controls.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
A cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.