├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── .gitignore ├── Dockerfile ├── README.md ├── burp_fix ├── burp_fix.sh └── chrome_fix.py ├── docker-compose.yml └── keys └── README /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 16 | **Expected behavior** 17 | A description of what you expected to happen. 18 | 19 | **Screenshots** 20 | If applicable, add screenshots to help explain your problem. 21 | 22 | **Info:** 23 | - OS: 24 | - Docker version: 25 | - Xorg server: 26 | 27 | **Additional context** 28 | Add any other context about the problem here. 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered (if any)** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | keys/id_rsa* 2 | keys/authorized_keys -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM fedora:latest 2 | 3 | #install dependecies, 4 | RUN yum check-update || true 5 | RUN yum -y install nmap hping3 wget zsh tcpdump \ 6 | tmux python3 gdb python-pip python3-pip golang \ 7 | openssh libaio libnsl net-tools \ 8 | mysql sqlite nss libX11-xcb libdrm libwayland-server \ 9 | libgbm openvpn iputils bind-utils whois sudo openssh-server \ 10 | passwd cracklib-dicts java-latest-openjdk-devel java-latest-openjdk 11 | 12 | #create new user tamago 13 | RUN useradd -G wheel -ms /bin/zsh tamago 14 | USER tamago 15 | WORKDIR /home/tamago 16 | 17 | #download gobuster, sqlmap, odat, impacket and SecList 18 | ENV GOPATH=/home/tamago/.go 19 | RUN mkdir tools && \ 20 | go get -v github.com/OJ/gobuster && \ 21 | git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git tools/sqlmap && \ 22 | #git clone --depth 1 https://github.com/danielmiessler/SecLists tools/seclist && \ 23 | git clone https://github.com/quentinhardy/odat tools/odat && \ 24 | git clone https://github.com/SecureAuthCorp/impacket impacket && \ 25 | cd impacket && pip3 install --user . && cd .. && rm -rf impacket && \ 26 | wget https://github.com/Konloch/bytecode-viewer/releases/download/v2.9.21/Bytecode-Viewer-2.9.21.jar -O tools/bytecode_viewer.jar && \ 27 | wget https://ghidra-sre.org/ghidra_9.2_PUBLIC_20201113.zip -O tools/ghidra.zip && cd tools && unzip ghidra.zip && rm -rf ghidra.zip && \ 28 | mv ghidra_9.2_PUBLIC ghidra 29 | #configure SSH server 30 | USER root 31 | COPY ./keys/authorized_keys /home/tamago/.ssh/authorized_keys 32 | COPY burp_fix/chrome_fix.py /home/tamago/burp_fix/chrome_fix.py 33 | COPY burp_fix/burp_fix.sh /home/tamago/burp_fix/burp_fix.sh 34 | 35 | RUN ssh-keygen -A && \ 36 | chown tamago:tamago /home/tamago/.ssh/authorized_keys && \ 37 | chmod 644 /home/tamago/.ssh/authorized_keys && \ 38 | sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config.d/50-redhat.conf && \ 39 | sed -i 's/GSSAPIAuthentication.*/GSSAPIAuthentication no/' /etc/ssh/sshd_config.d/50-redhat.conf && \ 40 | echo "export DISPLAY=localhost:0.0" >> /etc/zprofile && \ 41 | echo "export PATH=$PATH:$GOPATH/bin" >> /etc/zprofile && \ 42 | echo "ghidra='bash /home/tamago/tools/ghidra/ghidraRun'" >> /etc/zprofile && \ 43 | echo "alias bytecodevw='java -jar /home/tamago/tools/bytecode_viewer.jar'" >> /etc/zprofile && \ 44 | passwd -d tamago && passwd --expire tamago 45 | 46 | # download and install burp and sqlplus 47 | RUN wget 'https://portswigger.net/burp/releases/download?product=community&type=Linux' -O burpinstall.sh && \ 48 | wget https://download.oracle.com/otn_software/linux/instantclient/199000/oracle-instantclient19.9-basic-19.9.0.0.0-1.x86_64.rpm -O instantclient.rpm && \ 49 | wget https://download.oracle.com/otn_software/linux/instantclient/199000/oracle-instantclient19.9-sqlplus-19.9.0.0.0-1.x86_64.rpm -O sqlplus.rpm && \ 50 | rpm -hiv instantclient.rpm sqlplus.rpm && \ 51 | rm instantclient.rpm sqlplus.rpm && \ 52 | bash burpinstall.sh -q && \ 53 | rm burpinstall.sh && \ 54 | mv /usr/local/bin/BurpSuiteCommunity /usr/local/bin/burp 55 | 56 | ENTRYPOINT [ "/usr/sbin/sshd", "-D" ] -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | _This software is exprimental but we accept suggestions and contributions_ 2 | 3 | # Bento Toolkit for PT and CTF 4 | 5 | _A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin._ 6 | 7 | Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players. 8 | 9 | It has the portability of Docker with the addition of X, so you can also run GUI application (like burp). 10 | 11 | ## Prerequisites 12 | 13 | To run bento you need `Docker` and a `Xorg server` on your host machine. 14 | On Windows you can use [vcxsrv](https://sourceforge.net/projects/vcxsrv/), [xming](https://sourceforge.net/projects/xming/), [cygwin](https://www.cygwin.com/). 15 | 16 | We tested this config with `vcxsrv` and `cygwin`. 17 | 18 | - `vcxsrv`: just start XLaunch and follow the setup 19 | - `cygwin`: you have to [install xorg](https://x.cygwin.com/docs/ug/setup.html) first, then start XLaunch. 20 | 21 | ## Installation with Docker 22 | 23 | - `git clone https://github.com/higatowa/bento && cd ./bento` 24 | - generate keypair and put `authorized_keys`, containing your public key, in `./keys`. 25 | - `docker build -t bento .` 26 | - Since we need to forward X to our machine we need first to get its ip, and then to execute: 27 | `docker run --cap-add=NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -p 22:22 -d bento` 28 | - Connect via ssh to the docker machine and forward port 6000 (Xorg) with `ssh -R 6000:localhost:6000 -L 8080:localhost:8080 tamago@bentoip` 29 | - On first login you will be asked to change the password. 30 | 31 | For GUI tools just run them from the terminal: 32 | 33 | ![brup](https://i.imgur.com/3kDhMGP.png) 34 | 35 | ![bytecode vierwer](https://imgur.com/LzktHZj.png) 36 | 37 | ## Installation with Docker Compose 38 | 39 | To be able to quickly deploy multiple instances of bento we decided to write a `docker-compose` file. 40 | 41 | This isn't only for style but we also added a collaborative pad, `codimd`. 42 | 43 | During our work we have the need to share informations on the target so we decided to implement in bento the solution we use daily. 44 | 45 | The pad is exposed by default on port `3000`. 46 | 47 | ![codimd](https://i.imgur.com/mbGqZeu.png) 48 | 49 | Replace the step `3` and `4` of `Installation with Docker` chapter with: 50 | 51 | `docker-compose build` and `docker-compose up` 52 | 53 | in the project directory. 54 | 55 | If you wanto to deploy only `bento` without `codimd`: 56 | 57 | `docker-compose up bento` 58 | 59 | ## Known issues 60 | 61 | - Burp embededed browser is not working if run as user. 62 | We addressed this in issue #3. We found the issue and while we are waiting for the Portswigger team to fix it, we wrote a small workaround, just run the `/home/tamago/burp_fix/burp_fix.sh` as `root` and it will fix it. 63 | 64 | ## Current tools and utilities 65 | 66 | We don't like [bloated](https://www.kali.org/) [distros](https://www.parrotsec.org/) so we are keeping this container as minimal as possible, adding only tools useful for web and infrastructure PT and CTF but, remember, we are always open to suggestions. 67 | 68 | Here is a list of tools and utilities: 69 | - [`codimd`](https://github.com/hackmdio/codimd) 70 | - [`Burp Suite`](https://forum.portswigger.net) 71 | - [`gobuster`](https://github.com/OJ/gobuster) 72 | - [`SecLists`](https://github.com/danielmiessler/SecLists) 73 | - [`odat`](https://github.com/quentinhardy/odat) 74 | - [`impacket`](https://github.com/SecureAuthCorp/impacket) 75 | - [`sqlmap`](https://github.com/sqlmapproject/sqlmap) 76 | - [`sqlplus`](https://docs.oracle.com/cd/B14117_01/server.101/b12170/qstart.htm), 77 | - `mysql-client` 78 | - [`openvpn`](https://openvpn.net/) 79 | - [`bytecode-viewer`](https://github.com/Konloch/bytecode-viewer) 80 | - [`ghidra`](https://ghidra-sre.org/) -------------------------------------------------------------------------------- /burp_fix/burp_fix.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cd /usr/local/BurpSuiteCommunity/burpbrowser/*/ 3 | mv chrome chrome_old 4 | cp /home/tamago/burp_fix/chrome_fix.py chrome 5 | chmod +x chrome -------------------------------------------------------------------------------- /burp_fix/chrome_fix.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | #this forces Burp's chrome binary to run with --no-sandbox 3 | #see https://github.com/higatowa/bento/issues/3 4 | 5 | import subprocess 6 | import sys 7 | 8 | subprocess.call(["/usr/local/BurpSuiteCommunity/burpbrowser/87.0.4280.66/chrome_old", "--no-sandbox"]+ sys.argv[1:]) -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | services: 3 | bento: 4 | build: . 5 | devices: 6 | - "/dev/net/tun" 7 | ports: 8 | - "22:22" 9 | cap_add: 10 | - CHOWN 11 | - DAC_OVERRIDE 12 | - SETUID 13 | - SETGID 14 | - SYS_CHROOT 15 | - NET_ADMIN 16 | cap_drop: 17 | - ALL 18 | sysctls: 19 | - net.ipv6.conf.all.disable_ipv6=0 20 | codimdDB: 21 | image: postgres 22 | networks: 23 | - codimd 24 | environment: 25 | - POSTGRES_USER=codimd 26 | - POSTGRES_PASSWORD=codimdpass 27 | - POSTGRES_DB=codimd 28 | volumes: 29 | - ./codimd-data:/var/lib/postgresql/data 30 | codimd: 31 | depends_on: 32 | - codimdDB 33 | image: hackmdio/hackmd:latest 34 | networks: 35 | - codimd 36 | environment: 37 | - POSTGRES_USER=codimd 38 | - POSTGRES_PASSWORD=codimdpass 39 | - CMD_DB_URL=postgres://codimd:codimdpass@codimdDB:5432/codimd 40 | ports: 41 | - "3000:3000" 42 | volumes: 43 | codimdDB: 44 | networks: 45 | codimd: -------------------------------------------------------------------------------- /keys/README: -------------------------------------------------------------------------------- 1 | 1) Create authorized_keys file in this directory 2 | 2) Add your public key inside authorized_keys --------------------------------------------------------------------------------