{"id":13841738,"url":"https://github.com/himazawa/bento","last_synced_at":"2026-01-20T05:40:59.917Z","repository":{"id":55568485,"uuid":"314256061","full_name":"himazawa/bento","owner":"himazawa","description":"Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.","archived":false,"fork":false,"pushed_at":"2020-12-21T16:43:19.000Z","size":36,"stargazers_count":78,"open_issues_count":0,"forks_count":7,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-07-05T09:01:53.559Z","etag":null,"topics":["ctf","ctf-tools","docker","minimal","penetration","penetration-testing-tools","security-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/himazawa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-19T13:27:30.000Z","updated_at":"2025-06-25T04:57:04.000Z","dependencies_parsed_at":"2022-08-15T03:20:33.256Z","dependency_job_id":null,"html_url":"https://github.com/himazawa/bento","commit_stats":null,"previous_names":["higatowa/bento"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/himazawa/bento","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/himazawa%2Fbento","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/himazawa%2Fbento/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/himazawa%2Fbento/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/himazawa%2Fbento/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/himazawa","download_url":"https://codeload.github.com/himazawa/bento/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/himazawa%2Fbento/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264821531,"owners_count":23669233,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","ctf-tools","docker","minimal","penetration","penetration-testing-tools","security-vulnerability"],"created_at":"2024-08-04T17:01:19.605Z","updated_at":"2026-01-20T05:40:59.912Z","avatar_url":"https://github.com/himazawa.png","language":"Dockerfile","funding_links":[],"categories":["Dockerfile"],"sub_categories":[],"readme":"_This software is exprimental but we accept suggestions and contributions_\n\n# Bento Toolkit for PT and CTF\n\n_A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin._\n\nBento Toolkit is a simple and minimal docker container for penetration testers and CTF players.\n\nIt has the portability of Docker with the addition of X, so you can also run GUI application (like burp).\n\n## Prerequisites\n\nTo run bento you need `Docker`  and a `Xorg server` on your host machine.\nOn Windows you can use [vcxsrv](https://sourceforge.net/projects/vcxsrv/), [xming](https://sourceforge.net/projects/xming/), [cygwin](https://www.cygwin.com/).\n\nWe tested this config with `vcxsrv` and `cygwin`.\n\n- `vcxsrv`: just start XLaunch and follow the setup\n- `cygwin`: you have to [install xorg](https://x.cygwin.com/docs/ug/setup.html) first, then start XLaunch.\n  \n## Installation with  Docker\n\n- `git clone https://github.com/higatowa/bento \u0026\u0026  cd ./bento`\n- generate keypair and put `authorized_keys`, containing your public key, in `./keys`.\n- `docker build -t bento .`\n- Since we need to forward X to our machine we need first to get its ip, and then to execute:\n`docker run --cap-add=NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -p 22:22 -d bento`\n- Connect via ssh to the docker machine and forward port 6000 (Xorg) with `ssh -R 6000:localhost:6000 -L 8080:localhost:8080  tamago@bentoip`\n- On first login you will be asked to change the password.\n\nFor GUI tools just run them from the terminal:\n\n![brup](https://i.imgur.com/3kDhMGP.png)\n\n![bytecode vierwer](https://imgur.com/LzktHZj.png)\n\n## Installation with Docker Compose\n\nTo be able to quickly deploy multiple instances of bento we decided to write a `docker-compose` file. \n\nThis isn't only for style but we also added a collaborative pad, `codimd`. \n\nDuring our work we have the need to share informations on the target so we decided to implement in bento the solution we use daily.\n\nThe pad is exposed by default on port `3000`.\n\n![codimd](https://i.imgur.com/mbGqZeu.png)\n\nReplace the step `3` and `4` of `Installation with Docker` chapter with:\n\n`docker-compose build` and `docker-compose up`\n\nin the project directory. \n\nIf you wanto to deploy only `bento` without `codimd`:\n\n`docker-compose up bento`\n\n## Known issues\n\n- Burp embededed browser is not working if run as user.\n    We addressed this in issue #3. We found the issue and while we are waiting for the Portswigger team to fix it, we wrote a small workaround, just run the `/home/tamago/burp_fix/burp_fix.sh` as `root` and it will fix it.\n\n## Current tools and utilities\n\nWe don't like [bloated](https://www.kali.org/) [distros](https://www.parrotsec.org/) so we are keeping this container as minimal as possible, adding only tools useful for web and infrastructure PT and CTF but, remember, we are always open to suggestions.\n\nHere is a list of tools and utilities:\n- [`codimd`](https://github.com/hackmdio/codimd)  \n- [`Burp Suite`](https://forum.portswigger.net)\n- [`gobuster`](https://github.com/OJ/gobuster)\n- [`SecLists`](https://github.com/danielmiessler/SecLists)\n- [`odat`](https://github.com/quentinhardy/odat)\n- [`impacket`](https://github.com/SecureAuthCorp/impacket)\n- [`sqlmap`](https://github.com/sqlmapproject/sqlmap)\n- [`sqlplus`](https://docs.oracle.com/cd/B14117_01/server.101/b12170/qstart.htm),\n- `mysql-client`\n- [`openvpn`](https://openvpn.net/)\n- [`bytecode-viewer`](https://github.com/Konloch/bytecode-viewer)\n- [`ghidra`](https://ghidra-sre.org/)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhimazawa%2Fbento","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhimazawa%2Fbento","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhimazawa%2Fbento/lists"}