Pentest Linux Distributions

Bento – Fedora-Based Container For Penetration Tests And CTF

Bento - A Minimal Fedora-Based Container For Penetration Tests And CTF With The Sweet Addition Of GUI Applications


A bento (弁当, bentō) is a single-portion take-out or home-packed meal of Japanese origin.

Bento Toolkit is a simple and minimal docker container for penetration testers and CTF players.

It has the portability of Docker with the addition of X, so you can also run GUI application (like burp).


To run bento you need Docker and a Xorg server on your host machine. On Windows you can use vcxsrv, xming, cygwin.

We tested this config with vcxsrv and cygwin.

  • vcxsrv: just start XLaunch and follow the setup
  • cygwin: you have to install xorg first, then start XLaunch.


  • git clone && cd ./bento
  • generate keypair and put authorized_keys, containing your public key, in ./keys.
  • docker build -t bento .
  • Since we need to forward X to our machine we need first to get its ip, and then to execute: docker run --cap-add=NET_ADMIN --device /dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -p 22:22 -d bento
  • Connect via ssh to the docker machine and forward port 6000 (Xorg) with ssh -R 6000:localhost:6000 -L 8080:localhost:8080 [email protected]
  • On first login you will be asked to change the password.

For GUI tools just run them from the terminal:




Current tools and utilities

We don’t like bloated distros so we are keeping this container as minimal as possible, adding only tools useful for web and infrastructure PT and CTF but, remember, we are always open to suggestions.

Here is a list of tools and utilities: burp suite, gobuster, seclist, odat, impacket, sqlmap, sqlplus, mysql-client, openvpn, bytecode-viewer, ghidra.

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: