Esta página se muestra en inglés. Una traducción al español está en curso.
SkillsMay 12, 2026·2 min de lectura

BoxPwnr — LLM-Driven CTF/Pentest Runner (Docker)

BoxPwnr runs CTF and pentest-style targets in a Kali Docker executor, using an LLM to script commands with budgets, timeouts, and resumable progress.

Listo para agents

Instalación con revisión previa

Este activo requiere revisión. El prompt copiado pide dry-run, muestra escrituras y continúa solo tras confirmación.

Needs Confirmation · 64/100Política: confirmar
Superficie agent
Cualquier agent MCP/CLI
Tipo
Skill
Instalación
Single
Confianza
Confianza: Established
Entrada
Asset
Comando con revisión previa
npx -y tokrepo@latest install 0d783a01-b1c0-57b4-aa9f-b873a7f0682b --target codex

Primero dry-run, confirma las escrituras y luego ejecuta este comando.

Introducción

BoxPwnr runs CTF and pentest-style targets in a Kali Docker executor, using an LLM to script commands with budgets, timeouts, and resumable progress.

  • Best for: Running repeatable, budgeted security task attempts (CTFs, labs, benchmarks) with a clean executor boundary
  • Works with: Docker; uv (Python dependency manager); supports multiple platforms and model providers (per README)
  • Setup time: 10–25 minutes

Practical Notes

  • GitHub: 393 stars · 46 forks; pushed 2026-05-12 (verified via GitHub API).
  • README requires cloning with submodules and running uv sync to create .venv before uv run boxpwnr ….
  • README documents hard limits like --max-turns, --max-cost, and execution timeouts (default 30s, max 300s).

Main

A useful BoxPwnr pattern for teams:

  1. Define a target catalog (labs/benchmarks) and run with consistent flags (--max-turns, --max-cost) so results are comparable.
  2. Keep the executor boundary strict: everything runs inside the Docker environment; your host stays clean.
  3. Use --generate-progress / --resume-from to create handoffs between attempts instead of restarting from scratch.
  4. When a task is “almost solved”, switch to manual follow-up (or keep the target running) and treat the LLM as a coordinator, not a miracle worker.

This keeps experimentation fast while still producing artifacts you can review later.

FAQ

Q: Do I need Docker? A: Yes. README says BoxPwnr requires Docker to be installed and running.

Q: How do I control cost/time? A: Use --max-cost, --max-turns, and execution timeout flags described in the README.

Q: What’s the minimal run command? A: After uv sync, run uv run boxpwnr --platform htb --target meow (example from README).

🙏

Fuente y agradecimientos

Source: https://github.com/0ca/BoxPwnr > License: AGPL-3.0 > GitHub stars: 393 · forks: 46

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados