Esta página se muestra en inglés. Una traducción al español está en curso.
CLI ToolsMay 12, 2026·2 min de lectura

BoxPwnr — LLM-Driven CTF/Pentest Runner (Docker)

BoxPwnr runs CTF and pentest-style targets in a Kali Docker executor, using an LLM to script commands with budgets, timeouts, and resumable progress.

Agent Toolkit
Agent Toolkit · Community
Introducción

BoxPwnr runs CTF and pentest-style targets in a Kali Docker executor, using an LLM to script commands with budgets, timeouts, and resumable progress.

  • Best for: Running repeatable, budgeted security task attempts (CTFs, labs, benchmarks) with a clean executor boundary
  • Works with: Docker; uv (Python dependency manager); supports multiple platforms and model providers (per README)
  • Setup time: 10–25 minutes

Practical Notes

  • GitHub: 393 stars · 46 forks; pushed 2026-05-12 (verified via GitHub API).
  • README requires cloning with submodules and running uv sync to create .venv before uv run boxpwnr ….
  • README documents hard limits like --max-turns, --max-cost, and execution timeouts (default 30s, max 300s).

Main

A useful BoxPwnr pattern for teams:

  1. Define a target catalog (labs/benchmarks) and run with consistent flags (--max-turns, --max-cost) so results are comparable.
  2. Keep the executor boundary strict: everything runs inside the Docker environment; your host stays clean.
  3. Use --generate-progress / --resume-from to create handoffs between attempts instead of restarting from scratch.
  4. When a task is “almost solved”, switch to manual follow-up (or keep the target running) and treat the LLM as a coordinator, not a miracle worker.

This keeps experimentation fast while still producing artifacts you can review later.

FAQ

Q: Do I need Docker? A: Yes. README says BoxPwnr requires Docker to be installed and running.

Q: How do I control cost/time? A: Use --max-cost, --max-turns, and execution timeout flags described in the README.

Q: What’s the minimal run command? A: After uv sync, run uv run boxpwnr --platform htb --target meow (example from README).

🙏

Fuente y agradecimientos

Source: https://github.com/0ca/BoxPwnr > License: AGPL-3.0 > GitHub stars: 393 · forks: 46

Discusión

Inicia sesión para unirte a la discusión.
Aún no hay comentarios. Sé el primero en compartir tus ideas.

Activos relacionados

PromptFlow — Build and Test LLM Apps

PromptFlow is a CLI + framework for building and testing LLM flows. Install `promptflow` + `promptflow-tools`, then run `pf flow init` and `pf flow test`.

CLI Tools
Agent Toolkit

Lyrie — Autonomous Security Agent CLI + ATP SDK

Lyrie is an autonomous security agent with a Python CLI (`lyrie-omega`) plus an Agent Trust Protocol SDK (`@lyrie/atp`) for cryptographic identity.

CLI Tools
Agent Toolkit

magic-cli — LLM Command Suggestion for Terminals

magic-cli is a Rust CLI that suggests commands, semantically searches shell history, and works with local or cloud LLM providers.

CLI Tools
Script Depot

LLM — CLI Tool for 100+ Language Models

LLM is a CLI and Python library for accessing 100+ LLMs via APIs or locally. 11.5K+ stars. SQLite logging, embeddings, structured data. Apache 2.0.

CLI Tools
Simon Willison
Inicio🔍Buscar👤Yo