Cette page est affichée en anglais. Une traduction française est en cours.
SkillsMay 12, 2026·2 min de lecture

BoxPwnr — LLM-Driven CTF/Pentest Runner (Docker)

BoxPwnr runs CTF and pentest-style targets in a Kali Docker executor, using an LLM to script commands with budgets, timeouts, and resumable progress.

Prêt pour agents

Installation avec revue préalable

Cet actif nécessite une revue. Le prompt copié demande un dry-run, affiche les écritures, puis continue seulement après confirmation.

Needs Confirmation · 64/100Policy : confirmer
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Single
Confiance
Confiance : Established
Point d'entrée
Asset
Commande avec revue préalable
npx -y tokrepo@latest install 0d783a01-b1c0-57b4-aa9f-b873a7f0682b --target codex

Dry-run d'abord, confirmez les écritures, puis lancez cette commande.

Introduction

BoxPwnr runs CTF and pentest-style targets in a Kali Docker executor, using an LLM to script commands with budgets, timeouts, and resumable progress.

  • Best for: Running repeatable, budgeted security task attempts (CTFs, labs, benchmarks) with a clean executor boundary
  • Works with: Docker; uv (Python dependency manager); supports multiple platforms and model providers (per README)
  • Setup time: 10–25 minutes

Practical Notes

  • GitHub: 393 stars · 46 forks; pushed 2026-05-12 (verified via GitHub API).
  • README requires cloning with submodules and running uv sync to create .venv before uv run boxpwnr ….
  • README documents hard limits like --max-turns, --max-cost, and execution timeouts (default 30s, max 300s).

Main

A useful BoxPwnr pattern for teams:

  1. Define a target catalog (labs/benchmarks) and run with consistent flags (--max-turns, --max-cost) so results are comparable.
  2. Keep the executor boundary strict: everything runs inside the Docker environment; your host stays clean.
  3. Use --generate-progress / --resume-from to create handoffs between attempts instead of restarting from scratch.
  4. When a task is “almost solved”, switch to manual follow-up (or keep the target running) and treat the LLM as a coordinator, not a miracle worker.

This keeps experimentation fast while still producing artifacts you can review later.

FAQ

Q: Do I need Docker? A: Yes. README says BoxPwnr requires Docker to be installed and running.

Q: How do I control cost/time? A: Use --max-cost, --max-turns, and execution timeout flags described in the README.

Q: What’s the minimal run command? A: After uv sync, run uv run boxpwnr --platform htb --target meow (example from README).

🙏

Source et remerciements

Source: https://github.com/0ca/BoxPwnr > License: AGPL-3.0 > GitHub stars: 393 · forks: 46

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires