PenQ
QBurst Security Testing Browser Bundle
NOTE:
- This version of browser is still in beta. Please do not distribute this software.
- You should NOT run tools such as scans, fuzzer etc on other website that you are not authorised to
PenQ is a free and open source Linux based penetration testing browser bundle built over Mozilla Firefox. It has been built with the objective to make security testing more accessible to everyone, thus helping to build more safe and secure web applications.
PenQ comes pre configured with security tools for spidering, advanced web searching, web application fingerprinting, integrated Tor for anonymous browsing, web server scanning, Web application fuzzing & brute force, testing SQL and XSS injections, exploit database lookups, report generation, SSH, FTP, IRC chat and lots more.
The browser bundle also gives the user one click quick access to system utilities such as shell, gedit, system configurations, system monitor, system logs, network tools etc thereby providing more control and easy access.
The browser bundle has been made for Debian based Linux distros and should work on all Debian/Ubuntu based distributions including Security Testing Operating systems such as
BackTrack Linux and Kali Linux.
PenQ browser bundle includes
- Nikto Web Server Scanner
- Wfuzz Web Application Fuzzer
- Integrated Tor
The following OWASP Tools
- OWASP ZAP
- OWASP WebScarab
- OWASP WebSlayer
Access to the following system utilities
- Memory Monitor
- System Settings
- Task Scheduler
- Network Tools
- System Monitor
- Terminal
- Gedit
- Quick Screenshot
Following Mozilla Addons
- Anonymox
- Awesome screenshot
- Chatzilla
- CipherFox
- Clear Console
- Cookie Manager+
- Cookie Monster
- Cryptofox
- Email Extractor
- Extended Status Bar
- Firebug
- Fireflow
- FireFTP
- FireSSH
- Greasemonkey
- Groundspeed
- Hackbar
- HackSearch
- HeaderSpy
- HTTPFox
- HTTP Requester
- Javascript Deobfuscator
- Library Detector
- Link Sidebar
- Proxy Selector
- Proxy Tool
- Ref Control
- REST Client
- Session Manager
- SQL Inject Me
- SQLite Manager
- Tamper Data
- Trashmail.net
- User Agent Switcher
- Wappalyzer
- Web Developer
- Xinha
- XSS Inject Me
The following search options
- OSVDB Vulnerability Search
- CVE Vulnerability Search
- Exploit DB Search
- Pcaper Search
- Exploit Search
- RFC Keyword Search
- SecuritFocus Vulnerability Search
- SecurityWire Search
- SHODAN Search
- SHODAN Computer Search
- Open Status Search
- XSSed Search
- Google
GreaseMoneky scripts
- Extensive list of User Agents
- Preconfigured proxy for ZAP and Webscarab
- OWASP Penetration Testing Checklist
- PenTesting Report Generator
Installing PenQ
NOTE: Debian/Ubuntu based Linux distros are needed to install PenQ
- Click the Download link and save the file to Desktop
- Open a linux terminal
- Go to Desktop
cd $HOME/Desktop
- Make sure the file has executable permission
chmod +x PenQ-installer-beta-1.0
- Run the Installer script
./PenQ-installer-beta-1.0
Running PenQ
You can run PenQ by either
- Clicking on the PenQ icon in the desktop
- Running the following command in the terminal
penq
Feedback & Suggestions
Plesae send your feedback/suggestions to sreenaths@qburst.com with a cc to rejah@qburst.com