PenQ is an open source Linux based penetration testing browser bundle built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and many more. PenQ is not just a mix of addons but it comes preconfigured with some very powerful open source java/python and command line tools including Nikto, Wfuzz, OWASP Zap, OWASP Webslayer, OWASP WebScarab, Tor and lots more.
PenQ is configured to run on Debian based distributions including Ubuntu and its derivative distros, and penetration testing operating systems such as BackTrack and Kali. PenQ lets security testers access necessary system utilities and tools right from their browser, saving time and making tests a lot faster. Tools built-in range from those for anonymous browsing and system monitoring to ones for taking down notes and scheduling tasks.PenQ can save companies from huge investments in proprietary tools and over-sized testing team.
It also provides tutorials by linking to OWASP Testing Guide, a vast source of security testing related knowledge with a lost of useful resources and OWASP project. PenQ can be used to test the OWASP Top 10 risks to safeguard web applications against vulnerabilities.
Testing Solution for SMBs
A secure website is crucial to any online business – small, medium or enterprise scale. PenQ can save companies from huge investments in proprietary tools and over-sized testing teams. Integrated with resource links, security guidelines, and testing tools, PenQ empowers even less experienced testers to do a thorough job of checking for security loopholes.
A Slew of Tools
PenQ lets security testers access necessary system utilities and tools right from their browser, saving time and making tests a lot faster. Tools built-in range from those for anonymous browsing and system monitoring to ones for taking down notes and scheduling tasks. View the entire set of tools under features.
Debian Based
PenQ is configured to run on Debian based distributions including Ubuntu and its derivative distros, and penetration testing operating systems such as BackTrack and Kali.
With all its integrations, PenQ is a powerful tool. Be mindful of what use you put it to. Responsible use of PenQ can help secure web apps in a zap.
Features
- OWASP ZAP
- Wfuzz Web Application Fuzzer
- PenTesting Report Generator
- OWASP WebScarab
- Mozilla Add-ons Collection
- Vulnerability Databases Search
- OWASP WebSlayer
- Integrated Tor
- Access to Shell and System Utilities
- Nikto Web Server Scanner
- OWASP Penetration Testing Checklist
- Collection of Useful Links
Full List of Mozilla Add-ons
- anonymoX
- Awesome Screenshot
- ChatZilla
- CipherFox
- Clear Console
- Cookies Manager+
- Cookie Monster
- CryptoFox
- Email Extractor
- Firebug
- FireFlow
- FireFTP
- FireSSH
- Greasemonkey
- Groundspeed
- HackBar
- HackSearch
- Header Spy
- HttpFox
- HttpRequester
- JavaScript Deobfuscator
- Library Detector
- LinkSidebar
- Proxy Selector
- Proxy Tool
- RefControl
- RESTClient
- Session Manager
- SQL Inject Me
- SQLite Manager
- TrashMail.net
- User Agent Switcher
- Wappalyzer
- Web Developer
- Xinha Here!
- XSS Me
Tested on
- Ubuntu 10.04
- Ubuntu 10.10
- Ubuntu 11.04
- Ubuntu 11.10
- Ubuntu 12.04
- Ubuntu 12.10
- Ubuntu 13.04
- BackTrack R1
- BackTrack R2
- BackTrack R3
- Debian6
- Linux Mint
- Kali Linux
- Backbox
How to Install
Download the PenQ package. Open the command-line interface (CLI) and navigate to the location of the downloaded file.
cd [path to PenQ file]
Assign executable permission to this file.
chmod +x PenQ-installer-1.0.sh
Run PenQ installer file from CLI.
./PenQ-installer-1.0.sh
Provide sudo password and wait for installation to complete. Once installed, double-click the PenQ icon on desktop or open the terminal and run the following
penq
How to Uninstall
Navigate to the PenQ folder
cd /usr/share/PenQ
Run the following command
sudo ./uninstallPenq
