Not a busybox replacement

Busybox is an amazing project if you look closely. An immense amount of tools either ported or rewritten to be small and efficient (sometimes that means limited functionality compared to the original GNU tools) for embedded systems, all compiled into one multi-call binary.

Busybox shares a lot in common with Darkbox, and therefor may be used from time to time as something to test against for compliance, or as a development goal. Eventually (although very unlikely), a time may come when Darkbox is a semi viable Busybox replacement, but that is DEFINITELY NOT the goal.

The intention of Darkbox is to write the tools not to be as small and fast as possible as with Busybox, but to be secure, readable, and auditable. Incident-responders likely cannot trust the tools on a machine for fear they have been modified by a rootkit or other changes. Many incident-responders will bring copies of the GNU tools, various python and shell scripts, etc. to a machine they need to interact with, and this can get out of hand.

Darkbox is meant to be an all-in-one for these situations. run Nuitka and get a single binary. Clone the repo, or pip install. Darkbox aims to be a versatile, install how you want, run how you want project that makes forensics and rootkit detection easy.