Aside from office work, programming, personal usage, and gaming, it is also used by enthusiasts out there as a penetration testing box by installing Ubuntu or Debian Linux and a couple of tools for information gathering, vulnerability assessment, exploitation, maintaining access, reverse engineering, social engineering, forensic analysis and VOIP analysis.
In this article, I will introduce some penetration testing distributions and kits that are available for your Raspberry Pi:
PwnPi
PwnPi is a Linux-based penetration testing drop box distribution that has over 200 network security tools pre-installed and uses Xfce as its window manager. Below are some of the tools of PwnPi as described by the lead developer:
6tunnel – TCP proxy for non-IPv6 applications aircrack-ng – WEP/WPA cracking program amap – a powerful application mapper arp-scan – arp scanning and fingerprinting tool bfbtester – Brute Force Binary Tester bing-ip2hosts – Enumerate hostnames for an IP using bing bsqlbf – Blind SQL injection brute forcer tool btscanner – ncurses-based scanner for Bluetooth devices chaosreader – trace network sessions and export it to html format chkrootkit – rootkit detector cryptcat – A lightweight version netcat extended with twofish encryption darkstat – network traffic analyzer dhcpdump – Parse DHCP packets from tcpdump dissy – graphical frontend for objdump dmitry – Deepmagic Information Gathering Tool dns2tcp – TCP over DNS tunnel client and server dnswalk – Checks dns zone information using nameserver lookups dsniff – Various tools to sniff network traffic for cleartext insecurities enum4linux – a tool for enumerating information from Windows and Samba systems etherape – graphical network monitor fcrackzip – password cracker for zip archives fimap – local and remote file inclusion tool flasm – assembler and disassembler for Flash (SWF) bytecode foremost – forensic program to recover lost files fping – sends ICMP ECHO_REQUEST packets to network hosts ftp-proxy – application level proxy for the FTP protocol galleta – An Internet Explorer cookie forensic analysis tool ghettotooth – a simple but effective blue driving tool hostmap – hostnames and virtual hosts discovery tool hping3 – Active Network Smashing Tool httptunnel – Tunnels a data stream in HTTP requests httrack – Copy websites to your computer (Offline browser) hydra – Very fast network logon cracker ike-scan – discover and fingerprint IKE hosts (IPsec VPN Servers) inguma – Open source penetration testing toolkit iodine – tool for tunneling IPv4 data through a DNS server ipcalc – parameter calculator for IPv4 addresses isr-evilgrade – take advantage of poor upgrade implementations by injecting fake updates ipgrab – tcpdump-like utility that prints detailed header information john – active password cracking tool kismet – Wireless 802.11b monitoring tool knocker – Simple and easy to use TCP security port scanner lcrack – A generic password cracker lynis – security auditing tool for Unix based systems macchanger – utility for manipulating the MAC address of network interfaces mboxgrep – Grep through mailboxes mdk3 – bruteforce SSID’s, bruteforce MAC filters, SSID beacon flood medusa – fast, parallel, modular, login brute-forcer for network services metagoofil – an information gathering tool designed for extracting metadata metasploit – security project which provides information about security vulnerabilities mysqloit – SQL Injection takeover tool focused on LAMP mz – versatile packet creation and network traffic generation tool nbtscan – A program for scanning networks for NetBIOS name information netcat-traditional – TCP/IP swiss army knife netdiscover – active/passive network address scanner using arp requests netrw – netcat like tool with nice features to transport files over network netsed – network packet-altering stream editor netwag – graphical frontend for netwox netwox – networking utilities nikto – web server security scanner nmapsi4 – graphical interface to nmap, the network scanner nmap – The Network Mapper nstreams – a tcpdump output analyzer obexftp – file transfer utility for devices that use the OBEX protocol onesixtyone – fast and simple SNMP scanner openvas-client – Remote network security auditor, the client openvas-server – remote network security auditor – server ophcrack-cli – Microsoft Windows password cracker using rainbow tables (cmdline) ophcrack – Microsoft Windows password cracker using rainbow tables (gui) otp – Generator for One Time Pads or Passwords p0f – Passive OS fingerprinting tool packeth – Ethernet packet generator packit – Network Injection and Capture pbnj – a suite of tools to monitor changes on a network pentbox – Suite that packs security and stability testing oriented tools pdfcrack – PDF files password cracker pnscan – Multi threaded port scanner proxychains – redirect connections through proxy servers pscan – Format string security checker for C files ptunnel – Tunnel TCP connections over ICMP packets ratproxy – passive web application security assessment tool reaver – brute force attack tool against Wifi Protected Setup PIN number s.e.t – social engineering toolkit scrub – writes patterns on magnetic media to thwart data recovery secure-delete – tools to wipe files, free disk space, swap and memory sendemail – lightweight, command line SMTP email client siege – HTTP regression testing and benchmarking utility sipcrack – SIP login dumper/cracker sipvicious – suite is a set of tools that can be used to audit SIP based VoIP systems skipfish – fully automated, active web application security reconnaissance tool socat – multipurpose relay for bidirectional data transfer splint – tool for statically checking C programs for bugs sqlbrute – a tool for brute forcing data out of databases using blind SQL injection sqlmap – tool that automates the process of detecting and exploiting SQL injection flaws sqlninja – SQL Server injection and takeover tool ssldump – An SSLv3/TLS network protocol analyzer sslscan – Fast SSL scanner sslsniff – SSL/TLS man-in-the-middle attack tool sslstrip – SSL/TLS man-in-the-middle attack tool stunnel4 – Universal SSL tunnel for network daemons swaks – SMTP command-line test tool tcpdump – command-line network traffic analyzer tcpflow – TCP flow recorder tcpick – TCP stream sniffer and connection tracker tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds tcpslice – extract pieces of and/or glue together tcpdump files tcpspy – Incoming and Outgoing TCP/IP connections logger tcptrace – Tool for analyzing tcpdump output tcpxtract – extracts files from network traffic based on file signatures theHarvester – gather emails, subdomains, hosts, employee names, open ports and banners tinyproxy – A lightweight, non-caching, optionally anonymizing HTTP proxy tor – anonymizing overlay network for TCP u3-tool – tool for controlling the special features of a U3 USB flash disk udptunnel – tunnel UDP packets over a TCP connection ussp-push – Client for OBEX PUSH vidalia – controller GUI for Tor vinetto – A forensics tool to examine Thumbs.db files voiphopper – VoIP infrastructure security testing tool voipong – VoIP sniffer and call detector w3af-console – framework to find and exploit web application vulnerabilities (CLI only) w3af – framework to find and exploit web application vulnerabilities wapiti – Web application vulnerability scanner wash – scan for vunerable WPS access points wavemon – Wireless Device Monitoring Application wbox – HTTP testing tool and configuration-less HTTP server webhttrack – Copy websites to your computer, httrack with a Web interface weplab – tool designed to break WEP keys wfuzz – a tool designed for bruteforcing Web Applications wipe – Secure file deletion wireshark – network traffic analyzer – GTK+ version xprobe – Remote OS identification yersinia – Network vulnerabilities check software zenmap – The Network Mapper Front End zzuf – transparent application fuzzer
The default username for this distro is root and the default password is toor, which reminds me of BackTrack Linux. Download Link: http://pwnpi.sourceforge.net/index.html_q=download.html Kali Linux BackTrack Linux’s successor “Kali Linux” is also available for Raspberry Pi and for other ARM architectures. It has XFCE as its desktop manager for sleek performance, but it still rides like your new favorite penetration testing distro “Kali Linux.” Unlike BackTrack Linux, Kali is based on Debian GNU / Linux distribution but it is still aimed at computer forensics, reverse engineering, wireless penetration testing, web hacking, and many more. There are more than 300 penetration testing tools and security auditing programs pre-installed for this distro, which includes theMetasploit Framework, Nmap, SQLmap, Openvas, Aircrack-ng, John, Hydra, Maltego, zaproxy, Wireshark, sslsniff, webmitm, hexinject, dex2jar, etc. The tools for Kali Linux are also categorized as Top 10 Security Tools: Information Gathering, Vulnerability Analysis, Web Applications, Password Attacks, Wireless Attacks, Exploitation Tools, Sniffing/Spoofing, Maintaining Access, Reverse Engineering, Stress Testing, Hardware Hacking, Forensics, and Reporting Tools. Download Link: http://cdimage.kali.org/kali-images/kali-linux-1.0-armel-raspberrypi.img.gz
Raspberry Pwn
Raspberry Pwn is an installer from Pwnie Express for transforming your Debian distribution that is running on Raspberry Pi into a penetration testing kit which is loaded with a suite of security and auditing tools like SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, and w3af. It is just easy to install Raspberry Pwn, but make sure that you have already booted up Debian or Soft-float Debian “wheezy” which can be downloaded here.
Installation:
Resize the root partition and use the whole SD card. Start the SSH service and SSH into your Raspberry Pi so that you can have access into the terminal or console of your Debian box. You may also grab your terminal right away if your Raspberry Pi is already connected to your TV or monitor. Change to the root user:
sudo -s
Install git (Make sure you are connected to the Internet):
apt-get install git
Download or clone the Raspberry Pwn installer from the Pwnie Express Github repository:
git clone https://github.com/pwnieexpress/Raspberry-Pwn.git
Move into the Raspberry-Pwn directory and run the installer script: cd Raspberry-Pwn ; ./INSTALL_raspberry_pwn.sh And then, wait for the installation to finish!
PwnBerryPi
PwnBerryPi is another pentesting suite for the Raspberry Pi and is based from Pwnie Express’s Raspberry Pwn, so basically you can expect the same tools from Raspberry Pwn. You can download or clone the PwnBerryPi installer from the g13net Github repository from here: https://github.com/g13net/PwnBerryPi.git
Sources
Handy devices hacking part 1 Pwnpi – Sourceforge Kali Kali Linux – Wikipedia Raspberry pwn a pentesting release for the raspberry Raspberry Pwn
