Raspberry Pi for pwning and penetration testing? Of course! Why not? As an introduction, Raspberry Pi is an ARM GNU / Linux box or a credit card size mini computer that can be plugged in to your TV using an HDMI cable then to your USB type of keyboard and mouse.

Aside from office work, programming, personal usage, and gaming, it is also used by enthusiasts out there as a penetration testing box by installing Ubuntu or Debian Linux and a couple of tools for information gathering, vulnerability assessment, exploitation, maintaining access, reverse engineering, social engineering, forensic analysis and VOIP analysis.

In this article, I will introduce some penetration testing distributions and kits that are available for your Raspberry Pi:

PwnPi



PwnPi is a Linux-based penetration testing drop box distribution that has over 200 network security tools pre-installed and uses Xfce as its window manager. Below are some of the tools of PwnPi as described by the lead developer:

6tunnel – TCP proxy for non-IPv6 applications

aircrack-ng – WEP/WPA cracking program

amap – a powerful application mapper

arp-scan – arp scanning and fingerprinting tool

bfbtester – Brute Force Binary Tester

bing-ip2hosts – Enumerate hostnames for an IP using bing

bsqlbf – Blind SQL injection brute forcer tool

btscanner – ncurses-based scanner for Bluetooth devices

chaosreader – trace network sessions and export it to html format

chkrootkit – rootkit detector

cryptcat – A lightweight version netcat extended with twofish encryption

darkstat – network traffic analyzer

dhcpdump – Parse DHCP packets from tcpdump

dissy – graphical frontend for objdump

dmitry – Deepmagic Information Gathering Tool

dns2tcp – TCP over DNS tunnel client and server

dnswalk – Checks dns zone information using nameserver lookups

dsniff – Various tools to sniff network traffic for cleartext insecurities

enum4linux – a tool for enumerating information from Windows and Samba systems

etherape – graphical network monitor

fcrackzip – password cracker for zip archives

fimap – local and remote file inclusion tool

flasm – assembler and disassembler for Flash (SWF) bytecode

foremost – forensic program to recover lost files

fping – sends ICMP ECHO_REQUEST packets to network hosts

ftp-proxy – application level proxy for the FTP protocol

galleta – An Internet Explorer cookie forensic analysis tool

ghettotooth – a simple but effective blue driving tool

hostmap – hostnames and virtual hosts discovery tool

hping3 – Active Network Smashing Tool

httptunnel – Tunnels a data stream in HTTP requests

httrack – Copy websites to your computer (Offline browser)

hydra – Very fast network logon cracker

ike-scan – discover and fingerprint IKE hosts (IPsec VPN Servers)

inguma – Open source penetration testing toolkit

iodine – tool for tunneling IPv4 data through a DNS server

ipcalc – parameter calculator for IPv4 addresses

isr-evilgrade – take advantage of poor upgrade implementations by injecting fake updates

ipgrab – tcpdump-like utility that prints detailed header information

john – active password cracking tool

kismet – Wireless 802.11b monitoring tool

knocker – Simple and easy to use TCP security port scanner

lcrack – A generic password cracker

lynis – security auditing tool for Unix based systems

macchanger – utility for manipulating the MAC address of network interfaces

mboxgrep – Grep through mailboxes

mdk3 – bruteforce SSID’s, bruteforce MAC filters, SSID beacon flood

medusa – fast, parallel, modular, login brute-forcer for network services

metagoofil – an information gathering tool designed for extracting metadata

metasploit – security project which provides information about security vulnerabilities

mysqloit – SQL Injection takeover tool focused on LAMP

mz – versatile packet creation and network traffic generation tool

nbtscan – A program for scanning networks for NetBIOS name information

netcat-traditional – TCP/IP swiss army knife

netdiscover – active/passive network address scanner using arp requests

netrw – netcat like tool with nice features to transport files over network

netsed – network packet-altering stream editor

netwag – graphical frontend for netwox

netwox – networking utilities

nikto – web server security scanner

nmapsi4 – graphical interface to nmap, the network scanner

nmap – The Network Mapper

nstreams – a tcpdump output analyzer

obexftp – file transfer utility for devices that use the OBEX protocol

onesixtyone – fast and simple SNMP scanner

openvas-client – Remote network security auditor, the client

openvas-server – remote network security auditor – server

ophcrack-cli – Microsoft Windows password cracker using rainbow tables (cmdline)

ophcrack – Microsoft Windows password cracker using rainbow tables (gui)

otp – Generator for One Time Pads or Passwords

p0f – Passive OS fingerprinting tool

packeth – Ethernet packet generator

packit – Network Injection and Capture

pbnj – a suite of tools to monitor changes on a network

pentbox – Suite that packs security and stability testing oriented tools

pdfcrack – PDF files password cracker

pnscan – Multi threaded port scanner

proxychains – redirect connections through proxy servers

pscan – Format string security checker for C files

ptunnel – Tunnel TCP connections over ICMP packets

ratproxy – passive web application security assessment tool

reaver – brute force attack tool against Wifi Protected Setup PIN number

s.e.t – social engineering toolkit

scrub – writes patterns on magnetic media to thwart data recovery

secure-delete – tools to wipe files, free disk space, swap and memory

sendemail – lightweight, command line SMTP email client

siege – HTTP regression testing and benchmarking utility

sipcrack – SIP login dumper/cracker

sipvicious – suite is a set of tools that can be used to audit SIP based VoIP systems

skipfish – fully automated, active web application security reconnaissance tool

socat – multipurpose relay for bidirectional data transfer

splint – tool for statically checking C programs for bugs

sqlbrute – a tool for brute forcing data out of databases using blind SQL injection

sqlmap – tool that automates the process of detecting and exploiting SQL injection flaws

sqlninja – SQL Server injection and takeover tool

ssldump – An SSLv3/TLS network protocol analyzer

sslscan – Fast SSL scanner

sslsniff – SSL/TLS man-in-the-middle attack tool

sslstrip – SSL/TLS man-in-the-middle attack tool

stunnel4 – Universal SSL tunnel for network daemons

swaks – SMTP command-line test tool

tcpdump – command-line network traffic analyzer

tcpflow – TCP flow recorder

tcpick – TCP stream sniffer and connection tracker

tcpreplay – Tool to replay saved tcpdump files at arbitrary speeds

tcpslice – extract pieces of and/or glue together tcpdump files

tcpspy – Incoming and Outgoing TCP/IP connections logger

tcptrace – Tool for analyzing tcpdump output

tcpxtract – extracts files from network traffic based on file signatures

theHarvester – gather emails, subdomains, hosts, employee names, open ports and banners

tinyproxy – A lightweight, non-caching, optionally anonymizing HTTP proxy

tor – anonymizing overlay network for TCP

u3-tool – tool for controlling the special features of a U3 USB flash disk

udptunnel – tunnel UDP packets over a TCP connection

ussp-push – Client for OBEX PUSH

vidalia – controller GUI for Tor

vinetto – A forensics tool to examine Thumbs.db files

voiphopper – VoIP infrastructure security testing tool

voipong – VoIP sniffer and call detector

w3af-console – framework to find and exploit web application vulnerabilities (CLI only)

w3af – framework to find and exploit web application vulnerabilities

wapiti – Web application vulnerability scanner

wash – scan for vunerable WPS access points

wavemon – Wireless Device Monitoring Application

wbox – HTTP testing tool and configuration-less HTTP server

webhttrack – Copy websites to your computer, httrack with a Web interface

weplab – tool designed to break WEP keys

wfuzz – a tool designed for bruteforcing Web Applications

wipe – Secure file deletion

wireshark – network traffic analyzer – GTK+ version

xprobe – Remote OS identification

yersinia – Network vulnerabilities check software

zenmap – The Network Mapper Front End

zzuf – transparent application fuzzer

Ethical Hacking Training – Resources (InfoSec)

The default username for this distro is root and the default password is toor, which reminds me of BackTrack Linux.

Download Link: http://pwnpi.sourceforge.net/index.html_q=download.html

Kali Linux



BackTrack Linux’s successor “Kali Linux” is also available for Raspberry Pi and for other ARM architectures. It has XFCE as its desktop manager for sleek performance, but it still rides like your new favorite penetration testing distro “Kali Linux.” Unlike BackTrack Linux, Kali is based on Debian GNU / Linux distribution but it is still aimed at computer forensics, reverse engineering, wireless penetration testing, web hacking, and many more.

There are more than 300 penetration testing tools and security auditing programs pre-installed for this distro, which includes theMetasploit Framework, Nmap, SQLmap, Openvas, Aircrack-ng, John, Hydra, Maltego, zaproxy, Wireshark, sslsniff, webmitm, hexinject, dex2jar, etc.

The tools for Kali Linux are also categorized as Top 10 Security Tools: Information Gathering, Vulnerability Analysis, Web Applications, Password Attacks, Wireless Attacks, Exploitation Tools, Sniffing/Spoofing, Maintaining Access, Reverse Engineering, Stress Testing, Hardware Hacking, Forensics, and Reporting Tools.

Download Link: http://cdimage.kali.org/kali-images/kali-linux-1.0-armel-raspberrypi.img.gz

Raspberry Pwn



Raspberry Pwn is an installer from Pwnie Express for transforming your Debian distribution that is running on Raspberry Pi into a penetration testing kit which is loaded with a suite of security and auditing tools like SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, and w3af.

It is just easy to install Raspberry Pwn, but make sure that you have already booted up Debian or Soft-float Debian “wheezy” which can be downloaded here.

Installation:

Resize the root partition and use the whole SD card. Start the SSH service and SSH into your Raspberry Pi so that you can have access into the terminal or console of your Debian box. You may also grab your terminal right away if your Raspberry Pi is already connected to your TV or monitor. Change to the root user:

# sudo -s

Install git (Make sure you are connected to the Internet):

# apt-get install git

Download or clone the Raspberry Pwn installer from the Pwnie Express Github repository:

# git clone https://github.com/pwnieexpress/Raspberry-Pwn.git

Move into the Raspberry-Pwn directory and run the installer script: cd Raspberry-Pwn ; ./INSTALL_raspberry_pwn.sh And then, wait for the installation to finish!

PwnBerryPi



PwnBerryPi is another pentesting suite for the Raspberry Pi and is based from Pwnie Express’s Raspberry Pwn, so basically you can expect the same tools from Raspberry Pwn. You can download or clone the PwnBerryPi installer from the g13net Github repository from here: https://github.com/g13net/PwnBerryPi.git

Resources:



http://resources.infosecinstitute.com/handy-devices-hacking-part-1/



http://pwnpi.sourceforge.net/index.html_q=tools.html



http://www.kali.org/downloads/



http://en.wikipedia.org/wiki/Kali_Linux



http://blog.pwnieexpress.com/post/24967860602/raspberry-pwn-a-pentesting-release-for-the-raspberry



https://github.com/pwnieexpress/Raspberry-Pwn