PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbox as the window manager. PwnPi can be easily setup to send reverse connections from inside a target network by editing a simple configuration file.





Tools:





6tunnel - TCP proxy for non-IPv6 applications

aircrack-ng - WEP/WPA cracking program

amap - a powerful application mapper

arp-scan - arp scanning and fingerprinting tool

bfbtester - Brute Force Binary Tester

bing-ip2hosts - Enumerate hostnames for an IP using bing

bsqlbf - Blind SQL injection brute forcer tool

btscanner - ncurses-based scanner for Bluetooth devices

chaosreader - trace network sessions and export it to html format

chkrootkit - rootkit detector

cryptcat - A lightweight version netcat extended with twofish encryption

darkstat - network traffic analyzer

dhcpdump - Parse DHCP packets from tcpdump

dissy - graphical frontend for objdump

dmitry - Deepmagic Information Gathering Tool

dns2tcp - TCP over DNS tunnel client and server

dnswalk - Checks dns zone information using nameserver lookups

dsniff - Various tools to sniff network traffic for cleartext insecurities

enum4linux - a tool for enumerating information from Windows and Samba systems

etherape - graphical network monitor

exploit-db - Exploit Database

fcrackzip - password cracker for zip archives

fimap - local and remote file inclusion tool

flasm - assembler and disassembler for Flash (SWF) bytecode

foremost - forensic program to recover lost files

fping - sends ICMP ECHO_REQUEST packets to network hosts

ftp-proxy - application level proxy for the FTP protocol

galleta - An Internet Explorer cookie forensic analysis tool

ghettotooth - a simple but effective blue driving tool

hostmap - hostnames and virtual hosts discovery tool

hping3 - Active Network Smashing Tool

httptunnel - Tunnels a data stream in HTTP requests

httrack - Copy websites to your computer (Offline browser)

hydra - Very fast network logon cracker

ike-scan - discover and fingerprint IKE hosts (IPsec VPN Servers)

inguma - Open source penetration testing toolkit

iodine - tool for tunneling IPv4 data through a DNS server

ipcalc - parameter calculator for IPv4 addresses

isr-evilgrade - take advantage of poor upgrade implementations by injecting fake updates

ipgrab - tcpdump-like utility that prints detailed header information

john - active password cracking tool

kismet - Wireless 802.11b monitoring tool

knocker - Simple and easy to use TCP security port scanner

lcrack - A generic password cracker

lynis - security auditing tool for Unix based systems

macchanger - utility for manipulating the MAC address of network interfaces

mboxgrep - Grep through mailboxes

mdk3 - bruteforce SSID's, bruteforce MAC filters, SSID beacon flood

medusa - fast, parallel, modular, login brute-forcer for network services

metagoofil - an information gathering tool designed for extracting metadata

metasploit - security project which provides information about security vulnerabilities

mysqloit - SQL Injection takeover tool focused on LAMP

mz - versatile packet creation and network traffic generation tool

nbtscan - A program for scanning networks for NetBIOS name information

netcat-traditional - TCP/IP swiss army knife

netdiscover - active/passive network address scanner using arp requests

netrw - netcat like tool with nice features to transport files over network

netsed - network packet-altering stream editor

netwag - graphical frontend for netwox

netwox - networking utilities

nikto - web server security scanner

nmapsi4 - graphical interface to nmap, the network scanner

nmap - The Network Mapper

nstreams - network streams - a tcpdump output analyzer

obexftp - file transfer utility for devices that use the OBEX protocol

onesixtyone - fast and simple SNMP scanner

openvas-client - Remote network security auditor, the client

openvas-server - remote network security auditor - server

ophcrack-cli - Microsoft Windows password cracker using rainbow tables (cmdline)

ophcrack - Microsoft Windows password cracker using rainbow tables (gui)

otp - Generator for One Time Pads or Passwords

p0f - Passive OS fingerprinting tool

packeth - Ethernet packet generator

packit - Network Injection and Capture

pbnj - a suite of tools to monitor changes on a network

pentbox - Suite that packs security and stability testing oriented tools

pdfcrack - PDF files password cracker

pnscan - Multi threaded port scanner

proxychains - proxy chains - redirect connections through proxy servers

pscan - Format string security checker for C files

ptunnel - Tunnel TCP connections over ICMP packets

ratproxy - passive web application security assessment tool

reaver - brute force attack tool against Wifi Protected Setup PIN number

s.e.t - social engineering toolkit

scrub - writes patterns on magnetic media to thwart data recovery

secure-delete - tools to wipe files, free disk space, swap and memory

sendemail - lightweight, command line SMTP email client

siege - HTTP regression testing and benchmarking utility

sipcrack - SIP login dumper/cracker

sipvicious - suite is a set of tools that can be used to audit SIP based VoIP systems

skipfish - fully automated, active web application security reconnaissance tool

socat - multipurpose relay for bidirectional data transfer

splint - tool for statically checking C programs for bugs

sqlbrute - a tool for brute forcing data out of databases using blind SQL injection

sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws

sqlninja - SQL Server injection and takeover tool

ssldump - An SSLv3/TLS network protocol analyzer

sslscan - Fast SSL scanner

sslsniff - SSL/TLS man-in-the-middle attack tool

sslstrip - SSL/TLS man-in-the-middle attack tool

stunnel4 - Universal SSL tunnel for network daemons

swaks - SMTP command-line test tool

tcpdump - command-line network traffic analyzer

tcpflow - TCP flow recorder

tcpick - TCP stream sniffer and connection tracker

tcpreplay - Tool to replay saved tcpdump files at arbitrary speeds

tcpslice - extract pieces of and/or glue together tcpdump files

tcpspy - Incoming and Outgoing TCP/IP connections logger

tcptrace - Tool for analyzing tcpdump output

tcpxtract - extracts files from network traffic based on file signatures

theHarvester - gather emails, subdomains, hosts, employee names, open ports and banners

tinyproxy - A lightweight, non-caching, optionally anonymizing HTTP proxy

tor - anonymizing overlay network for TCP

u3-tool - tool for controlling the special features of a U3 USB flash disk

udptunnel - tunnel UDP packets over a TCP connection

ussp-push - Client for OBEX PUSH

vidalia - controller GUI for Tor

vinetto - A forensics tool to examine Thumbs.db files

voiphopper - VoIP infrastructure security testing tool

voipong - VoIP sniffer and call detector

w3af-console - framework to find and exploit web application vulnerabilities (CLI only)

w3af - framework to find and exploit web application vulnerabilities

wapiti - Web application vulnerability scanner

wash - scan for vunerable WPS access points

wavemon - Wireless Device Monitoring Application

wbox - HTTP testing tool and configuration-less HTTP server

webhttrack - Copy websites to your computer, httrack with a Web interface

weplab - tool designed to break WEP keys

wfuzz - a tool designed for bruteforcing Web Applications

wipe - Secure file deletion

wireshark - network traffic analyzer - GTK+ version

xprobe - Remote OS identification

yersinia - Network vulnerabilities check software

zenmap - The Network Mapper Front End

zzuf - transparent application fuzzer