Penetration testing with the Raspberry Pi

PwnPi is a penetration testing distribution rolled up for the Raspberry Pi platform. This should come as no surprise to anyone. The RPi board has a beefy processor, it’s relatively low power, has the option of the on-board NIC or a USB WiFi dongle, and it already has Linux kernel and desktop sources available to start from.

Now we will admit we’re a bit disappointed from this tip. Don’t get us wrong, the distro looks like it’s well done, and we’re sure there are a lot of folks out there who will be happy to have these tools to help test their network security. But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet (SheevaPlug style), or a battery-powered module that can be plugged into an Ethernet port and hidden away.

Now you know what we want, don’t forget to send in a link once you pull it off.

[Thanks Scott]

28 thoughts on “Penetration testing with the Raspberry Pi

  1. Seems the PwnPi site has been HackaDayed: very slow to load. My argument against a black box/hat approach with the Pi is that it is over kill. The WR703N is good enough, and cheaper (in case you lose it!). And it comes in a box!

  2. Am I the only one fed up with seeing all these raspPi projects? Perhaps I’ve because I’ve been on every waiting list for these damned things for months and still don’t have one.

    1. Hopefully, the wait to get a display with HDMI ports (or converter for current displays owned to HDMI) will be significanlly less than the wait time for the RasberryPi from what ever “announcment”/order date for the RasberryPi used. :)

      1. Indeed, moreover, when in ssh, install a VNC server, such as TightVNCServer, enable it, and access the RPi desktop from a remote computer.
        Personally, I’m using my RPi everyday without keyboard, mouse or display: all remote.
        My RPi is running Apache WEB server, PHP5 and MySQL. Samba is also up, making RPi a cloud server for the house. No need for speed for these apps. Therefore, 3 Watts are good enough!

  3. “The RPi board has a beefy processor”

    No it doesn’t.
    Maybe compared to some MIPS router or w/e.

    Should be fine for some pen-testing, but please don’t call it ‘beefy’.

  4. I don’t have enough Linux experience to add another piece of software. It would be great to combine this with the WPS crack and other cracks.

    Brute-force Network cracking.. With a PI! Awesome!

      1. Sort of. These tasks take a lot of time. Even on high end consumer systems I often don’t rise to more than 4k tries per second.

        A raspberryPi would be best used as a go between, use something with more power elsewhere.

        But all this is missing the main point of security: if you can get this thing on the network, you already have physical access to the network. If you have physical access to the network, then why do you need this particularly to gain access.

        Without physical security there is no security.

      2. Physical security and network security go hand in hand. I am sitting here at work and I can see a few of the neighbors networks. I could be running reaver on my laptop and the neighbors wouldnt have any idea until their DHCP list shows a system they dont recognize.

  5. put it on a RC car and drive it to the secure location for wireless network hacking. Once into the network, load a backdoor app so you can connect from anywhere! you know for security testing….nothing malicous ;)

    hmm…thinking solar panel, gps, PwnPi….probably get it run over or stolen….okay never mind.

  6. I’d like to see someone use Backtrack – but the processing power won’t really pack a punch for bruteforce cracking~

    1. Install Reaver on it and it won’t really need that much processing power to crack WPS. As compared to dictionary attacks(which only has a 100% or 0% chance of cracking), WPS has a much much more chance of cracking a network (about 90% of the time depending if the router’s WPS is turned on, and is probably turned on, on most AP’s). The speed of cracking WPS depends on the AP itself, so it doesn’t really matter if you’re using a Raspberry Pi or a full fledged computer.

  7. Hmm, pRoFIT’s idea isn’t that bad. The only fiddling, that sticks in my mind, is, to use Pi as remote data harvester, then do the said data analysis on some powerful machine, using gathered data…

    Oh, my, I guess my paranoia, about being observed, or traced, just went straight trough roof.

  8. >But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet

    you are a hipster skiddie piece of shit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s