A Pentesting Release for the Raspberry Pi
The Raspberry Pi is a credit-card-sized single-board computer developed in the UK by the Raspberry Pi Foundation with the intention of promoting the teaching of basic computer science in schools. The Raspberry Pi is manufactured through licensed manufacturing deals with Newark element14 (Premier Farnell), RS Components and Egoman. All of these companies sell the Raspberry Pi online. Egoman produces a version for distribution solely in China and Taiwan, which can be distinguished from other Pis by their red coloring and lack of FCC/CE marks. The hardware is the same across all manufacturers. (wikipedia)
Pwnie Express team has announced the initial release of Raspberry Pwn which can be used to turn your raspberry pi into a full-featured security penetration testing and auditing platform. This release of Raspberry Pwn and includes all the tool needed to perform a penetration testing. So, doing penetration testing from your raspberry pi, how does that make you feel? Sqlmap, nmap, wireshark, scapy, nikto, xprobe, socat, do you want more tools for pentesting your network?
Raspberry Pwn comes with the following tools:
Let us me give you a short description of the above tools. I am not gonna explain everything. Just want to explain a two or three tools. A simple Google search will help you to find the details of the remaining tools.
Nmap is a free and open-source tool for network discovery, helping us to map the network. Network administrators find it very useful in their daily job, so if you are planning to be a network administrator you should learn how to use Nmap. Nmap can help us to discover how many hosts are in a network, what operating systems are they running, what open ports do they have and services running in these open ports. It is a command line tool but for those that do not like to remember many commands there is a graphical version of Nmap that is called Zenmap. Both Nmap and Zenmap are multi-platform (Linux, Windows, Mac OS, BSD, etc.), so you do not have to worry about the operating system you need in order to use these tools. Nmap has the ability to save scan results to files and we can use these files for later analyzes. The great thing that I like about Nmap is its scripting engine (NSE). We can write our own scripts and use them with Nmap. See more at: http://www.unixmen.com/scan-your-home-network-with-nmap/
Netcat is a command-line networking tool which is able to read and write data across Transmission Control Protocol TCP and User Datagram Protocol. Originally coded for Unix, it was released in 1996 and has been ported to a number of operating systems and facts tell that it still stays strong in the game. It has been 17 years and netcat belongs in every network admin/security professional’s toolbox. People say “old is gold” and in my opinion this is true when it comes to netcat. Virtually, you can use netcat for everything and your imagination is the limit. Depending on what your intentions are you can use it for good or you can use it for bad. Netcat operates as a client and as a server. Even if there are few exceptions, netcat’s command options are the same for both Windows and Linux and this makes netcat a more powerful tool. In the next article you will be introduced to netcat command options and will learn how perform some basic operations with netcat. – See more at: http://www.unixmen.com/short-introduction-to-netcat
If you need a tool to exploit sql injection flaws in your web application or taking over database servers, sqlmap is the right one. Sqlmap is a tool used by penetration testers all over the world and it is full of feaures. Some of its features are:
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
- Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
- Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
- Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
- Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
- Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
- Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables.
Do you need a login brute-forcer? Medusa was developed on Gentoo Linux and FreeBSD for bruteforcing network services. Medusa works with FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL,rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN and many other services. You can read more about Medusa here.
As you can see there are all tools you need for penetration testing in this release of Raspberry Pwn. Do you have a pi? Then go and turn it into a pentester machine.
Like us on Facebook
We need your assistance to stay live
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install LAMP Server (Apache, MySQL or MariaDB, PHP) On Ubuntu 13.10 : Updated January 12, 2014 LAMP is a combination of operating system and open-source software stack. ...0 comments |
- How to Install uTorrent Client on Ubuntu/Debian/Linux Mint : uTorrent is a lightweight and efficient BitTorrent client for Linux, Windows OS and Mac OS. The inst...0 comments |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comments |
- DNS Server Installation Step by Step Using CentOS 6.5/6.4/6.3 : DNS, Domain Name System, translates hostnames or URLs into IP addresses. For example if we type www....0 comments |
- Fedora 21 Scheduled For Release In October
- Install Uget Download Manager In Ubuntu, Fedora, Debian
- Download Elementary OS ‘Luna’ Official Wallpapers
- Install Power Commands 0.1.5 On Ubuntu 14.04/13.10/12.10/12.04
- 5 Android Apps that’s Going to Make Running Your Business Less Stressful
- Puppet agent Install Using Script
- Install Corosync and Pacemaker On CentOS 6.5
- Install Fail2Ban On Ubuntu Server 13.04/13.10
- How To Install Google Chrome in Fedora 20, 19, 18
- How to surf using Tor Browser Bundle
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .