a working pentest for dummies in a little box!
Stumbled across a neat little project on Reddit the other day and I liked it so much I wanted to share!
Pentesting is something I’ve been doing for many years, and although a lot can be automated – much is manual work. That’s how I do it anyway, and that has always given me full control and the ability to act upon whatever I find throughout the session. The user secgroundzero decided to make a “fire and forget” type installation where you sneakily connect a little box to any available RJ45 ethernet port, it’ll automatically run all the tests you want and you can later collect the little box when you think it’s ready. He decided to use a Raspberry Pi for this little project, and he’s done a great job if you ask me!
The bulk of the operation is based around the most common tools for pentesting and a python script that runs these and collects the data in an orderly fashion, but you can easily add your own stuff or just play around with the configuration. There are also recommendations for post-run analysis tools and I think the collection is a really good one!
Currently there are no images which you can download so you have to build your own and install all the resources, so in order to make it a proper “for dummies”, I’ve made a script for you! 😉
Depending on your distro you might run into errors I can’t predict, but my example is based on Debian Jessie Lite, which is a headless Debian distro for Raspberry Pi, and this is all you need to get started.
Download the latest Debian Jessie Lite (download full version if you need X for some reason…)
and put it on the sdcard. (my example is using /dev/mmcblk0 but use whatever dev your sdcard is connected to)
sudo dd bs=4M if=2016-05-10-raspian-jessie-lite.img of=/dev/mmcblk0
Put the sdcard in your Rasberry Pi (called raspi that hereafter), boot and do the usual config like expand sdcard, set hostname and auto login.
Reboot the raspi and connect with ssh. Default user is “pi” and password “raspberry”
First some housekeeping by updating to the latest and greatest patches.
sudo apt-get update; sudo apt-get upgrade
If you for some reason encounter this problem during upgrade:
dpkg: error processing package bluez (–configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)
just run ‘sudo apt-get remove -y bluez bluez-firmware‘ and you’re done. You don’t need Bluetooth for this little project anyway.
Now you’re ready to start the installation.
Note. When installing macchanger you have to choose to automatically set a new MAC every reboot. For home tinkering select no, for “live” use, select yes.
Just copy & paste the script below into the terminal which you’ve connected to the raspi with ssh and grab a coffee!
cd /home/pi mkdir WarBerry cd WarBerry mkdir Results mkdir Tools git clone https://github.com/secgroundzero/warberry.git sudo apt-get install -y git nbtscan python-scapy tcpdump nmap python-pip sudo apt-get install python-bluez sudo pip install python-nmap sudo pip install ipaddress sudo pip install netaddr sudo apt-get install -y ppp sg3-utils netdiscover sudo apt-get install macchanger cd Tools git clone https://github.com/DanMcInerney/net-creds.git sudo apt-get install -y onesixtyone nikto hydra john w3af-console ettercap-text-only git clone https://github.com/stasinopoulos/commix.git git clone https://github.com/sqlmapproject/sqlmap.git git clone https://github.com/CoreSecurity/impacket.git git clone https://github.com/samratashok/nishang.git git clone https://github.com/SpiderLabs/Responder.git git clone https://github.com/sophron/wifiphisher.git git clone https://github.com/Dionach/CMSmap.git git clone https://github.com/PowerShellMafia/PowerSploit.git sudo apt-get -y install libssl-dev wget http://download.aircrack-ng.org/aircrack-ng-1.2-beta1.tar.gz tar -zxvf aircrack-ng-1.2-beta1.tar.gz cd aircrack-ng-1.2-beta1 sudo make sudo make install sudo airodump-ng-oui-update sudo apt-get -y install iw wget https://download.sysinternals.com/files/SysinternalsSuite.zip cd /home/pi sudo chown -R pi:pi WarBerry
And that’s it – you’re done! You can now ‘cd WarBerry/warberry‘ and then start everything with ‘sudo python warberry.py -A‘ and then just sit back and watch the results!
If something broke, look at the error code and act accordingly, but if you use a freshly installed Debian Jessie Lite then you should be fine. (although later revisions might be faulty, and I take no responsibility for anything that goes wrong…)
All results are stored in ‘Warberry/Results’ which you created in the beginning and consecutive runs will be appended to these files.
This can obviously be used for sinister activities, and such is life… Myself have other interests in the matter and I like it for the simple automated tool it is! One great use for the WarBerryPi is to secure your home network and computers!
What can be done to further improve the WarBerry after this? Well, you can either add a cron job that starts warberry.py -A or you can connect a button on the GPIO that starts the same when you press that button.
All the credits for creating the WarBerryPi project goes to secgroundzero which can be found at https://github.com/secgroundzero/warberry – and perhaps a tiny bit of credit to me for creating the install script so you don’t have to do install everything manually, or if you simply don’t know how to do this in Debian linux…
Don’t do anything stupid with this, just because you can… On the other hand, the WarBerryPi won’t give you anything unless you actually know what you’re doing, so if you have zero skills in netsec then this tool won’t do you any good regardless.
Please leave a comment below if you found this instruction/script useful and if you have any ideas for improvement, or something didn’t work.