Weaponizing a Raspberry Pi for pentesting, using Ansible Playbooks π₯
Explore the docs Β»
Author π¨π»βπ»
Β·
Report Bug πͺ³
Β·
Request Feature β¨
Let's begin by defining what a dropbox is and in which context can become useful.
A Dropbox, sometimes also called a Jump Box, is a small device that you can hide somewhere within the physical location that you are targeting. Getting the device into the location will sometimes take other skills, such as social engineering, or even a little breaking and entering, to get the device into the location. A Dropbox can also be a box sent by the Security Consultant firm to be installed on a network for pen testing from a remote location - Halton, W., Weaver, B., Ansari, J. A., Kotipalli, S. R., & Imran, M. A. (2017). Penetration Testing: A Survival Guide (1st ed.). Packt Publishing.
For this purpose, one of the best fits with respect to the hardware to use, is the Raspberry Pi Zero 2.
- Ansible: it is an open source community project sponsored by Red Hat, it's the simplest way to automate IT
- Raspberry Pi OS
Main features description (TBA).
A brief summary of the primary tools that this Ansible Playbook is going to install and configure (dependencies are omitted):
| Category | Name | Description | Included |
|---|---|---|---|
| π‘ | Aircrack-ng Suite | TBA | π΄ |
| πΈ | Bettercap | TBA | π΄ |
| π | fail2ban | TBA | π’ |
| π¨π»βπ» | git | TBA | π’ |
| π‘ | Kismet | TBA | π΄ |
| π¨π»βπ» | log2ram | TBA | π’ |
| πΈ | macchanger | TBA | π΄ |
| πΈ | Nmap | TBA | π΄ |
| π‘ | Probequest | TBA | π΄ |
| π‘ | Reaver | TBA | π΄ |
| πΈ | TCPdump | TBA | π΄ |
| π¨π»βπ» | Tmux | TBA | π’ |
| π | ufw | TBA | π’ |
| π‘ | Wifite | TBA | π΄ |
| πΈ | Wireshark | TBA | π΄ |
| π¨π»βπ» | Zsh | TBA | π’ |
πΈ Networking | π Security | π¨π»βπ» Utility | π‘ Wireless
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.
Ansible commands instructions (TBA).
Use this space to show useful examples of how a project can be used. Additional screenshots, code examples and demos work well in this space. You may also link to more resources.
For more examples, please refer to the Documentation
-
raspi-config(locale, timezone, expand filesystem, etc.) - Security hardening (users, SSH w/ key-auth, fail2ban, firewall, etc.)
- Install all tools mentioned (see previous section)
- MAC randomization on all interfaces
- Bluetooth PAN w/ hotspot
- Auto SSH to domain
- Self-destruct mechanism
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the GPLv3 License. See LICENSE for more information.
Your Name - @Giovanni_Bacci - github[at]baccichet[dot]org
Project Link: https://github.com/GiovanniBaccichet/dropbox-weaponizer