PwnPi is a Linux-based penetration testing drop box distribution for the Raspberry Pi. It currently has 200+ security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbox as the window manager.
PwnPi can be easily setup to send reverse connections from a target network by editing a simple configuration file.
Note: The new version (3.0) supports the 512mb version of the Raspberry Pi.
Here are some of the tools in the PwnPi:
Here are some of the tools in the PwnPi:
- w3af-console - framework to find and exploit web application vulnerabilities (CLI only)
- nikto - web server security scanner
- netwag - graphical frontend for netwox
- httrack - Copy websites to your computer (Offline browser)
- theHarvester - gather emails, subdomains, hosts, employee names, open ports and banners
- openvas-server - remote network security auditor - server
- dsniff - Various tools to sniff network traffic for cleartext insecurities
- udptunnel - tunnel UDP packets over a TCP connection
- hydra - Very fast network logon cracker
- bfbtester - Brute Force Binary Tester
- bsqlbf - Blind SQL injection brute forcer tool
- exploit-db - Exploit Database
- yersinia - Network vulnerabilities check software
- dnswalk - Checks dns zone information using nameserver lookups
- tor - anonymizing overlay network for TCP
- xprobe - Remote OS identification
- ghettotooth - a simple but effective blue driving tool
- btscanner - ncurses-based scanner for Bluetooth devices
- sipvicious - suite is a set of tools that can be used to audit SIP based VoIP systems
- amap - a powerful application mapper
- ratproxy - passive web application security assessment tool
- siege - HTTP regression testing and benchmarking utility
- p0f - Passive OS fingerprinting tool
- sipcrack - SIP login dumper/cracker
- ipgrab - tcpdump-like utility that prints detailed header information
- ophcrack - Microsoft Windows password cracker using rainbow tables (gui)
- macchanger - utility for manipulating the MAC address of network interfaces
- swaks - SMTP command-line test tool
- enum4linux - a tool for enumerating information from Windows and Samba systems
- foremost - forensic program to recover lost files
- secure-delete - tools to wipe files, free disk space, swap and memory
- arp-scan - arp scanning and fingerprinting tool
- ssldump - An SSLv3/TLS network protocol analyzer
- dissy - graphical frontend for objdump
- sslsniff - SSL/TLS man-in-the-middle attack tool
- voipong - VoIP sniffer and call detector
- pnscan - Multi threaded port scanner
- netwox - networking utilities
- ftp-proxy - application level proxy for the FTP protocol
- john - active password cracking tool
- fping - sends ICMP ECHO_REQUEST packets to network hosts
- zzuf - transparent application fuzzer
- packit - Network Injection and Capture
- bing-ip2hosts - Enumerate hostnames for an IP using bing
- s.e.t - social engineering toolkit
- netdiscover - active/passive network address scanner using arp requests
- pscan - Format string security checker for C files
- wbox - HTTP testing tool and configuration-less HTTP server
- chaosreader - trace network sessions and export it to html format
- inguma - Open source penetration testing toolkit
- ptunnel - Tunnel TCP connections over ICMP packets
- sqlninja - SQL Server injection and takeover tool
- tcpreplay - Tool to replay saved tcpdump files at arbitrary speeds
- mysqloit - SQL Injection takeover tool focused on LAMP
- metagoofil - an information gathering tool designed for extracting metadata
- dmitry - Deepmagic Information Gathering Tool
- tcpflow - TCP flow recorder
- wavemon - Wireless Device Monitoring Application
- ussp-push - Client for OBEX PUSH
- u3-tool - tool for controlling the special features of a U3 USB flash disk
- zenmap - The Network Mapper Front End
- nmap - The Network Mapper
- tinyproxy - A lightweight, non-caching, optionally anonymizing HTTP proxy
- voiphopper - VoIP infrastructure security testing tool
- w3af - framework to find and exploit web application vulnerabilities
- lcrack - A generic password cracker
- fimap - local and remote file inclusion tool
- kismet - Wireless 802.11b monitoring tool
- scrub - writes patterns on magnetic media to thwart data recovery
- dns2tcp - TCP over DNS tunnel client and server
- obexftp - file transfer utility for devices that use the OBEX protocol
- wash - scan for vunerable WPS access points
- vidalia - controller GUI for Tor
- tcpick - TCP stream sniffer and connection tracker
- ipcalc - parameter calculator for IPv4 addresses
- sqlbrute - a tool for brute forcing data out of databases using blind SQL injection
- sslscan - Fast SSL scanner
- otp - Generator for One Time Pads or Passwords
- etherape - graphical network monitor
- wipe - Secure file deletion
- pbnj - a suite of tools to monitor changes on a network
- nstreams - network streams - a tcpdump output analyzer
- skipfish - fully automated, active web application security reconnaissance tool
- lynis - security auditing tool for Unix based systems
- darkstat - network traffic analyzer
- dhcpdump - Parse DHCP packets from tcpdump
- hping3 - Active Network Smashing Tool
- galleta - An Internet Explorer cookie forensic analysis tool
- stunnel4 - Universal SSL tunnel for network daemons
- weplab - tool designed to break WEP keys
- pdfcrack - PDF files password cracker
- socat - multipurpose relay for bidirectional data transfer
- proxychains - proxy chains - redirect connections through proxy servers
- aircrack-ng - WEP/WPA cracking program
- wapiti - Web application vulnerability scanner
- tcpxtract - extracts files from network traffic based on file signatures
- mdk3 - bruteforce SSID's, bruteforce MAC filters, SSID beacon flood
- cryptcat - A lightweight version netcat extended with twofish encryption
- ophcrack-cli - Microsoft Windows password cracker using rainbow tables (cmdline)
- openvas-client - Remote network security auditor, the client
- pentbox - Suite that packs security and stability testing oriented tools
- medusa - fast, parallel, modular, login brute-forcer for network services
- 6tunnel - TCP proxy for non-IPv6 applications
- wfuzz - a tool designed for bruteforcing Web Applications
- httptunnel - Tunnels a data stream in HTTP requests
- nmapsi4 - graphical interface to nmap, the network scanner
- webhttrack - Copy websites to your computer, httrack with a Web interface
- reaver - brute force attack tool against Wifi Protected Setup PIN number
- tcptrace - Tool for analyzing tcpdump output
- mz - versatile packet creation and network traffic generation tool
- vinetto - A forensics tool to examine Thumbs.db files
- knocker - Simple and easy to use TCP security port scanner
- packeth - Ethernet packet generator
- wireshark - network traffic analyzer - GTK+ version
- fcrackzip - password cracker for zip archives
- sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws
- ike-scan - discover and fingerprint IKE hosts (IPsec VPN Servers)
- metasploit - security project which provides information about security vulnerabilities
- netsed - network packet-altering stream editor
- tcpdump - command-line network traffic analyzer
- chkrootkit - rootkit detector
- sslstrip - SSL/TLS man-in-the-middle attack tool
- nbtscan - A program for scanning networks for NetBIOS name information
- iodine - tool for tunneling IPv4 data through a DNS server
- onesixtyone - fast and simple SNMP scanner
- netrw - netcat like tool with nice features to transport files over network
- tcpspy - Incoming and Outgoing TCP/IP connections logger
- tcpslice - extract pieces of and/or glue together tcpdump files
- mboxgrep - Grep through mailboxes
- hostmap - hostnames and virtual hosts discovery tool
- sendemail - lightweight, command line SMTP email client
- isr-evilgrade - take advantage of poor upgrade implementations by injecting fake updates
- flasm - assembler and disassembler for Flash (SWF) bytecode
- netcat-traditional - TCP/IP swiss army knife
- splint - tool for statically checking C programs for bugs
- Netgear WNA1000M
- EnGenius EUB9603
- IOGear GWU625
- Asus USB-N10
- 3COM 3CRUSB10075
- Alfa AWUS036NH
- Patriot Memory PCBOWAU2-N
- Alfa AWUS036NEH
- Sabrent USB-A11N
- Belkin F7D1101 v1
- Netgear WG111v2
- Ralink RT5370
- Belkin F9L1001v1 N150
- Tenda W311U
- Linksys Linksys WUSB54GC
- Netgear N150
- Belkin F5D8053 ver6001
- SL SL-1507N
- Edimax EW-7811Un
- Linksys WUSB600N
- Alfa AWUS036H
- D-Link AirPlus G DWL-G122
- LogiLink Nano Adapter 802.11n
- D-Link DWA-160 Version A2
- Linksys WUSB100 v2
- Edimax EW-7711UAn
- 7DayShop W-3S01BLK
- BlueProton BT3
- Sagem XG-760N
- Asus WL-167G v1
- Buffalo WLI-UC-G300N
- SMC SMCWUSB-G
- Alfa AWUS036H
- D-Link WUA-1340(Version A1
- The Pi Hut USB 802.11n
- DIGICOM USBWAVE54
- D-Link DWA-131 Version A1
- Sony UWA-BR100
- Buffalo WLI-UC-GNM
- D-Link DWA-110 Version A1
- D-Link DWA-160 Version B1
- Netgear WG111v1
- Widemac RT5370
- Edup 150MBPS Wi-Fi Adapter
- Alfa AWUS036NHA
- TP-Link TL-WN721N
- Belkin F5D8053 ver6001
- DIGICOM USBWAVE300C
- Ralink RT3070
- Asus USB-N13
- Gigabyte GN-WB32L
- ZyXEL G-202
- TP-Link TL-WN821N
- D-Link DWA-121 Version A1
- Netgear N150
- Mvix Nubbin MS-811N
- D-Link DWA-140 Version B1
- Edup Ultra-Mini Nano
- SMC SMCWUSBS-N
- Belkin Surf Micro
- Belkin F5D7050 v3000
- Sitecom N300
- Belkin F7D2102 N300 Micro
- Trendnet TEW-648UBM
- Ralink RT2573
- Rosewill RNX-G1 Wireless B/G Adapter
- TP-Link TL-WN422G v2
- AirLink101 AWLL5088
- Ralink RT2501
- Ralink RT2770F
- Asus WL-167G v3
- Rosewill RNX-MiniN1
- Tenda W311MI
- Rosewill RNX-N180UBE
- Edup EP-N8508
- Eminent EM4575
- Conceptronic C300RU
- TP-Link TL-WN723N
- OvisLink Evo-W300USB
- AusPi Technologies WiFi Adapter
- Edimax EW-7318USg
- DELL Wireless 1450
- Conrad N150 mini
- Sempre WU300-2
- ZyXEL NWD2105
PwnPi - A Pen-testing Drop Box Distribution For Raspberry Pi
Reviewed by AC10 Tech
on
Friday, March 10, 2017
Rating:
No comments: