Raspberry Pi penetration testing use cases
There are use cases for leveraging a Raspberry Pi outside of its “cool” factor. The first use case is delivering low-cost, remote penetration testing nodes to hard-to-reach locations.
An example of this is when you offer penetration testing services to branch offices in China, UK, and Australia with limited bandwidth across sites.
Rather than flying to each location, you can charge your customer the cost to build a Raspberry Pi and ship out each box to a location. You can have a local person plug in the Raspberry Pi as a network tap and perform the penetration test remotely, thereby dramatically saving in travel and hardware costs.
In most cases, you can probably let the customer remove and keep the Raspberry Pi after the penetration test due to its low cost. You would have saved a customer thousands of dollars using this method as an alternative to enterprise cloud scanning tools that on a average have a much higher cost associated per location.
Another use case is abusing the average user’s trust by physically accessing a target’s location by claiming to be an IT or phone support representative doing maintenance.
The Raspberry Pi chipboard can be hidden in any official looking hardware such as gutting a Cisco switch, hub, and so on, and placing the Raspberry Pi in one port. The average user wouldn’t question a network box that looks like it belongs there.
In both these use cases, the major selling point is the Raspberry Pi’s low cost, which means that losing a system won’t break the bank. Also, both the use cases showcase the Raspberry Pi‘s value of being very mobile due to its small form.
So, the Raspberry Pi makes a great alternative to more expensive remote penetration toolsets such as the ones offered by PWNIE Express (we are not saying that the PWNIE Express tools are not cool or desirable, but they will cost you a lot more than the Raspberry Pi approach). Speaking of which, you can run a light version of the PWNIE Express software on a Raspberry Pi as well, which is touched upon at the end of this series.
A common reason to consider a Raspberry Pi is its flexibility of design, its software, and its online community. There are thousands of websites dedicated to using the Raspberry Pi for various types of use cases.
So, if you run into a snag, you are most likely to find a solution on Google. There are many options for operating systems and pretty much everything seems to be open source. This makes requirements for many design requests possible, such as the need to develop a large amount of affordable systems for mobile classrooms.
With a Raspberry Pi, the possibilities are endless. Regarding penetration testing, Kali Linux offers pretty much everything you would need for a basic exercise. The Kali Linux ARM is limited; however, you can always use apt-get to download any missing tools to meet your requirements for a penetration testing exercise as long as the tool doesn’t require massive computing power. We will be covering how to download missing tools later in the series.
So, go shell out $50 – $100 on a Raspberry Pi and check out the online communities for more information on how you can take your Raspberry Pi to the next level.
With Love and Prosperity K4LINUX-TEAM.