Berislav Kucan fromĀ net-security.org postedĀ a nice writeup on the book Aamir Lakahni and I wrote on penetration testing using a Raspberry Pi. The original write up can be found HERE.
Introduction
Raspberry Pi is a small and portable single board computer that can be transformed into a penetration testing system. This book will show you how.
About the authors
Joseph Muniz is a consultant at Cisco Systems and security researcher.
Aamir Lakhani is a cyber security architect, senior strategist, and researcher.
Inside the book
Raspberry Pi is a small and portable single board computer that gained a lot of traction in the past couple of years. Originally built as a low cost computer device for helping teach computer science in schools, it soon became an inspiration tool for building projects ranging from media centers to voice-activated coffee machines and embeddable computers for DSLR cameras.
The device is cheap, powerful (for its size and limitations) and, as this book clearly shows, it can be easily transformed into a penetration testing system. As I recently bought a Raspberry Pi, it seemed logical to read and review a book that marries this interesting piece of hardware with information security aspects.
Over the years, I have read a handful of books related to penetration testing on different systems and devices, so I was worried that a big part of the book will be a typical Kali Linux/Metasploit textbook. I was curious whether there was enough Raspberry Pi specifity that would justify a whole book on this topic. The short answer? There is.
The book starts with a primer on Raspberry Pi. It was released in January 2015, so the model used in the book was B+. Raspberry Pi 2 Model B saw the light of day soon after the book was released, but all of the aspects covered in the book can be translated to this model as well. The intro is followed with some technical aspects of setting up networking on your Raspberry Pi – from hardware options (WLAN, 3G modem) to software (SSH, stunnel, etc.).
The majority of the book is focused on penetration testing – setting up Kali Linux on the device and doing the whole circle from reconnaissance to report crafting. Regarding my earlier expressed doubts: a lot about Kali/Metasploit will seem familiar (if you are working in this field), but the authors provide an array of Raspberry Pie specifics that will definitely make your life easier if you are playing pentester with this device. The system has its processing and memory restrictions and therefor a number of tools have their particularities when running on Raspbery Pi. The authors’ experience comes quite handy here.
The book ends with a chapter on different security projects that could run on Raspberry Pi, from known projects such PwnBerry Pi, to cool things such as flight tracking by using PiAware (will definitely try this with my RTL-SDR!).
If you’re still wondering why would someone use Raspberry Pi as a penetration testing device, consider the fact that its price, size and both basic and extended functionalities make it perfect for performing remote pen testings. The device can be easily shipped to a remote location, and then simply just plugged into the network.
Final thoughts
It doesn’t matter whether you are into pentesting or not – it is very cool to run Kali Linux and Metasploit on this type of a device or, for instance, transform it into a network bridge for a network analysis/taping purposes. The possibilities are endless and this book will surely spark your creativity.