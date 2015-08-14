

PwnPi is a Linux-based penetration testing drop box distribution for the Raspberry Pi . It currently has 200+ security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbox as the window manager.

PwnPi can be easily setup to send reverse connections from a target network by editing a simple configuration file.





Note: The new version (3.0) supports the 512mb version of the Raspberry Pi.





Here are some of the tools in the PwnPi:

w3af-console - framework to find and exploit web application vulnerabilities (CLI only)

- framework to find and exploit web application vulnerabilities (CLI only) nikto - web server security scanner

- web server security scanner netwag - graphical frontend for netwox

- graphical frontend for netwox httrack - Copy websites to your computer (Offline browser)

- Copy websites to your computer (Offline browser) theHarvester - gather emails, subdomains, hosts, employee names, open ports and banners

- gather emails, subdomains, hosts, employee names, open ports and banners openvas-server - remote network security auditor - server

- remote network security auditor - server dsniff - Various tools to sniff network traffic for cleartext insecurities

- Various tools to sniff network traffic for cleartext insecurities udptunnel - tunnel UDP packets over a TCP connection

- tunnel UDP packets over a TCP connection hydra - Very fast network logon cracker

- Very fast network logon cracker bfbtester - Brute Force Binary Tester

- Brute Force Binary Tester bsqlbf - Blind SQL injection brute forcer tool

- Blind SQL injection brute forcer tool exploit-db - Exploit Database

- Exploit Database yersinia - Network vulnerabilities check software

- Network vulnerabilities check software dnswalk - Checks dns zone information using nameserver lookups

- Checks dns zone information using nameserver lookups tor - anonymizing overlay network for TCP

- anonymizing overlay network for TCP xprobe - Remote OS identification

- Remote OS identification ghettotooth - a simple but effective blue driving tool

- a simple but effective blue driving tool btscanner - ncurses-based scanner for Bluetooth devices

- ncurses-based scanner for Bluetooth devices sipvicious - suite is a set of tools that can be used to audit SIP based VoIP systems

- suite is a set of tools that can be used to audit SIP based VoIP systems amap - a powerful application mapper

- a powerful application mapper ratproxy - passive web application security assessment tool

- passive web application security assessment tool siege - HTTP regression testing and benchmarking utility

- HTTP regression testing and benchmarking utility p0f - Passive OS fingerprinting tool

- Passive OS fingerprinting tool sipcrack - SIP login dumper/cracker

- SIP login dumper/cracker ipgrab - tcpdump-like utility that prints detailed header information

- tcpdump-like utility that prints detailed header information ophcrack - Microsoft Windows password cracker using rainbow tables (gui)

- Microsoft Windows password cracker using rainbow tables (gui) macchanger - utility for manipulating the MAC address of network interfaces

- utility for manipulating the MAC address of network interfaces swaks - SMTP command-line test tool

- SMTP command-line test tool enum4linux - a tool for enumerating information from Windows and Samba systems

- a tool for enumerating information from Windows and Samba systems foremost - forensic program to recover lost files

- forensic program to recover lost files secure-delete - tools to wipe files, free disk space, swap and memory

- tools to wipe files, free disk space, swap and memory arp-scan - arp scanning and fingerprinting tool

- arp scanning and fingerprinting tool ssldump - An SSLv3/TLS network protocol analyzer

- An SSLv3/TLS network protocol analyzer dissy - graphical frontend for objdump

- graphical frontend for objdump sslsniff - SSL/TLS man-in-the-middle attack tool

- SSL/TLS man-in-the-middle attack tool voipong - VoIP sniffer and call detector

- VoIP sniffer and call detector pnscan - Multi threaded port scanner

- Multi threaded port scanner netwox - networking utilities

- networking utilities ftp-proxy - application level proxy for the FTP protocol

- application level proxy for the FTP protocol john - active password cracking tool

- active password cracking tool fping - sends ICMP ECHO_REQUEST packets to network hosts

- sends ICMP ECHO_REQUEST packets to network hosts zzuf - transparent application fuzzer

- transparent application fuzzer packit - Network Injection and Capture

- Network Injection and Capture bing-ip2hosts - Enumerate hostnames for an IP using bing

- Enumerate hostnames for an IP using bing s.e.t - social engineering toolkit

- social engineering toolkit netdiscover - active/passive network address scanner using arp requests

- active/passive network address scanner using arp requests pscan - Format string security checker for C files

- Format string security checker for C files wbox - HTTP testing tool and configuration-less HTTP server

- HTTP testing tool and configuration-less HTTP server chaosreader - trace network sessions and export it to html format

- trace network sessions and export it to html format inguma - Open source penetration testing toolkit

- Open source penetration testing toolkit ptunnel - Tunnel TCP connections over ICMP packets

- Tunnel TCP connections over ICMP packets sqlninja - SQL Server injection and takeover tool

- SQL Server injection and takeover tool tcpreplay - Tool to replay saved tcpdump files at arbitrary speeds

- Tool to replay saved tcpdump files at arbitrary speeds mysqloit - SQL Injection takeover tool focused on LAMP

- SQL Injection takeover tool focused on LAMP metagoofil - an information gathering tool designed for extracting metadata

- an information gathering tool designed for extracting metadata dmitry - Deepmagic Information Gathering Tool

- Deepmagic Information Gathering Tool tcpflow - TCP flow recorder

- TCP flow recorder wavemon - Wireless Device Monitoring Application

- Wireless Device Monitoring Application ussp-push - Client for OBEX PUSH

- Client for OBEX PUSH u3-tool - tool for controlling the special features of a U3 USB flash disk

- tool for controlling the special features of a U3 USB flash disk zenmap - The Network Mapper Front End

- The Network Mapper Front End nmap - The Network Mapper

- The Network Mapper tinyproxy - A lightweight, non-caching, optionally anonymizing HTTP proxy

- A lightweight, non-caching, optionally anonymizing HTTP proxy voiphopper - VoIP infrastructure security testing tool

- VoIP infrastructure security testing tool w3af - framework to find and exploit web application vulnerabilities

- framework to find and exploit web application vulnerabilities lcrack - A generic password cracker

- A generic password cracker fimap - local and remote file inclusion tool

- local and remote file inclusion tool kismet - Wireless 802.11b monitoring tool

- Wireless 802.11b monitoring tool scrub - writes patterns on magnetic media to thwart data recovery

- writes patterns on magnetic media to thwart data recovery dns2tcp - TCP over DNS tunnel client and server

- TCP over DNS tunnel client and server obexftp - file transfer utility for devices that use the OBEX protocol

- file transfer utility for devices that use the OBEX protocol wash - scan for vunerable WPS access points

- scan for vunerable WPS access points vidalia - controller GUI for Tor

- controller GUI for Tor tcpick - TCP stream sniffer and connection tracker

- TCP stream sniffer and connection tracker ipcalc - parameter calculator for IPv4 addresses

- parameter calculator for IPv4 addresses sqlbrute - a tool for brute forcing data out of databases using blind SQL injection

- a tool for brute forcing data out of databases using blind SQL injection sslscan - Fast SSL scanner

- Fast SSL scanner otp - Generator for One Time Pads or Passwords

- Generator for One Time Pads or Passwords etherape - graphical network monitor

- graphical network monitor wipe - Secure file deletion

- Secure file deletion pbnj - a suite of tools to monitor changes on a network

- a suite of tools to monitor changes on a network nstreams - network streams - a tcpdump output analyzer

- network streams - a tcpdump output analyzer skipfish - fully automated, active web application security reconnaissance tool

- fully automated, active web application security reconnaissance tool lynis - security auditing tool for Unix based systems

- security auditing tool for Unix based systems darkstat - network traffic analyzer

- network traffic analyzer dhcpdump - Parse DHCP packets from tcpdump

- Parse DHCP packets from tcpdump hping3 - Active Network Smashing Tool

- Active Network Smashing Tool galleta - An Internet Explorer cookie forensic analysis tool

- An Internet Explorer cookie forensic analysis tool stunnel4 - Universal SSL tunnel for network daemons

- Universal SSL tunnel for network daemons weplab - tool designed to break WEP keys

- tool designed to break WEP keys pdfcrack - PDF files password cracker

- PDF files password cracker socat - multipurpose relay for bidirectional data transfer

- multipurpose relay for bidirectional data transfer proxychains - proxy chains - redirect connections through proxy servers

- proxy chains - redirect connections through proxy servers aircrack-ng - WEP/WPA cracking program

- WEP/WPA cracking program wapiti - Web application vulnerability scanner

- Web application vulnerability scanner tcpxtract - extracts files from network traffic based on file signatures

- extracts files from network traffic based on file signatures mdk3 - bruteforce SSID's, bruteforce MAC filters, SSID beacon flood

- bruteforce SSID's, bruteforce MAC filters, SSID beacon flood cryptcat - A lightweight version netcat extended with twofish encryption

- A lightweight version netcat extended with twofish encryption ophcrack-cli - Microsoft Windows password cracker using rainbow tables (cmdline)

- Microsoft Windows password cracker using rainbow tables (cmdline) openvas-client - Remote network security auditor, the client

- Remote network security auditor, the client pentbox - Suite that packs security and stability testing oriented tools

- Suite that packs security and stability testing oriented tools medusa - fast, parallel, modular, login brute-forcer for network services

- fast, parallel, modular, login brute-forcer for network services 6tunnel - TCP proxy for non-IPv6 applications

- TCP proxy for non-IPv6 applications wfuzz - a tool designed for bruteforcing Web Applications

- a tool designed for bruteforcing Web Applications httptunnel - Tunnels a data stream in HTTP requests

- Tunnels a data stream in HTTP requests nmapsi4 - graphical interface to nmap, the network scanner

- graphical interface to nmap, the network scanner webhttrack - Copy websites to your computer, httrack with a Web interface

- Copy websites to your computer, httrack with a Web interface reaver - brute force attack tool against Wifi Protected Setup PIN number

- brute force attack tool against Wifi Protected Setup PIN number tcptrace - Tool for analyzing tcpdump output

- Tool for analyzing tcpdump output mz - versatile packet creation and network traffic generation tool

- versatile packet creation and network traffic generation tool vinetto - A forensics tool to examine Thumbs.db files

- A forensics tool to examine Thumbs.db files knocker - Simple and easy to use TCP security port scanner

- Simple and easy to use TCP security port scanner packeth - Ethernet packet generator

- Ethernet packet generator wireshark - network traffic analyzer - GTK+ version

- network traffic analyzer - GTK+ version fcrackzip - password cracker for zip archives

- password cracker for zip archives sqlmap - tool that automates the process of detecting and exploiting SQL injection flaws

- tool that automates the process of detecting and exploiting SQL injection flaws ike-scan - discover and fingerprint IKE hosts (IPsec VPN Servers)

- discover and fingerprint IKE hosts (IPsec VPN Servers) metasploit - security project which provides information about security vulnerabilities

- security project which provides information about security vulnerabilities netsed - network packet-altering stream editor

- network packet-altering stream editor tcpdump - command-line network traffic analyzer

- command-line network traffic analyzer chkrootkit - rootkit detector

- rootkit detector sslstrip - SSL/TLS man-in-the-middle attack tool

- SSL/TLS man-in-the-middle attack tool nbtscan - A program for scanning networks for NetBIOS name information

- A program for scanning networks for NetBIOS name information iodine - tool for tunneling IPv4 data through a DNS server

- tool for tunneling IPv4 data through a DNS server onesixtyone - fast and simple SNMP scanner

- fast and simple SNMP scanner netrw - netcat like tool with nice features to transport files over network

- netcat like tool with nice features to transport files over network tcpspy - Incoming and Outgoing TCP/IP connections logger

- Incoming and Outgoing TCP/IP connections logger tcpslice - extract pieces of and/or glue together tcpdump files

- extract pieces of and/or glue together tcpdump files mboxgrep - Grep through mailboxes

- Grep through mailboxes hostmap - hostnames and virtual hosts discovery tool

- hostnames and virtual hosts discovery tool sendemail - lightweight, command line SMTP email client

- lightweight, command line SMTP email client isr-evilgrade - take advantage of poor upgrade implementations by injecting fake updates

- take advantage of poor upgrade implementations by injecting fake updates flasm - assembler and disassembler for Flash (SWF) bytecode

- assembler and disassembler for Flash (SWF) bytecode netcat-traditional - TCP/IP swiss army knife

- TCP/IP swiss army knife splint - tool for statically checking C programs for bugs

