Tutorial: Pentesting Device with Raspberry Pi Zero
Introduction:
Lately I’ve been more and more interested in pentesting and cyber security. To continue my deep dive into the topic I’m going to create a pentesting device out of a Raspberry Pi Zero. A few requirements I want to fulfill. First, I’d like to be able to run many of the commands that you can run in Linux. Second, I’d like it to be battery powered and attach my iPhone to it to run commands. Essentially I’d like to be able to carry the device in my pocket and operate it with my iPhone.
Requirements:
- Raspberry Pi Zero W
- USB Wifi Dongle: https://www.stationx.net/best-wifi-adapters-for-kali-linux/
- Micro SD Card for loading the Rasperry Pi OS
- Raspberry Pi Battery Pack: https://www.adafruit.com/product/1566
Setup Steps:
- First I installed a fresh copy of the rasbpian OS compatible with the Raspberry Pi Zero using the Raspberry Pi Imager:
- Next I put the raspberry pi into hot spot mode. I want to be able to connect to the Pi anywhere and SSH into it from my phone. In order to do this I had to turn it into a hotspot. I followed the tutorial here to get me up and running: https://www.tomshardware.com/how-to/raspberry-pi-access-point
- Now that the Pi boots into hotspot mode, the wlan0 interface is no longer accessible for wifi monitoring or accessing the internet. In order to get around this you’ll need to attach a USB wifi dongle with monitor mode. Here’s a good list: https://www.stationx.net/best-wifi-adapters-for-kali-linux/
- The last piece of hardware we will need is a power supply. My goal for this project is to be portable. I want to be able to carry this with me anywhere and SSH to it from my laptop or phone and run pentest commands. I ordered this one from adafruit: https://www.adafruit.com/product/1566
Connecting to an iPhone:
We’ve already configured the Raspberry Pi so that it will be easily accessible from an iPhone. The only additional step is to download an SSH client in the app store. I like RaspController. This app gives you complete control of a Rasperry Pi over SSH. So the steps to connect are:
- Boot the Raspberry Pi which we configured to automatically start wlan0 interface in hotspot mode.
- Connect to the hotspot with the SSID and Password that you setup in the Setup Steps.
- Find the IP address of the Raspberry Pi
- Setup the SSH connection in the RaspController app
Conclusion:
Now we have a portable Raspberry Pi that we can connect to from our phone. Next I’ll be installing specific pentesting software to try!