WarBerryPi is a RaspberryPi based hardware implant that has the ability to go on stealth mode when used in acuiring informational data from a target network, especially useful during read teaming engagements.
It’s designed with a special feature that allows it to get the needed information within the shortest time possible. WarBerryPi’s scripts are designed in such way to avoid noise in the network as much as possible.
WarBerryPi: Tactical Exploitation Tool
As an open-source tool WarBerryPi is very effective when it comes to performing reconnaissance operations on a given network. It is made up of a collection of several pentesting tools which enables it to perform its functions without much user interaction. A majority of the scans performed by WarBerryPi are automated and therefore are able to run on their own once the tool is launched.
WarBerryPi can also be used as an entry point to a given network once it is implanted into that network. Through this, you can be granted remote access to the target network, which will make data exfiltration from a remote location possible. Once activated, the tool probes the network for any vulnerable services that can be exploited.
How it works?
In the event that a valid IP is obtained the tool calculates the subnet to the network in which the IP was obtained. By calculating the subnet WarBerry is able to know which IPs is alive. The reason for doing this is to limit the time spent during a scan and also minimize the amount of traffic generated within a network when an attack is in progress. This is one of the reasons why it is so hard to detect WarBerryPi when it is used to perform an attack on a network. The reporting module on WarBerryPi gives you the option of sending reports in PDF formats. Results obtained after executing a reconnaissance procedure using WarBerryPi are kept in the
- DHCP Enumeration
- Internal and external IP reconnaissance
- Wi-Fi network enumeration
- UDP/TCP Port scans
- MSSQL Database scans
- SNMP services
- Oracle Database scans
- Firebird Database scans
- MongoDB Database scans
- Linux, Windows, OS X
Some of the Tools inside WarBerryPi:
Clone the repo:
$ sudo git clone https://github.com/secgroundzero/warberry.git
Then navigate to the WarBerry directory and run:
$ sudo bash setup.sh
To get a list of all options and switches use
python warberry.py -h
Options: --version show program's version number and exit -h, --help show this help message and exit -p PACKETS, --packets=PACKETS Number of Network Packets to capture. Default 20 -x TIME, --expire=TIME Duration of packet capture. Default 20 seconds -I IFACE, --interface=IFACE Network Interface to use. Default: eth0 -N NAME, --name=NAME Hostname to use. Default: WarBerry -i INTENSITY, --intensity=INTENSITY Port scan intensity. Default: T4 -Q, --quick Scan using threats. Default: Off -P, --poison Turn Poisoning on/off. Default: On -t TIME, --time=TIME Poisoning Duration. Default 900 seconds -H, --hostname Do not Change WarBerry hostname Default: Off -e, --enumeration Disable Enumeration mode. Default: Off -B, --bluetooth Enable Bluetooth scanning. Default: Off -r, --recon Enable Recon only mode. Default: Off -W, --wifi Enable WiFi scanning. Default: Off -S, --sniffer Enable Sniffer only mode. Default: Off -C, --clear Clear previous output folders in ../Results