4 security tools you can build with Raspberry Pi

Use Raspberry Pi to build your next security tool

Credit: ITworld/Steve Traynor

These days even the most casual web surfer on Starbucks free Wi-Fi needs a VPN. With its small size and low power consumption, the Raspberry Pi platform makes a great choice for a portable VPN you can stick in your laptop bag for use on the road, or to protect always on connections like your home network. Lifehacker has a great tutorial on making your Raspberry Pi VPNby combining the minicomputer hardware with free and open source software (Hamachi from LogMeIn for the VPN and Privoxy for a web browsing proxy).

 This slideshow "4 security tools you can build with Raspberry Pi" was originally published on ITworld.

Credit: ITworld/Steve Traynor

Penetration testing is something of a dark art. While commercial tools exist from companies like Core Security and Immunity, most professionals still roll their own tools, often using a combination of proprietary and open source tools. In May, the folks over at Pwnie Express made that a lot easier, releasing Raspberry Pwn, an open source tool that lets enthusiasts turn their Raspberry Pi into a penetration testing and audit tool. Their software, released under the GNU public license, was built on DEBIAN and compiles a small arsenal of common pen testing tools including netcat, wireshark, kismet, cryptcat and others. Bluetooth and wireless connectivity mean the device can be remotely controlled once deployed on a target network. 

Credit: ITworld/Steve Traynor

Malicious software (or "malware") isn’t just for Internet connected devices. With the spread of inexpensive, high capacity portable drives, malware can easily jump over "air gaps" that separate stand alone devices like PCs, servers and embedded systems from malware-prone network- and Internet connected systems. How do you figure if a given USB device you want to use is infected? One easy way is a portable scanner that you can plug the portable device into prior to using it. The folks at Icarus labs tapped the Raspberry Pi platform to build just such a system as a proof of concept, and say  make a high-powered scanner that leverages 44 separate AV engines to interrogate portable media.

The small form factor for Raspberry Pi devices make them ideal for the most straight-forward kind of hacking tool: the rogue device or Trojan horse. This tutorial shows how even a technically unsophisticated hacker could disguise a wi-fi enabled Raspberry Pi device inside a standard laptop power cord. Once planted on a target network, the device will create an SSH encrypted tunnel that would enable an external attacker to send and receive data, including malicious payloads, to the target network.