Besides being … “cool”, it is also extremely useful to have a bag ready with all your hacking tools and accessories ready to go. Being ready for every situation in the field will both save you valuable time and effort, and will also show your professionalism to your clients.
Disclaimer: This article and the items shown in it are provided for educational purposes only. Do not attempt to use them for illegal purposes. We are not responsible for any illegal actions. You must accept responsibility for your own actions.
Bash Bunny
Bash Bunny has a funny name but very serious capabilities. It can perform automation and deliver penetration testing attacks very fast by emulating combinations of trusted USB devices – like gigabit Ethernet, serial, flash storage, and keyboards.
This will allow you to execute your attacks even when USB restrictions are in place on the target computers/servers.
It is fully programmable and can be set to make logical decisions.
Anti Spy Detector
Ok, this Anti-Spy Detector is not specifically about hacking but is very useful nevertheless. If you like traveling but fear being spied upon when in your room, you have every reason to be fearful. There are many cases where AirBnBs and hotels have been accused of spying on their guests with hidden cameras.
Fortunately, there are tools that you can use next time you arrive at your room so you can do a sweep and detect such devices. So, in a sense, you are “hacking” the intruder, who wants to spy on you while on vacation, by finding his hidden cameras.
This device can detect 1.2G/2.4G/5.8G Wireless camera, stealth miniature camera, wireless audio bug, body wire, wiretapping, phone tap, GSM/CDMA/DECT cellular audio video bugging devices, unwanted GPS trackers, and more other bug devices and bug transmitters. Picks up RF signals in the frequency of 1MHz-8GHz.
Your favorite portable computer
Everyone should know Raspberry Pi by now. It is lightweight but powerful enough, especially version 4, for you to run your Kali Linux ARM installation and go about your penetration tests, ethical hacking, and red-team exercises.
Whether you want to have your lab environment on the go or on the offensive security side performing red team exercises and penetration tests, you will need a Raspberry Pi for many reasons.
You can have several SD cards with different installations of operating systems to use, depending on the circumstances.
Famous use cases for a Raspberry Pi for penetration tests are:
Besides using your Pi for regular actions you would perform with your Kali Linux OS like Nmap scanning, Nikto webapp vulnerability scanning, Metasploit, etc., there are more use cases for it. Practically the uses of this device are unlimited.
Infiltrate networks
If you manage to connect your Pi to a network using its ethernet adapter and set up its wireless adapter to be used as an AP, then you can connect remotely to the AP and gain access to the corporate network. Assuming of course there is no NAC or other security control configured on the network.
There are multiple configurations to accomplish this. Here is one of them.
Rogue AP
Turn your Pi into a rogue access point and lure your “victims” to connect to it. Afterward, you may perform further actions to steal credentials, sniff traffic, etc.
NullByte has an excellent tutorial on how to build and execute such an attack using “Pumpkin Pi”
Hacker Watch – DSTIKE Deauthenticator
You can perform authentication of WiFi clients with a Raspberry Pi but you can also make your attack even more portable and in even more style!
With the DSTIKE Deauther Watch and a few clicks, you can disconnect the clients connected to the wireless network of your choosing.
Go lite with Raspberry Pi Zero
Raspberry Pi Zero is the smaller brother of Raspberry Pi 4. Not so powerful, but smaller and cheaper. You can carry it practically inside your pocket.
This awesome device is small but powerful. Its small factor board contains:
- a Broadcom BCM2710A1 – quad-core 64-bit SoC (Arm Cortex-A53 @ 1GHz)
- 512MB of RAM with a micro-SD Card slot
- mini-HDMI
- micro USB for data
- 2.4GHz 802.11 b/g/n Wifi & Bluetooth 4.2 connectivity built-in
- micro USB for power and Unpopulated 40-pin GPIO connector
This bundle also contains:
- a stackable USB hub to connect 4 USB devices, like mice, and keyboard, and ethernet adapters.
- An acrylic case to protect the Pi Zero
- A Mini HDMI to HDMI adapter
- A charger 5V2.4A, Input: 100V-240V 500mA, Output: DC 5.0V 2400mA
Penetration testing use cases for a Raspberry Pi Zero
P4wnP1 A.L.O.A.
The P4wnP1 A.L.O.A. (A Little Offensive Security) is a framework for the Raspberry Pi Zero W that allows you to plug a flexible platform for pentesting and physical attacks into a host computer.
Check here for more information on P4wnP1.
PoisonTap
PoisonTap can be used to evade the following security mechanisms:
- Password Protected Lock Screens
- Routing Table priority and network interface Service Order
- Same-Origin Policy
- X-Frame-Options
- HttpOnly Cookies
- SameSite cookie attribute
- Two-Factor/Multi-Factor Authentication (2FA/MFA)
- DNS Pinning
- Cross-Origin Resource Sharing (CORS)
- HTTPS cookie protection when Secure cookie flag & HSTS not enabled
Add a power bank to make your Pi Zero more portable
Since you will need to be on the go performing some cool red-team stuff with your Pi Zero, you will need a portable power source.
You don’t want to depend on power sources close to your targets, which will blow your cover, or restrict you in a specific area with your Pi Zero stuck next to a power outlet. In comes your portable power bank, capable to power your Pi long enough to do your thing.
Add another Ethernet adapter and more USB ports
In many cases, you will need to have an additional ethernet adapter. Either for your laptop or your Raspberry Pi. For example, if you need to perform a MITM attack on an ethernet network.
Using the Anker USB hub with Ethernet converter you get another LAN interface and high USB data transfer rates!
Erase your data. Leave no trace!
Deleted data on a hard drive is not really…..deleted when there is software that can recover deleted data.
There may be cases where your customer requests for secure deletion of a computer’s hard drive, or you want to securely erase all data from your computer and sell it without anyone being able to recover the deleted data you had on it.
RedKey USB is a simple, efficient way to erase sensitive data from your computer permanently. With just a few clicks, you can erase your sensitive data.
It is suitable for computers with HDD, SSD, NVMe, USB & more
See the RedKey USB wipe tool in action in the following video by Linus Tech Tips:
Remember your own protection, use 2FA
You are the ethical hacker, but you don’t want to see yourself get hacked do you?
One of the best security keys is made by Yubico.
YubiKey 5C NFC is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS, or Linux.
WiFi adapters
A wifi adapter for packet injection and monitor mode is essential for wireless penetration testing.
Here are some adapters you can use on many operating systems, including Raspbian OS.
Digispark. Cheap and powerful chips
These are the rubber ducky of the poor. They are cheap and really small. This does not mean that they lack the capabilities.
You can program them using Arduino IDE to perform any actions you want them to, once plugged into a computer.
You can find ready-made scripts for several attacks to perform in a penetration testing engagement. To name a few:
- DNS poisoning
- Reverse shell
- Steal WiFi passwords
- Execute Powershell scripts in hidden mode
They are really cheap and buying a few of them will allow you to have several attack methods preconfigured on each of them so you can be ready to execute according to the situation you are in.
Follow this guide to configure the Arduino IDE for the DigiSpark or follow the guide in the following video.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.