The objective of this project was to create a compact and covert pen-testing tool capable of both identifying vulnerabilities and safeguarding networks from unseen threats. This was achieved through the development of a Raspberry Pi-based remote IoT pentesting platform, utilising a Raspberry Pi 3 Model B+ in conjunction with the powerful tools of PiRogue OS, Suricata, and Grafana.
PiRogue OS stands as a cornerstone of this project. This custom operating system, developed and maintained by Defensive Lab Agency, comes with software packages preloaded onto the Raspberry Pi and provides remarkable versatility.
The operating system employs tcpdump to capture network traffic into PCAP files and mitm-proxy to intercept and capture HTTPS traffic. Suricata detects malicious traffic based on rules, while nfstream inspects traffic to determine the application involved in each flow. For device analysis and forensics, adb interacts with Android devices, and libimobiledevice interacts with iOS devices. MVT conducts device forensic analysis, and frida Instruments runs programs on devices.
Data visualization is achieved through influxdb, which stores data generated by nfstream and Suricata. Chronograph enables searching and exporting data stored in influxdb, and Grafana displays data on dashboards. Utilities include vim for editing files, git for versioning files, jq for manipulating JSON files, gnupg2 for signing, encrypting, and verifying files, and python3 for writing and executing Python programs.
It should be noted that the operating system has most of these tools preconfigured by the creators of the OS. They have also created a convenient CLI dashboard that can be viewed with the command pirogue-ctl status.
The tools I focused on during my project were specifically for network intrusion detection and visualising the collected data. Tools like tcpdump and mitmdump, mitmproxy, Suricata, influxdb, and Grafana. As you can see, a few tools have not been used or focused on in the project because this OS can be used for mobile device forensics; however, this was not in the scope of the project.
In conclusion, while this project yielded valuable insights and demonstrated considerable promise, it ultimately encountered limitations attributable to the hardware constraints of the Raspberry Pi 3 Model B+.
Specifically, the Pi's limited RAM proved insufficient to comfortably handle the demands of the Pirogue OS toolkit. Operating all necessary tools simultaneously resulted in significantly slowed system performance and lengthy test execution times, rendering the platform impractical for real-world deployment.
Despite these challenges, the project yielded several positive takeaways. The preconfigured integrations with Grafana and InfluxDB proved highly intuitive and effective, showcasing the platform's potential for streamlined network monitoring and visualization. Furthermore, the user experience was demonstrably pleasant and user-friendly, even under resource constraints.
Based on these findings, I intend to revisit this project with a more robust hardware platform. The Raspberry Pi Model 4, with its increased RAM capacity, presents a compelling option for overcoming the limitations encountered in this initial iteration. I am confident that a more powerful platform will unlock the full potential of the Pirogue OS toolkit, enabling the creation of a truly viable and efficient network intrusion detection system.
Sources: