/NightPi

An all-in-one briefcase for pentesting, OSINT and radio exploration

Title

Front

Based on a Raspberry Pi 3B+ with Kali Linux installed, the "NightPi" is a briefcase designed to learn and perform penetration testing, investigation (OSINT) and radio exploration.

This repository contain usefull informations, in the hope you'll be inspired for a similar project 😉

Offline database

Features

While Kali Linux come with a incredible amount of software, if you want to learn how to use them, you'll need to rely on a internet connection and search for each documentation separately. Centralizing all these usefull informations in one database by using a open source software like HTTrack is way more convenient :)

For each site, you may have to change some parameters (especially in limits panel, depending on the structure of the website). Here is the general options that you can apply :

  • Scan rules (to prevent to download unwanted files) : +*.png +*.gif +*.jpg +*.jpeg +*.css +*.js -ad.doubleclick.net/* -mime:application/foobar -*.zip -*.tar -*.tgz -*.gz -*.rar -*.z -*.exe -*.7z -*.pdf -*.xz -*.iso

  • Build : activate No error page and No external page

  • Link : activate Attempt to detect all links, Get non-html files related to a link, Test validity of all links and Get HTML files first

  • Log, index, cache : activate Force to store all files in cache

To learn how to use it, I strongly recommand to have a look on the website : https://www.httrack.com/html/index.html

Extra tools

Some interesting tools to perform OSINT and radio exploration has been added :

  • Sherlock => A command-line tool used to scan many social network (like Facebook, Twitter, Tinder...) to find a user's account. All requests can be made over TOR.
  • GQRX => A software-defined radio that allow you to demodulate AM, FM and SSB and is compatible with many hardware (RTL-SDR, HackRF, BladeFR...).
  • Twint => This advanced Twitter OSINT tool allow you to scrap a user's Tweet, followers... without any API required.
  • Photon => A command-line tool that allow you to extract data of a website (subdomain, picture, email adress...).
  • Keytap => Theses experimental tools can be used for analyzing mechanical keyboard input with microphone capture to predict the content of a written text.
  • Exiftool => A command-line tool used to analyze, modify and erase metadata in a wide variety of file (supported format include JPEG, PNG, DOC, MP4...).

Even if I wasn't able to install it, you might also have a look at this last program. Based on TEMPEST attack, a technic discovered by the National Security Agency in the 70's, this tool allow you to eavesdrop unintentional electromagnetic emanations that come from cables carrying video signals and converted back into a live image of what is displayed on the screen.

Enhanced security browser

Due to incompatibility of Tor Browser with Raspberry's architecture (ARM), one possible alternative is to install Mozilla Firefox (ERS) and drastically renforced its security.

(1) These open-source add-on has been added : uBlock Origin, Privacy Badger, HTTPS Everywhere, Cookie Autodelete, Decentralised and Noscript.

(2) To use Firefox over TOR, you need to install it and set up a proxy in Connection setting : SOCKS Host : 127.0.0.1, Port : 9050, SOCKS v5 and activate Remote DNS

(3) Regarding fingerprint protection, you'll have to configure about:config by your own, depending on the level of protection you need. Remember that theses modifications might break some websites and prevent them to load correctly.

🔧 Here are some usefull ressources for creating your own settings. Don't hesitate to also use theses tools to test your browser security/fingerprint !

⚠️ Fingerprint tracking techniques are very complex and new ones continue to be developped, as this example clearly illustrate. You have to keep in mind that :

  • The fact of non-giving an information (ex: disable media.navigator.enabled) can also be an information.
  • The more you modified your browser, the more you will stick out from the masse
  • Your browser value will remain fixed

(4) By default, your browser trust 100 % of Certificate Authorities (CAs), which is a bad security practice ! In addition to the risk of a MIMT ("Man In The Middle"), some shady companies are also seeking to be approved as a top-level CA. This extension might help you to trust only a restricted number of CAs.

Hardware

Here is the hardware that I've used. Feel free to choose them according to your needs (dimension, powerfull equipment...). Cost estimated : around 500 $

Raspberry Pi 3B+ 64GB SD Card Wired keyboard External Hard Drive Portable screen
RFID RC 522 RTL-SDR Wireless module Battery USB cable
Powered USB hub Fans Briefcase Foldable headphone Jack cable

Inside

If you're interested about making one, here are some tips :

  • Try to privilege full-aluminium briefcase instead of a plastic/aluminium mix (which, in addition, are often made with cardboard inside). It will probably be a bit more expensive, but more resistant and easier to work on.
  • Avoid using low-quality fixer like glue or nails, prefer screws and nuts. Keep in mind that, if something needs to be fixed, you'll prefer to be able to easily disassembled it and work on it.
  • Check the voltage/amperage of your hardware, they will have an impact on your battery size !
  • Draw a plan of the inside, including all component's size. It is very important to make sure that you have enough space before buying everything, because you'll probably need more than expected.

Further improvements

  • Battery-capacity monitoring
  • Full-disk encryption
  • Better range for WIFI and radio