Tactical Exploitation: WarBerryPi

ID N0WHERE:83502
Type n0where
Reporter N0where
Modified 2016-05-25T12:31:04


The WarBerry was built with one goal in mind; to be used in red teaming engagement where we want to obtain as much information as possible in a short period of time with being as stealth as possible. Just find a network port and plug it in. The scripts have been designed in a way that the approach is targeted to avoid noise in the network that could lead to detection and to be as efficient as possible. The WarBerry script is a collection of scanning tools put together to provide that functionality.

Tactical Exploitation: WarBerryPi

Tactical Exploitation and Usage

To get a list of all options and switches use:


  --version                             show program's version number and exit
  -h, --help                            show this help message and exit
  -a ATTACKTYPE, --attack=ATTACKTYPE    Attack Mode. Default: --attack
  -p PACKETS, --packets=PACKETS         Number of Network Packets to capture
  -I IFACE, --interface=IFACE           Network Interface to use. Default: eth0
  -N NAME, --name=NAME                  Hostname to use. Default: Auto
  -i INTENSITY, --intensity=INTENSITY   Port scan intensity. Default: T4
  -Q, --quick                           Scan using threats. Deafult: Off
  -P, --poison                          Turn Poisoning on/off. Default: On
  -H, --hostname                        Do not Change WarBerry hostname Default: Off
  -e, --enumeration                     Disable Enumeration mode. Default: Off
  -M, --malicious                       Enable Malicious only mode. Default: Off
  -B, --bluetooth                       Enable Bluetooth scanning. Default: Off
  -r, --recon                           Enable Recon only mode. Default: Off
  -W, --wifi                            Enable WiFi scanning. Default: Off
  -S, --sniffer                         Enable Sniffer only mode. Default: Off
  -C, --clear                           Clear previous output folders in ../Results
  -m, --man                             Print WarBerry man pages

example usage: sudo python warberry.py -a -T                Attack all TCP Ports
               sudo python warberry.py --attack --toptcp    Scan only the top tcp ports
               sudo python warberry.py -r                   Use only the recon modules
               sudo python warberry.py -H -I wlan0          Use the wlan0 interface and dont change hostname
               sudo python warberry.py -I eth0 -i -T3       Use the eth0 interface and T3 scanning intensity
               sudo python warberry.py -I eth0 -N HackerPC  Use the eth0 interface and change hostname to HackerPC


Run the installation script

sudo bash setup.sh

Manual Installation of dependencies

Optional: Change the hostname of the RaspberryPi to WarBerry

sudo nano /etc/hosts
sudo nano /etc/hostname

Reboot the WarBerry for the changes to take effect

Create the Results subdirectory in /WarBerry

sudo mkdir Results

Download WarBerry by cloning the Git repository:

sudo git clone https://github.com/secgroundzero/warberry.git


- sudo apt-get install nbtscan 
- sudo apt-get install python-scapy 
- sudo apt-get install tcpdump 
- sudo apt-get install nmap 
- sudo pip install python-nmap 
- sudo apt-get install python-bluez
- sudo pip install optparse-pretty
- sudo pip install netaddr
- sudo pip install urlib3
- sudo pip install ipaddress 
- sudo apt-get install ppp 
- sudo apt-get install xprobe2
- sudo apt-get install sg3-utils 
- sudo apt-get install netdiscover 
- sudo apt-get install macchanger 
- sudo apt-get install unzip
- sudo wget http://seclists.org/nmap-dev/2016/q2/att-201/clamav-exec.nse -O /usr/share/nmap/scripts/
- sudo git clone https://github.com/SpiderLabs/Responder.git

Optional and Mandatory Tools for Post Exploitation. Install in ../WarBerry/Tools/ directory

- sudo git clone https://github.com/DanMcInerney/net-creds.git
- sudo apt-get install onesixtyone
- sudo apt-get install bridge-utils
- sudo apt-get install ettercap-text-only
- sudo apt-get install ike-scan

- wget https://labs.portcullis.co.uk/download/enum4linux-0.8.9.tar.gz -O /home/pi/WarBerry/Tools/
- tar -zxvf enum4linux-0.8.9.tar.gz
- mv enum4linux-0.8.9 enum4linux

Tactical Exploitation: WarBerryPi Wiki

Tactical Exploitation: WarBerryPi Download