Prowler is a Cluster Network Vulnerability Scanner, developed during Singapore Infosec Community Hackathon – HackSmith v1.0. It is implemented on a cluster of Raspberry Pi and it will scan a network for vulnerabilities, such as default/weak credentials, that can be easily exploited.
Capabilities
- Scan a network (or a particular subnet) for all IP addresses associated with active devices
- Determine if there are any open ports on the device
- Associate the ports with common services
- Test devices against a dictionary of factory default and common credentials
- Notify users of security lapses through an online dashboard
Demos
- Cluster Scan Demonstration Jupyter Notebook
- Single Scan Demonstration Jupyter Notebook
- Try out the web dashboard here
Hardware
- Raspberry Pi Cluster HAT (with 4 * Pi Zero W)
- Raspberry Pi 3
- No external router needed!
Software Stack
- Raspbian Stretch (Controller Pi)
- Raspbian Stretch Lite (Worker Pi Zero)
- Note: For ease of setup, use the images provided by Cluster Hat! Instructions
- Python 3
- Firebase Real-time Database (to forward the information to the web dashboard)
- Bonus tool: pssh for executing SSH commands on all 4 pi zeros simultaneously.
Deploying Prowler
- Clone the git repository:
git clone https://github.com/tlkh/prowler.git
- Install dependencies by running
sudo pip3 install python-libnmap dispy paramiko pyrebase
on the controller Pi - From the controller Pi, SSH into each of the worker Pi using
ssh [email protected]
…ssh [email protected]
and run the same command on each:sudo pip3 install python-libnmap dispy paramiko pyrebase
- Install
telepot
on the controller Pi by runningsudo pip3 install telepot
if you want to try running the Telegram bot.
-
dispy
(website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker Pi Zeros. -
python-libnmap
is the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices. -
paramiko
is a python wrapper around SSH. We use it to probe SSH (port 22) on devices to test for common credentials. -
pyrebase
is needed to upload our results to a Firebase Real-time Database
- Run
clusterhat on
on the controller Pi to ensure that all Pi Zeros are powered up. - Use pssh to run the command
/home/pi/dispy/py3/dispy/dispynode.py --clean --daemon&
on the four Pi Zeros - Run
python3 compute.py
on the controller Pi to start Prowler
To edit the range of IP addresses being scanned, edit the following lines in compute.py
:
test_range = []
for i in range(0, 1):
for j in range(100, 200):
test_range.append("172.22." + str(i) + "." + str(j))
Useful Snippets
- To run ssh command on multiple devices
pssh -h pssh-hosts -l username -A -i "command"
- To create the cluster (in
compute.py
):cluster = dispy.JobCluster(compute, nodes='pi0_ip', ip_addr='pi3_ip')
- Check connectivity:
ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1
- Temperature Check:
/opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temp
- rpimonitor (how to install):