Welcome to RasPwn OS, The intentionally vulnerable image for the Raspberry Pi.

Raspwn OS is a GNU/Linux distro in the spirit of Damn Vulnerable Linux and uses a Raspberry Pi 2B or 3 to emulate a vulnerable Linux Server. RasPwn was designed as a training tool and exists only to be attacked and pwned. Everything from the OS itself to the daemons and services to the web applications installed are all vulnerable to some degree. The idea is to provide a 'safe' (relatively) and affordable training environment and playground for hackers and pen-testers. By loading Raspwn OS and connecting to the Raspberry Pi via WiFi, one can practice pen-testing as well as both offensive and defensive hacking techniques without ever even getting on the internet for only around $50.

On top of the base OS ans LAMP stack we have created the Raspwn Web Playground. This website, hosted on the pi, contains a myriad of web applications, all of which are either out-of-date or intentionally vulnerable. In addition all of to the services and applications listed, the OS itself is based upon a Debian Snapshot from February 2015. So system libraries such as libc (and others ;-P ) have known exploits.

RasPwn OS Is an offshoot of Debian GNU/Linux and Raspbian and would not exist without the work of thousands of dedicated volunteers around the world that make free software a reality.

Requirements

Raspwn OS requires the following:

  • A Raspberry Pi 3b or a Raspberry Pi 2b with a hostapd capable WiFi adapter. (tested and working on ath9k and rtl8188 so far)
  • A 5V micro-USB power supply for the pi
  • A MicroSD Card - 4GB Minimum (8GB or greater Recommended, Class 10 Recommended)

Note that a Wifi Adapter is only required for the Pi 2b. The Pi 3 has internal WiFi which is hostapd compatible.

Sources

RasPwn OS is based on but not affiliated with Debian. However they may be appalled by the use we have found for their snapshot mirror. (we hope not.) The current Debian snapshot used for RasPwn OS is http://snapshot.debian.org/archive/debian/20150203T222332Z/ Binaries and source for most of RasPwn are in that snapshot, with the following exceptions-

  • RasPwn scripts and configuration files for the image can be found at the official Github repository for RasPwn
  • RasPwn OS uses the Hexxeh rpi-update Kernel for the Raspberry Pi.
  • RasPwn OS uses the raspi-config utility by Alex Bradbury.
  • RasPwn uses a more recent version of hostapd than Wheezy and has been patched to work with the RTL8188 chipset.

License

RasPwn OS is GNU/Linux and is released under the GPL License v3 a copy of which is included with the binary image.

RasPwn OS fuses together Debian with a Raspbian Kernel, but is an independent project. It is not endorsed or affiliated with the Raspberry Pi Foundation or with Debian. (We are huge fans of theirs though!)

RasPwn is free (as in speech) software. It is also free (as in beer). Enjoy!

WARNING

IT IS POSSIBLE TO ENABLE VULNERABLE SERVICES ON ETH0. ONLY DO SO ON A PRIVATE LAN. DO NOT EXPOSE THIS HOST TO THE INTERNET VIA DMZ/PORT FORWARDING!!!

YOU HAVE BEEN WARNED.