So we are releasing a new version of the WarBerryPi going from version 5.1c straight to version 6. We decided to skip all the in-betweens as this is a complete code overhaul including the new and updated reporting module.
If you don’t care about my rumblings just scroll to the end to get the link to the repo.
Before going into the WarBerryPi specifics i want to give you a bit of a background on how this project started and where it has gotten me with the hope of helping people that feel that their stuff are not worth it or their ideas are not good.
The WarBerryPi started as a side project when my friend Renos gave me my first RaspberryPi. Since then I was looking for something i could use during red team engagements that would perform some kind of enumeration while it would allow me remote access to the device and therefore the internal network. The evolution in my eyes came after i submitted to Blackhat USA out of curiosity how experienced people would view my tool. I had exactly 0% hopes of getting accepted and i was planning to frame the rejection email as a reminder to try harder. On a Thursday night at 10:30pm i received an email from Blackhat saying that my tool has been accepted for Blackhat Arsenal 2016 so things got serious right then and there.
From that day onwards it was crunch time for me and my ninja Stella to have a full functional version that would be presented at BlackHat.
We did it…some how we did it. Little know fact is that the day before flying to Vegas i had my wisdom tooth removed so the complete 30-something hour trip to get there SUCKED! To prove that here’s my opening slide at BlackHat.
Getting there my imposter syndrome kicked in. it wasn’t until the moment i met the awesome ToolsWatch people, Rashid, Maxi and Madeline that it all went away. They welcomed me with arms wide open (literally NJ) and gave me the positive energy required to go on with my presentation. Guess what? They do that with all the speakers…they are cool like that. The energy in the Arsenal station is something amazing, everybody is so excited to present they months/years worth of hard work.
Blackhat Arsenal was my ticket to present at other events including SECURE2016 in Poland, bsides Athens, Blackhat Europe and others so 2016 was an epic year. Even more amazing is that the WarBerryPi was voted as the #4 Tool of 2016 and #10 Tool of All times by the Toolswatch readers. It was mind blowing to me and I cannot thank you enough and i wish i had the means to show my appreciation.
If you take a look at the code you will see that it heavily depends on other great open source tools, there are too many to mention here but a big thank you to all those people.
Throughout 2016-2017 I have released many versions to address bugs and adding more functionality based on bugs reported on Github but also from our personal experiences. Deep down though we knew that big parts of the code were not efficient and the reporting module was not practical so the decision to do a code review was taken. For those developing tools know that making big changes, testing and addressing bugs is a task of its own which becomes a challenge when you have a full time job plus becoming a daddy in the year. This led to the project getting a bit neglected. The turnaround was Stella’s perseverance to make the change.
I will not go into the specifics in the code changes but even skimming through the differences will be obvious. Another big change is that we have removed the usage of any text files for storing results and all results are now saved into an SQLite database along with additional information such as the status of the scan, session number etc. This information is used for the reporting module. The fact that we don’t open and close files for reading / writing so many times has made the code much more efficient and faster.
We have also introduced a new setup script that makes this process seamless as we have noticed many people having problems following the installation notes.
The new process for installing all the dependencies and creating the necessary folders is as simple as:
sudo bash setup.sh
I highly recommend start with a fresh image and run the setup script again rather than upgrading from a previous version.
We assume that people have become accustomed with the functionality of the WarBerryPi therefore the help menu and commands have not been changed at all.
Version 6 of the WarBerryPi comes with a brand new reporting module. This was designed based on our requirements and what we want to see in a post attack review. We are flawed human beings and we don’t know everything. Some times we suck. If you have an idea for improving the module we are eager to hear and even more eager to implement if it falls into the lines of what we are trying to achieve.
To use the reporting module you only need to transfer the warberry.db file from the device you are using and throw it into your /www/html/ folder.
The previous way that the WarBerryPi worked would overwrite all your previous results with each new run but this is not the case anymore. The new reporting module shows all the previous sessions (scans) without worrying about overwriting results anymore. Our thought process for the layout is that we wanted to focus on the actual hostnames and drill down from those. So if i see an interesting hostname i would click on that and see all the relevant information about that host including services running etc. Additionally if i want to focus on specific ports i.e Which hosts have port 80 open, i would click on the services and see all the IPs related with those services.
There are many additions in the pipeline which are currently in the testing phase. As soon as we complete the testing we will include them in a later release.
New releases bring new bugs. We try to test as much as we can but different networks, different OS versions, different services might yield results that we haven’t encountered in the past. If you find a bug help us kill it by submitting an issue on Github.
Again, thank you for all the support!