{"id":21570464,"url":"https://github.com/sekhan/nightpi","last_synced_at":"2025-04-10T14:13:04.901Z","repository":{"id":223036411,"uuid":"184460809","full_name":"Sekhan/NightPi","owner":"Sekhan","description":"An all-in-one briefcase for pentesting, OSINT and radio exploration","archived":false,"fork":false,"pushed_at":"2019-07-02T15:51:37.000Z","size":10909,"stargazers_count":78,"open_issues_count":0,"forks_count":6,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-24T12:56:21.980Z","etag":null,"topics":["briefcase","osint","pentesting","radio","raspberry-pi"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Sekhan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-05-01T18:18:34.000Z","updated_at":"2024-03-28T19:43:22.000Z","dependencies_parsed_at":"2024-02-17T20:46:13.854Z","dependency_job_id":null,"html_url":"https://github.com/Sekhan/NightPi","commit_stats":null,"previous_names":["sekhan/nightpi"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FNightPi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FNightPi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FNightPi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Sekhan%2FNightPi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Sekhan","download_url":"https://codeload.github.com/Sekhan/NightPi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248232825,"owners_count":21069490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["briefcase","osint","pentesting","radio","raspberry-pi"],"created_at":"2024-11-24T11:12:47.518Z","updated_at":"2025-04-10T14:13:04.875Z","avatar_url":"https://github.com/Sekhan.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch3 align=\"center\"\u003e\u003cimg src=\"https://github.com/Sekhan/NightPI/blob/master/Pictures/Title.jpg\" alt=\"Title\" height=\"70px\"\u003e\u003c/h3\u003e\n\n\u003cimg src=\"https://github.com/Sekhan/NightPI/blob/master/Pictures/Front.jpg\" alt=\"Front\" align=\"right\" height=\"331px\"\u003e\n\n**Based on a Raspberry Pi 3B+ with \u003ca href=\"https://docs.kali.org/introduction/what-is-kali-linux\"\u003eKali Linux \u003c/a\u003e installed, the \"NightPi\" is a briefcase designed to learn and perform penetration testing, investigation (OSINT) and radio exploration.**\n\nThis repository contain usefull informations, in the hope you'll be inspired for a similar project :wink:\n\n\u003cp float=\"left\"\u003e\n  \u003cimg src=\"https://github.com/Sekhan/NightPI/blob/master/Pictures/Briefcase.jpg\" width=\"285\" /\u003e\n  \u003cimg src=\"https://github.com/Sekhan/NightPI/blob/master/Pictures/Side.jpg\" width=\"285\" /\u003e \n\u003c/p\u003e\n\n### Offline database\n\n\u003cimg src=\"https://github.com/Sekhan/NightPI/blob/master/Pictures/Features.jpg\" alt=\"Features\" align=\"right\" height=\"215px\"\u003e\n\nWhile Kali Linux come with a incredible amount of software, if you want to learn how to use them, you'll need to rely on a internet connection and search for each documentation separately. **Centralizing all these usefull informations in one database by using a open source software like HTTrack is way more convenient :)**\n\nFor each site, you may have to change some parameters (especially in `limits` panel, depending on the structure of the website). \n**Here is the general options that you can apply :**\n\n- *Scan rules* (to prevent to download unwanted files) :\n`+*.png +*.gif +*.jpg +*.jpeg\n+*.css +*.js -ad.doubleclick.net/* -mime:application/foobar\n-*.zip -*.tar -*.tgz -*.gz\n-*.rar -*.z -*.exe -*.7z -*.pdf -*.xz -*.iso`\n\n- *Build* : activate `No error page` and `No external page`\n- *Link* : activate `Attempt to detect all links`, `Get non-html files related to a link`, `Test validity of all links`\nand `Get HTML files first`\n- *Log, index, cache* : activate `Force to store all files in cache`\n\nTo learn how to use it, I strongly recommand to have a look on the website : https://www.httrack.com/html/index.html\n\n### Extra tools\nSome interesting tools to perform OSINT and radio exploration has been added :\n- \u003ca href=\"https://github.com/TheYahya/sherlock\"\u003eSherlock \u003c/a\u003e =\u003e A command-line tool used to scan many social network (like Facebook, Twitter, Tinder...) to find a user's account. All requests can be made over TOR.\n- \u003ca href=\"https://github.com/csete/gqrx\"\u003eGQRX \u003c/a\u003e =\u003e A software-defined radio that allow you to demodulate AM, FM and SSB and is compatible with many hardware (RTL-SDR, HackRF, BladeFR...).\n- \u003ca href=\"https://github.com/twintproject/twint\"\u003eTwint \u003c/a\u003e =\u003e This advanced Twitter OSINT tool allow you to scrap a user's Tweet, followers... without any API required.\n- \u003ca href=\"https://github.com/s0md3v/Photon\"\u003ePhoton \u003c/a\u003e =\u003e A command-line tool that allow you to extract data of a website (subdomain, picture, email adress...).\n- \u003ca href=\"https://github.com/ggerganov/kbd-audio\"\u003eKeytap \u003c/a\u003e =\u003e Theses experimental tools can be used for analyzing mechanical keyboard input with microphone capture to predict the content of a written text.\n- \u003ca href=\"https://github.com/exiftool/exiftool\"\u003eExiftool \u003c/a\u003e =\u003e A command-line tool used to analyze, modify and erase metadata in a wide variety of file (supported format include JPEG, PNG, DOC, MP4...).\n\nEven if I wasn't able to install it, you might also have a look at \u003ca href=\"https://github.com/martinmarinov/TempestSDR\"\u003ethis last program\u003c/a\u003e. **Based on TEMPEST attack, \u003ca href=\"https://cryptome.org/nsa-tempest.pdf\"\u003ea technic discovered by the National Security Agency in the 70's\u003c/a\u003e, this tool allow you to eavesdrop unintentional electromagnetic emanations** that come from cables carrying video signals and converted back into a live image of what is displayed on the screen.\n\n### Enhanced security browser\nDue to incompatibility of Tor Browser with Raspberry's architecture (ARM), **one possible alternative is to install Mozilla Firefox (ERS) and drastically renforced its security**. \n\n\u003e (1) These **open-source add-on** has been added : \u003ca href=\"https://addons.mozilla.org/fr/firefox/addon/ublock-origin/\"\u003euBlock Origin\u003c/a\u003e, \u003ca href=\"https://www.eff.org/privacybadger\"\u003ePrivacy Badger\u003c/a\u003e, \u003ca href=\"https://www.eff.org/https-everywhere\"\u003eHTTPS Everywhere\u003c/a\u003e, \u003ca href=\"https://addons.mozilla.org/fr/firefox/addon/cookie-autodelete/\"\u003eCookie Autodelete\u003c/a\u003e, \u003ca href=\"https://decentraleyes.org/\"\u003eDecentralised\u003c/a\u003e and \u003ca href=\"https://addons.mozilla.org/fr/firefox/addon/noscript/\"\u003eNoscript\u003c/a\u003e.\n\n\u003e (2) To use **Firefox over TOR**, you need to install it and set up a proxy in *Connection setting* : \n`SOCKS Host : 127.0.0.1`, `Port : 9050`, `SOCKS v5` and activate `Remote DNS`\n\n\u003e (3) Regarding **fingerprint protection**, you'll have to configure `about:config` by your own, depending on the level of protection you need. Remember that theses modifications might break some websites and prevent them to load correctly.\n\n\u003e\u003e :wrench: Here are \u003ca href=\"https://github.com/pyllyukko/user.js\"\u003esome\u003c/a\u003e \u003ca href=\"https://spyware.neocities.org/guides/firefox.html\"\u003eusefull\u003c/a\u003e \u003ca href=\"http://kb.mozillazine.org/Category:Security_and_privacy-related_preferences\"\u003eressources\u003c/a\u003e for creating your own settings. Don't hesitate to also use \u003ca href=\"https://panopticlick.eff.org/\"\u003etheses\u003c/a\u003e \u003ca href=\"https://browserleaks.com/\"\u003etools\u003c/a\u003e to test your browser security/fingerprint !\n\n\u003e\u003e :warning: **Fingerprint tracking techniques are very complex** and new ones continue to be developped, \u003ca href=\"https://arstechnica.com/information-technology/2017/02/now-sites-can-fingerprint-you-online-even-when-you-use-multiple-browsers/\"\u003eas this example clearly illustrate\u003c/a\u003e. **You have to keep in mind that :**\n\u003e\u003e - The fact of non-giving an information (ex: disable `media.navigator.enabled`) can also be an information.\n\u003e\u003e - The more you modified your browser, the more you will stick out from the masse\n\u003e\u003e - Your browser value will remain fixed\n\n\u003e (4) **By default, your browser trust 100 % of Certificate Authorities (CAs)**, which is \u003ca href=\"https://blog.torproject.org/life-without-ca\"\u003ea bad security practice\u003c/a\u003e ! In addition to \u003ca href=\"https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook\"\u003ethe risk of a MIMT\u003c/a\u003e (\"Man In The Middle\")\u003c/a\u003e, \u003ca href=\"https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else\"\u003esome shady companies are also seeking to be approved as a top-level CA\u003c/a\u003e. \u003ca href=\"http://patrol.psyced.org/\"\u003eThis extension\u003c/a\u003e might help you to trust only a restricted number of CAs.\n\n## Hardware\nHere is the hardware that I've used. Feel free to choose them according to your needs (dimension, powerfull equipment...). \n**Cost estimated :** around 500 $\n\n| **Raspberry Pi 3B+** | **64GB SD Card** | **Wired keyboard** | **External Hard Drive** | **Portable screen** |\n| :---: | :---: | :---: | :---: | :---: |\n|**RFID RC 522** | **RTL-SDR** | **Wireless module** | **Battery** | **USB cable** |\n| **Powered USB hub** | **Fans** |  **Briefcase** | **Foldable headphone** | **Jack cable** |\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/Sekhan/NightPI/blob/master/Pictures/InsideF.jpg\" alt=\"Inside\" height=\"420px\"\u003e\n\n\u003cp align=\"center\"\u003eIf you're interested about making one, here are some tips :\n\n- **Try to privilege full-aluminium briefcase** instead of a plastic/aluminium mix (which, in addition, are often made with cardboard inside). It will probably be a bit more expensive, but more resistant and easier to work on.\n- **Avoid using low-quality fixer like glue or nails**, prefer screws and nuts. Keep in mind that, if something needs to be fixed, you'll prefer to be able to easily disassembled it and work on it.\n- **Check the voltage/amperage of your hardware, they will have an impact on your battery size !**\n- **Draw a plan of the inside, including all component's size**. It is very important to make sure that you have enough space before buying everything, because you'll probably need more than expected.\n\n## Further improvements\n- [ ] Battery-capacity monitoring\n- [ ] Full-disk encryption\n- [ ] Better range for WIFI and radio\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsekhan%2Fnightpi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsekhan%2Fnightpi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsekhan%2Fnightpi/lists"}