a pi-zero powered hacking tool, with badusb capabilities, on the fly hoaxshell payload generation, 802.11 deauthing, bettercap support, and (crude) duckyscript support, all in the size of a flipper zero (or raspberry pi depending on your setup)
- Networking: Includes features such as disconnecting devices from their WiFi network (Deauthing) and creating numerous fake WiFi networks to cause confusion and disruption (SSID Spamming).
- USB Rubber Ducky: Emulates a keyboard and executes pre-programmed keystroke payloads at superhuman speeds.
- USB Mass Storage: Acts as a USB drive for easy payload and loot transfer.
- USB Gadget Mode: Turns your device into a headless pocket computer, allowing you to perform tasks without a display.
- Modular Design: Easily add new features and tools thanks to the modular design.
with the shim (WIP, not released to public yet)
- RF hacking (rolljam, sniffing, jamming, replay)
- IR hacking (replay, jamming)
- wireless charging
- pin fuzzing (SPI, IIC/I2C, UART)
nfcspace constrained and also very hard to make
PwnHyve is a powerful tool intended for educational purposes only. The author is not responsible for any misuse or potential damage caused by this tool. It's important to understand that it can be used for malicious purposes if it falls into the wrong hands.
While PwnHyve is a robust tool, it is not intended to be a replacement for or superior to P4wnP1-Aloa. P4wnP1-Aloa has a broader support base and more extensive features. If you find that a feature you need is not yet implemented in PwnHyve, consider creating plugins to add this functionality.
If you encounter any bugs or issues, please do not hesitate to create an issue on the project's GitHub page. Your contributions help improve PwnHyve for everyone.
- The deauthentication feature is functional, but it may occasionally become unresponsive. For more information, refer to this issue.
- Please be aware that this project is currently undergoing a rewrite. As such, the presence of bugs is anticipated.
- A Raspberry Pi Zero 1/2 W
-
Note: Alternatively, you can use a compact micro-USB cable with sync support to connect to the target device.
If you plan to use your Pi as a USB Rubber Ducky, it will take a minimum of 25 seconds to boot up and start PwnHyve, and a few more minutes to start everything else. This isn't very stealthy.
While it's possible to use it without a battery, it's not recommended for optimal performance.
- First, download the Kali Linux Raspberry Pi image from the official Kali Linux website. You can get it from here.
- Write the downloaded image to an SD card using the following command in your terminal:
xzcat kali-linux-2024.1-raspberry-pi-zero-2-w-armhf.img.xz | sudo dd of=/dev/sdX bs=4M status=progressAlternatively, you can use a tool like Balena Etcher to write the image to the SD card. To make it headless, you can add awpa_supplicant.conffile to the first partition of the microSD card to connect to a wireless network. You can create this file on another Linux system by running:wpa_passphrase YOURNETWORK > wpa_supplicant.confDocumentation - Power it on and SSH into it (Default Credentials:
kali/kali) - Upgrade and update the Pi:
sudo apt-get update && sudo apt-get upgrade - Turn Pi into usb gadget mode / Documentation:
echo dtoverlay=dwc2 | sudo tee -a /boot/config.txt
echo dwc2 | sudo tee -a /etc/modules
echo dtparam=spi=on | sudo tee -a /boot/config.txt
echo "libcomposite" | sudo tee -a /etc/modules
- Reboot the Pi
- Clone the repo and run setup.sh:
git clone https://github.com/nototter/pwnhyve && cd pwnhyve && bash setup.sh
TODO: config.toml