Distributed Network Vulnerability Scanner
Prowler is a Network Vulnerability Scanner implemented on a Raspberry Pi Cluster, first developed during Singapore Infosec Community Hackathon - HackSmith v1.0.
Why did we build Prowler?
Often, security breaches are not due to hackers breaking through layers of tough security. They happen because someone didn’t change their default passwords.
The Mirai botnet case exploited under-secured IoT devices via easily guessable factory default (or popular) login credentials. This incident, along with many other copycat attempts, led our team wanted to propose a solution to aid users in securing their increasingly connected world.
Enterprises, NGOs and individuals can make use of such a system to catch common security lapses before a security breach occurs.
- Scan a network (a particular subnet or a list of IP addresses) for all IP addresses associated with active network devices
- Determine the type of devices using fingerprinting
- Determine if there are any open ports on the device
- Associate the ports with common services
- Test devices against a dictionary of factory default and common credentials
- Notify users of security vulnerabilities through an dashboard. Dashboard tour
- Greater variety of vulnerability assessment capabilities (webapp etc.)
- Select wordlist based on fingerprint
- Raspberry Pi Cluster HAT (with 4 * Pi Zero W)
- Raspberry Pi 3
- Networking device
- Raspbian Stretch (Controller Pi)
- Raspbian Stretch Lite (Worker Pi Zero)
- Note: For ease of setup, use the images provided by Cluster Hat! Instructions
- Python 3 (not tested on Python 2)
- Python packages see
- Ansible for managing the cluster as a whole (
Key Python Packages:
dispy(website) is the star of the show. It allows allows us to create a job queue that will be processed by the worker nodes.
python-libnmapis the python wrapper around nmap, an open source network scanner. It allows us to scan for open ports on devices.
paramikois a python wrapper around SSH. We use it to probe SSH on devices to test for common credentials.
eelis used for the web dashboard (seperate repository, here)
rabbitmq(website) is used to pass the results from the cluster to the
eelserver that is serving the dashboard page.
For the playbooks to work,
ansible must be installed (
sudo pip3 install ansible). Configure the IP addresses of the nodes at
WARNING: Your mileage may vary as these were only tested on my setup
clone_repos.ymlclone prowler and dispy repositories (required!) on the worker nodes
setup_node.ymlinstalls all required packages on the worker nodes. Does not clone the repositories!
- Clone the git repository:
git clone https://github.com/tlkh/prowler.git
- Install dependencies by running
sudo pip3 install -r requirements.txton the controller Pi
ansible-playbook playbooks/setup_node.ymlto install the required packages on worker nodes.
- Clone the prowler and dispy repositories to the worker nodes using
clusterhat onon the controller Pi to ensure that all Pi Zeros are powered up.
python3 cluster.pyon the controller Pi to start Prowler
To edit the range of IP addresses being scanned, edit the following lines in
test_range =  for i in range(0, 1): for j in range(100, 200): test_range.append("172.22." + str(i) + "." + str(j))
- Cluster Scan Demonstration Jupyter Notebook
- Single Scan Demonstration Jupyter Notebook
- Try out the web dashboard here
- To run ssh command on multiple devices, install
pssh -h pssh-hosts -l username -A -i "command"
- To create the cluster (in
cluster = dispy.JobCluster(compute, nodes='pi0_ip', ip_addr='pi3_ip')
- Check connectivity:
ansible all -m pingor
ping p1.local -c 1 && ping p2.local -c 1 && ping p3.local -c 1 && ping p4.local -c 1
- Temperature Check:
/opt/vc/bin/vcgencmd measure_temp && pssh -h workers -l pi -A -i "/opt/vc/bin/vcgencmd measure_temp" | grep temp
- rpimonitor (how to install):
- Faith See
- Wong Chi Seng
- Timothy Liu
ABSOLUTELY NO WARRANTY WHATSOEVER! Feel free to submit issues though.