Mini Custom Lab for Pen-testing

This is an easy guide to set up a small lab environment (both hardware and software) for safe pentesting in a controlled environment using inexpensive equipment. The idea is to create a secure network within your home environment using RaspAP. A Raspberry Pi running RaspAP will generate a WiFi hotspot to which you can connect your laptop. Using another Raspberry Pi running Kali Linux and a small Arduino device, you’ll be able to pentest this small network without risking your main network.

Network design using https://online.visual-paradigm.com/

Materials:

• Raspberry pi 4B
• Raspberry pi zero 2W
• ESP8266 Deauther
• Alfa Network AWUS036ACS
• USB WiFi Adapter

First step.

First you need to use the Raspberry pi image to install the lastest release of Raspberry pi os lite 64-bits on your Raspi.

You can make it even safer by choosing hash keys for SSH

After the installation, just insert the SD card in your Raspberry Pi and follow this guide if you want more details (https://medium.com/@josejgp/a-guide-for-homemade-secure-travel-router-raspap-7abda59f045d)

Access the Raspberry Pi via SSH; you can use the terminal in Mac, Windows, or Linux; apps like Putty are not needed.

sudo apt-get update && sudo apt-get upgrade -y 
sudo reboot
curl -sL https://install.raspap.com | bash

In my case, I am going to upgrade to the insider’s version of RaspAP. While this is not necessary for the final goal, I believe it’s worth considering.

curl -sL https://install.raspap.com | bash -s -- --upgrade --insiders

You can install a insiders version of RaspAP from zero (see their guide) in my case this is not working well, I have tried several times and at least in my case and for the current versions of insiders () installing the basic RaspAP configuring it and later upgrading to insiders, is the working better for me.

Actually my advice is to set everything in the RaspAP web GUI and when everything is to your liking, I recommend that you make a backup of your SD card. Basically you should change Passwords, connect to your WiFi and in case of using a dongle configure it, all is described in the guided provided at the beginning.

With this, we have our Wi-Fi hotspot ready.

Second step.

Our attacker will be another raspberry, in this case a rapberry pi Zero 2W. running Kali linux as sofware with a 5 GHz antenna (check another guide here). Our second attacker will be an “arduino alike” ESP8266 Deauther.

Third step.

Playing around! I am not going to give you many ideas but with this design you can try to sniff some packages, you can scan for ports, flood the network and many more things!