National Cyber Warfare Foundation (NCWF)

Hacking with the Raspberry Pi: Network Enumeration
0 user ratings		2025-11-17 15:07:53
milo
Red Team (CNA)

Welcome back, my aspiring cyberwarriors! We continue exploring the Raspberry Pi’s potential for hacking. In this article, we’ll dive into network enumeration. Enumeration is the foundational step of any penetration test—it involves systematically gathering detailed information about the hosts, services, and topology of the network you’re targeting. For the purposes of this guide, we’ll assume that […]


The post Hacking with the Raspberry Pi: Network Enumeration first appeared on Hackers Arise.



Welcome back, my aspiring cyberwarriors!





We continue exploring the Raspberry Pi’s potential for hacking. In this article, we’ll dive into network enumeration.





Enumeration is the foundational step of any penetration test—it involves systematically gathering detailed information about the hosts, services, and topology of the network you’re targeting. For the purposes of this guide, we’ll assume that you already have a foothold within the network—whether through physical proximity, compromised credentials, or another form of access—allowing you to apply a range of enumeration techniques.





Let’s get started!





Step #1: Fping





To get started, we’ll examine a lightweight utility called fping. It leverages the Internet Control Message Protocol (ICMP) echo request to determine whether a target host is responding. Unlike the traditional ping command, fping lets you specify any number of targets directly on the command line—or supply a file containing a list of targets to probe. This allows us to do a basic network discovery.





Fping comes preinstalled on Kali Linux. To confirm that it’s available and view its options, you can display the help page.





kali> fping -h









To run a quiet scan, we can use the following command:





kali> sudo fping -I wlan0 -q -a -g 192.168.0.0/24









This command runs fping with root privileges to quietly scan all IP addresses in the 192.168.0.0/24 network via the wlan0 interface, showing only the IPs that respond (i.e., hosts that are alive). At this point, we can see which systems are live on the network and are ready to be exploited. At its core, fping is very lightweight; when I ran htop and fping simultaneously, I observed the following output:









As you can see, CPU usage is around 2% and less than 1% of memory usage in my case (my Pi board has 4 cores and 2GB of RAM).





Step #2: Nmap





At this point, we have identified our target and can move on to the next step — network mapping with Nmap to see which ports are open. Nmap is one of the best-known tools in the cybersecurity field, and Hackers-Arise offers a dedicated training course for mastering Nmap; you can find it after the link.





I assume you already have a basic understanding of Nmap, so we can proceed to network enumeration.





Let’s run a simple Nmap scan to check for open ports:





kali> sudo nmap -p- --open –min-rate 5000 -n -Pn 192.168.0.150 -oG open_ports





This command checks all 65,535 TCP ports and only shows the ones that are open. It uses a high scan rate for speed (5000 packets per second) and skips DNS resolution, assuming the host is up, without pinging it. Also, the results are saved in a grepable format to a file called open_ports, so we can analyze them later.









At its peak, CPU usage was around 33% and around 2% of memory usage.









As a result, we found twelve open ports and can now move on to gathering a bit more information.





kali> sudo nmap -sC -sV -p135,139,445,5040,8080,49664,49665,49666,49667,49668,49668,49669,49670





This executes Nmap’s default script set (-sC) to identify commonly known vulnerabilities in services listening on the scanned ports. Additionally, -sV was used for service version detection.









This scan revealed some important information for further exploitation. The Raspberry Pi handled it quite well. I saw a brief spike in resource usage at the start, but it remained very low afterward.





Step #3: Exploitation





Let’s assume our reconnaissance is complete and we’ve discovered that the Tomcat application may be using weak credentials. We can now launch Metasploit and attempt a brute-force login.





msf6> use scanner/http/tomcat_mgr_login
msf6> set RHOSTS 192.168.0.150
msf6> run









The Raspberry Pi struggles somewhat to start Metasploit, although running it typically causes no issues.





Summary





The Raspberry Pi is a very powerful tool for every hacker. Our tools are generally lightweight, and the resources of this small board are enough to handle most tasks. So, if your budget is limited, buy a Raspberry Pi, connect it to your TV, and start learning cybersecurity.





If you want to grow in the pentesting field, check out our CWA Preparation Course — get certified, get hired, and start your journey!





The post Hacking with the Raspberry Pi: Network Enumeration first appeared on Hackers Arise.



Source: HackersArise
Source Link: https://hackers-arise.com/hacking-with-the-raspberry-pi-network-enumeration/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.