Pentesting with Espruino?

Posted on
  • Hi,
    Could the Espruino be used for penetration testing?
    Something like Javascript injection? Wireless JS attacks?
    I think the Espruino WiFi could be capable of this.
    Also, can the espruino share internet from the host computer? If so, the original and the pico will be able to get internet access too!
    I know, there are other ways to perform JS attacks but it just came up to me, and the small form factor of the Pico can potentially make it a USB rubber ducky, but for the internet! Plug it in, and inject lines of Javascript to any server!

  • You could definitely use it for some things... The WiFi and Pico support USB HID, so can inject keypresses over USB. Puck.js can do it over Bluetooth LE too.

    In terms of WiFi I think it depends - you could definitely connect to a network and then send particular packets of data, but you can't do the network-level forwarding stuff that you could do with a Linux-based device.

    You can't directly share the host's internet unless you wrote some software that'd run on the host itself though. You can still solder an ESP8266 onto a Pico, and with the Pico shims you could get it all small enough to fit in a USB key - so for instance it'd be pretty easy to make a device that could enter keypresses that it downloaded from a web server.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

Pentesting with Espruino?

Posted by Avatar for Marty_McFly @Marty_McFly