Depending on your location (country), downloading or using PANDORA ZERO might be illegal.
Using the RTL-SDR capacity can lead to significant risks. It's crucial to exercise caution and thoroughly understand the potential legal and ethical implications.
Failure to do so may result in legal repercussions and disrupt normal operations.
Always know and understand the full impact of any tool your are using before attempt to use it yourself.
© 2024 - Fadi KELAJIAN - RedSword Security - All rights reserved.
PANDORA ZERO is a freeware with minor limitations. You have to accept the EULA to use PANDORA ZERO.
For now, PANDORA ZERO isn't under a free licence to keep the control for the future developpement. Maybe later, PANDORA ZERO will be published under GPLv3 licence. Even if isn't still under free licence, please consider these points :
➤ The project in developped with PHP/HTML/JQUERY/PYTHON/BASH language. ➤ There isn't any effort to hide the code or to encrypt it. So, you will able to see everything. ➤ The EULA permit you to modify the code for your private usage. ➤ There is no email, registration, user account or whatever other information required to download and use PANDORA ZERO. |
 |
| RASPBERRY PI ZERO | KALI LINUX |
| (https://www.raspberrypi.org/) | (https://www.kali.org/) |
PANDORA ZERO is mainly based on the Raspberry Pi Zero/Linux KALI combo.
The Nano Computer, since its first release in November 2015, but more specifically, the W release in February 2017, including Wi-Fi and Bluetooth capabilities for just $10,
has become a wonderful platform for many IT projects. Very small, low consumption, low cost, noiseless, with Wi-Fi/Bluetooth capacity, microUSB... offers new and great opportunities
With the possibility to run a Linux system, and more specifically, the Linux Kali OS dedicated to offensive security, we have obtained one of the most low-cost/powerful
pocket pentest platforms. Based on this combination, we can enumerate projects like P4wnP1 A.L.O.A (https://github.com/RoganDawes/P4wnP1_aloa) or
Pwnagotchi (based on Raspbian but can be installed on Kali - https://pwnagotchi.ai/) that inspired the Flipper Zero project (https://flipperzero.one/).
The latest release (Raspberry Pi Zero 2 W) launched in October 2021, added more CPU power and increased capabilities for security purposes.
Currently, with only 512 MB of RAM, it may be a limitation for some scenarios, but it's sufficient for the majority of security tests involved in this project.
Therefore, Kali installed on the Raspberry Pi Zero 2 W is already an excellent platform for security testing or educational purposes.
The best advantage of the Raspberry Pi Zero is certainly his very tiny size. It can be placed easilly in a pocket or in your bag without disagrement and be ready to be plugged with a single cable for a basic
usage.
By nature, the entire package should be kept small as possible but accessing to the environnement will obligatory require
other hardware/devices, and rise the package sizing. For example, to using your kali with a window manager will require additionnal cable and a display or accessing to your pocket pentest station
with a laptop/netbook, that will break the "pocket size" concept. Imho, the best device for this situation is your smartphone.
You certainly already have a smartphone always near you, so it's the ideal candidat to access to your pocket pentest station on your demand.
This is one of the main characteristic of this projet :
PANDORA ZERO was designed to be controlled from a smartphone with tactical capacity.
Unfortunelty, in real world, the usage of a pocket size pentest station from a tiny terminal like a smartphone can be a nightmare.
In such tiny screen, accessing it through SSH client and typing long or complicated command line, typing MAC address, reading and scrolling long output, switching between multiple tool with a
keyboard that take the half screen size... can be a veritable challenge and leads to wasted time, errors, uncomfortable experience or other inconvenience.
In this situation, the best way to interact with your environnement will be certainly a Graphical User Interface.
To have a confortable GUI environnement, we can use a smartphone application or use a simple web browser. The second case may be more interesting since it will not require any manipulation
or other third-party software. We can also envisage to use a RDP link but we plunge back in the nightmare.
The best choice will be the usage of a simple web brower to access and control our environnement.
This is another main characteristic of this projet :
PANDORA ZERO is based on a traditionnal client-server web architecture.
Thus, from your smartphone, you will be able to access PANDORA ZERO with a compatible web browser (Chrome or Firefox), nothing else.
KALI Linux OS provides a variety of best-in-class command line tools and PANDORA ZERO is largely based on them.
Some of these tools offer rich and detailed output and the most comfortable mode to read them is certainly landscape mode.
This is another main characteristic of this projet :
PANDORA ZERO interface can be only used in the landscape mode.
PANDORA ZERO is trying to offer you the advantage of graphical interface and keep the power of command line tools.
With the graphical interface and tactical screen capacity of your smartphone, we have a more confortable way to access, control and manage our activity on our pocket pentest station.
To keep this confort, PANDORA ZERO try to avoid, as many as possible, to force you to type some input text. All majors action will require only screen pressure with your finger and led us to
adopt an approach based on target acquisition, selection and focus. This is another main characteristic of this projet :
PANDORA ZERO is based on target acquisition, selection and focus cycle.
Off course, sometime, the user input is impossible to avoid but it will be limited.
Still by nature, the pocket size concept led us to dedicate PANDORA ZERO to our proximity digital environnement.
So, PANDORA ZERO cannot perform remote audit test throught Internet. The audited digital asset must be close to you, within the field of perception of your sensors.
For remote activities, a small device is not necessary and another platform will be a better choice. This is another main characteristic of this projet :
PANDORA ZERO is dedicated to interact only with our near digital environnement
Based on theses characteristics, PANDORA ZERO is trying to be useful as possible by providing many possibility for many scenarios, in his usage scope.
< setup picture >
With his multiple capacity, we hope that PANDORA ZERO could be useful pour many cyber securiy professionnal or enthusiast.
For auditor, red team members or others, this pocket pentest station could find a tiny place in your bag, complete your actual weaponised hardware, acting like a second station to parallesize some task.
For internal security teams, by walking with a tablet in hand, you can easily audit all your wifi radiation within your perimeter, performs some internal awareness campaign,
enumerate the oldest enabled bluetooth devices in your perimeter, perform recon in your guest network, discover rogue devices and more.
For personnal usage, PANDORA ZERO can for example, maintain a map of your local network. Without noise and with low comsuption capacity, it can be always plugged in your switch/box to audit the devices
in your LAN on demand and keep all the traces. With the proliferation of connected objects, devices requiring an internet connection and connected to your local network, you will be surprised to make
certain discoveries. In your private circle, PANDORA ZERO can be a wonderfull demonstrating and educational tool. At your next family dinner, you will be able to demonstrate to our
grandfather why isn't recommanded to connect to any hotspot and put their credentials anywhere ^^.
Despite the graphical user interface, in any case, PANDORA ZERO is intented to experienced users only. It isn't a tool for learning. Today, there are many learning platform for beginners.
As we said before, you have to know and understand all impact of any tool your are using before using the automated solution.
You can go through the user manual to determine its usefulness for you and if, PANDORA ZERO will cross your destiny.