Home Pinecone - A WLAN Red Team Framework
Post
Cancel

Pinecone - A WLAN Red Team Framework

Posted Aug 29, 2022
By Williams A. Danso
4 min read

Pinecone is a tool used for auditing WLAN networks, and it is particularly suitable for red team applications. Its extensibility is achieved through modules, and it is specifically created to operate on Debian-based operating systems. Pinecone is designed to function as a portable wireless auditing box, particularly with a Raspberry Pi.

The intended purpose of this tool is solely for educational and research purposes. It should only be utilized with explicit permission.

Installation

To utilize Pinecone, it’s necessary to have an operating system based on Debian (such as Raspbian, Raspberry Pi Desktop, or Kali Linux) as these have been tested to work with it. Pinecone has the subsequent requirements:

  • Python 3.5+. Your distribution probably comes with Python3 already installed, if not it can be installed using apt-get install python3.
  • dnsmasq (tested with version 2.76). Can be installed using apt-get install dnsmasq.
  • hostapd-wpe (tested with version 2.6). Can be installed using apt-get install hostapd-wpe. If your distribution repository does not have a hostapd-wpe package, you can either try to install it using a Kali Linux repository pre-compiled package, or compile it from its source code.

Once you have installed the required packages, you may proceed to install the Python packages needed for Pinecone. This can be done by executing pip3 install -r requirements.txt in the root folder of the project.

Usage

For starting Pinecone, execute python3 pinecone.py from within the project root folder:

1
2
3

root@kali:~/pinecone# python pinecone.py
[i] Database file: ~/pinecone/db/database.sqlite
pinecone >

Pinecone is controlled via a Metasploit-like command-line interface. You can type help to get the list of available commands, or help 'command' to get more information about a specific command:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

pinecone > help
    
    Documented commands (type help <topic>):
    ========================================
    alias  help     load  pyscript  set    shortcuts  use
    edit   history  py    quit      shell  unalias
    
    Undocumented commands:
    ======================
    back  run  stop
    
    pinecone > help use
    Usage: use module [-h]
    
    Interact with the specified module.
    
    positional arguments:
      module      module ID
    
    optional arguments:
      -h, --help  show this help message and exit

Use the command use 'moduleID' to activate a Pinecone module. You can use Tab auto-completion to see the list of current loaded modules:

1
2
3
4
5

pinecone > use
    attack/deauth     daemon/hostapd-wpe    report/db2json                  scripts/infrastructure/ap
    daemon/dnsmasq    discovery/recon       scripts/attack/wpa_handshake
    pinecone > use discovery/recon
    pcn module(discovery/recon) >

Every module has options, that can be seen typing help run or run --help when a module is activated. Most modules have default values for their options (check them before running):

1
2
3
4
5
6
7

pcn module(discovery/recon) > help run
    usage: run [-h] [-i INTERFACE]
    
    optional arguments:
      -h, --help            show this help message and exit
      -i INTERFACE, --iface INTERFACE
                            monitor mode capable WLAN interface (default: wlan0)

When a module is activated, you can use the run [options...] command to start its functionality. The modules provide feedback of their execution state:

1
2
3
4
5

pcn script(attack/wpa_handshake) > run -s TEST_SSID
    [i] Sending 64 deauth frames to all clients from AP 00:11:22:33:44:55 on channel 1...
    ................................................................
    Sent 64 packets.
    [i] Monitoring for 10 secs on channel 1 WPA handshakes between all clients and AP 00:11:22:33:44:55...

If the module runs in background (for example, scripts/infrastructure/ap), you can stop it using the stop command when the module is running:

1
2
3
4
5
6
7
8
9
10
11
12

 pcn script(infrastructure/ap) > run
    net.ipv4.ip_forward = 1
    [i] Creating NAT rules in iptables for forwarding wlan0 -> eth0...
    [i] Starting hostapd-wpe and dnsmasq...
    Configuration file: ~/pinecone/tmp/hostapd-wpe.conf
    Using interface wlan0 with hwaddr 00:11:22:33:44:55 and ssid "PINECONEWIFI"
    wlan0: interface state UNINITIALIZED->ENABLED
    wlan0: AP-ENABLED
    pcn script(infrastructure/ap) > stop
    [i] Stopping hostapd-wpe and dnsmasq...
    net.ipv4.ip_forward = 0
    [i] Flushing NAT table in iptables...

When you are done using a module, you can deactivate it by using the back command. You can also activate another module issuing the use command again.

Shell commands may be executed with the command shell or the ! shortcut:

1
2

pinecone > !ls
    LICENSE  modules  module_template.py  pinecone  pinecone.py  README.md  requirements.txt  TODO.md

At present, the Pinecone reconnaissance SQLite database resides within the project’s root folder, specifically in the db/ directory. Meanwhile, the tmp/ directory in the same root folder houses all the temporary files required by Pinecone.


⚠ ONLY USE FOR EDUCATIONAL PURPOSES ⚠

Tools & Frameworks, Wireless
wireless
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents