site maker

OpenPiMap - Hacking the hackers with OSINT, Raspberry Pis, and Data Analysis

Mark Klink


OpenPiMap is the ultimate home/prosumer network utility in order to detect, analyze, and respond to malicious network traffic on a small home or office network. Get an interactive and dynamic interface to detect and respond to botnets, hackers, and script kiddies on a platform that is powered by just 5v and costs less than $10. Everyday any point of presence on the internet can be faced with thousands of scans, exploit attempts, or malicious probes with almost no signature or notification to the end user. OpenPiMap offers the ability to detect and respond to malicious network traffic that would normally be ignored by traditional anti-virus or consumer firewalls.

OpenPiMap is an open source Netflow protocol analyzer written entirely in Python3, Flask, Javascript, and SQLite that combines open source intelligence with home/SOHO networking and intrusion detection. Running on any version of a Raspberry Pi, Linux OS, or Windows, OpenPiMap consists of two parts: (1) Netflow collection service and (2) Database processing service. The NetFlow service does exactly what it sounds like, it listens on a specified port for Netflow v5 data and logs the data into a local SQL database. The second part is where the magic happens.

All of the traffic, both in and out of the network, is compared to dozens of the top IP blacklists for malicious patterns. Once identified, the malicious suspects are mapped, interrogated via Shodan’s Python API for vulnerable services and ownership information, and then staged for exploitation if a readily available exploit exists. This processing is where the bridge between traditional netflow traffic analyzers and OpenPiMap split. There are plenty of free tools on the market to monitor incoming and outgoing connections, bandwidth utilization, and common port usage. However, none of the existing products leverage open source intelligence to the extent of OpenPiMap by providing you with the open ports and services, ownership information, ISP, geographic location, and publically available exploits for the incoming or outgoing IP addresses.


Mark Klink

Announcements


Our CFP for DEFCON 27 is now OPEN.

Recon Village will be running in DEFCON China 1, Beijing.

Recon Village ran a successfull show at DEFCON 26, Las Vegas.

Whats going on?