LSE toolsLSE toolsWarBerryPi (291)WarBerryPi (291)

Tool and Usage

Project details

Programming language
Yiannis Ioannides
Latest release
No release found
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

WarBerryPi is a toolkit to provide a hardware implant during Physical penetration testing or red teaming. The primary goal of the tool is to obtain as much information as possible, in a short period of time. The secondary goal is to be stealthy to avoid detection. As the name implies, the tool can be used on a small device like a RaspberryPi.

Another use-case of WarBerryPi is to be an entry point to the network. In that case, a 3G connection is suggested, to avoid the outgoing network filtering (egress rules).

How it works

WarBerryPi is to be installed on existing Linux installation like Raspbian. It has a setup script that installs the required components. Next step is deploying the device, in which the warberry script can be used to configure its behavior. This includes options like enumeration, Bluetooth scanning, recon-only mode, WiFi scanning, and more.

Background information

The project can be a great resource for those who do physical penetration tests. We noticed that the documentation is limited during our review.

Usage and audience

WarBerryPi is commonly used for information gathering, information snooping, penetration testing, or red teaming. Target users for this tool are pentesters and security professionals.


  • Command line interface
  • Customization and additions are possible

Example usage and output


--version show program's version number and exit
-h, --help show this help message and exit
-p PACKETS, --packets=PACKETS Number of Network Packets to capture. Default 20
-x TIME, --expire=TIME Duration of packet capture. Default 20 seconds
-I IFACE, --interface=IFACE Network Interface to use. Default: eth0
-N NAME, --name=NAME Hostname to use. Default: WarBerry
-i INTENSITY, --intensity=INTENSITY Port scan intensity. Default: T4
-Q, --quick Scan using threats. Default: Off
-P, --poison Turn Poisoning on/off. Default: On
-t TIME, --time=TIME Poisoning Duration. Default 900 seconds
-H, --hostname Do not Change WarBerry hostname Default: Off
-e, --enumeration Disable Enumeration mode. Default: Off
-B, --bluetooth Enable Bluetooth scanning. Default: Off
-r, --recon Enable Recon only mode. Default: Off
-W, --wifi Enable WiFi scanning. Default: Off
-S, --sniffer Enable Sniffer only mode. Default: Off
-C, --clear Clear previous output folders in ../Results

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 2000 GitHub stars
  • + The source code of this software is available


  • - Minimal or no documentation available
  • - No releases on GitHub available

History and highlights

  • Demo at Black Hat USA 2016 Arsenal
  • Demo at Black Hat USA 2018 Arsenal

Author and Maintainers

WarBerryPi is under development by Yiannis Ioannides.


Supported operating systems

WarBerryPi is known to work on Linux.

WarBerryPi alternatives

Similar tools to WarBerryPi:



Chiron is a security assessment framework for IPv6 testing. It can be used during penetration testing or analysis of network devices. Read how it works in this review.



Btlejack is a security tool that provides all options to sniff, jam, and hijack Bluetooth Low Energy (BLE) devices. Read how it works in this tool review.



BTLE-Sniffer is a scanning tool that scans Bluetooth Low Energy (BLE) devices and tries to identify them. Read how it works in this tool review.

All WarBerryPi alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information


This tool is categorized as a bluetooth sniffing tools, network reconnaissance tools, and network sniffing tool.