Raspwn emulates a vulnerable Linux web server. To use it just boot Raspwn then connect to RasPwn OS via WiFi.from your favorite pen-testing set-up. (We like Kali, ParrotS, BlackArch and Pentoo)

SSID - RasPwn OS
Password - In53cur3!

Once you have connected you can explore the subnet and the * domain. The Raspwn Web Playground can be found at (

Network services running in Raspwn OS include -

  • Bind (, - DNS Server
  • Postfix ( - Mail Transfer Agent
  • Dovecot ( - Mail Client Server
  • Samba ( - Windows File Sharing Server
  • Apache2 ( - Web Server
  • Nginx ( - Web Server
  • MySQL Server ( - Database Server
  • OpenSSH ( - SSH server

Playground Web Applications

Intentionally Vulnerable Web Applications-

Out-Of-Date Web Applications

The admin account for web applications is -

user - admin <>
password - Pa55w0rd!

The Web applications exist in their own little Universe. Each gets it's DNS from Raspwn and all mail outgoing to the * is delivered to the local mail server at and can be retrieved via IMAP or viewed from a browser via Roundcube in the Playground. Everything from DNS to MTA to MySQL to Apache2 is already set up.

Two email accounts have been set up with the credentials -

IMAP/SMTP Server - <>

user 1 - <>
password - Pa55w0rd!

user 2 - <>
password - OhNoMrBill!

(More email accounts can be added too but that's a 'coming soon'.)

If you wish to customize RasPwn or play Red vs. Blue, you can logon locally or via SSH. The default credentials are:

user - pi
password - pwnme!

RasPwn images are put together from snapshots of Debian Linux. This allows us to create a vulnerable system image without breaking the system stability. The end effect is that RasPwn is a fly in amber. The current snapshot is By Default the system is headless. However, xorg can be installed via apt-get (in fact any package from the Debian snapshot repo can be installed.) Just connect eth0 to the internet (from behind a firewall of course) and do sudo apt-get install desired-package .

The current documentation is minimal (sorry) I'll be adding more as I can.

NOTE - It is possible to connect eth0 to the internet and use RasPwn as a (possibly the world's most insecure) wireless router however - IF YOU DO SO PLEASE DO SO FROM BEHIND NAT AND A FIREWALL! DO NOT EXPOSE ANY RASPWN INTERFACES DIRECTLY TO THE INTERNET OR FORWARD INTERNET TRAFFIC TO RASPWN IN ANY WAY!!!