--- - hosts: - 127.0.0.1 become: yes vars: pwnagotchi: hostname: "{{ lookup('env', 'PWN_HOSTNAME') | default('pwnagotchi', true) }}" version: "{{ lookup('env', 'PWN_VERSION') | default('master', true) }} " system: boot_options: - "dtoverlay=dwc2" - "dtparam=spi=on" - "dtoverlay=spi1-3cs" services: enable: - dphys-swapfile.service - pwnagotchi.service - bettercap.service disable: - apt-daily.timer - apt-daily.service - apt-daily-upgrade.timer - apt-daily-upgrade.service - wpa_supplicant.service - bluetooth.service - triggerhappy.service - ifup@wlan0.service packages: apt: remove: - rasberrypi-net-mods - dhcpcd5 - triggerhappy - wpa_supplicant - nfs-common install: - vim - screen - golang - git - build-essential - python3-pip - python3-mpi4py - unzip - gawk - libopenmpi-dev - libatlas-base-dev - libjasper-dev - libqtgui4 - libqt4-test - libopenjp2-7 - libtiff5 - tcpdump - lsof - libilmbase23 - libopenexr23 - libgstreamer1.0-0 - libavcodec58 - libavformat58 - libswscale5 - libpcap-dev - libusb-1.0-0-dev - libnetfilter-queue-dev - libopenmpi3 - dphys-swapfile - kalipi-kernel - kalipi-bootloader - kalipi-re4son-firmware - kalipi-kernel-headers - libraspberrypi0 - libraspberrypi-dev - libraspberrypi-doc - libraspberrypi-bin - fonts-dejavu - fonts-dejavu-core - fonts-dejavu-extra - python3-pil bettercap: query: "assets[?contains(name, 'armv6l')].browser_download_url" tasks: - name: selected hostname debug: msg: "{{ pwnagotchi.hostname }}" - name: build version debug: msg: "{{ pwnagotchi.version }}" - name: change hostname hostname: name: "{{pwnagotchi.hostname}}" - name: add hostname to /etc/hosts lineinfile: dest: /etc/hosts regexp: '^127\.0\.0\.1[ \t]+localhost' line: '127.0.0.1 localhost {{pwnagotchi.hostname}} {{pwnagotchi.hostname}}.local' state: present - name: Add re4son-kernel repo key apt_key: url: https://re4son-kernel.com/keys/http/archive-key.asc state: present - name: Add re4son-kernel repository apt_repository: repo: deb http://http.re4son-kernel.com/re4son/ kali-pi main state: present - name: update apt package cache apt: update_cache: yes - name: remove unecessary apt packages apt: name: "{{ packages.apt.remove }}" state: absent purge: yes - name: upgrade apt distro apt: upgrade: dist - name: install packages apt: name: "{{ packages.apt.install }}" state: present - name: configure dphys-swapfile file: path: /etc/dphys-swapfile content: "CONF_SWAPSIZE=1024" - name: acquire python3 pip target command: "python3 -c 'import sys;print(sys.path.pop())'" register: pip_target - name: clone pwnagotchi repository git: repo: https://github.com/evilsocket/pwnagotchi.git dest: /usr/local/src/pwnagotchi - name: build pwnagotchi wheel command: "python3 setup.py sdist bdist_wheel" args: chdir: /usr/local/src/pwnagotchi - name: install opencv-python pip: name: "https://www.piwheels.hostedpi.com/simple/opencv-python/opencv_python-3.4.3.18-cp37-cp37m-linux_armv6l.whl" extra_args: "--no-deps --no-cache-dir --platform=linux_armv6l --only-binary=:all: --target={{ pip_target.stdout }}" - name: install tensorflow pip: name: "https://www.piwheels.hostedpi.com/simple/tensorflow/tensorflow-1.13.1-cp37-none-linux_armv6l.whl" extra_args: "--no-deps --no-cache-dir --platform=linux_armv6l --only-binary=:all: --target={{ pip_target.stdout }}" - name: install pwnagotchi wheel and dependencies pip: name: "{{ lookup('fileglob', '/usr/local/src/pwnagotchi/dist/pwnagotchi*.whl') }}" extra_args: "--no-cache-dir" - name: fetch bettercap release information uri: url: https://api.github.com/repos/bettercap/bettercap/releases/latest return_content: yes register: bettercap_release - name: download and install bettercap unarchive: src: "{{ bettercap_release.content | from_json | json_query(bettercap.query) | first }}" dest: /usr/bin remote_src: yes exclude: - README.md - LICENSE.md mode: 0755 - name: clone bettercap caplets git: repo: https://github.com/bettercap/caplets.git dest: /tmp/caplets - name: install bettercap caplets make: chdir: /tmp/caplets target: install - name: create cpuusage script copy: dest: /usr/bin/cpuusage mode: 0755 content: | #!/usr/bin/env bash while true do top -b -n1 | awk '/Cpu\(s\)/ { printf("%d %", $2 + $4 + 0.5) }' sleep 3 done - name: create memusage script copy: dest: /usr/bin/memusage mode: 0755 content: | #!/usr/bin/env bash free -m | awk '/Mem/ { printf( "%d %", $3 / $2 * 100 + 0.5 ) }' - name: create bootblink script copy: dest: /usr/bin/bootblink mode: 0755 content: | #!/usr/bin/env bash for i in $(seq 1 "$1"); do echo 0 >/sys/class/leds/led0/brightness sleep 0.3 echo 1 >/sys/class/leds/led0/brightness sleep 0.3 done echo 0 >/sys/class/leds/led0/brightness sleep 0.3 - name: create pwnagotchi-launcher script copy: dest: /usr/bin/pwnagotchi-launcher mode: 0755 content: | #!/usr/bin/env bash # blink 10 times to signal ready state /usr/bin/bootblink 10 & # start a detached screen session with bettercap if ifconfig | grep usb0 | grep RUNNING; then /usr/local/bin/pwnagotchi --manual else /usr/local/bin/pwnagotchi fi - name: create monstart script copy: dest: /usr/bin/monstart mode: 0755 content: | #!/usr/bin/env bash iw phy phy0 interface add mon0 type monitor && ifconfig mon0 up - name: create monstop script copy: dest: /usr/bin/monstop mode: 0755 content: | #!/usr/bin/env bash ifconfig mon0 down && iw dev mon0 del - name: create hdmion script copy: dest: /usr/bin/hdmion mode: 0755 content: | #!/usr/bin/env bash sudo /opt/vc/bin/tvservice -p - name: create hdmioff script copy: dest: /usr/bin/hdmioff mode: 0755 content: | #!/usr/bin/env bash sudo /opt/vc/bin/tvservice -o - name: add HDMI powersave to rc.local blockinfile: path: /etc/rc.local insertbefore: "exit 0" block: | if ! /opt/vc/bin/tvservice -s | grep HDMI; then /opt/vc/bin/tvservice -o fi - name: create /etc/pwnagotchi/config.yml blockinfile: path: /etc/pwnagotchi/config.yml create: yes block: | # put here your custom configuration overrides - name: configure lo interface blockinfile: path: /etc/network/interfaces.d/lo-cfg create: yes block: | auto lo iface lo inet loopback - name: configure wlan interface blockinfile: path: /etc/network/interfaces.d/wlan0-cfg create: yes block: | allow-hotplug wlan0 iface wlan0 inet static - name: configure usb interface blockinfile: path: /etc/network/interfaces.d/usb0-cfg create: yes block: | allow-hotplug usb0 iface usb0 inet static address 10.0.0.2 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255 gateway 10.0.0.1 - name: configure eth0 interface (pi2/3/4) blockinfile: path: /etc/network/interfaces.d/eth0-cfg create: yes block: | allow-hotplug eth0 iface eth0 inet dhcp - name: enable ssh on boot file: path: /boot/ssh state: touch - name: adjust /boot/config.txt lineinfile: dest: /boot/config.txt insertafter: EOF line: '{{ item }}' with_items: - "{{system.boot_options}}" - name: change root partition replace: dest: /boot/cmdline.txt backup: no regexp: "root=PARTUUID=[a-zA-Z0-9\\-]+" replace: "root=/dev/mmcblk0p2" - name: configure /boot/cmdline.txt lineinfile: path: /boot/cmdline.txt backrefs: True state: present backup: no regexp: '(.*)$' line: '\1 modules-load=dwc2,g_ether' - name: configure motd copy: dest: /etc/motd content: "(◕‿‿◕) {{pwnagotchi.hostname}} (pwnagotchi-{{pwnagotchi.version}})" - name: clean apt cache apt: autoclean: yes - name: remove dependencies that are no longer required apt: autoremove: yes - name: add bettercap service to systemd copy: dest: /etc/systemd/system/bettercap.service content: | [Unit] Description=bettercap api.rest service. Documentation=https://bettercap.org Wants=network.target After=network.target [Service] Type=simple PermissionsStartOnly=true ExecStart=/usr/bin/bettercap -no-colors -caplet pwnagotchi Restart=always RestartSec=30 [Install] WantedBy=multi-user.target notify: - reload systemd services - name: add pwnagotchi service to systemd copy: dest: /etc/systemd/system/pwnagotchi.service content: | [Unit] Description=pwnagotchi Deep Reinforcement Learning instrumenting bettercap for WiFI pwning. Documentation=https://pwnagotchi.ai Wants=network.target After=bettercap.service [Service] Type=simple PermissionsStartOnly=true ExecStart=/usr/bin/pwnagotchi-launcher Restart=always RestartSec=30 [Install] WantedBy=multi-user.target notify: - reload systemd services - name: enable services systemd: name: "{{ item }}" state: started enabled: yes with_items: "{{ services.enable }}" - name: disable unecessary services systemd: name: "{{ item }}" state: stopped enabled: no with_items: "{{ services.disable }}" - name: remove ssh keys file: state: absent path: "{{item}}" with_fileglob: - "/etc/ssh/ssh_host*_key*" handlers: - name: reload systemd services systemd: daemon_reload: yes