Never Ending Security

It starts all here

Tag Archives: ScoutBot

ScoutBot – an unattended network scanner for penetration testers.


ScoutBot is a must have application for penetration testers who are looking for an easy and inconspicuous way of gathering info on a target’s network. ScoutBot is a gun, just in need of a bullet. Built for the Raspberry Pi, this powerful script automates complex footprinting and reconnaissance tasks. While you enjoy a cup of coffee sitting next to that open Ethernet port ScoutBot could be scanning the network or sniffing the traffic – all without the need for a keyboard or monitor. Just load the gun, point and click!

Here’s some of the detailed information ScoutBot can collect in seconds:

  • A complete inventory of the network
  • Device discovery with SNMP
  • DHCP servers & scope
  • Outside IP address
  • Packet captures
  • Internet traffic filtering report
  • Traceroute to the outside
  • Target’s ISP


ScoutBot is a completely unattended network scanner. Configure the system at home and simply connect it to the target network to begin the scan, all you need is a power source and an ethernet cable! If you purchase an all-in-one system from LANsec you won’t even need the power source, our units come complete with a USB battery backup for those situations where you just can’t find an outlet.


  • Scans the target network for open ports
  • Sniffs the network
  • Identifies Windows environments
  • Identifies dynamic routing protocols
  • Identifies devices by scanning with SNMP
  • Identifies DHCP servers and their scope
  • Checks EGRESS filtering
  • Identifies the network’s outside IP address
  • Performs a WHOIS to identify ISP
  • Performs a traceroute to the outside
  • Accepts static IP addresses
  • Accepts DHCP
  • Pre-configure for a completely automated attack
  • Works on any Raspberry Pi, no setup necessary
  • Free


  • Raspberry Pi (model b)
  • SDHC, class 10 memory card (suggested 16gigs)


  • NMAP
  • SNMPCheck
  • Wireshark

Installation Instructions

  1. Download the ScoutBot.IMG file.
  2. Mount the Class 10 SD card.
  3. Write the IMG file onto your SD card. We suggest Win32DiskImager (available here)
  4. Eject the SD card and insert it into your Raspberry Pi.
  5. ScoutBot should automatically boot to the setup script.

Modes of operation:

  1. Perform a scan – A ScoutBot scan is an all-encompassing, fast and powerful network scan that attempts to enumerate anything connected to the network. ScoutBot will collect information such as online devices, Windows environments, DHCP servers, egress filtering status, the outside ip address, dynamic routing protocols, and much more. This information is then compiled into separate files and a single “ScoutBot Report” will be generated for each target.
  2. Perform a packet capture – ScoutBot also has the ability to perform a packet capture on the target’s environment. This application comes in handy when a little information is needed in order to perform a complete scan or the goal is basic reconnaissance. ScoutBot will listen to the wire for a predetermined amount of time and then power down.
  3. Retrieve scan results – When you’re ready to retrieve the results from one of your scans ScoutBot makes it as painless as possible. Simply press “3” on the main screen and ScoutBot will grab an IP and start the internal FTP server.

How to Perform a Scan:

  1. Writing the image file to your SD card.
  2. Power on the Pi. The ScoutBot setup script should automatically start.
  3. Read the disclaimer, if you agree press “enter”.
  4. Enter “yes” if you would like ScoutBot to attempt to obtain an IP address and check for an update.
  5. Next, decide what you would like ScoutBot to do. To perform a network scan enter the number “1” and press enter.
  6. Decide whether you would like ScoutBot to attempt to obtain an IP address using DHCP on the target network or if you would like to enter the required information for static addressing.
  7. After entering your static addressing or telling ScoutBot to use DHCP, next you will need to decide how long you would like packets to be captured on the target network. If you’re unsure, 30 seconds is typically plenty of time to take a snapshot of the environment.
  8. Decide whether you would like to attempt SNMP enumeration. If you do ScoutBot will ask for the SNMP community string. Be aware, this will increase the amount of time required to scan the network.
  9. Tell ScoutBot how many subnets you would like to scan by entering an integer.
  10. Enter the subnet you would like to scan. Only /24 subnets are supported at this time. Entering a single IP address is sufficient, do not enter the subnet mask.
  11. Review the configuration summary screen. If you would like to change any values enter “yes”. By pressing “enter” at each screen you can keep your original values and only change the necessary values.
  12. Once you are finished ScoutBot will shutdown. When you’re ready to begin the scan simply plug in the Raspberry Pi and connect it to the target network. Scans typically take an average of 3-5 minutes (depending on the scanning parameters entered and the number of subnets being scanned).

More information can be found at: