Has anyone ever toyed around with the idea of using small, discreet, low-power computers (like the Raspberry Pi) as an attack platform? It's small enough that if you got a decent, professional-looking case for it, it could blend in with other network equipment at a client site.

There is a project out there, called RaspberryPwn, that is supposed to be a pentesting Linux distro for the RasPi. It's easy enough to put together your own pentesting tools, especially with something like Arch Linux, but it's still interesting.

Raspberry Pi is not the only platform I have in mind, either. Gooseberry, APC, etc. are similar, each with different specs.

I imagine one could leave a scan running over the course of several days, or weeks, running slow enough to not trigger an IDS, and pick it up later. Some of them are cheap enough that it would be of little concern if you were unable to recover it for some reason (RasPi is only $35).

Anyway, just an idea I had rolling around. Let me know what you think.

My Raspberry Pi is being shipped soon.

You don't even have to go back to pick up your scan results. A reverse tunnel allows full control of your plug for all kinds of goodness....

I agree on the cost / price point.  Just that I want to get a pwnie first, so that I can decide if I feel like building something, and what 'features' I want to port.

But the 'cheap' aspect of Raspberry Pi is definitely a plus.  :-)

I just realized that RaspberryPwn was created by pwnieexpress, so it should be a similar experience. I'll let you guys know if I get a chance to mess around with it, I have several Raspberry Pis to play around with.