<img width="70" height="150" alt="image" src="https://github.com/user-attachments/assets/463d32c7-f6ca-447c-b62b-f18f2429b2b2" /> Ragnar

GitHub stars

Ragnar is a fork of the awesome Bjorn project — a Tamagotchi-like autonomous network scanning, vulnerability assessment, and offensive security tool. It runs on a Raspberry Pi with a 2.13-inch e-Paper HAT, as a headless server on Debian-based systems (AMD64/ARM/ARM64) with Ethernet-first connectivity, or on the WiFi Pineapple Pager with full-color LCD display. On servers with 8GB+ RAM, Ragnar unlocks advanced capabilities including real-time traffic analysis and enhanced vulnerability scanning.

[!IMPORTANT] For educational and authorized testing purposes only.

Quick Install

wget https://raw.githubusercontent.com/PierreGode/Ragnar/main/install_ragnar.sh
sudo chmod +x install_ragnar.sh && sudo ./install_ragnar.sh
# On Raspberry Pi: choose between e-Paper HAT, server/headless, or Pineapple Pager deployment.
# On other hardware: choose between server install or Pineapple Pager deployment.
# It may take a while as many packages and modules will be installed. Reboot when it finishes.

For detailed information see the Install Guide. See Release Notes for what's new.

🌐 Web Interface

Access Ragnar's dashboard at http://<ragnar-ip>:8000

Real-time network discovery and vulnerability scanning
Multi-source threat intelligence dashboard
File management with image gallery
System monitoring and configuration
Hardware profile auto-detection (Pi Zero 2W, Pi 4, Pi 5)

WiFi Configuration Portal — When Ragnar can't connect to a known network, it creates a WiFi hotspot:

Connect to WiFi network Ragnar (password: ragnarconnect)
Navigate to http://192.168.4.1:8000
Configure your WiFi credentials via the mobile-friendly interface
Ragnar will automatically retry known WiFi after some time if the AP is unused
Once configured, Ragnar exits AP mode and connects to your network

The portal supports network scanning with signal strength, manual entry for hidden SSIDs, known network management, and one-tap reconnection.

🌟 Features

Wi-Fi Client Isolation Testing — AirSnitch tests whether a network properly isolates clients using GTK abuse, gateway bouncing, and port stealing attacks. See AirSnitch Guide
Network Scanning — Identifies live hosts and open ports
Vulnerability Assessment — Scans using Nmap and other tools
Multi-Source Threat Intelligence — Real-time fusion from CISA KEV, NVD CVE, AlienVault OTX, and MITRE ATT&CK
AI-Powered Analysis — GPT-5 Nano integration for security summaries, vulnerability prioritization, and remediation advice. See AI Integration Guide
System Attacks — Brute-force attacks on FTP, SSH, SMB, RDP, Telnet, SQL
File Stealing — Extracts data from vulnerable services
Advanced Server Features (8GB+ RAM) — Real-time traffic analysis, advanced vulnerability scanning with Nuclei/Nikto/SQLMap/ZAP, parallel scanning, and CVE correlation. See Server Mode
LAN-First Connectivity — Prefers Ethernet when present, manages WiFi as fallback
Smart WiFi Management — Auto-connects to known networks, falls back to AP mode, captive portal for configuration
E-Paper Display — Real-time status showing targets, vulnerabilities, credentials, and network info
MAX7219 LED Matrix Display — Cascaded 8×8 LED panel arrays (4-panel 32×8 or 8-panel 64×8). Scrolls SSID, IP, targets, and status. SPI-connected: DIN→GPIO10, CS→GPIO8, CLK→GPIO11.
WiFi Pineapple Pager — Full-color LCD display with button controls, LED indicators, and auto-dim. See Pager section
Hardware-Bound Authentication — Optional login with full database encryption at rest. See Security & Authentication
PiSugar 3 Button — Physical button to swap between Ragnar and Pwnagotchi modes
Kill Switch — Built-in endpoint (/api/kill) to wipe all databases, logs, and data. See Kill Switch
Comprehensive Logging — All nmap commands and results logged to data/logs/nmap.log

📌 Supported Platforms & Prerequisites

Raspberry Pi (Zero W / W2 / 4 / 5)

64-bit Raspberry Pi OS (Debian Trixie, kernel 6.12+)
Username and hostname set to ragnar
2.13-inch e-Paper HAT connected to GPIO pins (for display mode)
For 32-bit systems, use Ragnar's predecessor Bjorn

Recommendation: Edit ~/.config/labwc/autostart and comment out /usr/bin/lwrespawn /usr/bin/wf-panel-pi & to free up resources, or run sudo pkill wf-panel-pi temporarily.

Debian-Based Server / Headless

Debian 11+ or Ubuntu 20.04+ (AMD64, ARM64, or ARMv7)
Minimum: 2GB RAM, 2 CPU cores, 10GB free disk
Recommended: 8GB+ RAM for advanced features (traffic analysis, Nuclei, Nikto, SQLMap)

WiFi Pineapple Pager

Firmware 1.0.7+
PAGERCTL payload installed (provides libpagerctl.so)
SSH access from your workstation
Python3 + nmap (auto-installed on first run)
MIPS-compiled Python libraries bundled in pager_lib/ (or sourced from PAGERCTL payload)

🔨 Installation Details

The installer auto-detects your platform and configures everything:

Distro detection — Supports apt, dnf, pacman, zypper
Architecture support — AMD64, ARM64, ARMv7, ARMv8
Profiles — Pi + e-Paper, Server/Headless, WiFi Pineapple Pager
Automatic advanced tools — Systems with 8GB+ RAM get advanced features installed automatically
Smart resource management — Pi Zero W/W2 automatically skip resource-intensive tools
ARM optimizations — Uses PiWheels on ARM, retries mirrors, skips Pi-only steps on other hardware

For the full installation walkthrough see Install Guide.

🖥️ Server Mode: Advanced Features (8GB+ RAM)

When deployed on systems with 8GB+ RAM, Ragnar automatically unlocks advanced security capabilities.

Fresh installs: The main installer detects 8GB+ RAM and installs advanced tools automatically.

Existing installs: Run the advanced tools installer separately:
cd /home/ragnar/Ragnar
sudo ./scripts/install_advanced_tools.sh
sudo systemctl restart ragnar

Real-Time Traffic Analysis

Live packet capture with tcpdump and tshark
Connection tracking with detailed TCP/UDP statistics
Deep protocol inspection (HTTP, DNS, SMB, SSH)
Per-host bandwidth monitoring and top talkers
Automated security risk scoring and anomaly detection
DNS query logging and port activity monitoring

Advanced Vulnerability Scanning

OWASP ZAP — Spider + AJAX spider + active scan with automatic browser detection
Authenticated scanning — 8 auth types: form-based, HTTP Basic, OAuth2, Bearer Token, API Key, Cookie, Script-based
Nuclei — 5000+ vulnerability templates from ProjectDiscovery
Nikto — Comprehensive web server assessment
SQLMap — Automated SQL injection detection
Parallel scanning — Multi-threaded for faster results
CVE correlation — Automatic correlation with NVD, CISA KEV, and threat feeds
Live progress — Real-time log panel and animated progress bar
Web and API modes — Scan web apps or API endpoints with OpenAPI spec import

What Gets Installed

Traffic tools: tcpdump, tshark, ngrep, iftop, nethogs
Vulnerability scanners: Nuclei, Nikto, SQLMap, WhatWeb
Web app security: OWASP ZAP (requires Java)
Nmap scripts: vulners.nse, vulscan database

Ragnar auto-detects available tools and enables corresponding features in the web interface.

🐝 Ragnar + Pwnagotchi Side by Side

A bundled helper script plus dashboard controls make swapping between Ragnar and Pwnagotchi painless:

Run the installer:
```
cd /home/ragnar/Ragnar
sudo ./scripts/install_pwnagotchi.sh
```
The script clones pwnagotchiworking into /opt/pwnagotchi, installs dependencies, writes /etc/pwnagotchi/config.toml, and drops a disabled pwnagotchi.service. Re-running is fast — it skips already-installed packages.
Open the web UI → Config tab → Pwnagotchi Bridge → click Switch to Pwnagotchi.

Requirements:

USB WiFi adapter (wlan1) with monitor mode support
Waveshare 2.13" e-Paper HAT V4 for the pwnagotchi face display

Pwnagotchi web UI: http://<same-ip>:8080 (credentials: ragnar / ragnar)

What the installer configures:

Monitor mode scripts (/usr/bin/monstart, /usr/bin/monstop)
e-Paper display type (waveshare213_v4) and rotation
Web UI on port 8080, Pwngrid disabled
RSA keys, log directories, bettercap integration

Swapping via PiSugar 3 button:

| Button Action | While Ragnar is running | Wh

Ragnar

Install / Use

README