MCPcopy Index your code
hub / github.com/PierreGode/Ragnar

github.com/PierreGode/Ragnar @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
6,937 symbols 24,714 edges 257 files 2,536 documented · 37%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Ragnar image

ko-fi GitHub stars Python Status License: MIT

Ragnar is a fork of the awesome Bjorn project — a Tamagotchi-like autonomous network scanning, vulnerability assessment, and offensive security tool. It runs on a Raspberry Pi with a 2.13-inch e-Paper HAT, as a headless server on Debian-based systems (AMD64/ARM/ARM64) with Ethernet-first connectivity, or on the WiFi Pineapple Pager with full-color LCD display. On servers with 8GB+ RAM, Ragnar unlocks advanced capabilities including real-time traffic analysis and enhanced vulnerability scanning.

[!IMPORTANT] For educational and authorized testing purposes only.


Quick Install

wget https://raw.githubusercontent.com/PierreGode/Ragnar/main/install_ragnar.sh
sudo chmod +x install_ragnar.sh && sudo ./install_ragnar.sh
# On Raspberry Pi: choose between e-Paper HAT, server/headless, or Pineapple Pager deployment.
# On other hardware: choose between server install or Pineapple Pager deployment.
# It may take a while as many packages and modules will be installed. Reboot when it finishes.

For detailed information see the Install Guide. See Release Notes for what's new.


🌐 Web Interface

Access Ragnar's dashboard at http://<ragnar-ip>:8000

  • Real-time network discovery and vulnerability scanning
  • Multi-source threat intelligence dashboard
  • File management with image gallery
  • System monitoring and configuration
  • Hardware profile auto-detection (Pi Zero 2W, Pi 4, Pi 5)

WiFi Configuration Portal — When Ragnar can't connect to a known network, it creates a WiFi hotspot: 1. Connect to WiFi network Ragnar (password: ragnarconnect) 2. Navigate to http://192.168.4.1:8000 3. Configure your WiFi credentials via the mobile-friendly interface 4. Ragnar will automatically retry known WiFi after some time if the AP is unused 5. Once configured, Ragnar exits AP mode and connects to your network

The portal supports network scanning with signal strength, manual entry for hidden SSIDs, known network management, and one-tap reconnection.

web will be down during wardrive without ap or wifi connection.


🌟 Features

  • RuSense — Camera-Free Surveillance — Turns ordinary 2.4 GHz WiFi into a no-camera sensor: ESP32 nodes read Channel State Information (CSI) to report presence, motion, people-count, and — with a trained model — coarse pose and resting vital signs (breathing / heart rate). Works in the dark and through walls, with security & health modes, a calibration wizard, browser flashing, and a multi-node offline mesh. See RuSense

  • Network Tools — A built-in network engineer's toolbox in the web UI. Diagnostics: ping, traceroute, MTR, WHOIS, internet speed test, DNS Doctor (resolver / DNSSEC checks), Path-MTU / black-hole probe, captive-portal check, and LAN throughput via iperf3 (client + built-in server). Switch & L2: switch discovery via LLDP / CDPv1v2 / EDP / FDP / SONMP with PoE detection, ARP host scanning, and Locate Port (blinks a switch port so you can find the cable). Interfaces: per-interface link speed/duplex/auto-neg, DHCP-vs-static and VLAN detail, DNS/gateway network identity, and per-interface public IP / ISP-ASN lookup (ISP/WAN detection) for multi-WAN setups. Missing CLI tools install with one click. Co-authored by Solarflere. See Network Tools Guide

  • Wardriving with GPS recovery — Logs WiFi networks, BLE devices, and cell towers with GPS positions while driving. Exports to WiGLE CSV / KML. Most wardrivers log observations with GPS-at-scan-time and discard the rest; Ragnar logs a GPS breadcrumb track during the session and runs a post-pass that backfills missing positions for any observation seen within 5 minutes of a real GPS point. The interpolation is speed-aware — when endpoint speeds differ (slowing for a tunnel, accelerating out the far side), it uses constant-acceleration math instead of constant-velocity, shifting positions toward whichever endpoint the device actually spent more time near. See Wardriving Guide

  • Network Scanning — Identifies live hosts and open ports

  • Vulnerability Assessment — Scans using Nmap and other tools
  • Multi-Source Threat Intelligence — Real-time fusion from CISA KEV, NVD CVE, AlienVault OTX, and MITRE ATT&CK
  • AI-Powered Analysis — GPT-5 Nano integration for security summaries, vulnerability prioritization, and remediation advice. See AI Integration Guide
  • System Attacks — Brute-force attacks on FTP, SSH, SMB, RDP, Telnet, SQL
  • File Stealing — Extracts data from vulnerable services
  • Advanced Server Features (8GB+ RAM) — Real-time traffic analysis, advanced vulnerability scanning with Nuclei/Nikto/SQLMap/ZAP, parallel scanning, and CVE correlation. See Server Mode
  • LAN-First Connectivity — Prefers Ethernet when present, manages WiFi as fallback
  • Smart WiFi Management — Auto-connects to known networks, falls back to AP mode, captive portal for configuration
  • E-Paper Display — Real-time status showing targets, vulnerabilities, credentials, and network info
  • MAX7219 LED Matrix Display — Cascaded 8×8 LED panel arrays (4-panel 32×8 or 8-panel 64×8). Scrolls SSID, IP, targets, and status. SPI-connected: DIN→GPIO10, CS→GPIO8, CLK→GPIO11.
  • WiFi Pineapple Pager — Full-color LCD display with button controls, LED indicators, and auto-dim. See Pager section
  • Hardware-Bound Authentication — Optional login with full database encryption at rest. See Security & Authentication
  • PiSugar 3 Button — Physical button to swap between Ragnar and Pwnagotchi modes
  • Web Terminal — Optional interactive shell (xterm.js ↔ PTY over Socket.IO) in the dashboard, so you can manage the Pi without SSH. Runs as the non-root ragnar user in the Ragnar folder (sudo available), off by default, and gated by login — enable it in Config → Web Terminal only on trusted networks.
  • Kill Switch — Built-in endpoint (/api/kill) to wipe all databases, logs, and data. See Kill Switch
  • Comprehensive Logging — All nmap commands and results logged to data/logs/nmap.log

image

image


📌 Supported Platforms & Prerequisites

Raspberry Pi (Zero W / W2 / 4 / 5)

  • 64-bit Raspberry Pi OS (Debian Trixie, kernel 6.12+)
  • Username and hostname set to ragnar
  • 2.13-inch e-Paper HAT connected to GPIO pins (for display mode)
  • For 32-bit systems, use Ragnar's predecessor Bjorn

Recommendation: Edit ~/.config/labwc/autostart and comment out /usr/bin/lwrespawn /usr/bin/wf-panel-pi & to free up resources, or run sudo pkill wf-panel-pi temporarily.

Debian-Based Server / Headless

  • Debian 11+ or Ubuntu 20.04+ (AMD64, ARM64, or ARMv7)
  • Minimum: 2GB RAM, 2 CPU cores, 10GB free disk
  • Recommended: 8GB+ RAM for advanced features (traffic analysis, Nuclei, Nikto, SQLMap)

WiFi Pineapple Pager

  • Firmware 1.0.7+
  • PAGERCTL payload installed (provides libpagerctl.so)
  • SSH access from your workstation
  • Python3 + nmap (auto-installed on first run)
  • MIPS-compiled Python libraries bundled in pager_lib/ (or sourced from PAGERCTL payload)

🔨 Installation Details

The installer auto-detects your platform and configures everything:

  • Distro detection — Supports apt, dnf, pacman, zypper
  • Architecture support — AMD64, ARM64, ARMv7, ARMv8
  • Profiles — Pi + e-Paper, Server/Headless, WiFi Pineapple Pager
  • Automatic advanced tools — Systems with 8GB+ RAM get advanced features installed automatically
  • Smart resource management — Pi Zero W/W2 automatically skip resource-intensive tools
  • ARM optimizations — Uses PiWheels on ARM, retries mirrors, skips Pi-only steps on other hardware

For the full installation walkthrough see Install Guide.


🖥️ Server Mode: Advanced Features (8GB+ RAM)

When deployed on systems with 8GB+ RAM, Ragnar automatically unlocks advanced security capabilities.

Fresh installs: The main installer detects 8GB+ RAM and installs advanced tools automatically.

Existing installs: Run the advanced tools installer separately: bash cd /home/ragnar/Ragnar sudo ./scripts/install_advanced_tools.sh sudo systemctl restart ragnar

Real-Time Traffic Analysis

  • Live packet capture with tcpdump and tshark
  • Connection tracking with detailed TCP/UDP statistics
  • Deep protocol inspection (HTTP, DNS, SMB, SSH)
  • Per-host bandwidth monitoring and top talkers
  • Automated security risk scoring and anomaly detection
  • DNS query logging and port activity monitoring

Advanced Vulnerability Scanning

  • OWASP ZAP — Spider + AJAX spider + active scan with automatic browser detection
  • Authenticated scanning — 8 auth types: form-based, HTTP Basic, OAuth2, Bearer Token, API Key, Cookie, Script-based
  • Nuclei — 5000+ vulnerability templates from ProjectDiscovery
  • Nikto — Comprehensive web server assessment
  • SQLMap — Automated SQL injection detection
  • Parallel scanning — Multi-threaded for faster results
  • CVE correlation — Automatic correlation with NVD, CISA KEV, and threat feeds
  • Live progress — Real-time log panel and animated progress bar
  • Web and API modes — Scan web apps or API endpoints with OpenAPI spec import

What Gets Installed

  • Traffic tools: tcpdump, tshark, ngrep, iftop, nethogs
  • Vulnerability scanners: Nuclei, Nikto, SQLMap, WhatWeb
  • Web app security: OWASP ZAP (requires Java)
  • Nmap scripts: vulners.nse, vulscan database

Ragnar auto-detects available tools and enables corresponding features in the web interface.


📡 RuSense — Camera-Free Surveillance

RuSense turns ordinary 2.4 GHz WiFi into a no-camera surveillance system for home, office, and anywhere a lens is unwelcome. ESP32 sensor nodes read WiFi Channel State Information (CSI) — the tiny distortions a moving body imprints on radio waves — and a bundled sensing engine reports presence, motion, people-count, and (with a trained model) coarse pose and resting vital signs. No images are ever captured; it works in the dark and through walls.

  • Flash a sensor node from your browser — no toolchain needed: RuSense Flasher (ESP32-S3 / C6, Chrome/Edge).
  • Install the backend: sudo ./scripts/install_sensing.sh (runs as ragnar-sensing.service).
  • View it under the RuSense tabs in the web dashboard at http://<ragnar-ip>:8000.

Powered by RuView (by ruvnet). Full details: RuSense Guide.


🐝 Ragnar + Pwnagotchi Side by Side

A bundled helper script plus dashboard controls make swapping between Ragnar and Pwnagotchi painless:

  1. Run the installer: bash cd /home/ragnar/Ragnar sudo ./scripts/install_pwnagotchi.sh The script clones pwnagotchiworking into /opt/pwnagotchi, installs dependencies, writes /etc/pwnagotchi/config.toml, and drops a disabled pwnagotchi.service. Re-running is fast — it skips already-installed packages.

  2. Open the web UI → Config tab → Pwnagotchi Bridge → click Switch to Pwnagotchi.

Requirements: - USB WiFi adapter (wlan1) with monitor mode support - Waveshare 2.13" e-Paper HAT V4 for the pwnagotchi face display

Pwnagotchi web UI: http://<same-ip>:8080 (credentials: ragnar / ragnar)

What the installer configures: - Monitor mode scripts (/usr/bin/monstart, /usr/bin/monstop) - e-Paper display type (waveshare213_v4) and rotation - Web UI on port 8080, Pwngrid disabled - RSA keys, log directories, bettercap integration

Swapping via PiSugar 3 button:

Button Action While Ragnar is running While Pwnagotchi is running
Single tap Toggle manual mode
Double tap Switch to Pwnagotchi Switch to Ragnar
Long press Switch to Pwnagotchi Switch to Ragnar

A 10-second cooldown prevents accidental double triggers. If PiSugar is not connected, the listener is silently disabled.

Static IP recommended: When switching modes, WiFi may briefly reconnect with a different DHCP IP. Set a static IP:

sudo nmcli con mod "YOUR_WIFI_SSID" ipv4.method manual \
  ipv4.addresses "192.168.1.211/24" \
  ipv4.gateway "192.168.1.1" \
  ipv4.dns "192.168.1.1"
sudo nmcli con up "YOUR_WIFI_SSID"

Or set a DHCP reservation on your router. This only affects wlan0 — the monitor interface (wlan1/mon0) is not changed.

**Service rec

Core symbols most depended-on inside this repo

get
called by 3009
pager_lib/getmac/getmac.py
error
called by 1358
logger.py
info
called by 1279
logger.py
add
called by 839
pager_lib/pymysql/charset.py
append
called by 804
pager_lib/pyasn1/type/univ.py
debug
called by 618
logger.py
warning
called by 489
logger.py
escapeHtml
called by 364
web/scripts/ragnar_modern.js

Shape

Method 3,466
Function 2,580
Class 587
Route 304

Languages

Python75%
TypeScript25%
C++1%

Modules by API surface

webapp_modern.py795 symbols
web/scripts/ragnar_modern.js691 symbols
web/scripts/ragnar_modern.min.js616 symbols
pager_lib/pyasn1/type/univ.py264 symbols
network_diagnostics.py119 symbols
pager_lib/smb/smb_structs.py118 symbols
advanced_vuln_scanner.py118 symbols
pager_lib/smb/base.py115 symbols
pager_lib/getmac/getmac.py105 symbols
wardriving.py100 symbols
wifi_manager.py82 symbols
pager_lib/smb/smb2_structs.py82 symbols

Datastores touched

(mysql)Database · 1 repos

For agents

$ claude mcp add Ragnar \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact