Installing and Configuring Raspberry Pi for Hacking: 2026 Guide
Installing and configuring Raspberry Pi for hacking is a process that looks simple at first glance but can surprise even experienced users. Changing tool versions, new SSH settings, VNC issues and questions about the right board model are everyday challenges for anyone who wants to build a mobile penetration-testing lab. This guide walks you through the whole process step by step, from choosing the hardware to advanced network configuration, taking into account the changes introduced in 2026.
Table of contents
Key takeaways
| Point | Details |
|---|---|
| Choosing the Pi model | A Raspberry Pi 5 with 8 GB RAM is the recommended choice for working with Metasploit and other heavy tools. A Pi 4 with 4 GB RAM is an acceptable minimum for lighter tasks. |
| SSH configuration | Enable SSH in Raspberry Pi Imager via the advanced settings (gear icon or Ctrl+Shift+X) before writing the image - this creates a firstrun.sh file on the boot partition. |
| VNC mode | Raspberry Pi OS ships with the WayVNC server running on Wayland (use a client such as TigerVNC). Switch to X11 only when you need RealVNC or older tools. |
| Separating interfaces | A separate wlan0 for management and wlan1 for offensive work prevents losing the SSH connection. |
| Lab backup | Regular SD card copies with rsync or rpi-clone protect your configuration against data loss. |
Preparing the hardware for installing and configuring Raspberry Pi for hacking
Before you run your first Nmap scan, you need the right hardware. The model choice is crucial here.
A Raspberry Pi 5 with 8 GB RAM is the current standard for working with tools such as Metasploit, Burp Suite or Aircrack-ng. Older models (Pi 3, Pi Zero) simply do not have enough resources to run complex toolsets in parallel. A Pi 4 with 4 GB RAM is an acceptable compromise if you are not planning intensive work with exploitation frameworks.
List of essential components
-
Raspberry Pi 5 (8 GB RAM) or Pi 4 (4 GB RAM minimum)
-
microSD card 32 GB or larger (class A2, e.g. SanDisk Extreme)
-
Official Raspberry Pi power supply (27W USB-C for the Pi 5, 15W for the Pi 4)
-
USB Wi-Fi adapter with monitor mode and packet injection support - e.g. Alfa AWUS036ACH-C (Realtek RTL8812AU chipset, USB-C connector). On modern Kali Linux it works without installing any driver.
-
Optional: a case with active cooling for long operations
-
A computer with Raspberry Pi Imager to prepare the SD card
Download Raspberry Pi Imager from the official site. As the system image, choose Kali Linux for Raspberry Pi (available at kali.org) or Raspberry Pi OS with later installation of hacking tools. Kali Linux is a faster start, Raspberry Pi OS gives you more control over what you install.
Pro tip: In Raspberry Pi Imager, be sure to configure the advanced settings before writing the image. Set the hostname, username, password, Wi-Fi network and time zone. You will save 20 minutes of configuration after the first boot.
In Imager, click the gear icon or use the Ctrl+Shift+X shortcut to open the settings. There you enable SSH, enter your Wi-Fi details and set your own user instead of the default “pi”. This is the foundation of a secure headless setup, meaning without a monitor and keyboard.
Step by step: installing the system on the Raspberry Pi
The process is repeatable and takes about 15 minutes in total. Writing the image to the SD card takes 5 to 10 minutes, after which the system launches the configuration wizard on first boot.
Order of actions after installation
-
Write the image of your chosen system to the microSD card with Raspberry Pi Imager and the advanced settings filled in.
-
Insert the card into the Pi and connect power. For a headless setup, connect the Pi to the network via an Ethernet cable for the first boot.
-
Find the IP address of the board through the router panel or with the command
nmap -sn 192.168.1.0/24. -
Connect over SSH:
ssh yourname@ip_address. If SSH does not work, check the point below about changes in Imager. -
Change the default password with the
passwdcommand and set the hostname viasudo raspi-config. -
Update the system:
sudo apt update && sudo apt full-upgrade -y. -
Configure a static IP address by editing
/etc/dhcpcd.confor through NetworkManager. -
Enable VNC in
sudo raspi-config(Interface Options). The default WayVNC runs on Wayland; set X11 mode only for RealVNC or older tools. -
Install the hacking tools: Metasploit, Nmap, Wireshark, Aircrack-ng, Hydra.
-
Make your first backup of the SD card before experimenting.
SSH configuration in newer Imager versions
This is where many people lose time, because they stick to old guides. The simplest and most reliable way is to enable SSH directly in Raspberry Pi Imager before writing the image: click the gear icon (or Ctrl+Shift+X), go into the advanced settings and tick “Enable SSH” (with a password or a public key). Imager then writes a firstrun.sh file to the card's boot partition, which automatically enables the SSH service on first boot. The old method - manually creating an empty ssh file in the boot partition - still works on Raspberry Pi OS, but configuring it in Imager is more reliable and eliminates errors in headless setups.
Pro tip: Always configure SSH directly in Imager before writing, not manually afterwards. Configuration through Imager (the firstrun.sh file) is more reliable than tinkering on the card after writing and eliminates errors in headless work.
| Parameter | Recommended value | Reason |
|---|---|---|
| SSH protocol | SSHv2, disable root login | Basic security |
| Graphics mode | Wayland (default) or X11 | X11 only for RealVNC / older tools |
| IP address | Static | Reliable SSH access |
| Password | Min. 16 characters | Protection against brute force |
After the first login, immediately change the user password and disable root login over SSH. Add a UFW firewall rule: sudo ufw allow ssh && sudo ufw enable. This is minimal hardening before connecting the Pi to any test network.
For a remote desktop you do not have to run away from Wayland. Raspberry Pi OS (Bookworm) has a built-in WayVNC server that runs natively on Wayland - just enable VNC in sudo raspi-config (Interface Options) and connect with a client, e.g. TigerVNC. Raspberry Pi Connect also supports screen sharing on models running Wayland. Switching to X11 (sudo raspi-config, Advanced Options, the Wayland entry - select X11, then sudo reboot) is only needed in one case: when you want to use RealVNC or older tools and guides that are incompatible with Wayland. It is not a general rule.
Advanced network configuration for the hacking lab
This is the section that separates a functional lab from a real pentesting tool.
Separating network interfaces
Separating the wlan0 and wlan1 interfaces is the absolute foundation of stable work. Wlan0 (the built-in Wi-Fi module) acts as the management channel through which you have SSH access. Wlan1 (an external USB adapter with a Realtek chipset) is used for offensive work: monitor mode, packet injection, creating a rogue AP. Thanks to this, enabling monitor mode on wlan1 does not interrupt your SSH connection over wlan0.
-
wlan0: connection to the home network or VPN, permanent SSH and VNC access
-
wlan1: an Alfa adapter with RTL8812AU, monitor mode, aircrack-ng, hostapd
-
eth0: an Ethernet cable as a backup management channel when Wi-Fi has problems
Installing the Realtek drivers
The Alfa AWUS036ACH-C card uses the Realtek RTL8812AU chipset. The good news: on modern Kali Linux (kernel 6.14 or newer) the driver is already built into the kernel as the rtw88_8812au module - the card works right away, monitor mode and packet injection without installing anything. First, just check whether monitor mode is available:
sudo apt install -y dkms git
iw list | grep -A8 "Supported interface modes"
If you see * monitor in the list, you are all set - you install nothing.
If you are using an older kernel or the card does not enter monitor mode, install the driver. The fastest way is from the Kali repository:
sudo apt install -y realtek-rtl88xxau-dkms
If that does not help, build the latest version of the driver from source (the lwfinger/rtw88 repository) - on the Raspberry Pi, compiling with make is the most reliable:
sudo apt update && sudo apt install -y git build-essential bc dkms
git clone https://github.com/lwfinger/rtw88
cd rtw88
make
sudo make install
After a reboot, check monitor mode again: iw list | grep monitor.
Pro tip: Before installing the drivers, make sure the system is fully updated. A mismatch between the kernel version and the DKMS driver is the most common cause of Wi-Fi adapter problems.
Automating Wi-Fi network attacks (Evil Twin, rogue AP)
Assembling a rogue AP by hand from hostapd, dnsmasq and iptables rules works, but in practice it is faster and more reliable to use a ready, automated tool. The best choice in 2026 is airgeddon - a comprehensive script that sets up the access point itself, launches the DHCP and DNS server, a captive portal and traffic forwarding (NAT), and you control it all from a clear menu. It runs on Kali Linux, including the ARM version on the Raspberry Pi:
git clone https://github.com/v1s1t0r1sh3r3/airgeddon
cd airgeddon
sudo bash airgeddon.sh
On Kali Linux airgeddon is also in the repository: sudo apt install -y airgeddon, and then you launch it with the command sudo airgeddon.
Under the hood airgeddon uses the same building blocks (hostapd, dnsmasq, iptables), but it frees you from configuring each one by hand. A simpler alternative focused solely on the Evil Twin with password capture is fluxion. Hardware note: an Evil Twin on a single card requires virtual interface (VIF) support, which works best on MediaTek chipsets - with the RTL8812AU, use two cards (one as the AP, the other for deauth).
SSH access through the Raspberry Pi's own hotspot
In the field, with no access to a router, you can have the Raspberry Pi broadcast its own hotspot and connect to it over SSH from a laptop or phone. On Raspberry Pi OS Bookworm and Kali the default network manager is NetworkManager, so a single command is enough:
sudo nmcli device wifi hotspot ifname wlan0 ssid PiAP password "YourStrongPassword"
The Pi becomes the gateway at the fixed address 10.42.0.1 and hands out addresses (DHCP) to connected clients itself. After connecting to the PiAP network, you connect as usual:
ssh [email protected]
You can view the list of connected clients on the Pi with the command ip neigh show dev wlan0 or in the DHCP leases: cat /var/lib/NetworkManager/dnsmasq-*.leases. A single interface is enough for the hotspot with SSH access - you only need a second adapter when you want to keep the hotspot running and stay connected to another Wi-Fi network at the same time.
Configuration comparison: Kali Linux vs Raspberry Pi OS
| Feature | Kali Linux for Pi | Raspberry Pi OS + tools |
|---|---|---|
| Preinstalled tools | Yes, over 600 | No, manual installation |
| System stability | Lower (rolling release) | Higher (stable) |
| RAM usage | Higher | Lower |
| Configuration time | Shorter | Longer |
| Control over the environment | Lower | Full |
Troubleshooting and optimization
A few problems show up regularly with every new installation. Here is how to diagnose them.
Common problems and solutions
-
SSH does not work after a reboot: Enable SSH in Raspberry Pi Imager before writing (advanced settings, Enable SSH) - this creates a firstrun.sh file on the boot partition. Manually adding an empty ssh file to the boot partition also works, but configuring it in Imager is more reliable.
-
VNC shows a black screen or a connection error: Usually a sign that you are using a client that requires X11 (e.g. RealVNC) on Wayland. Connect with a WayVNC-compatible client (e.g. TigerVNC) or switch the Pi to X11 via
sudo raspi-config(Advanced Options) and reboot. -
The Wi-Fi adapter does not enter monitor mode: Check the DKMS driver version and whether the module is loaded with
lsmod | grep 8812au. -
The SSH connection drops during Wi-Fi attacks: You are using a single adapter for both management and attacks. Add an external USB adapter and separate the interfaces.
-
The Pi heats up and throttles the CPU: Install active cooling or lower the frequency via
sudo raspi-configin the Performance section.
Pro tip: On the Raspberry Pi Zero and Pi 1, disabling VNC encryption significantly reduces CPU load. Do this only on an isolated, private test network, never in a production environment.
Backing up and restoring the lab
Backing up the system with rsync or rpi-clone is a habit that saves hours of work after a failed experiment. Make a copy of the SD card before every major configuration change.
| Backup method | Tool | Time | Use case |
|---|---|---|---|
| 1:1 SD card copy |
dd or rpi-clone |
15-30 min | Full system backup |
| File synchronization | rsync | 5-15 min | Backup of data and configuration |
| Compressed image | pishrink + dd | 20-40 min | Portable image for flashing |
Also check whether safely testing your own router is part of your lab plan. A Pi configured according to this guide is great for home network audits.
My experience configuring the Pi for hacking
I have worked with the Raspberry Pi in a security context for several years and I have one strong conviction: most of the problems people struggle with come from using outdated guides.
I have seen it dozens of times. Someone follows a guide from a few years ago and spends two hours debugging SSH that simply will not start after a reboot. The reason? They stick to old tutorials that tell you to manually create files on the card, instead of simply enabling SSH in the Raspberry Pi Imager settings before writing the image. The internet is still full of outdated guides, while the simplest and most reliable path is now built into Imager itself.
The second mistake I see constantly is running everything on a single Wi-Fi adapter. You enable monitor mode on wlan0, lose SSH and sit there with a Pi you cannot reach. Separating the interfaces is not an option for advanced users, it is the foundation of any sensible setup.
As for the model choice: do not try to save money on a Pi 3 for serious hacking projects. A Pi 5 with 8 GB RAM is the difference not in speed, but in whether Metasploit is usable at all without frustration. The Pi 3 is fine for learning the basics, but with complex toolsets it will start throttling after a few minutes.
Kali Linux for Pi is a convenient starting point, but personally I prefer Raspberry Pi OS with manually installed tools. I then know exactly what is on the system and have full control over the dependencies. In penetration testing, knowing your environment is not a comfort, it is a requirement.
Treat every configuration as something you will have to rebuild from scratch. Document every step, make backups regularly, and always change the default passwords before you connect the Pi to any network. Simple rules, but in practice often neglected.
— Krystian
Hacking hardware for Raspberry Pi at Sapsan-sklep
A well-configured Raspberry Pi is only the beginning. Its capabilities depend directly on the quality of the connected hardware.
And if you do not feel like assembling and configuring a Raspberry Pi from scratch - at SAPSAN you have an all-in-one ready-made option. uConsole is a portable terminal based on the Raspberry Pi (CM4 module), with a keyboard, screen, battery and room for a modem in a single enclosure - you unpack it and get going. You can pair it with a full set of add-ons and gadgets for pentesters and Wi-Fi cards for monitor mode. Shipping across the EU and the USA.
FAQ
Which Raspberry Pi model should I choose for hacking?
A Raspberry Pi 5 with 8 GB RAM is the optimal choice for working with Metasploit and other heavy tools. A Pi 4 with 4 GB RAM is the minimum for lighter use.
Why does SSH not work after rebooting the Pi?
You are probably using the old method. The most reliable way is to enable SSH in Raspberry Pi Imager before writing the image - in the advanced settings (Ctrl+Shift+X) tick Enable SSH. Imager writes a firstrun.sh file that enables SSH on first boot. Manually creating an ssh file in the boot partition also works, but configuring it in Imager is more reliable.
How do I fix VNC issues on the new Raspberry Pi OS?
Raspberry Pi OS has a built-in WayVNC that runs on Wayland - enable VNC in sudo raspi-config and connect with a client, e.g. TigerVNC. Switching to X11 (Advanced Options, then a restart) is only needed when you use RealVNC or older tools incompatible with Wayland.
Is Kali Linux or Raspberry Pi OS better for hacking?
Kali Linux for Pi comes with over 600 preinstalled tools and is a faster start. Raspberry Pi OS with manually installed tools gives more control and stability. The choice depends on your experience level and preferences.
How do I secure a Raspberry Pi used for penetration testing?
Change the default user's password immediately after installation, disable root login over SSH and enable the UFW firewall. Use a static IP and restrict SSH access to trusted addresses only.