Ragnar is a « Tamagotchi like » sophisticated, autonomous network scanning, vulnerability assessment, and offensive security tool designed to run on a Raspberry Pi equipped with a 2.13-inch e-Paper HAT—or as a headless/server install on Debian-based systems (AMD64/ARM/ARM64) with Ethernet-first connectivity. On servers with 8GB+ RAM, Ragnar unlocks advanced capabilities including real-time traffic analysis and enhanced vulnerability assessment. This document provides a detailed explanation of the project.

The fastest way to install Ragnar is using the automatic installation script :

# Download and run the installer
wget https://raw.githubusercontent.com/PierreGode/Ragnar/main/install_ragnar.sh
sudo chmod +x install_ragnar.sh && sudo ./install_ragnar.sh
# On Raspberry Pi you'll be asked if an e-Paper HAT is attached; on other hardware it auto-selects server (headless) mode with LAN-first networking.
# It may take a while as many packages and modules will be installed. Reboot when it finishes.

Modern Dashboard - Access Ragnar's sleek web interface at http://<ragnar-ip>:8000: Images

• Real-time network discovery and vulnerability scanning
• Multi-source threat intelligence dashboard
• File management with image gallery
• System monitoring and configuration
• Hardware profile auto-detection (Pi Zero 2W, Pi 4, Pi 5)

WiFi Configuration Portal - When Ragnar can't connect to a known network, it automatically creates a WiFi hotspot:

1. Connect to WiFi network: Ragnar (password ragnarconnect)
2. Navigate to: http://192.168.4.1:8000
3. Configure your home WiFi credentials via the mobile-friendly interface
4. Monitor the countdown timer - Ragnar will automatically try to reconnect to kn wifi after som time if AP is unused.
5. Done - Ragnar exits AP mode and connects to your network

The AP portal features:

• Network scanning with signal strength indicators
• Manual network entry for hidden SSIDs
• Countdown timer showing when Ragnar will retry WiFi
• Known networks management
• One-tap connection to saved networks

Ragnar is a fork from the awesome project Bjorn and is rebuilt powerful tool designed to perform comprehensive network scanning, vulnerability assessment, and data ex-filtration. Its modular design and extensive configuration options allow for flexible and targeted operations. By combining different actions and orchestrating them intelligently, Ragnar can provide valuable insights into network security and help identify and mitigate potential risks.

Ragnar is built for 64-bit Raspberry Pi OS (Debian Trixie).

The e-Paper HAT display and web interface make it easy to monitor and interact with Ragnar, providing real-time updates and status information. With its extensible architecture and customizable actions, Ragnar can be adapted to suit a wide range of security testing and monitoring needs.

• Network Scanning: Identifies live hosts and open ports on the network.
• Vulnerability Assessment: Performs vulnerability scans using Nmap and other tools.
• Multi-Source Threat Intelligence: Real-time threat intelligence fusion from CISA KEV, NVD CVE, AlienVault OTX, and MITRE ATT&CK.
• AI-Powered Analysis: 🆕 GPT-5 Nano integration provides intelligent analysis:
  • Network security summaries
  • Vulnerability prioritization and remediation advice
  • Network weakness identification and attack vector analysis
  • See AI Integration Guide for setup
• System Attacks: Conducts brute-force attacks on various services (FTP, SSH, SMB, RDP, Telnet, SQL).
• File Stealing: Extracts data from vulnerable services.
• Advanced Server Features (8GB+ RAM): 🆕
  • Real-Time Traffic Analysis: Live packet capture, connection tracking, protocol analysis, bandwidth monitoring, and C2 beacon detection using tcpdump, tshark, and custom analyzers
  • Advanced Vulnerability Scanning: Enhanced assessment with Nuclei templates, Nikto web server scanning, SQLMap injection testing, parallel scanning, CVE correlation, and exploit suggestion engine
• LAN-First Connectivity: Prefers Ethernet when present, exposes a LAN status card in the modern dashboard, and still manages WiFi as needed.
• Smart WiFi Management:
  • Auto-connects to known networks on boot
  • Falls back to AP mode when no WiFi available
  • Captive portal at http://192.168.4.1/portal for easy mobile configuration
  • Automatic network reconnection with validation
• Modern Web Interface:
  • Beautiful Tailwind CSS-based dashboard
  • Real-time updates via WebSocket
  • Comprehensive network visualization
  • AI-powered insights on dashboard
  • Threat intelligence dashboard
  • File management and image gallery
  • System monitoring and configuration
  • Hardware profile auto-detection for optimal performance
• E-Paper Display: Real-time status display showing targets, vulnerabilities, credentials, and network info including IP address.
• Comprehensive Logging: All nmap commands and their results are automatically logged to data/logs/nmap.log for audit trails and troubleshooting.

• Raspberry Pi OS installed.
  • Stable:
    • System: 64-bit
    • Kernel version: 6.12
    • Debian version: Debian GNU/Linux 13 (trixie)'
• Username and hostname set to ragnar.
• 2.13-inch e-Paper HAT connected to GPIO pins.

• Operating System: Debian 11+ or Ubuntu 20.04+ (AMD64, ARM64, or ARMv7)
• Architecture Support: AMD64 (x86_64), ARM64 (aarch64), ARMv7l, ARMv8l
• Minimum Resources: 2GB RAM, 2 CPU cores, 10GB free disk space
• Recommended for Advanced Features: 8GB+ RAM to unlock:
  • Real-time traffic analysis with packet capture
  • Advanced vulnerability scanning (Nuclei, Nikto, SQLMap)
  • Parallel scanning capabilities
  • Enhanced threat detection

Ragnar is built for 64 bit trixie and Waveshare 2.13inch E-Paper Display HAT V4 for 32 bit system i recommend using Ragnars son Bjorn

• In nano, edit ~/.config/labwc/autostart and comment out the line #/usr/bin/lwrespawn /usr/bin/wf-panel-pi & (This disables the unneeded desktop panel that consumes resources.)
• Ot sudo pkill wf-panel-pi to kill itt temporary

The fastest way to install Ragnar is using the automatic installation script :

# Download and run the installer
wget https://raw.githubusercontent.com/PierreGode/Ragnar/main/install_ragnar.sh
sudo chmod +x install_ragnar.sh && sudo ./install_ragnar.sh
# On Raspberry Pi you'll be asked if an e-Paper HAT is attached; on other hardware it auto-selects server (headless) mode.
# It may take a while as many packages and modules will be installed. Reboot when it finishes.

Installer intelligence (new):

• Auto-detects distro/package manager (apt, dnf, pacman, zypper) and CPU arch to install the right package names.
• Debian System Support: Full compatibility with Debian-based distributions on ARM, ARM64, and AMD64 architectures.
• Profiles: Pi + e-Paper (display enabled) or Server/Headless (no display, modern web UI only). Non-Pi hardware defaults to Server/Headless.
• Automatic Advanced Tools: Systems with 8GB+ RAM automatically install advanced features during fresh setup—no prompts, fully automatic.
• Smart Resource Management: Pi Zero W/W2 automatically skip advanced tools due to hardware limitations.
• Server installs supported on AMD64/ARM64/ARMv7 with LAN-first networking; USB-gadget steps are skipped automatically off-Pi.
• On Pi, the only prompt is whether an e-Paper HAT is connected; everything else runs end-to-end automatically.
• Uses PiWheels on ARM, retries mirrors, and skips Pi-only steps on other hardware.

For detailed information about installation process go to Install Guide

Want to keep Ragnar online while occasionally hopping into Pwnagotchi mode? A bundled helper script plus new dashboard controls make the swap painless:

1. SSH into Ragnar and run the installer as root:

cd /home/ragnar/Ragnar
sudo ./scripts/install_pwnagotchi.sh

• The script installs Python dependencies, clones the upstream repo into /opt/pwnagotchi, writes /etc/pwnagotchi/config.toml, and drops a disabled pwnagotchi.service.
• Progress is streamed to /var/log/ragnar/pwnagotchi_install_<timestamp>.log and mirrored in data/pwnagotchi_status.json for the UI.

2. Open the Ragnar web UI → Config tab → Pwnagotchi Bridge.

• Use Install or Repair to re-run the script, Switch to Pwnagotchi to hand off the systemd services, and Return to Ragnar after rebooting.
• Status, phase, and service health also show up on the Discovered tab card once the installer has finished, so you can monitor swaps while reviewing loot.

When you schedule a switch to Pwnagotchi, the dashboard warns that Ragnar's web API will go offline until you reboot or trigger the return flow. Plan for SSH access before swapping.

Quick Installation: you can use the fastest way to install Ragnar Getting Started

Access Ragnar:

• Main Dashboard: http://<ragnar-ip>:8000 - Modern web interface with real-time updates
• WiFi Portal: http://192.168.4.1/portal - Mobile-friendly WiFi configuration (when in AP mode)
• E-Paper Display: Shows current status, IP address (.211), targets, vulnerabilities, and credentials

All discovered data is automatically organized in the data/output/ directory, viewable through both the e-Paper display (as indicators) and web interface. Ragnar works tirelessly, expanding its network knowledge base and growing stronger with each discovery.

No constant monitoring needed - just deploy and let Ragnar do what it does best: hunt for vulnerabilities.

🔧 Expand Ragnar's Arsenal! Ragnar is designed to be a community-driven weapon forge. Create and share your own attack modules!

Ragnar includes a built-in kill switch endpoint (/api/kill) that completely wipes all databases, logs, This ensures no sensitive data remains after demonstrations or training sessions. If Ragnar is to be found without permission in a network anyone kan completely wipe all databases + delete the entire repository rendering Ragnar dead. 📖 Full Documentation: See kill switch doc for complete usage instructions and safety guidelines.

⚠️ For educational and authorized testing purposes only ⚠️

When deployed on capable hardware (Debian-based systems with 8GB+ RAM), Ragnar automatically unlocks advanced security testing capabilities:

✅ Fresh Installations (AUTOMATIC): The main install_ragnar.sh installer automatically detects systems with 8GB+ RAM and installs advanced tools during setup. No user interaction required. Pi Zero W/W2 are automatically excluded due to resource constraints.

⚠️ Existing Installations: If you already have Ragnar running and want to enable these advanced features, you must run the advanced tools installer:

cd /home/ragnar/Ragnar
sudo ./install_advanced_tools.sh
sudo systemctl restart ragnar

• Live Packet Capture: Monitor network traffic in real-time using tcpdump and tshark
• Connection Tracking: Track all TCP/UDP connections with detailed statistics
• Protocol Analysis: Deep inspection of HTTP, DNS, SMB, SSH, and other protocols
• Bandwidth Monitoring: Per-host bandwidth usage and connection patterns
• Anomaly Detection: Identify suspicious traffic patterns, port scans, and potential C2 beacons
• DNS Query Logging: Track all DNS lookups for threat intelligence correlation

• Nuclei Templates: Automated scanning with 5000+ vulnerability templates from ProjectDiscovery
• Nikto Web Scanning: Comprehensive web server vulnerability assessment
• SQLMap Integration: Automated SQL injection detection and exploitation
• Parallel Scanning: Multi-threaded vulnerability assessment for faster results
• CVE Correlation: Automatic correlation with NVD, CISA KEV, and threat intelligence feeds
• Exploit Suggestions: AI-powered recommendations for vulnerability exploitation paths
• Custom Payloads: Support for custom vulnerability testing templates

Server mode features are seamlessly integrated into the modern web dashboard at http://<ragnar-ip>:8000:

• Traffic Analysis Tab: Real-time packet capture visualization and statistics
• Advanced Vuln Tab: Detailed vulnerability scan results with remediation guidance
• Resource Monitor: System resource usage and performance metrics
• Threat Intelligence: Multi-source threat correlation with actionable insights

• Parallel Operations: Run multiple scans and analyses simultaneously
• Large Dictionary Support: Use comprehensive wordlists for brute-force attacks
• Extended Scanning: Deeper port scans and more thorough vulnerability checks
• Local AI Integration: Optional on-device LLM support for offline analysis

For fresh installations: If your system has 8GB+ RAM and is not a Pi Zero, the main installer will automatically offer to install advanced tools.

For existing Ragnar installations, these advanced features require the separate installer:

cd /home/ragnar/Ragnar
sudo ./install_advanced_tools.sh

This script installs:

• Traffic Analysis: tcpdump, tshark, ngrep, iftop, nethogs
• Vulnerability Scanners: Nuclei, Nikto, SQLMap, WhatWeb
• Web App Security: OWASP ZAP (requires Java)
• Nmap Scripts: vulners.nse, vulscan database

Pi Zero W/W2: Advanced tools are not recommended due to limited CPU and RAM. The installer automatically skips resource-intensive tools on Pi Zero hardware.

After installation, restart Ragnar:

sudo systemctl restart ragnar

Ragnar will automatically detect available tools and enable corresponding features in the web interface.

The project welcomes contributions in:

• New attack modules.
• Bug fixes.
• Documentation.
• Feature improvements.

For detailed information about contributing process go to Contributing Docs, Code Of Conduct and Development Guide.

• Report Issues: Via GitHub.

• Guidelines:

  • Follow ethical guidelines.
  • Document reproduction steps.
  • Provide logs and context.

• Author: PierreGode

• GitHub: PierreGode/Ragnar

2025 - Ragnar is distributed under the MIT License. For more details, please refer to the LICENSE file included in this repository.