PwnPad, the pentesting tablet


Over the last few months, we’ve seen our fair share of pentesting appliances. Whether they’re in the form of a Raspberry Pi with a custom distro, or an innocuous looking Internet-connected wall wart, they’re all great tools for investigating potential security vulnerabilites at home, in the workplace, or in someone else’s workplace. Pwnie Express, manufacturers of pentesting equipment, are now releasing one of the best looking and potentially most useful piece of pentesting equipment we’ve ever seen. It’s called the PwnPad, and it allows you to get your pentesting on while still looking stylish.

Based on Google’s Nexus 7 tablet, the PwnPad combines all the goodies of a really great tablet – the ability to read NFC tags and multiband radios – with open source tools and a USB OTG cable with USB Ethernet, Bluetooth, and WiFi adapters. Everything in the PwnPad is designed for maximum utility for pentesting applications.

Of course, for those of us that already have a $200 Nexus 7, Pwnie Express says they’ll be giving away the source for their software, enabling anyone with knowledge of make to have the same functionality of the PwnPad. Of course you’ll need to get yourself a USB OTG cable and the WiFi, Bluetooth, and Ethernet adapters, but that should only add up to about $100; combined with a $200 Nexus 7, building your own is more than just a bit cheaper than Pwnie Express’ asking pre-order price of $795.


  1. mikemac says:

    Why do you need an external USB WiFi when the Nexus 7 has WiFi built in?

  2. MrTin says:

    Readily made injection drivers and external antenna are pretty good reason, don’t you think?

  3. zigzagking says:

    The external wifi card most likely has a specific chipset needed for capturing packets.

  4. martinvilu says:

    Readily available injection/monitor drivers and a external antenna make for an even more powerful tool, don’t you think?

  5. Geojon says:

    Mikemac: the radio onboard does not have Linux drivers that allow promiscuous mode.
    On that note ill point out that I have had terrible luck with the tl-wn772n. If you build your own grab a different wifi adapter

    • mikemac says:

      Hmm. OK, makes sense. Does the same apply to bluetooth? (Does bluetooth even have the concept of promiscuous mode?) Ethernet is pretty obvious since the N7 doesn’t have an Ethernet NIC.

      • m1ndtr1p says:

        Yes, the same applies to bluetooth, but it’s extremely difficult to find a consumer grade BT adapter that supports it, there is only one that I know of and it’s built for that specific purpose, it costs $120, it’s called the Ubertooth One.

    • Grawp says:

      Well, I have exactly opposite experience with TL-WN772n. It’s the only USB wifi I know of that has support in nl80211 and does have working promiscuous mode, master mode and is really plug&play without any drivers tweaking in *buntu, fedora + the range is great.

  6. CorrosiveOne says:

    This is just sad… The whole Pwnie model and company has no merit, no credit…
    They are a worthless disgrace that steals open source software and sell it at crazy mark-up prices.

    They shouldn’t be anywhere near HAD… They are worthless slime.

    • MS3FGX says:

      How is it “stealing” open source code to use it in the way it was intended, exactly?

      • CorrosiveOne says:

        How is the intention to allow a company make a profit off of someone elses work?

        • m1ndtr1p says:

          There are plenty of extremely successful companies which do the same, Apple is one of them… Not everyone wants to do everything themselves or be bothered trying to figure out how to make things work correctly and efficiently. Pwnie Express makes it easy for anyone to get pentesting tools, they do all the hard work and charge a premium so they can keep doing it, their customers are the type who would rather pay to have a device that works without any tinkering on their part than do it themselves… Just because something is open source doesn’t mean that no one can profit from it.

          • M4CGYV3R says:

            “their customers are the type who would rather pay to have a device that works without any tinkering on their part than do it themselves”

            Yep, that totally sounds like every hacker and pentester I have ever met, myself included…


          • m1ndtr1p says:


            Yep, that totally sounds like you know exactly what you’re talking about…


            You do realize that it’s a legitimate career right? It’s not just for script kiddies like yourself or those who think they’re ub0r h4x0rs trying to crack someone’s WiFi password for free internet or to see if they have nudies of their wife, girlfriend or sister on one of their computers, there are tons of professionals out there who don’t have the time or want to mess around tinkering with hardware and software… Seriously, pull your head out of your ass.

          • smee says:


            I highly doubt that you are in information assurance in the slightest. Long schedules, lots of travel time, it all adds up to the point where spending 800 bucks on something instead of spending your one free weekend a month making it for 300 is a really good deal.

            You can think of it this way: how many hours would it take to assemble and test such a package of software, nevermind any drivers that need to be written? It would be working for less than minimum wage. No thanks. I’ll just buy it instead.

    • Joe says:

      How is it stealing when they intend to publish the source code? You DO realize that the GPL license allows FOSS to be sold commercially, right?

    • rasz says:

      Are you retarded? This is exactly what Open Source is all about. They sell service of packaging OS projects for you.
      You can spend month in your mums basement installing it by hand or pay someone else to do it for you.

      • CorrosiveOne says:

        They are using open source to make a profit..
        The real question is what idiot would pay a $700+ price tag for this so-called “service”

        • m1ndtr1p says:

          Again, there is nothing wrong with profiting from open source projects, and the answer to your last question is in my previous reply to you.

        • stanlee22 says:

          My thoughts as to who will pay the pricetags are companies that specialize in pentesting, or companies that perform in house pentesting. Rather than pay an employee to take the time to piece it together, and wait on it, they will just buy something that works now, out of the box.

        • Dr. Fyzziks says:

          Redhat, Canonical, and a ton of other companies all make a profit by selling solutions based on open source software. Google does too, for that matter.

        • rasz says:

          Most companies with dress code for starters.
          Like I said that excludes people living in mums basements :). This is a COMMERCIAL PRODUCT targeted at corporations, not hackers.

    • m1ndtr1p says:

      Calm down skippy, no need to get your panties in a bunch.

      You apparently have no idea what open source really is… They’re not doing anything wrong, they’re providing a service which plenty of people are more than happy to pay for. Please educate yourself before commenting again.

      • Bill Gander says:

        Exactly so expect all of the open forums on problems that should have been fixed in beta to sit for 5 years unanswered. Open Source is a double edged sword and is only as good as the community supporting it. Then pile on massive amounts of no accountability–who hasn’t ordered something open source and then got it two weeks later with a note about how they use their aunt’s internet and her cat got sick so things got backed up etc. There is bad with the good.
        All that being said, I do like this device and the price range is doable in a corporate security setting.

        • rasz says:

          Actually with that price tag they could easily set up bounties for bug fixes instead of waiting for someone to do it for free in spare time

          … oh wait, this is how open source works, amazing, isnt it?

          • Bill Gander says:

            In rare cases yes. This isn’t google and it is a bit of a broad brush to imply that more than 8 OSers even give out bounties. Even then it isn’t for every bug. Then again it all depends on the license of the code. I stick with my original statement since they are there to make money like most businesses are that you may find the bounties lacking for some time until initial sunk debt is recovered. That is how capitalism works. These guys will get bought out by someone else and have this basic iteration snapped up and then modified and cough apple sue anyone else who tries to build it. Then you have some gong in China that prints the CAD stuffs toilet paper and backwards caps into a case and sells it on ebay to pay SAMPLE postage to get it in cheap and through customs even though it is far from a sample. He will make nothing but blind profit on the whole thing when we buy it later on dealextreme or tindie as some breakout board. Better yet, just RE it and kickstarter it and get it built in good ol CN and undersell the OEM.

            either way is good ;)

  7. ColdTurkey says:

    I don’t think i’ve ever seen so many negative comments about a hacking tool on a hack site. What exactly is the problem with this device? Sounds like a really good tool to have

    • rasz says:

      Problem is envy. People cant handle someone else pocketing $500 for something “free”. Same people will pay $500 to fix bad plumbing or blown gasket, but if its open source its FREE all of a sudden.

  8. echodelta says:

    I don’t know much about this subject(wiki-peek), but that WiFi adapter is a great bang for the buck. It even runs on Win2K, cool that it’s PnP with Linux.
    Built-in is seldom as good as putting some metal in the air, even if it’s that small. Having an external antenna makes it vertical to match the vertical polarization of the base. Little nubs of antennae don’t cut it. When you can screw on a single high gain antenna this little sucker rocks. That’s how I get WiFi.
    Pentesting, click click scribble scribble shake like old thermometer scribble heat in flame scribble trash!

  9. Bob says:

    Oooooor just get a Nokia N900. Aircrack suite, walsh/reaver, proper linux backend. And if you’re really keen, onboard connectors for an external antenna.

  10. Fritoeata says:

    @CorrosiveOne: LOL! Who’s forcing the buyers to buy? Who’s really profiting?

    GOOD BUSINESSES sell a product to people who believe it’s a GOOD VALUE! Unless you’re sparking out 10101’s over the WAN(If you are, I humbly apologize for my arrogance, please make a good tut and I’ll be the biggest fanboi u eva seen), you paid good money(unless gift/stolen… which is unethical) for the computer you’re using now. You participated in a concept known as the FREE MARKET. The companies involved speculated on the markets and invested their own capital to turn a profit. You saw it as more valuable to have a shiny box of hardware/software than the cash, hence, YOU CAPITALIZED. In a free market economy, everyone capitalizes, unless people stop being ethical.

    …Do you work for free? I know I don’t! I capitalize off of my boss, who’s capitalizing off of my time. We both get a good deal. If I stop getting a good deal, I’ll probably seek out greener opastures.
    Last time I checked, hackers were pretty smart… either quit while you’re ahead, or educate yourself. One day, I hope to be able to bend my PC at will, but until then, I “pay the piper” if I want the Pumped Up Kicks.

  11. Maave says:

    If the device has USB OTG, you can probably set up Linux in a chroot and run standard pentest tools. Drivers directly on Android are a frigging pain, there are too many changes between Android and kernel versions

  12. HiyaBRN says:

    seems like someone has to agree with @CorrosiveOne. and that guy is gonna be me! :P

    I’m a pentester for one of the best companies in the UK and i find it insulting that the Pwnie think its acceptable to charge so much to slap a modified rom onto a unit and write a few basic scripts to link to tools, which they didn’t write either. Unless you are at the top of your game your time as a pen-tester is not going to be worth more than £900 a day to you and i’m certainly nowhere near that (anyone doing it for a company will probably get 250/300).. so a day spent doing this myself would save me a fortune.

    At the end of the day, if my company bought me this i would be over the moon. but they wont, and no respectable company would buy this device for their employees.. they would make something far superior in-house. this is a toy for us to play with personally.. anyone who thinks otherwise is not taking their career seriously.

  13. Can the makers of this pwnpad please tell me how to use the awus036h alfa network antenna on the kalipwnpad nexus 7 rom jellybean 4.2.2 as i spent many a sleepless nights trying to get it to work as external wifi . will even pay to have it working .

  14. hxdjvkxxcbxcbxcbx says:

    nice to see none of the makers can be bothered to post a comment useless fucks

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 97,759 other followers