PwnPad, the pentesting tablet

pwnpad3_1024x1024

Over the last few months, we’ve seen our fair share of pentesting appliances. Whether they’re in the form of a Raspberry Pi with a custom distro, or an innocuous looking Internet-connected wall wart, they’re all great tools for investigating potential security vulnerabilites at home, in the workplace, or in someone else’s workplace. Pwnie Express, manufacturers of pentesting equipment, are now releasing one of the best looking and potentially most useful piece of pentesting equipment we’ve ever seen. It’s called the PwnPad, and it allows you to get your pentesting on while still looking stylish.

Based on Google’s Nexus 7 tablet, the PwnPad combines all the goodies of a really great tablet – the ability to read NFC tags and multiband radios – with open source tools and a USB OTG cable with USB Ethernet, Bluetooth, and WiFi adapters. Everything in the PwnPad is designed for maximum utility for pentesting applications.

Of course, for those of us that already have a $200 Nexus 7, Pwnie Express says they’ll be giving away the source for their software, enabling anyone with knowledge of make to have the same functionality of the PwnPad. Of course you’ll need to get yourself a USB OTG cable and the WiFi, Bluetooth, and Ethernet adapters, but that should only add up to about $100; combined with a $200 Nexus 7, building your own is more than just a bit cheaper than Pwnie Express’ asking pre-order price of $795.

45 thoughts on “PwnPad, the pentesting tablet

    1. I don’t care why, I just want the drivers for it! (I’ve got that wifi dongle and want to use it on my Asus Prime)

  1. Mikemac: the radio onboard does not have Linux drivers that allow promiscuous mode.
    On that note ill point out that I have had terrible luck with the tl-wn772n. If you build your own grab a different wifi adapter

    1. Hmm. OK, makes sense. Does the same apply to bluetooth? (Does bluetooth even have the concept of promiscuous mode?) Ethernet is pretty obvious since the N7 doesn’t have an Ethernet NIC.

      1. Yes, the same applies to bluetooth, but it’s extremely difficult to find a consumer grade BT adapter that supports it, there is only one that I know of and it’s built for that specific purpose, it costs $120, it’s called the Ubertooth One.

    2. Well, I have exactly opposite experience with TL-WN772n. It’s the only USB wifi I know of that has support in nl80211 and does have working promiscuous mode, master mode and is really plug&play without any drivers tweaking in *buntu, fedora + the range is great.

  2. This is just sad… The whole Pwnie model and company has no merit, no credit…
    They are a worthless disgrace that steals open source software and sell it at crazy mark-up prices.

    They shouldn’t be anywhere near HAD… They are worthless slime.

        1. There are plenty of extremely successful companies which do the same, Apple is one of them… Not everyone wants to do everything themselves or be bothered trying to figure out how to make things work correctly and efficiently. Pwnie Express makes it easy for anyone to get pentesting tools, they do all the hard work and charge a premium so they can keep doing it, their customers are the type who would rather pay to have a device that works without any tinkering on their part than do it themselves… Just because something is open source doesn’t mean that no one can profit from it.

          1. “their customers are the type who would rather pay to have a device that works without any tinkering on their part than do it themselves”

            Yep, that totally sounds like every hacker and pentester I have ever met, myself included…

            /sarcasm

          2. M4CGYV3R

            Yep, that totally sounds like you know exactly what you’re talking about…

            /sarcasm

            You do realize that it’s a legitimate career right? It’s not just for script kiddies like yourself or those who think they’re ub0r h4x0rs trying to crack someone’s WiFi password for free internet or to see if they have nudies of their wife, girlfriend or sister on one of their computers, there are tons of professionals out there who don’t have the time or want to mess around tinkering with hardware and software… Seriously, pull your head out of your ass.

          3. @M4CGYV3R

            I highly doubt that you are in information assurance in the slightest. Long schedules, lots of travel time, it all adds up to the point where spending 800 bucks on something instead of spending your one free weekend a month making it for 300 is a really good deal.

            You can think of it this way: how many hours would it take to assemble and test such a package of software, nevermind any drivers that need to be written? It would be working for less than minimum wage. No thanks. I’ll just buy it instead.

    1. How is it stealing when they intend to publish the source code? You DO realize that the GPL license allows FOSS to be sold commercially, right?

    2. Are you retarded? This is exactly what Open Source is all about. They sell service of packaging OS projects for you.
      You can spend month in your mums basement installing it by hand or pay someone else to do it for you.

      1. They are using open source to make a profit..
        The real question is what idiot would pay a $700+ price tag for this so-called “service”

        1. Again, there is nothing wrong with profiting from open source projects, and the answer to your last question is in my previous reply to you.

        2. My thoughts as to who will pay the pricetags are companies that specialize in pentesting, or companies that perform in house pentesting. Rather than pay an employee to take the time to piece it together, and wait on it, they will just buy something that works now, out of the box.

        3. Redhat, Canonical, and a ton of other companies all make a profit by selling solutions based on open source software. Google does too, for that matter.

        4. Most companies with dress code for starters.
          Like I said that excludes people living in mums basements :). This is a COMMERCIAL PRODUCT targeted at corporations, not hackers.

    3. Calm down skippy, no need to get your panties in a bunch.

      You apparently have no idea what open source really is… They’re not doing anything wrong, they’re providing a service which plenty of people are more than happy to pay for. Please educate yourself before commenting again.

      1. Exactly so expect all of the open forums on problems that should have been fixed in beta to sit for 5 years unanswered. Open Source is a double edged sword and is only as good as the community supporting it. Then pile on massive amounts of no accountability–who hasn’t ordered something open source and then got it two weeks later with a note about how they use their aunt’s internet and her cat got sick so things got backed up etc. There is bad with the good.
        All that being said, I do like this device and the price range is doable in a corporate security setting.

        1. Actually with that price tag they could easily set up bounties for bug fixes instead of waiting for someone to do it for free in spare time

          … oh wait, this is how open source works, amazing, isnt it?

          1. In rare cases yes. This isn’t google and it is a bit of a broad brush to imply that more than 8 OSers even give out bounties. Even then it isn’t for every bug. Then again it all depends on the license of the code. I stick with my original statement since they are there to make money like most businesses are that you may find the bounties lacking for some time until initial sunk debt is recovered. That is how capitalism works. These guys will get bought out by someone else and have this basic iteration snapped up and then modified and cough apple sue anyone else who tries to build it. Then you have some gong in China that prints the CAD stuffs toilet paper and backwards caps into a case and sells it on ebay to pay SAMPLE postage to get it in cheap and through customs even though it is far from a sample. He will make nothing but blind profit on the whole thing when we buy it later on dealextreme or tindie as some breakout board. Better yet, just RE it and kickstarter it and get it built in good ol CN and undersell the OEM.

            either way is good ;)

  3. I don’t think i’ve ever seen so many negative comments about a hacking tool on a hack site. What exactly is the problem with this device? Sounds like a really good tool to have

    1. Problem is envy. People cant handle someone else pocketing $500 for something “free”. Same people will pay $500 to fix bad plumbing or blown gasket, but if its open source its FREE all of a sudden.

  4. I don’t know much about this subject(wiki-peek), but that WiFi adapter is a great bang for the buck. It even runs on Win2K, cool that it’s PnP with Linux.
    Built-in is seldom as good as putting some metal in the air, even if it’s that small. Having an external antenna makes it vertical to match the vertical polarization of the base. Little nubs of antennae don’t cut it. When you can screw on a single high gain antenna this little sucker rocks. That’s how I get WiFi.
    Pentesting, click click scribble scribble shake like old thermometer scribble heat in flame scribble trash!

  5. Oooooor just get a Nokia N900. Aircrack suite, walsh/reaver, proper linux backend. And if you’re really keen, onboard connectors for an external antenna.

  6. @CorrosiveOne: LOL! Who’s forcing the buyers to buy? Who’s really profiting?

    GOOD BUSINESSES sell a product to people who believe it’s a GOOD VALUE! Unless you’re sparking out 10101’s over the WAN(If you are, I humbly apologize for my arrogance, please make a good tut and I’ll be the biggest fanboi u eva seen), you paid good money(unless gift/stolen… which is unethical) for the computer you’re using now. You participated in a concept known as the FREE MARKET. The companies involved speculated on the markets and invested their own capital to turn a profit. You saw it as more valuable to have a shiny box of hardware/software than the cash, hence, YOU CAPITALIZED. In a free market economy, everyone capitalizes, unless people stop being ethical.

    …Do you work for free? I know I don’t! I capitalize off of my boss, who’s capitalizing off of my time. We both get a good deal. If I stop getting a good deal, I’ll probably seek out greener opastures.
    Last time I checked, hackers were pretty smart… either quit while you’re ahead, or educate yourself. One day, I hope to be able to bend my PC at will, but until then, I “pay the piper” if I want the Pumped Up Kicks.

  7. If the device has USB OTG, you can probably set up Linux in a chroot and run standard pentest tools. Drivers directly on Android are a frigging pain, there are too many changes between Android and kernel versions

  8. seems like someone has to agree with @CorrosiveOne. and that guy is gonna be me! :P

    I’m a pentester for one of the best companies in the UK and i find it insulting that the Pwnie think its acceptable to charge so much to slap a modified rom onto a unit and write a few basic scripts to link to tools, which they didn’t write either. Unless you are at the top of your game your time as a pen-tester is not going to be worth more than £900 a day to you and i’m certainly nowhere near that (anyone doing it for a company will probably get 250/300).. so a day spent doing this myself would save me a fortune.

    At the end of the day, if my company bought me this i would be over the moon. but they wont, and no respectable company would buy this device for their employees.. they would make something far superior in-house. this is a toy for us to play with personally.. anyone who thinks otherwise is not taking their career seriously.

  9. Can the makers of this pwnpad please tell me how to use the awus036h alfa network antenna on the kalipwnpad nexus 7 rom jellybean 4.2.2 as i spent many a sleepless nights trying to get it to work as external wifi . will even pay to have it working .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s