With the recent announcement of their Enterprise Pentesting Appliance (EPA), Pwnie Express has once again leveraged the power of open source and the Linux operating system to deliver a world-class security testing platform. Taking all of the software advancements developed on their “Plug” line of devices and combining it with the raw horsepower of a modern x86 computer, the EPA looks like it will make a formidable testing and research platform for serious security analysts.
The basic list of features is pretty similar to Pwnie’s previous hardware offerings:
- Enterprise-class, wall-mountable, small form-factor enclosure
- Supports Nessus server, Metasploit Pro, & Cobalt Strike
- Supports Backtrack, Qualys, Acunetix, nCircle, etc. as virtual guest machines
- Hardened per NSA, NIST, DoD, and DISA guidelines, including encrypted volumes for pentest results
- Simple web-based administration with “Pwnix UI”
- Includes all Pwn Plug release 1.1 features
- One-click Evil AP, stealth mode, passive recon, history wipe
- Fully-automatedNAC/802.1x/RADIUS bypass
- Out-of-band SSH access over 4G/GSM cell networks
- Text-to-Bash: text in bash commands via SMS
- Maintains persistent, covert, encrypted SSH accessto your target network
- Tunnels through application-aware firewalls & IPS
- Supports HTTP proxies, SSH-VPN, & OpenVPN
- Sends email/SMS alerts when SSH tunnels are activated
- Preloaded with Ubuntu Server 12.04, Metasploit, SET, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & many more
- Unpingable and no listening ports in stealth mode
The main difference between the existing Plugs and the EPA is the enhancements made to the core OS, which Pwnie is now calling “Pwnix”. As Pwnix develops, it will continue to set the hardware’s internal OS apart from the more or less standard installs of Debian and Ubuntu they’ve been running up until this point.
This was an area we recognized Pwnie Express needed to address in our original review of the Pwn Plug Elite, and it’s good to see they’re on the right track.
On the hardware side, the EPA boasts the following specs:
- Intel dual-core i5 @ 2.66 GHz
- 8GB DDR3 RAM
- 60GB SSD
- Onboard high-gain 802.11 a/b/g/n wireless supporting packet injection & monitor mode
- Onboard high-gain Bluetooth (up to 1000′ range) supporting packet injection & monitor mode
- Onboard 6-band (worldwide) 4G GSM cellular data
- Optional support for Zigbee/Zwave, RFID, and Software-Defined Radios (SDR)
- Optional physical tamper detection using an internal 6-axis accelerometer
There are some pretty nice improvements here over the rest of the Pwnie Express products. Aside from the generous CPU and RAM, the SSD is sure to boost performance when doing tasks such as capturing network traffic directly to disk. It’s also good to see high-end WiFi and Bluetooth radios onboard, in addition to the 4G cellular modem. Should also be interesting to see what kind of SDR setup Pwnie Express has in mind, perhaps GNU Radio installed out of the box?
Finally, the optional accelerometer could lead to some very interesting applications, though there is no word (yet) on how software can interact with it and what kind of built-in functions Pwnix already has in regards to tamper detection.
The EPA hardware is available now via the Pwnie Express site for the professionals-only price of $2,895. The virtual version of the EPA, distributed as a VMWare image, will be released soon at a presumably lower price than its metal and plastic counterpart.
While the price of the EPA hardware is pretty high, it’s important to realize that a lot of R&D goes into these products. Anyone can take a bunch of open source tools and slap them together on an off-the-shelf PC, but it takes a team of knowledgeable developers to wrap them all up in a coherent UI/API, which is exactly what the team at Pwnie Express is doing.