Enterprise Pentesting Appliance

Breaking radio silence….

We’ve been hard at work here at Pwnie Express for the last few months building a product we’re calling the Enterprise Pentesting Appliance (PX-EPA). It builds on the value proposition of our previous products in that it’s designed to make the work of security testers easier, faster and more comprehensive.

That said, it’s a break from our previous offerings in a couple ways.

  • Designed for permanent deployment and continuous testing - The EPA was built with the use case of shipping the device off to a remote office with a configuration that will connect back to your receiver. The device utilizes the same firewall-busting capabilities of the Pwn Plug to obtain a shell from which you can perform your security testing, and as always, you can schedule the device to connect back at regular intervals.
  • More Power - One of the things we kept hearing from our customers was Pwnie devices are great for smaller penetration tests, but they also wanted the ability to run commercial tools that required x86 or x64 hardware, and a lot more horsepower. This device has a dual-core 2.66Ghz processor and 8GB of ram. More than enough to get the job done with Nessus, NeXpose, or other commercial scanners. Support for KVM also means Windows VMs with commercial Windows tools can be added.
  • Onboard 4G, Wireless and Bluetooth – Many customers mentioned that they’d like a device that integrated and made it easy to  test more wireless technologies. The EPA has them on-board with a 4G adapter, and both a wireless and bluetooth card that support monitor mode and injection. We’re also supporting common ZigBee, SDR and RFID radios.
  • Enhanced “Pwnix” Platform – The Enterprise Appliance is the first product to take advantage of our Ubuntu-based platform we’ve internally dubbed “Pwnix”. Pwnix includes not only the features you’ve seen in the Elite Plug, but also is now configuration managed, and includes a REST-y API and a UI that takes advantage of that API. This means that you can interact with the features on the CLI, in the UI, or even remotely via HTTPS and JSON.
There’s much more to tell about this new release, so look for upcoming blogs to address some of the features in-depth.  The EPA is immediately available as a hardware platform, and soon as a VMWare-based appliance. You can find all the gory details here.