Surfing through ebay looking for old discarded network security appliances is a guilty pleasure of many. There are simply too many toys in security to ignore. Granted, pretty much everyone would love a warehouse full of enterprise class products to play with. What could be moe fun? Seriously, who doesn’t want to run Qualys, Rapid7, and Tenable against every publicly addressable IP or AppScan and WebInspect against every website on the Internet? I’m drooling just thinking about the possibility.
Of course not every infosec toy is unattainable with a reasonable amount of personal budget. There are more than a few toys out there for infosec pros to get their hands on for some fun. Here is my current wish list:
Oh do we want a PWN Phone! A Pwn Phone can simply be described as a Nokia N900-based penetration testing platform and it is all kinds of awesome. The platform includes a great deal of penetration testing favorites including Metasploit, Ettercap, nmap, and Fasttrack. Basically, it is a very small version of a penetration testing computer. The PWN Phone doesn’t have everything we would want on it but it’s pretty close. Also, it would be nice if it was on an IOS or Android enabled device, but at this point, we’re just happy it exists.
At $960 the PWN Phone is not cheap, but is fairly reasonably priced. Currently, a Nokia N900 is priced at $399 on Amazon without the PWN Phone, so figure on roughly $560 for the pre-configuration, software, and support. There is also the alternative of purchasing an unlocked Nokia N900 and installing the PWN Phone Community Edition. However, the community edition does not include tech support or priority updates. Regardless, the PWN Phone is likely to be the coolest toy that one can bring home from BlackHat/DefCon this year.
PWN Plug Elite
The Pwn Plug Elite from Pwnie Express is similar to the Pwne Phone in it’s features however it comes in the form of a Sheeva plug, which of course is a bit cheaper than a Nokia N900 phone. In addition, it is also much easier to leave a Pwn Plug Elite plugged into a wall for lengthy periods of time to victimize more targets. Like the Pwn Phone the Pwn Plug Elite carries a multitude of penetration testing tools like Metasploit, Fast-Track, a myriad of sniffing tools, and also Test-to-Bash which allows for bash commands via SMS. There is also a PWN Plug Wireless addition which runs for $595 but does not have the nice GSM features that the Phone and Elite versions do.
Again, this is a Sheeva plug which of course can be bought pretty cheap on the Internet (new versions of Wireless plugs run about $99), thus one could build a similar PWN Plug with the community versions of the PWN Plug that can be found on the PWNIE Express website. However, PWN Plug Community Edition does not include the web-based Plug UI, peristent reverse tunneling scripts, or 3G/GSM support which we believe are essential for the plug.
It’s hard to mention infosec toys without talking about the WiFi Pinnapple from the folks over at Hak5. The WiFi Pineapple is a WiFi device capable of doing Man-in-the-Middle attacks. The device is nowhere near as powerful as the PWN Plug or Pwn Phone, but the low price and modular capabilities of the device make it extremely attractive. Frankly, it is hard to go to a higher-level security conference where there is not a person who mentions the WiFi Pineapple at some point. The device includes a stealth access point for MITM attacks, mobile broadband and Android tethering, a persistent ssh tunnel for management, and a web-based management console for MITM attacks.
Much like the Pwn Plug and Pwn Phone, one could build their own WiFi Pineapple as the WiFi Pineapple seems to be based on a Alfa Networks AP121 (possibly AP121U) model and software/firmware that can be found on the WiFi Pineapple project GitHub. However, the routers are somewhat difficult to find and can run around $50 or more, so the Pineapple at $99 is actually a pretty good deal.
USB Rubber Ducky
The USB Rubber Ducky is a nasty evolution from the USB Switchblade project from the folks over at Hak5, which was essentially a USB flash drive that could be used to victimize targets in a number of ways simply by having them plug in a USB flash drive. Like Swtichblade, Rubber Ducky can be utilized to victimize targets who plug the device into their machines. However, Rubber Ducky is different than Switchblade in that it is not actually a USB flash drive, though it looks like one, it is actually a small USB MicroSD card reader in a USB flash drive enclosure. Rubber Ducky also includes a simple scripting language so that an attacker can create custom payloads when attacking.
There are a lot of interesting opportunities for using Rubber Ducky, which mainly include “gotcha” type opportunities around the office. Of course the number of these opportunities are pretty novel in nature. Thus, a $69.99 price tag is pretty stiff, especially when considering the device can be made with a chachkis that can be found on virtually any security conference show floor, about $5.00 of hardware and some of the information found in the USB Rubber Ducky GitHub. Regardless, the USB Rubber Ducky is a fun toy worthy of checking out.
To be honest, WebSecurify, when we used it in the past, WebSecurify was not the strongest web application scanner we’d ever gotten our hands on. That’s not to say it was particularly weak though either. In honesty, the capability of the scanner ranges somewhere in between AppScan/WebInspect and the scanner in Paros Proxy. All that said, @pdp seems to have ported WebSecurify over to IOS and Android enabled devices. Which means that one can run web application scans from their phone! This application brings the true mobile hacking device a step closer to reality. If for no other reason, this would be a great way to quickly and easily scan intranet sites.
A-R Drone by Parrot
Our desire for an A-R drone by Parrot is pretty simple to understand. It flies, it has a camera, and we can control it from our phones or iPads. With a price tag of $299 one could easily call this a trial of whether one is into the realm of drones. Granted, the AR is nowhere near as powerful as some of the models or instructions on, it is also lacking a GPS, and only sports a range of about 165 feet. However, you get what you pay for and this drone can help one determine whether they are ready and/or willing to pay the upwards of $500 for a drone that is little less like a toy.