Bringing in a pen-tester can be expensive, especially when long-distance travel is required. Pwnie Express, exhibiting at the RSA Conference, offers a novel solution. Just connect its Pwn Plug product to the network and the pen-tester can run all manner of tests from a remote location. A large corporation with in-house testing could simply ship the device to each branch office.
I'm not an expert penetration tester myself, so I can't fully interpret the device's promised capabilities. It certainly comes chock-full of tools. The company's site proclaims that the device is "preloaded with Ubuntu, Kismet, Aircrack-NG, WEPbuster, Karma, Metasploit, SET, Fasttrack, SSLstrip, nmap, dsniff, netcat, scapy, ettercap, medusa, & more!"
The Pwn Plug is designed for stealth, in more ways than one. The product is "Unpingable and no listening ports in stealth mode" and also includes stick-on decals that identify it as something innocuous like an air freshener or a power adapter.
The basic Pwn Plug simply plugs into the network via Ethernet. There's also a wireless version, a 3G/wireless version, and the Pwn Plug Elite which offers all modes of connection and adds the ability to bypass popular Network Access Control solutions. Prices range from $480 for the basic unit to $770 for the Elite.
While the company is very small, Pwn Plug is already making a splash in the market. Mark Hughes, Director of Marketing and Sales for Pwnie Express, reports that the Pwn Plug is currently deployed in "Homeland Security, the Department of Defense, the State Department and numerous fortune 50 enterprises... Pwnie Express is CCR registered, sole-source provider to the federal government and has export clearance to supply this patent-pending technology globally!"
Of course this technology could be misused. If you're responsible for security at your company, keep an eye out for anomalies like a plug-in air freshener attached to an Ethernet cable. You don't want your network pwned.