PDA

View Full Version : pwnie pwnpad vs nethunter



tptronic
2014-10-21, 09:53
Whats the difference between pwnie pwnpad and nethunter? Which is better for pentest?

zerone.v01d
2014-10-21, 13:01
Personally I was got a pwnphone 2014 which is based on nexus5 and has android at front / kali linux at backgourd.(to be honest, its really costs me alot)
But, I wiped it couple days ago and turn to Nethunter.(So before that I was using pwnphone 2014 for about half years)

Here are the reasons(!! I am not a pro, so please correct me if there are mistakes or misunderstandings !!)
1. Both of them got kali linux at backend, and it is the most important tool we are using to do pentest.
2. Both of them have android at frontend, however, Nethunter support the latest android version, pwnie just support a certain version of android (no idea whether they update now or not)
3. Pwnie create many short cuts for kali tools at android end like SETtoolkits, Wifite..... But you can also run them on chroot at nethunter.
4. The most important reason for me is that, there are some functions pwnie does not have. (1)HID attack (2)Bad USB attack
5. Furthermore, I can run a local server to access web UI on nethunter, so that means I can run OpenVAS and metasploit community/pro on my phone. Probably I can do it on pwnie too, but I have no idea how to do that.
6. Besides, Personally I think nethunter is more flexible.
7. There maybe some special techniques are using by pwnie express (I think there maybe some difference on how pwn device tunneling back from target network compare with nethunter)
So I currently running nethunter on my nexus5.

kc_boom
2014-10-21, 13:26
I don't think you can use PWnie express for commercial use. So I guess you can only use Nethunter. pwnie should be under gpl license, so they cant make this restriction, so not too sure what is true. Not 100% familiar with licensing, so maybe someone else can confirm this.

tptronic
2014-11-01, 13:16
If it open source then it can be used for commercial use. Why do you say it cannot be used for professional pentesting ?

photonicgeek
2014-11-02, 02:50
There may be software in there that ISN'T licensed for commercial use. The community edition is open source (I believe), but not the "pro" version that you get when you pay for the whole tablet setup. I'm not 100% sure, but that is what would make sense.

kc_boom
2014-11-02, 11:06
I have asked the FSF, and they confirmed to me that what pwnie express are doing is illegal. If you check https://www.pwnieexpress.com/community/ they say:


Community/legacy software images are provided free of charge under the GNU Public License. By using this software you accept all responsibility for its use.

Then they say:


Rapid Focus Security, Inc. (dba Pwnie Express) provides the Community Edition software free of charge for non-commercial use only.


This is violation of GPL, becasue you cannot restrict GPL software to only one kind of use. Look here for more info https://www.gnu.org/licenses/gpl-faq.html#NoMilitary


I'd like to license my code under the GPL, but I'd also like to make it clear that it can't be used for military and/or commercial uses. Can I do this? (#NoMilitary)
No, because those two goals contradict each other. The GNU GPL is designed specifically to prevent the addition of further restrictions. GPLv3 allows a very limited set of them, in section 7, but any other added restriction can be removed by the user.

So, they are using GPL code without conforming to the GPL licenses, which is something they should be called out for.

photonicgeek
2014-11-03, 01:52
I have asked the FSF, and they confirmed to me that what pwnie express are doing is illegal. If you check https://www.pwnieexpress.com/community/ they say:



Then they say:



This is violation of GPL, becasue you cannot restrict GPL software to only one kind of use. Look here for more info https://www.gnu.org/licenses/gpl-faq.html#NoMilitary



So, they are using GPL code without conforming to the GPL licenses, which is something they should be called out for.

What CAN we do? Who would we contact?

I had a feeling something was a bit sketchy. It didn't make sense, but I was hoping it wouldn't be against GNU GPL. NetHunter is better AND free, AND complies with GPL! :P