Physical Penetration Testing Toolkit

27 Jan

Most penetration testing companies provide and physical penetration testing as part of their services.Some of them are taking this service more seriously than others as they are spending part of their budget to obtain specialized costumes and equipment that can be used in physical penetration tests.In this article we will examine some of the equipment that is necessary to have if we are going to conduct a physical penetration test.

Get Of Jail Free Card

This is usually a signed letter from the client which states that the penetration tester is authorized to perform the test and the client is aware.This type of letter will work as a proof in case that things go bad and you will get caught by the security personnel or the police authorities.So the letter must include the contact details of the people that they are aware that a test is performed (preferably people in higher level positions) and must be reachable during the test.This letter should never be forgotten by the penetration tester and it is a good practice to have at least 2 original copies in case that one is lost accidentally or is destroyed.

Get Out Of Jail Template

Get Out Of Jail Template


Cameras are important equipment because you can take photos of client documents,facilities and the areas that you have managed to gain access.These photos can be used as evidence in the penetration testing report afterwards.Of course cameras of mobiles phones can be used as well but it is recommended a proper digital camera with large amount of memory.



Binoculars are useful in cases that you want to observe the security guards from long distance or you want to perform shoulder surfing attacks against the employees of your client.For portability reasons and for not raising any alerts it is advised to buy binoculars that can fit into your pocket.

Portable Binoculars


In a physical penetration test someone will assume that a laptop is not needed because all you have to do is to physical penetrate.Wrong!In case that you want to construct a scenario where you will disguise as an employee of the company a laptop is a critical component.Additionally you can have a case where the client will require from you to manage to attach into the internal network.



A GPS device can help you in many ways.First of all you can have an idea of the location that you are going to attack by observing satellite photos before the test.Alternatively you can use Google maps for that but the GPS has the advantage that you can carry it with you during the test and you can mark locations that you want to explore or to avoid.Also it is vital for your support team to know exactly where are you.Before you buy a GPS make sure that the device can export the route that you took in order to include it into the report.

GPS Device

Lock Picking Tools

Of course in a physical penetration test you don’t expect every door to be open so it is essential to have in your bag and a set of lock picking tools.Generally lock picking tools are not very expensive so you will need to choose very carefully the best quality that it will assist your needs as you don’t want to break your client locks.

Lock Picking Tools

Snap Lock Pick Gun

USB Sticks

There are scenarios where in a physical penetration test you might require just to plant a USB stick inside the premises of the company that will contain malicious content.This will be the case when the client wants to test their employees awareness against this type of attack.You can use the social engineering toolkit in order to create the malicious USB or you can import your own files.

USB Sticks

Pwnie Express Tools

Pwnie Express is a company that specializes in constructing hardware tools that can be used in physical penetration testing engagements.Most of them are quite expensive but the effectiveness of the tools are high because they look like normal devices so when you will plug them on the network it will be difficult to be discovered by the employees or the administrators.Some of the devices that you can buy are the following:

  • Pwn Plug mini
  • Power Pwn
  • and PwnPhone

Pwn Plug Mini


Power Pwn




Posted by on January 27, 2013 in Social Engineering


Tags: , , ,

10 responses to “Physical Penetration Testing Toolkit

  1. Ben Miller

    January 27, 2013 at 3:00 pm

    No pack of gum? Pack of Cigarettes? Clipboard, notepad and pens?

  2. netbiosX

    January 27, 2013 at 3:26 pm

    @Ben The article is focused only in the devices that you need to have with you.Of course if you want to use tailgating as a technique a pack of cigarettes is probably needed but it is not considered as a device.Also clipboards,notepads and pens can help you in scenarios that you want to disguise yourself but everything it depends on the scenario that you will construct in order to physical penetrate the premises.So you can have different tools for a variety of scenarios as well as uniforms and costumes.However the above list is a general list that in my opinion every penetration tester that performs physical attacks must have.

  3. Christian Bassey

    January 28, 2013 at 3:41 pm

    it a reach article with a very explainable content.
    but what if you want to penetrate the network from outside without having to enter the company first.


      January 29, 2013 at 2:12 pm

      thank for your reply

  4. netbiosX

    January 28, 2013 at 3:51 pm

    @Christian Bassey If you want to penetrate the network from outside the easiest way is through social engineering attacks.You can read other articles in the social engineering category in order to understand how you can do it.

  5. Andy Wilson

    January 28, 2013 at 4:47 pm

    Nice article. My physical penetration kit consists of Google, a telephone and clipboard! Never failed to get in or out of a building with this. I also also carry a “get out of jail card” but have never had to present it. I now carry 2 of them, a spoof one ( to see if they actually check the details) and the real one.

  6. Bryan Miller

    January 28, 2013 at 7:32 pm

    Don’t forget a flashlight and a good roll of electrical or duct tape (comes in handy in lots of ways). And, regarding lock picking tools, make sure you check your state law. In some states it is illegal to own them unless you’re a certified locksmith.

  7. DJ

    January 29, 2013 at 1:12 am

    Also check out the OG150 – – designed to plug in on site and walk away (remote SSH tunnels created). Includes covert physical surveillance.

    • slyfingaz

      January 31, 2013 at 10:13 pm

      Nice find. Cant wait for the 0g150 to come back in stock… the webcam feature makes me drool.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: