In stock Open-source offensive security hardware
Sniff it. Glitch it. Pwn it.
PWNLAB builds open-source hardware for breaking into IoT, RF and embedded systems, and runs the security research behind it. Portable, field-tested, and priced for every lab. Shipped worldwide through Electronic Cats and partners.
The arsenal
Hardware that does the hard part
Four purpose-built tools for IoT, RF and embedded work. Open source, field-proven, and ready to ship from the Electronic Cats store.
In stock 
In stock 
Out of stock 
In stock Flipper Zero Add-On
Flipper Add-On: Ethernet
Drop your Flipper Zero onto any wired LAN
$25.00 USD Details →
Services
We use what we build
PWNLAB is a working security lab. We research, test and break real systems, then turn what we learn into the tools you see here.
Security Research
Deep offensive research into IoT, RF and embedded systems. The same work that powers our tools, shared openly with the community.
- Vulnerability discovery
- RF & protocol analysis
- Responsible disclosure
Hardware & IoT Security Testing
End-to-end security testing for connected products, IoT and embedded hardware: from firmware extraction, SWD/JTAG access and fault injection to radio attacks across the full attack surface, before they ship.
- Firmware & SWD/JTAG analysis
- EMFI, glitching & radio attacks
- Pre-launch device assessments
Tooling & Open Hardware
We design, build and ship the open-source hardware and software used by security teams worldwide, and can build custom tooling on request.
- Custom hardware
- Firmware & CLIs
- Open-source by default
Need hardware tested or research done? Start a conversation
Open source
Our repositories
Public repositories from @pwnlabmx: open hardware and open source, all yours to build on.
3,431 ★ total stars across cldrn · pwnlabmx · Electronic Cats
dicom-fuzzing-corpus
DICOM fuzzing corpus for medical-device security research.
pwnlabmx/dicom-fuzzing-corpus
sniffle
Sniffle BLE sniffer build for CatSniffer.
Makefile pwnlabmx/sniffle
Nmap-Scripting-Engine-Modules-Feed
Nmap Scripting Engine modules feed. Contact [email protected] for more info.
Vim Script pwnlabmx/Nmap-Scripting-Engine-Modules-Feed
jolly-wifi-button
Open-source schematics/code for a wireless ordering button.
C++ pwnlabmx/jolly-wifi-button
CatSniffer fork
Multiprotocol, multiband board for sniffing and attacking IoT.
Python pwnlabmx/CatSniffer
Minino fork
ESP32-C6 mini multiprotocol board with GPS, microSD and OLED.
pwnlabmx/Minino
CatSniffer-Firmware fork
CatSniffer firmware.
C pwnlabmx/CatSniffer-Firmware
CatSniffer-Tools fork
CatSniffer host-side tools (catnip).
Python pwnlabmx/CatSniffer-Tools
faultycat fork
Low-cost EMFI fault-injection tool.
pwnlabmx/faultycat
Featured this month
Video of the month
Featured this month on our Instagram
Catch our latest demos, teardowns and field tests over on Instagram. New drops every month.
Follow @pwnlabmx Latest news
All news From the lab
Releases, research notes and field reports.
FaultyCat firmware v3 lands: a full rewrite with two attack engines
Firmware v3.0.0.0 is a from-scratch rewrite for the v2.x hardware, shipping EMFI and Crowbar engines with Direct and Campaign modes.
Flipper Ethernet Add-On v1.1.2.1: port scanning, OS detection and ping
The companion app's biggest reconnaissance update yet adds a Port Scanner, OS Detector and Ping, on top of the ARP scanning and PCAP capture it already does over the ENC28J60.
Minino firmware v1.1.14.1 keeps the pocket lab sharp
The latest Minino release continues to expand the ESP32-C6 multiprotocol toolkit across Wi-Fi, BLE, Zigbee, Thread and GPS WarDriving.
Who we are
A security lab that ships silicon
PWNLAB is a security-research outfit and hardware maker. We build the tools we wish existed for red-teaming IoT and embedded systems, then open-source the lot: schematics, firmware and software, so the community can build, audit and extend.
Our hardware is developed and manufactured in collaboration with Electronic Cats, open-hardware makers based in Mexico, and is certified by the Open Source Hardware Association.
Work with us- RF & IoT sniffingLoRa, Sub-1 GHz, 2.4 GHz, Zigbee, Thread, BLE, Wi-Fi.
- Hardware fault injectionEMFI and voltage glitching for embedded security testing.
- Wired network toolingARP scan/spoof, PCAP capture and analysis on Flipper Zero.
- Open hardware & firmwarePublic schematics, AGPL/CERN-OHL licensing, OTA updates.
Who's behind it
Led by experienced researchers
PWNLAB is founded by Paulino Calderón (@cldrn), co-founder of the renowned network and application security consultancy Websec (MX/CA). Author of several research publications and author of Nmap: Network Exploration and Security Auditing Cookbook (3 editions), Mastering the Nmap Scripting Engine and co-author of Practical IoT Hacking. A long-time open source contributor, and an international speaker/instructor at conferences like Black Hat, DEF CON, DragonJARCON, and 8.8.
That same research drives every PWNLAB tool, and it's the expertise you tap when you hire our team.
- Books and publicationsBlog posts, research publications and printed publications.
- Open Source ContributorNmap, Metasploit, OWASP projects, and personal projects.
- International Speaker/InstructorBlackhat US, Blackhat Asia, Blackhat Europe, DEF CON, DragonJARCON, 8.8, and many others.
- Experience+18 years of professional experience
Ready to gear up?
Every PWNLAB tool is open source and ships worldwide through the Electronic Cats store.