Fake RNDIS network interface speed up to 20GB/s to get the lowest metric and win every fight for the dominating 'default gateway' entry in routing tables, while carrying out network attacks (patch could be found here and the README here)
Automatic link detection and interface switching, if a payload enables both RNDIS and ECM network
SSH server is running by default, so P4wnP1 could be connected on 172.16.0.1 (as long as the payload enables RNDIS, CDC ECM or both) or on 172.24.0.1 via WiFi
if both, WiFi client mode and WiFi Access Point mode, are enable - P4wnP1 fails over to open an Access Point in case the target WiFi isn't reachable (Pi Zero W only)