A curated list of the best hacking gadgets for penetration testers, security researchers, and ethical hackers. Each entry includes a description/explanation and a buy URL.
⚠️ Disclaimer: These tools are intended for authorized security testing and research only. Always obtain proper permission before use. Unauthorized use may be illegal.
Description: The WiFi Pineapple is a professional wireless auditing and rogue access point platform. It enables Man-in-the-Middle (MitM) attacks, rogue AP setups, credential harvesting, and wireless network reconnaissance — all through an intuitive web-based interface. Its modular design supports a wide ecosystem of community-built modules for automated reconnaissance, phishing, and DNS spoofing.
Use Cases:
- Wireless network penetration testing
- Demonstrating risks of insecure Wi-Fi environments
- Rogue access point simulations
- Automated and manual Wi-Fi reconnaissance
Key Features:
- Web-based control panel
- Rogue AP and deauth attack support
- Expandable via community modules
- Support for MitM and credential interception
Buy: https://shop.hak5.org/products/wifi-pineapple
Description: The USB Rubber Ducky is a covert keystroke injection tool disguised as an ordinary USB flash drive. When plugged in, the target computer recognizes it as a keyboard, allowing it to execute pre-scripted keystrokes at high speed. It can automate attacks, deploy payloads, extract data, or run administrative commands — all within seconds.
Use Cases:
- Physical access penetration testing
- Automated payload delivery
- Endpoint security demonstrations
- Cross-platform scripted attacks (Windows, macOS, Linux)
Key Features:
- Uses simple Ducky Script language
- Supports USB-A and USB-C (newer versions)
- Bypasses most endpoint security that ignores HID devices
- Large library of community payloads
Buy: https://shop.hak5.org/products/usb-rubber-ducky
Description: The Bash Bunny is a highly configurable USB attack platform that can emulate multiple device types simultaneously — keyboard, mass storage, Ethernet adapter, and serial device. Essentially a portable Linux computer in USB form factor, it executes complex, multi-vector attack payloads automatically when plugged in.
Use Cases:
- Multi-stage USB-based penetration tests
- Automated credential harvesting
- Privilege escalation simulations
- Red team physical access engagements
Key Features:
- Emulates multiple USB device types at once
- Runs on an embedded Linux OS
- Large library of community-developed payloads
- Easy payload management via USB storage mode
Buy: https://shop.hak5.org/products/bash-bunny
Description: The LAN Turtle is a covert network implant disguised as a USB-to-Ethernet adapter. Once connected between a computer and an Ethernet port, it provides persistent remote access, network traffic sniffing, and man-in-the-middle capabilities — all while remaining virtually invisible to the end user.
Use Cases:
- Simulating rogue device insertion on internal networks
- Persistent remote access during red team engagements
- Network traffic interception and analysis
- Inside-the-building lateral movement simulations
Key Features:
- Disguised as a standard USB-to-Ethernet adapter
- Persistent SSH-based remote access
- Supports various attack modules (MitM, sniffing, etc.)
- Stealthy and miniaturized form factor
Buy: https://shop.hak5.org/products/lan-turtle
Description: The Packet Squirrel Mark II is a pocket-sized, battery-powered Ethernet multi-tool designed for passive packet sniffing, man-in-the-middle attacks, and covert data exfiltration over encrypted tunnels. It sits inline between a device and its network connection, requiring no software installation on the target system.
Use Cases:
- Covert network traffic capture and analysis
- Real-world data exfiltration simulations
- Inline MitM attacks on wired networks
- Physical red team engagements
Key Features:
- No target software installation required
- Onboard packet capture to local storage
- Battery-powered for portable operation
- Supports VPN tunnels for covert exfiltration
Buy: https://shop.hak5.org/products/packet-squirrel-mark-ii
Description: The O.MG Cable looks and functions exactly like a normal USB charging/data cable, but conceals a covert implant capable of keylogging, executing payloads, and establishing a Wi-Fi-based command-and-control channel. It demonstrates the serious security risks posed by supply-chain attacks and malicious charging cables.
Use Cases:
- Supply-chain attack simulations
- Physical security assessments
- Keylogging and data exfiltration demonstrations
- Remote payload delivery via Wi-Fi C2
Key Features:
- Indistinguishable from a normal USB cable
- Wi-Fi-based remote command and control
- Keylogging capabilities
- Available in USB-A and USB-C variants
Buy: https://shop.hak5.org/collections/omg
Description: The Shark Jack is a tiny, keychain-sized network audit tool designed for rapid, covert on-site reconnaissance. With a single button press, it executes network scanning and data capture scripts, making it ideal for "smash and grab" style penetration testing where speed and stealth are critical.
Use Cases:
- Quick on-site network reconnaissance
- Rapid network mapping during physical engagements
- Automated "grab and go" red team operations
Key Features:
- Built-in battery for standalone operation
- Pocket/keychain-sized form factor
- One-touch payload execution
- Scriptable using Hak5 attack framework
Buy: https://shop.hak5.org/products/shark-jack
Description: The Screen Crab is an HDMI man-in-the-middle device that passively captures screen content as it passes through the HDMI cable. It silently records screenshots or streams display data, making it an effective tool for physical red team assessments targeting conference rooms, kiosks, or shared displays.
Use Cases:
- Visual data exfiltration via HDMI
- Physical red team assessments
- Monitoring displayed content on target screens/projectors
- Demonstrating risks of physical access to display ports
Key Features:
- Passive inline HDMI capture
- Stores captured screenshots to onboard storage
- Discreet and easy to deploy inline
- No software installation required on target
Buy: https://shop.hak5.org/products/screen-crab
Description: The Plunder Bug is a miniature, portable LAN/Ethernet tap designed for passive network monitoring and packet capture. It plugs inline on any Ethernet connection and mirrors traffic to a connected device, providing instant visibility into network communications without disrupting the target connection.
Use Cases:
- Passive network traffic analysis
- Quick inline packet capture on Ethernet connections
- Physical red team network monitoring
Key Features:
- Plug-and-play operation
- Miniaturized and ultra-portable form factor
- Passive traffic mirroring (no disruption to target)
- Stealthy deployment
Buy: https://shop.hak5.org/products/plunder-bug
Description: Flipper Zero is a portable, open-source multi-tool for security researchers and hardware hackers. It combines support for sub-GHz radio, RFID/NFC, infrared, Bluetooth, GPIO, and iButton protocols into a single pocketable device with a friendly dolphin interface. Its active community continuously develops new firmware, apps, and plugins.
Use Cases:
- RFID/NFC card cloning and emulation
- Sub-GHz radio signal capture and replay (garage doors, key fobs)
- Infrared device control and learning
- Bluetooth scanning and basic attacks
- Hardware GPIO experimentation
Key Features:
- Supports 125 kHz RFID, 13.56 MHz NFC, Sub-GHz, IR, Bluetooth, iButton
- Open-source firmware with active community ecosystem
- Built-in screen and directional pad for standalone use
- Expandable via GPIO and community modules
Buy: https://hackerwarehouse.com/product/flipper-zero/
Description: The Proxmark3 RDV4 is the gold-standard tool for RFID and NFC security research. It supports both low-frequency (125 kHz) and high-frequency (13.56 MHz) RFID standards, enabling security professionals to read, write, clone, emulate, and sniff RFID tags and access cards. It is an essential tool for any engagement involving physical access control systems.
Use Cases:
- Reading and cloning RFID access badges
- NFC card security analysis
- RFID protocol reverse engineering
- Access control system penetration testing
Key Features:
- Supports LF (125 kHz) and HF (13.56 MHz) RFID/NFC
- Read, write, clone, emulate, and sniff capabilities
- Optional Bluetooth module for wireless operation
- Powerful open-source Proxmark3 firmware (Iceman fork)
Buy: https://hackerwarehouse.com/product/proxmark3-kit/
Description: The Ubertooth One is an open-source 2.4 GHz wireless development platform specifically designed for Bluetooth security research and experimentation. Unlike standard Bluetooth adapters, it can sniff Bluetooth Classic and BLE (Bluetooth Low Energy) traffic, analyze protocols, and assist in vulnerability discovery across Bluetooth-enabled devices.
Use Cases:
- Bluetooth traffic sniffing and protocol analysis
- BLE device security research
- Bluetooth vulnerability discovery
- IoT device security assessments
Key Features:
- Open-source hardware and software (Project Ubertooth)
- Supports Bluetooth Classic and BLE sniffing
- USB dongle form factor
- Compatible with Wireshark for live traffic analysis
Buy: https://hackerwarehouse.com/product/ubertooth-one/
Description: The HackRF One is a wide-band, open-source Software Defined Radio (SDR) capable of transmitting and receiving radio signals from 1 MHz to 6 GHz. When paired with the PortaPack H4M — a standalone handheld interface add-on — it becomes a fully portable RF hacking platform for analyzing, capturing, and replaying a vast range of wireless signals without requiring a laptop.
Use Cases:
- Analyzing and attacking a wide spectrum of wireless protocols
- GSM, GPS, ADS-B, and sub-GHz signal capture
- Replay attacks on key fobs, remote controls, etc.
- Spectrum analysis and RF reconnaissance
Key Features:
- Frequency range: 1 MHz – 6 GHz (TX and RX)
- Open-source hardware and Mayhem firmware
- PortaPack H4M adds standalone portable operation
- Compatible with GNU Radio and other SDR software
Buy: https://hackerwarehouse.com/product/hackrf-portapack/
| # | Gadget | Category | Source | Buy URL |
|---|---|---|---|---|
| 1 | WiFi Pineapple | Wireless / MitM | Hak5 | Buy |
| 2 | USB Rubber Ducky | Keystroke Injection | Hak5 | Buy |
| 3 | Bash Bunny | Multi-vector USB | Hak5 | Buy |
| 4 | LAN Turtle | Network Implant | Hak5 | Buy |
| 5 | Packet Squirrel Mark II | Ethernet Tap / MitM | Hak5 | Buy |
| 6 | O.MG Cable | Covert Payload / Keylogger | Hak5 | Buy |
| 7 | Shark Jack | Quick Network Recon | Hak5 | Buy |
| 8 | Screen Crab | HDMI Capture | Hak5 | Buy |
| 9 | Plunder Bug | LAN Traffic Tap | Hak5 | Buy |
| 10 | Flipper Zero | Multi-protocol Multi-tool | Hacker Warehouse | Buy |
| 11 | Proxmark3 RDV4 Kit | RFID / NFC | Hacker Warehouse | Buy |
| 12 | Ubertooth One | Bluetooth Sniffing | Hacker Warehouse | Buy |
| 13 | HackRF One + PortaPack H4M | Software Defined Radio | Hacker Warehouse | Buy |