Hak5 offers a variety of hardware hacking tools designed for penetration testing, security research, and exploration of various communication protocols. Here’s a list of Hak5’s key hardware tools along with their attack surfaces:
1. USB Rubber Ducky
- Description: A USB device that emulates a keyboard, executing prewritten scripts when plugged into a computer.
- Attack Surface:
- Keystroke Injection: Automates commands or scripts by emulating rapid keyboard input.
- System Manipulation: Executes system-level commands, downloads malware, or alters system settings.
- Data Exfiltration: Extracts sensitive data from the target system.
2. Bash Bunny
- Description: A multi-function USB attack platform that supports various payloads and attack vectors.
- Attack Surface:
- USB HID Attacks: Emulates keyboards and network devices.
- Network Attacks: Acts as a network adapter to perform man-in-the-middle (MITM) attacks, DNS spoofing, or data exfiltration.
- Mass Storage Attacks: Mimics a USB drive to deploy or retrieve files.
3. Key Croc
- Description: A stealthy keylogger that captures keystrokes and can deploy payloads when specific sequences are detected.
- Attack Surface:
- Keylogging: Records all keystrokes entered on a keyboard.
- Payload Execution: Deploys custom scripts or commands upon detecting specific keystroke sequences.
- Data Exfiltration: Sends captured data to a remote server or stores it locally.
4. Shark Jack
- Description: A compact network penetration testing device that connects via Ethernet.
- Attack Surface:
- Network Scanning: Performs reconnaissance by scanning network devices and services.
- Network Injection: Executes payloads that can manipulate or disrupt network traffic.
- MITM Attacks: Captures and analyzes network data, potentially leading to credential theft or data manipulation.
5. Packet Squirrel
- Description: A pocket-sized device for packet capture and man-in-the-middle attacks.
- Attack Surface:
- Packet Capture: Logs network traffic for analysis.
- MITM Attacks: Intercepts and modifies traffic between a device and the network.
- Network Spoofing: Alters DNS responses or redirects traffic to malicious sites.
6. LAN Turtle
- Description: A covert penetration testing tool disguised as an Ethernet adapter.
- Attack Surface:
- Remote Access: Provides persistent remote access via SSH.
- Network Manipulation: Spoofs DNS, redirects traffic, or captures network packets.
- Data Exfiltration: Steals data from the local network or connected devices.
7. Signal Owl
- Description: A powerful Wi-Fi reconnaissance and attack platform.
- Attack Surface:
- Wi-Fi Sniffing: Captures Wi-Fi traffic, including unencrypted data and credentials.
- Wi-Fi Jamming: Disrupts Wi-Fi communications by flooding the network with noise.
- Evil Twin Attacks: Creates fake access points to capture user credentials or inject malicious payloads.
8. WiFi Pineapple
- Description: A comprehensive Wi-Fi auditing tool for penetration testers.
- Attack Surface:
- Rogue Access Point: Mimics legitimate Wi-Fi networks to intercept user data.
- Wi-Fi Sniffing: Captures Wi-Fi traffic for analysis, including credentials and session data.
- Client Manipulation: Forces client devices to connect to malicious access points.
9. O.MG Cable
- Description: A malicious USB cable that looks normal but can deliver payloads and perform keystroke injections.
- Attack Surface:
- Keystroke Injection: Sends malicious commands to the connected device.
- Payload Deployment: Deploys scripts or malware onto the target system.
- Remote Control: Allows remote execution of commands via a wireless interface.
10. Rubber Ducky MkII
- Description: An updated version of the USB Rubber Ducky with enhanced features.
- Attack Surface:
- Enhanced Keystroke Injection: Faster and more reliable script execution.
- Dynamic Payloads: Supports more complex and adaptive payloads.
- Cross-Platform Compatibility: Works on various operating systems for broader attack potential.