Skip to content

HACK5

The hacking swiss-tools bazar

Founded in 2005, Hak5’s mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong. WWW.HAK5.ORG

WIFI PENTESTING

Automate WiFi auditing with all new campaigns and get actionable results from vulnerability assessment reports. Command the airspace with a new interactive recon dashboard, and stay on-target and in-scope with the leading rogue access point suite for advanced man-in-the-middle attacks.

Next-gen network processors combine with multiple role-based radios and the Hak5 patented PineAP suite to deliver impressive results. Hardened and stress tested for the most challenging environments.

The new WiFi Pineapple Mark VII features incredible performance from a simple web interface with an expansive ecosystem of apps, automated pentest campaigns, and Cloud C2 for remote access from anywhere.

REMOTE COMMAND & CONTROL

Cloud C² makes it easy for pentesters and security teams to deploy and manage Hak5 gear from the cloud.

  • Live Insights
    Broad visibility into wired and wireless landscape
  • Intuitive Dashboard
    Thoughtfully designed to assess the situation at-a-glance
  • Complete Control
    Command the airwaves with the WiFi Pineapple® suite
  • Web Shell
    Complete Linux terminals on all your devices
  • Hak5 Gear Ready
    Works with our top penetration testing devices
  • Simple Deployment
    Drag-and-drop one file to provision a device
  • Setup in Minutes
    A single executable for Windows, Mac and Linux
  • Self Hosted
    Install on the infrastructure you already own
  • Privacy First
    Devices communicate over encrypted backhauls
  • Secure by Default
    Automatic HTTPS setup and management

hotplug attacks

RUBER DUCKY

TO A HUMAN IT’S A FLASH DRIVE.
TO A COMPUTER IT’S A KEYBOARD, TYPING AT SUPERHUMAN SPEEDS.

Pull off the most creative and complex hotplug attacks.

From movies and TV to the hearts and toolkits of cybersecurity pros the world over,
the USB Rubber Ducky is a hacker culture icon synonymous with the attack it invented.

KEYSTROKE INJECTION

Computers trust humans. Humans use keyboards. Hence the universal spec – HID, or Human Interface Device.

A keyboard presents itself as a HID, and in turn it’s inherently trusted as human by the computer.

The USB Rubber Ducky – which looks like an innocent flash drive to humans – abuses this trust to deliver powerful payloads, injecting keystrokes at superhuman speeds.

THE KING OF KEYSTROKE INJECTION REVOLUTIONIZED

SHARK JACK

Hotplug attack, meet LAN. These pocket-sized pentest boxes perform network assessments in seconds! 

As tiny Linux computers, they run DuckyScript™ payloads powered by Bash. Armed out-of-the-box with an ultra fast network scanner, you’ll get recon with the flick of a switch.

Or flip the switch to arming mode and sync up with the online library for a plethora of payloads – remote access, exfiltration & more.

With feedback by RGB LED, and now live in-shell with USB-C Serial on the NEW Cable edition.

AT THE READY

Perfect for physical engagements. Keep this opportunistic wired network attack platform at the ready for intel & recon at a moments notice.

Even get live results and instant access to a Linux shell on the LAN with the Cable edition as shown.

SIMPLE SCRIPTING

The simple scripting language lets you quickly develop payloads using bash and familiar Linux network tools so you can automate any attack.

CLOUD C2 ENABLED

Jack into a LAN. Gather loot. Exfiltrate. Even interact with payloads and drop into a full Linux shell right from the web.

IMPLANTS & REMOTE ACCESS

KEY CROC

The Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It’s the ultimate key-logging pentest implant.

More than just recording and streaming keystrokes online, it exploits the target with payloads that trigger when keywords of interest are typed.

By emulating trusted devices like serial, storage, HID and Ethernet, it opens multiple attack vectors – from keystroke injection to network hijacking.

Imagine capturing credentials and systematically using them to exfiltrate data. Or pentest from anywhere, live in a web browser with Cloud C2.

It’s simple too. A hidden button turns it into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.

Tags:

Leave a Reply