If you've grown bored of day-to-day hacking and need a new toy to experiment with, we've compiled a list of gadgets to help you take password cracking and wireless hacking to the next level. If you're not a white hat or pentester yourself but have one to shop for, whether for a birthday, Christmas present, or other gift-giving reason, these also make great gift ideas.
Some items featured in this article may not appeal to every penetration tester. As hackers, we each develop our own areas of expertise and interests.
Wi-Fi enthusiasts might appreciate the below antenna as it's capable of capturing keystrokes over-the-air similar to how WPA2 handshakes are captured. Others with an interest in quadcopters might enjoy the featured drones for their ability to fly 1–2 miles away without losing a signal and carry attached hardware such as the Wi-Fi Pineapple and Raspberry Pi.
In 2016, the security firm Bastille made headlines when it reported its research on wireless keyboard and mouse vulnerabilities. Dubbed "mousehacking," these vulnerabilities allow an attacker (up to 300 feet away) to take control of a target computer without needing physical access. These attacks allow for remote keystroke injections by letting penetration testers anonymously pair their device to a target computer that is using popular wireless keyboard adapters (shown below).
This attack is made possible due to keyboard vendors (Logitech and Dell) failing to encrypt data transmissions between the keyboard and USB adapter or failing to properly authenticate devices communicating with the adapter. It's been over two years since the vulnerabilities were disclosed but there are reportedly more than a billion affected devices worldwide as Logitech and Dell are extremely popular manufactures of wireless keyboards.
The "Crazyradio USB Dongle" used in these attacks is a 2.4 GHz bi-directional transceiver which can send and receive radio telemetry. Essentially, this USB dongle is capable of observing, recording, and injecting wireless radio waves.
- Crazyradio USB Dongle - MSRP $44.99 (Amazon)
A graphics processor (GPU) is chip, usually embedded in an internal graphics card attached to a computer's motherboard, designed to efficiently process images and alter memory in smartphones, personal computers, and gaming consoles. GPUs are responsible for all of the video and image rendering on our electronic devices.
Hackers repurpose GPU technologies and build dedicated "cracking rigs" to enhance password brute-forcing attacks with Hashcat. This kind of usage is demonstrated in Tokyoneon's "Hack 200 Online User Accounts in Less Than 2 Hours" article, where he compromised hundreds of Twitter, Facebook, and Reddit accounts by using a GPU to crack hashes found in a leaked password database.
If you're looking to take cracking more seriously, develop a cluster of GPUs to multiply brute-forcing power with the GTX 1080 Ti. The GTX 1080 will be capable of cracking tens of millions more hashes per second and therefore might be a better investment. This model has been superseded by the RTX 2080 Ti, so you could also go that way if you can afford it.
- EVGA GeForce GTX 1080 Ti - $899.99 & Up (Amazon)
The GPD Pocket has been dubbed "the world's smallest laptop," which is an interesting option for white hats and pentesters always on the go. It features the Intel Atom X7, 1920 x 1080 resolution, and 8 GB of RAM packed into a small-sized laptop that's only a bit larger than most modern smartphones (shown below).
Pocket-sized PCs are growing in popularity due to their small size, physical keyboards, ability to handle high-performance games, and Intel CPUs which are superior to ones found in Raspberry Pis and smartphones.
If you're looking for a bit more power in a slimmer laptop, the latest GPD Pocket 2 features better hardware specs and is 50% thinner than the previous model.
The Raspberry Pi 3 Model B+ was released this year featuring a slightly faster CPU, upgraded Wi-Fi and Ethernet modules, and can be powered without a traditional power adapter using the Ethernet port (with a PoE HAT).
Null Byte has covered how to build a hacking Raspberry Pi, use VNC to remotely access it, and create a portable pentesting Pi box, to name just a few tutorials. Using a Raspberry Pi as a hacking tool has been covered at length, so I'll move on.
- Raspberry Pi 3 B+ - MSRP $35 (Amazon | Walmart)
- With power supply - MSRP $47.95 (Amazon)
- With power supply and case - MSRP $54.99 (Amazon)
- With power supply, case, 16 GB SD card, etc. - MSRP $74.95 (Amazon)
- With power supply, case, 32 GB SD card, etc. - MSRP $79.95 (Amazon)
- With power supply, case, 32 GB SD card, cables, etc. - MSRP $94.95 (Amazon)
The USB Armory is a computer about the size of a USB flash drive designed to deliver a number of advanced security features. It was built to support the development of several security software and applications while reducing power consumption. As per the developer's keynote at FSec 2016, the USB Armory can be used for:
- file storage with advanced features such as automatic encryption, virus scanning, host authentication, and data self-destruct
- OpenSSH client and agent for untrusted hosts
- router for end-to-end VPN tunneling
- password manager with an integrated web server
- electronic wallet (e.g., Bitcoin wallet)
- authentication token
- portable penetration testing platform
- low-level USB security testing
A virtual private server (VPS) is a computer we can control remotely from any internet-connected device in the world. Adding a reliable VPS subscription to your arsenal is essential to any penetration tester and professional security researcher. From a remote VPS, penetrations testers can:
- host payloads for hacking macOS and Windows 10
- securely sync files
- create IRC bots
- host phishing websites
- perform password brute-force reuse attacks
- host USB drop payloads
- use advanced Nmap scripts
- create server proxies
- create onion websites
- host Metasploit sessions
Our favorite for white hats and pentesters is BulletShield since it does not require or request any personal info when registering or paying, offers offshore solutions, and has a Tor-friendly website, among other things. Check out the full guide to picking the right VPN below for more info.
The USB Rubber Ducky is Hak5's USB keystroke injection tool capable of executing payloads at over 1,000 words per minute. It can be used to hack a macOS device in less than 5 seconds, disable antivirus software, or social engineer someone into plugging it into their computer.
- USB Rubber Ducky - MSPR $44.99 (Hak5)
The Bash Bunny is a multi-functional USB attack tool similar to the USB Rubber Ducky. However, the Bash Bunny is a full-featured Linux operating system which gives it a number of advantages over the USB Rubber Ducky such as carrying multiple advanced payloads, emulating a combination of devices, and performing numerous advanced attacks. Penetration testers with a need to take their physical attacks to the next level will appreciate this one.
- Bash Bunny - MSRP $99.99 (Hak5)
The Packet Squirrel is a pocket-sized man-in-the-middle attack tool designed for covert packet capturing and secure remote access to target networks. Ports on this small network implant include a USB and Ethernet.
- Packet Squirrel - MSRP $59.99 (Hak5)
The LAN Turtle is a covert penetration testing tool great for network intelligence gathering, advanced surveillance, and man-in-the-middle attacks all available via a graphical shell. It ships equipped with SIM (3G) functionalities and a modular framework that allows hackers to very easily execute and automate advanced network attacks.
- LAN Turtle - MSRP $59.99 (Hak5)
The WiFi Pineapple and WiFi Pineapple Nano are excellent rogue access point and Wi-Fi auditing devices. Their suite of Wi-Fi auditing tools is designed to make reconnaissance, man-in-the-middle attacks, and hacking wireless networks quick and painless. Best of all, all of these features can be accessed using any phone or web browser via the easy-to-use graphical interface.
Wi-Fi hacking is a popular topic among penetration testers. Our ability to compromise wireless networks with ease is an essential skill. So a wireless adapter is something you can't do without, preferably one that's Kali-compatible. Some choices that are worth looking into include:
- ALFA AWUS036NHA - $39.99 (Amazon)
- ALFA AWHUS036NH - $34.99 (Amazon)
- ALFA AWUS036NEH - $31.45 (Amazon)
- Panda PAU05 - $13.99 (Amazon)
- TP-Link TL-WN722N v1 - $9.99 (Amazon)
For more information, check out our Null Byte guide on choosing a wireless network adapter to see more options that are available for your specific needs.
If standard Wi-Fi hacking antennas aren't getting the job done, increasing the signal coverage and range with a bigger antenna will allow us to compromise routers much further away.
The Tupavco TP512 Yagi Wi-Fi Directional Antenna has customer reviews reporting up to 300 feet of range. Some reports online claim up to 1 mile of range where an unobstructed line of sight to the target router is permitted. There are other vendors selling similar Yagi products and bundles. For example, ALFA's Yagi Antenna includes an ALFA hacking chipset and the necessary cable adapter.
With drone racing rising in popularity over the last few years, these small quadcopters are quickly becoming the DIY-hackers gadget of choice.
In upcoming Null Byte articles, we'll be talking about building our own affordable hacking drone and demonstrating all of the unique scenarios penetration testers can utilize with such devices.
3D printers on Amazon (of decent quality) start at around $299. Add the price of the materials, individual drone components, and a remote control — that's well over $500 spent building a hacking drone from scratch. If you're looking for a quicker solution or lack the patience to deal with the technical ins and outs of 3D printing and drone building, there are alternatives.
The DJI Spark Drone is a small, lightweight drone that includes a remote control for a total of $399. With up to 15 minutes of flight time, a range of up to 1.2 miles, and an attached 12 MP 1080p video camera, this is possibly the best, most affordable little drone currently on the market.
If your budget allows for a wider range of drones, the "DJI Mavic Drone" may be a better option. It features a higher resolution camera, up to 2.4 miles of range, 8 GB of internal storage (for video recording), 3-axis mechanical gimbal (for improved stability), and over 20 minutes of flight time.
While e-books aren't physical gadgets, I thought this was worth mentioning as every penetration tester should have a healthy supply of learning resources at their disposal.
Null Byte is an excellent repository for learning how to use Metasploit as well as how to hack macOS and Windows 10. However, e-books and certification exam preparation cookbooks contain vast amounts of information. These materials are often created by veteran pentesters with over a decade of hands-on professional experience. Novice hackers who have prepared for any kind of ethical hacking exam will tell you how valuable these learning materials can be.
A variety of learning materials can sometimes be found for free on websites like "All IT eBooks." While some of these e-books are several years old, they still contain relevant and useful information. Other (non-free) titles include:
- The Hacker Playbook 3: Practical Guide To Penetration Testing
- CompTIA Network+: Certification All-in-One Exam Guide, Seventh Edition
- CompTIA CySA+: Cybersecurity Analyst Certification All-in-One Exam Guide
- CEH: Certified Ethical Hacker Bundle, Third Edition (All-in-One)
- CompTIA PenTest+: Certification All-in-One Exam Guide
- CISSP: All-in-One Exam Guide, Eighth Edition
- Hash Crack: Password Cracking Manual
- Kali Linux Web Penetration Testing Cookbook: Identify, exploit, and prevent web application vulnerabilities with Kali, 2nd Edition
We tried to compile a diverse list of hacking tools and gadgets intermediate penetration testers might appreciate. If you're looking to explore weaponized hacking drones, extend the range of your Wi-Fi router hacks, or dive deeper into password cracking, the featured gadgets should provide a good starting point.
This list of hacker gear might not appeal to everyone, however. Did we miss any noteworthy or new gizmos hackers should know about? Be sure to leave a comment below with your picks for the essential gadgets hackers should try!