Hacking Gear: 10 Essential Gadgets Every Hacker Should Try

10 Essential Gadgets Every Hacker Should Try

If you've grown bored of day-to-day hacking and need a new toy to experiment with, we've compiled a list of gadgets to help you take password cracking and wireless hacking to the next level. If you're not a white hat or pentester yourself but have one to shop for, whether for a birthday, Christmas present, or other gift-giving reason, these also make great gift ideas.

Some items featured in this article may not appeal to every penetration tester. As hackers, we each develop our own areas of expertise and interests.

Wi-Fi enthusiasts might appreciate the below antenna as it's capable of capturing keystrokes over-the-air similar to how WPA2 handshakes are captured. Others with an interest in quadcopters might enjoy the featured drones for their ability to fly 1–2 miles away without losing a signal and carry attached hardware such as the Wi-Fi Pineapple and Raspberry Pi.

1. Mousejacking Exploit Antenna

In 2016, the security firm Bastille made headlines when it reported its research on wireless keyboard and mouse vulnerabilities. Dubbed "mousehacking," these vulnerabilities allow an attacker (up to 300 feet away) to take control of a target computer without needing physical access. These attacks allow for remote keystroke injections by letting penetration testers anonymously pair their device to a target computer that is using popular wireless keyboard adapters (shown below).

Image by Bastille/YouTube

This attack is made possible due to keyboard vendors (Logitech and Dell) failing to encrypt data transmissions between the keyboard and USB adapter or failing to properly authenticate devices communicating with the adapter. It's been over two years since the vulnerabilities were disclosed but there are reportedly more than a billion affected devices worldwide as Logitech and Dell are extremely popular manufactures of wireless keyboards.

For more information on this attack, check out Bastille's official website for a list of affected devices and technical details.

The "Crazyradio USB Dongle" used in these attacks is a 2.4 GHz bi-directional transceiver which can send and receive radio telemetry. Essentially, this USB dongle is capable of observing, recording, and injecting wireless radio waves.

  • Crazyradio USB Dongle - MSRP $44.99 (Amazon)
Image by Bastille/YouTube

2. GPUs for Password Cracking

A graphics processor (GPU) is chip, usually embedded in an internal graphics card attached to a computer's motherboard, designed to efficiently process images and alter memory in smartphones, personal computers, and gaming consoles. GPUs are responsible for all of the video and image rendering on our electronic devices.

Hackers repurpose GPU technologies and build dedicated "cracking rigs" to enhance password brute-forcing attacks with Hashcat. This kind of usage is demonstrated in Tokyoneon's "Hack 200 Online User Accounts in Less Than 2 Hours" article, where he compromised hundreds of Twitter, Facebook, and Reddit accounts by using a GPU to crack hashes found in a leaked password database.

GeForce graphics cards are a great starting point for hackers who are considering building a dedicated brute-force machine. At just $189, the GeForce GTX 1050 Ti is a good starter GPU.

The ZOTAC GTX 1050 Ti Mini and MSI GTX 1050 Ti OC. Image by Linus Tech Tips/YouTube

If you're looking to take cracking more seriously, develop a cluster of GPUs to multiply brute-forcing power with the GTX 1080 Ti. The GTX 1080 will be capable of cracking tens of millions more hashes per second and therefore might be a better investment. This model has been superseded by the RTX 2080 Ti, so you could also go that way if you can afford it.

  • EVGA GeForce GTX 1080 Ti - $899.99 & Up (Amazon)
The Nvidia GEFORCE GTX 1080 Ti Founder's Edition. Image by Linus Tech Tips/YouTube

3. The World's Smallest Laptops

The GPD Pocket has been dubbed "the world's smallest laptop," which is an interesting option for white hats and pentesters always on the go. It features the Intel Atom X7, 1920 x 1080 resolution, and 8 GB of RAM packed into a small-sized laptop that's only a bit larger than most modern smartphones (shown below).

Image by Chigz Tech Reviews/YouTube

Pocket-sized PCs are growing in popularity due to their small size, physical keyboards, ability to handle high-performance games, and Intel CPUs which are superior to ones found in Raspberry Pis and smartphones.

Pentesters can easily install a variety of Linux operating systems on this device including Ubuntu, Kali Linux, and BlackArch in place of the default Windows 10.

If you're looking for a bit more power in a slimmer laptop, the latest GPD Pocket 2 features better hardware specs and is 50% thinner than the previous model.

Image by Liliputing/YouTube

4. The Latest Raspberry Pi

The Raspberry Pi 3 Model B+ was released this year featuring a slightly faster CPU, upgraded Wi-Fi and Ethernet modules, and can be powered without a traditional power adapter using the Ethernet port (with a PoE HAT).

Null Byte has covered how to build a hacking Raspberry Pi, use VNC to remotely access it, and create a portable pentesting Pi box, to name just a few tutorials. Using a Raspberry Pi as a hacking tool has been covered at length, so I'll move on.

  • Raspberry Pi 3 B+ - MSRP $35 (Amazon | Walmart)
  • With power supply - MSRP $47.95 (Amazon)
  • With power supply and case - MSRP $54.99 (Amazon)
  • With power supply, case, 16 GB SD card, etc. - MSRP $74.95 (Amazon)
  • With power supply, case, 32 GB SD card, etc. - MSRP $79.95 (Amazon)
  • With power supply, case, 32 GB SD card, cables, etc. - MSRP $94.95 (Amazon)
Image by Kody/Null Byte

5. The USBarmory

The USB Armory is a computer about the size of a USB flash drive designed to deliver a number of advanced security features. It was built to support the development of several security software and applications while reducing power consumption. As per the developer's keynote at FSec 2016, the USB Armory can be used for:

  • file storage with advanced features such as automatic encryption, virus scanning, host authentication, and data self-destruct
  • OpenSSH client and agent for untrusted hosts
  • router for end-to-end VPN tunneling
  • password manager with an integrated web server
  • electronic wallet (e.g., Bitcoin wallet)
  • authentication token
  • portable penetration testing platform
  • low-level USB security testing

It also has excellent support for Ubuntu, Debian, and Android operating systems. For an in-depth look at the USB Armory, check out the official website and documentation.

Image by Inverse Path/Crowd Supply

6. VPS Subscriptions

A virtual private server (VPS) is a computer we can control remotely from any internet-connected device in the world. Adding a reliable VPS subscription to your arsenal is essential to any penetration tester and professional security researcher. From a remote VPS, penetrations testers can:

Our favorite for white hats and pentesters is BulletShield since it does not require or request any personal info when registering or paying, offers offshore solutions, and has a Tor-friendly website, among other things. Check out the full guide to picking the right VPN below for more info.

7. Hak5 Gear

Hak5 is an award-winning podcast that offers immersive information security training and renowned penetration testing gear. Below are some of the excellent tools Hak5 has to offer.

The USB Rubber Ducky

The USB Rubber Ducky is Hak5's USB keystroke injection tool capable of executing payloads at over 1,000 words per minute. It can be used to hack a macOS device in less than 5 seconds, disable antivirus software, or social engineer someone into plugging it into their computer.

  • USB Rubber Ducky - MSPR $44.99 (Hak5)
Image by SADMIN/Null Byte

Bash Bunny

The Bash Bunny is a multi-functional USB attack tool similar to the USB Rubber Ducky. However, the Bash Bunny is a full-featured Linux operating system which gives it a number of advantages over the USB Rubber Ducky such as carrying multiple advanced payloads, emulating a combination of devices, and performing numerous advanced attacks. Penetration testers with a need to take their physical attacks to the next level will appreciate this one.

  • Bash Bunny - MSRP $99.99 (Hak5)
Image by Hak5/YouTube

Packet Squirrel

The Packet Squirrel is a pocket-sized man-in-the-middle attack tool designed for covert packet capturing and secure remote access to target networks. Ports on this small network implant include a USB and Ethernet.

  • Packet Squirrel - MSRP $59.99 (Hak5)
Image via Hak5

LAN Turtle

The LAN Turtle is a covert penetration testing tool great for network intelligence gathering, advanced surveillance, and man-in-the-middle attacks all available via a graphical shell. It ships equipped with SIM (3G) functionalities and a modular framework that allows hackers to very easily execute and automate advanced network attacks.

  • LAN Turtle - MSRP $59.99 (Hak5)
Image by Hak5/YouTube

WiFi Pineapples

The WiFi Pineapple and WiFi Pineapple Nano are excellent rogue access point and Wi-Fi auditing devices. Their suite of Wi-Fi auditing tools is designed to make reconnaissance, man-in-the-middle attacks, and hacking wireless networks quick and painless. Best of all, all of these features can be accessed using any phone or web browser via the easy-to-use graphical interface.

  • WiFi Pineapple Tetra Basic - MSRP $199.99 (Hak5)
  • WiFi Pineapple Nano - MSRP $99.99 (Hak5)
  • WiFi Pineapple Terta Tactical - MSRP $299.99 (Hak5)
  • WiFi Pineapple Nano Tactical - MSRP $129.99 (Hak5)
Image by Hak5/YouTube

8. Standard Wi-Fi Hacking Adapter

Wi-Fi hacking is a popular topic among penetration testers. Our ability to compromise wireless networks with ease is an essential skill. So a wireless adapter is something you can't do without, preferably one that's Kali-compatible. Some choices that are worth looking into include:

  • ALFA AWUS036NHA - $39.99 (Amazon)
  • ALFA AWHUS036NH - $34.99 (Amazon)
  • ALFA AWUS036NEH - $31.45 (Amazon)
  • Panda PAU05 - $13.99 (Amazon)
  • TP-Link TL-WN722N v1 - $9.99 (Amazon)

For more information, check out our Null Byte guide on choosing a wireless network adapter to see more options that are available for your specific needs.

The ALFA AWHUS036NH. Image by SADMIN/Null Byte

9. Long-Range Wi-Fi Hacking Antenna

If standard Wi-Fi hacking antennas aren't getting the job done, increasing the signal coverage and range with a bigger antenna will allow us to compromise routers much further away.

The Tupavco TP512 Yagi Wi-Fi Directional Antenna has customer reviews reporting up to 300 feet of range. Some reports online claim up to 1 mile of range where an unobstructed line of sight to the target router is permitted. There are other vendors selling similar Yagi products and bundles. For example, ALFA's Yagi Antenna includes an ALFA hacking chipset and the necessary cable adapter.

  • Tupavco TP512 Yagi - $25 (Amazon)
  • ALFA Yagi Antenna - $91 (Amazon)
Image by ALFA/Amazon

10. Hacking with Drones

With drone racing rising in popularity over the last few years, these small quadcopters are quickly becoming the DIY-hackers gadget of choice.

Project Cuckoo is the Watch Dogs-inspired pentesting drone, created by the hacker known as "Glytch." This 3D-printed drone features an attached WiFi Pineapple Nano which allows it to perform man-in-the-middle attacks and inject malicious JavaScript into Wi-Fi hotspots as well as stealthfully sniff Wi-Fi activity without connecting to the router.

In upcoming Null Byte articles, we'll be talking about building our own affordable hacking drone and demonstrating all of the unique scenarios penetration testers can utilize with such devices.

3D printers on Amazon (of decent quality) start at around $299. Add the price of the materials, individual drone components, and a remote control — that's well over $500 spent building a hacking drone from scratch. If you're looking for a quicker solution or lack the patience to deal with the technical ins and outs of 3D printing and drone building, there are alternatives.

The DJI Spark Drone is a small, lightweight drone that includes a remote control for a total of $399. With up to 15 minutes of flight time, a range of up to 1.2 miles, and an attached 12 MP 1080p video camera, this is possibly the best, most affordable little drone currently on the market.

If your budget allows for a wider range of drones, the "DJI Mavic Drone" may be a better option. It features a higher resolution camera, up to 2.4 miles of range, 8 GB of internal storage (for video recording), 3-axis mechanical gimbal (for improved stability), and over 20 minutes of flight time.

The DJI Spark Drone. Image by Brendan Miranda/YouTube

Bonus: E-Books & Learning Materials

While e-books aren't physical gadgets, I thought this was worth mentioning as every penetration tester should have a healthy supply of learning resources at their disposal.

Null Byte is an excellent repository for learning how to use Metasploit as well as how to hack macOS and Windows 10. However, e-books and certification exam preparation cookbooks contain vast amounts of information. These materials are often created by veteran pentesters with over a decade of hands-on professional experience. Novice hackers who have prepared for any kind of ethical hacking exam will tell you how valuable these learning materials can be.

A variety of learning materials can sometimes be found for free on websites like "All IT eBooks." While some of these e-books are several years old, they still contain relevant and useful information. Other (non-free) titles include:

What Are Your Picks for Essential Hacking Gear?

We tried to compile a diverse list of hacking tools and gadgets intermediate penetration testers might appreciate. If you're looking to explore weaponized hacking drones, extend the range of your Wi-Fi router hacks, or dive deeper into password cracking, the featured gadgets should provide a good starting point.

This list of hacker gear might not appeal to everyone, however. Did we miss any noteworthy or new gizmos hackers should know about? Be sure to leave a comment below with your picks for the essential gadgets hackers should try!

Just updated your iPhone? You'll find new features for Podcasts, News, Books, and TV, as well as important security improvements and fresh wallpapers. Find out what's new and changed on your iPhone with the iOS 17.5 update.

Cover image via Brendan Miranda/YouTube

1 Comment

The DJI Spark Drone

  • That drone cant lift much.
  • The bigger the drone, the more it can lift.
  • if you buy a DJI Mavic 2/Zoom it can lift up to 1100 grams - I would say stay a little under that so you are not flying at snail speed.
  • This was just inspiration to what you can do with a serious drone...lift 800-900 grams of pentest equipment...mindblowing powerfull.
  • You just also need to upgrade the Antennas to something serious range wise.
  • The stock antennas are for kids. You will need to be able to fly from 1-3 kilometers of distance - Not Line of Sight. Aliexpress, Amazon, Ebay sell some serious shit at the price of 50-80 usd. But the 6 dbi antennas is trash. Not what you want. You want 15 or more dbi antennas.

Here is my reccomendation for antennas: ebay.co.uk/itm/Portable-17BDi-Gain-Modified-Antenna-Extender-5-8G-for-DJI-SPARK-Remote-Control/264266419113

There are other brands of equal quality, like some "alien" named antennas, just google. But they are much more expensive so I did not pick those, but I would if I felt I could pay double for more or less the same. ( but you would be 100% sure it would work and all )

You can also buy them on amazon.com, ebay, aliexpress.

Have fun PenTesting.

Share Your Thoughts

  • Hot
  • Latest