The document provides descriptions of various hacking and security tools including the Bash Bunny USB attack platform, Packet Squirrel network device, LAN Turtle covert access tool, USB Rubber Ducky keystroke injection tool, WiFi Pineapple rogue access point, Proxmark RFID hacking tool, HackRF Software Defined Radio, Crazy Radio wireless keyboard/mouse attack tool, Digispark USB keystroke injection board, Orange Pi single board computer, Raspberry Pi models, RTL-SDR Software Defined Radio, USB magnetic stripe card reader/writer, USB smart card reader, lock picking tools, encrypted USB drive, barcode scanner, portable electronics kit, and standalone RFID cloning device.

1. Len’s Bag Of Tricks

2. ▪The Bash Bunny by Hak5 is a simple and powerful multi-function USB
attack and automation platform for penetration testers and systems
administrators.
It's easy setup & deployment with a simple "Bunny Script" language,
multi-position attack switch and a centralized repository of payloads.
▪It's powerful with multiple attack vectors including HID keyboard, USB
Ethernet, Serial and Mass Storage. Simultaneously perform keystroke
injection attacks, bring-your-own-network attacks and intelligent
exfiltration.
Bash Bunny

3. ▪Of the three built-in payloads (tcpdump, dns spoof, openVPN) only the
later two need to be configured. This can be done via SSH or SCP
(Windows users check out puTTY and winSCP).
▪To get into the device flip the switch to arming mode (far right position),
plug an Ethernet cable from your computer into the Ethernet In port (left
side, above the micro USB port), and power on the Packet Squirrel with
any ordinary Micro USB cable and USB power supply (phone charger,
computer’s USB port, battery bank). It takes 30-40 seconds to boot,
indicated by a blinking green LED. Once it’s booted it’ll be in arming
mode, indicated by a blinking blue LED.
▪From here your computer will receive an IP address from the Packet
Squirrel in the 172.16.32.x range, and you’ll be able to ssh in as root to
172.16.32.1. The default password is hak5squirrel
Packet Squirrel

4. ▪The LAN Turtle is a covert Systems Administration and Penetration Testing
tool providing stealth remote access, network intelligence gathering, and man-
in-the-middle surveillance capabilities through a simple graphic shell.
▪Housed within a generic “USB Ethernet Adapter” case, the LAN Turtle’s covert
appearance allows it to blend into many IT environments.
LAN Turtle

5. ▪The USB Rubber Ducky is a keystroke injection tool disguised as a generic
flash drive. Computers recognize it as a regular keyboard and automatically
accept its pre-programmed keystroke payloads at over 1000 words per
minute.
▪Since 2010 the USB Rubber Ducky has captured the imagination of hackers
with its simple scripting language, formidable hardware and covert design.
▪Nearly every device from desktop to smartphone accepts human input from
keyboards. The ubiquitous USB HID standard makes this possible. When the
USB Rubber Ducky is plugged it, it’s detected as a keyboard and it’s pre-
programmed keystrokes are accepted by modern operating systems. From
Windows and Mac to Linux and Android – the Keyboard is King.
▪By taking advantage of this inherent trust, the USB Rubber Ducky executes
scripted keystrokes at over 1000 words per minute. Seconds of physical
access are all it takes to deploy some of the most advanced pentest attacks or
IT automation tasks.
USB Rubber Ducky

6. ▪At the core of the WiFi Pineapple is PineAP, an advanced suite of wireless
penetration testing tools for reconnaissance, man-in-the-middle, tracking,
logging and reporting. Utilizing our unique hardware design, PineAP is the
most effective rogue access point suite available.
▪Simplicity is key to any successful audit, which is why management of the
WiFi Pineapple is conducted from an intuitive web interface. Built on
modern standards for speed and responsiveness, the beautiful web
interface puts the penetration tester in control from any device.
▪With an emphasis on usability and workflow, detailed information on the
WiFi landscape is available at a glance. Advanced attacks are always clicks
away with intelligent context menus from clients to access points.
WiFi Pineapple

7. ▪This device supports both low frequency (125 kHz-134 kHz) and high
frequency (13.56 MHz) signal processing. This is achieved by
implementing two parallel antenna circuits that can be used
independently. Both circuits are connected to a 4-pin Hirose connector
which functions as an interface to an external loop antenna. For the
purpose of acting like a PCD or reader it is possible to drive the
antenna coils with the appropriate frequency. This is not needed when
the Proxmark is used for sniffing or when it emulates a card. In that
case the field is generated by a reader.
▪The signal from the antenna is routed through a Field Programmable
Gate Array (FPGA). This FPGA relays the signal to the microcontroller
and can be used to perform some filtering operations before relaying.
The software implementation allows the Proxmark to eavesdrop
communication between an RFID tag and a reader, to emulate a tag
and to emulate a reader.
▪Despite the basic hardware support for these operations the actual
processing of the digitized signal and (de)modulation needs to be
programmed for each specific application.
Proxmark 3

8. ▪HackRF One from Great Scott Gadgets is a Software Defined Radio peripheral
capable of transmission or reception of radio signals from 1 MHz to 6 GHz.
Designed to enable test and development of modern and next generation radio
technologies, HackRF One is an open source hardware platform that can be used
as a USB peripheral or programmed for stand-alone operation.
1 MHz to 6 GHz operating frequency
half-duplex transceiver
up to 20 million samples per second
8-bit quadrature samples (8-bit I and 8-bit Q)
compatible with GNU Radio, SDR#, and more
software-configurable RX and TX gain and baseband filter
software-controlled antenna port power (50 mA at 3.3 V)
SMA female antenna connector
SMA female clock input and output for synchronization
convenient buttons for programming
internal pin headers for expansion
Hi-Speed USB 2.0
USB-powered
open source hardware
HackRF One

9. ▪It stands for WiFi HID Injector. It is a WiFi remotely-
controlled {Keyboard, Mouse} Emulator. Practically is
an USB Rubberducky or BadUSB device on
Steroids!
WHID Cactus

10. ▪The USB Power Surge vulnerability is a common flaw in products with USB
connections. To save money, manufacturers do not protect the power or data
lines of devices, which leaves them open to attack.
▪When plugged into a device, the USB Killer rapidly charges its capacitors from
the USB power lines. When charged, -200VDC is discharged over the data lines
of the host device. This charge/discharge cycle is repeated many times per
second, until the USB Killer is removed.
USB Killer

11. ▪PirateBox creates offline wireless networks designed for anonymous file
sharing, chatting, message boarding, and media streaming. You can think of
it as your very own portable offline Internet in a box!
▪PirateBox is designed to be private and secure. No logins are required and
no user data is logged. Users remain anonymous – the system is purposely
not connected to the Internet in order to subvert tracking and preserve user
privacy.
PirateBox

12. ▪The Ubertooth One is an open source 2.4 GHz device suitable for Bluetooth
experimentation. Based on the powerful LPC175x ARM Cortex-M3 microcontroller
with full-speed USB 2.0, the Ubertooth One is a great way to develop custom Class
1 comparable Bluetooth devices. The entire board is onlytwo and a half inches long
with a USB-A connector at one end and an RP-SMA connector at the other.
▪One thing that sets the Ubertooth apart from other Bluetooth development platforms
and Software Defined Radios (SDR) is that it’s capable of not only sending and
receiving 2.4 GHz signals, but can also operate in monitor mode, monitoring
Bluetooth traffic in real-time. This operating mode has been present in low-cost WiFi
modules for years and has found myriad uses in research, development and
security auditing but no such solution existed for the Bluetooth standard until now.
Also, because it’s a fully open-source platform (software and hardware), the
schematics and code are readily available for all of your hacking needs.
Ubertooth One

13. ▪MouseJack is a class of vulnerabilities that affects the vast majority of wireless, non-
Bluetooth keyboards and mice. These peripherals are 'connected' to a host
computer using a radio transceiver, commonly a small USB dongle. Since the
connection is wireless, and mouse movements and keystrokes are sent over the air,
it is possible to compromise a victim's computer by transmitting specially-crafted
radio signals using a device which costs as little as $15.
An attacker can launch the attack from up to 100 meters away. The attacker is able
to take control of the target computer, without physically being in front of it, and type
arbitrary text or send scripted commands. It is therefore possible to perform rapidly
malicious activities without being detected.
The MouseJack exploit centers around injecting unencrypted keystrokes into a
target computer. Mouse movements are usually sent unencrypted, and keystrokes
are often encrypted (to prevent eavesdropping what is being typed). However the
MouseJack vulnerability takes advantage of affected receiver dongles, and their
associated software, allowing unencrypted keystrokes transmitted by an attacker to
be passed on to the computer's operating system as if the victim had legitimately
typed them.
Crazy Radio PA / Jackit

14. ▪The Teensy is a complete USB-based microcontroller development system, in a very
small footprint, capable of implementing many types of projects. All programming is
done via the USB port.
Teensy Board / Empire Stager Delivery

15. ▪The Digispark is an Attiny85 based microcontroller development board similar to the
Arduino line, only cheaper, smaller, and a bit less powerful. With a whole host of
shields to extend its functionality and the ability to use the familiar Arduino IDE the
Digispark is a great way to jump into electronics, or perfect for when an Arduino is
too big or too much.
▪Support for the Arduino IDE 1.0+ (OSX/Win/Linux)
Power via USB or External Source - 5v or 7-35v (12v or less recommended,
automatic selection)
On-board 500ma 5V Regulator
Built-in USB
6 I/O Pins (2 are used for USB only if your program actively communicates over
USB, otherwise you can use all 6 even if you are programming via USB)
8k Flash Memory (about 6k after bootloader)
I2C and SPI (vis USI)
PWM on 3 pins (more possible with Software PWM)
ADC on 4 pins
Power LED and Test/Status LED
DigiSpark – USB Keystroke Injection

16. ▪An open-source single-board computer. It can run Android 4.4, Ubuntu, Debian. It
uses the AllWinner H2 SoC, and has 256MB/512MB DDR3 SDRAM(256MB
version is Standard version
Orange Pi Zero – Evil Twin AP Attack

17. ▪The Raspberry Pi 3 Model B+ is the latest product in the Raspberry Pi 3 range.
Broadcom BCM2837B0, Cortex-A53 (ARMv8) 64-bit SoC @ 1.4GHz
1GB LPDDR2 SDRAM
2.4GHz and 5GHz IEEE 802.11.b/g/n/ac wireless LAN, Bluetooth 4.2, BLE
Gigabit Ethernet over USB 2.0 (maximum throughput 300 Mbps)
Extended 40-pin GPIO header
Full-size HDMI
4 USB 2.0 ports
CSI camera port for connecting a Raspberry Pi camera
DSI display port for connecting a Raspberry Pi touchscreen display
4-pole stereo output and composite video port
Micro SD port for loading your operating system and storing data
5V/2.5A DC power input
Power-over-Ethernet (PoE) support (requires separate PoE HAT)
Raspberry Pi B+ - Kali Distro Available

18. ▪The Raspberry Pi Zero is half the size of a Model A+, with twice the utility. A tiny
Raspberry Pi that’s affordable enough for any project!
▪1GHz single-core CPU
▪512MB RAM
▪Mini HDMI port
▪Micro USB OTG port
▪Micro USB power
▪HAT-compatible 40-pin header
▪Composite video and reset headers
▪CSI camera connector (v1.3 only)
Raspberry Pi Zero – BadUSB Attack

19. ▪Built with the powerful RTL2832U and R820T tuner, this Software-Defined Radio
(SDR) can tune into radio frequencies from 24MHz to 1850MHz.
▪RTL28232U-based USB stick with R820T Tuner
▪Operating frequency range 24 – 1750 MHz
▪2.0 Msps sample rate
▪Native resolution – 8 bits
▪Carrier Type – 2 K/ 8K
▪Modulation – QPSK, 16 QAM, 64 QAM
RTL-SDR – Software Defined Radio

20. ▪MSR605X HiCo Magnetic Card Reader Writer Encoder MSR605 MSR206 MSR606.
The updated version includes HID USB interface and support for MacOS. This
magnetic strip card reader-writer is completely compatible with MSR206. You can use
it for access control, time keeping, banking, ID recognition, credit verification and other
related applications. Wherever a magnetic stripe ID or transaction card is used, one
can find a related use for this versatile, user-friendly device. It's designed to offer a
reading and writing solution of high and/or low coercivity cards that will attractively
complement an existing system.
MSR605X Hico Magnetic Card Reader Writer

21. ▪Support for EMV Level 1 specification
Support USB 2.0 full speed
Based on for ISO7816 implementation
Support PC Smart Card industry standard - PC/SC 1.0/2.0
Support for Microsoft Smart Card for Windows
Support Power Saving Mode
Support I2C memory card, SLE4418, SLE4428, SLE4432, SLE4442, SLE4436,
SLE5536, SLE6636, AT88SC1608, AT45D041 card and AT45DB041 card via
Support ISO7816 Class A, B and C (5V/3V/1.8V) card
Support T0, T1 protocol
Credit Card Chip Reader Writer

22. ▪WeMos ESP-12F Motherboard ESP8266 Mini-WiFi NodeMCU Module 18650 Battery
OLED
Model:ESP-8266
Color:Black
Charging Protection:Yes
Discharge Protection:Yes
Compatible With Arduino
Compatible With NodeMCU
Wide Voltage Input Range: 5V~12V
Charge Current:500 mA
Size(L*W*H):102 x 30 x 20 mm
Display Size: 0.96 Inch
WeMos ESP8266 Module With Screen–WiFi Deauther

23. ▪Lock picking is the art of unlocking a lock by manipulating the components of the
lock device without the original key.
▪Although lock picking can be associated with criminal intent, it is an essential skill
for the legitimate profession of locksmithing, and is also pursued by law-abiding
citizens as a useful skill to learn, or simply as a hobby (locksport).
▪In some countries, such as Japan, lock picking tools are illegal for most people to
possess, but in many others they are available and legal to own as long as there is
no intent to use them for criminal purposes.
Lock Picks

24. ▪Software-Free, 100% hardware-based 256-bit AES XTS encrypted, onboard
keypad PIN authenticated, and ultra-fast USB 3.1 (3.0) data transfer speeds.
All Data is encrypted on the fly and the device’s PINs and Data remain
encrypted while the drive is at rest. Completely cross-platform compatible
and OS agnostic; thrives in Windows, Linux, Mac, Android, Chrome,
embedded systems, and equipment possessing a powered USB port and
storage file system. All internal componentry is protected from physical
tampering with a layer of hardened epoxy, and locked-down firmware brings
immunity to malware attacks such as BadUSB.
Secure USB – Persistent Live Kali

25. ▪Symbol LS2208 handheld barcode scanner provides fast, reliable scanning in an
ergonomic, lightweight form. The wide working range —from near-contact to 17
inches — makes this device ideal for retail, hospital, education or government
settings. Multiple on-board interfaces ensure integration with a variety of host
systems.
Bar Code Scanner – BarCowned Attack

26. ▪Portable 5V Soldering Iron
▪ProMicro ATmega32U4 5V 16MHz
▪OLED 0.91 Inch Display 128x32 I2C
▪Four Key Pushbutton Module
▪Six LED Debug Module
▪AT24C256 I2C EEPROM Module
▪400 Point Solderless Breadboard
▪Jumper Wire Bundle
▪Set of Mini Grabber Clips
▪Solder Wick 2mm by 1.5m
▪MicroUSB Cable
▪MiniUSB Cable
▪Precision Driver Set
Portable Soldering Kit

27. ▪Designed to read 125KHz RFID cards and write/program 125KHz writable RFID
cards.
Operates without the need of PC or laptops, works completely standalone.
Handheld mini appearance, easy to carry, easy to operate.
Lower voltage operation design, powered by 2pcs AAA batteries(not included).
Simply press the button to "read" existing RFID card. Then, press another button to
"write" or program your blank RFID card.
The included programmable RFID cards are completely reusable-can be written over
and over again.
Perfect for cloning existing RFID pass cards and key fobs
RFID Cloning Tool