LAN Turtle by Hak5 is a discreet USB Ethernet adapter that at first glance looks like an ordinary network card. In reality, however, it is one of the most versatile tools for remote access and man-in-the-middle attacks, intended mainly for penetration testers and network administrators. When plugged into a USB port, the device is recognized as a network adapter, but its real power lies in its ability to provide hidden remote access to the network, collect sensitive data, or monitor and manipulate traffic between the computer and the rest of the network. This makes it possible to efficiently—and often stealthily—test the security of both enterprise and home networks.
Managing the LAN Turtle is based on a simple text menu called the Turtle Shell, accessible via SSH. With Turtle Shell, you can easily set network parameters, update firmware, change passwords, or manage individual modules. Each module represents a specific function—for example, remote shell, VPN connection, man-in-the-middle attacks, credential logging, or network scanning. Modules can be individually configured, started, stopped, and, most importantly, set to launch automatically each time the device starts. Thanks to this, you only need to prepare the LAN Turtle once, then simply plug it into the network and let it do the rest.
Configuring individual modules is intuitive. Each module usually requires only a few parameters—such as an IP address and port for a remote shell, or a target address for a network scan. Some modules run persistently in the background (such as AutoSSH for persistent SSH tunnels), while others perform a specific task and stop once finished (for example, scanning the network or one-time data exfiltration). Modules can be installed and removed directly from the online repository, or you can create your own modules in Bash, Python, or PHP. Developing new modules is straightforward and is supported by an active user community.
The device is practically ready to use right out of the box—after booting, it offers the computer (or other network administrator) an IP address via DHCP. It is recommended to change the default login credentials (root/sh3llz) upon first use. SSH access is possible from Windows (for example, using PuTTY), from Linux and macOS, or even from Android devices using a USB OTG cable and an SSH client. The entire device is built on an open system with the option for easy recovery or firmware updates, both automatically and manually.
The practical uses of the LAN Turtle are extensive. Most commonly, it is used to gain remote shell access into the internal network via VPN or AutoSSH tunnel, monitor network traffic, perform DNS spoofing attacks, extract credentials from locked computers, or automate vulnerability scanning. The device itself is very inconspicuous, powered via USB, and thanks to its low power consumption, it can be hidden even in a server room or electrical cabinet with power supplied by a power bank.
The LAN Turtle is thus an ideal tool for anyone who needs to easily test the security of their own network, quickly gain remote access, or perform advanced network attacks as part of penetration testing. Detailed guides, usage examples, and a module library are available at docs.hak5.org and in the community repository on GitHub. LAN Turtle by Hak5 is available here.
