Packet Squirrel by Hak5 is a discreet network “multi-tool” that looks like a regular Ethernet adapter but hides powerful features for network administrators, penetration testers, and security enthusiasts. It is designed primarily for discreet network traffic capture, covert remote access, automated network attacks, and fast VPN connections—all with just the flip of a small mechanical switch on the bottom of the device.
Using the Packet Squirrel is very simple. You just plug it in between the target device (such as a computer, printer, or IP phone) and the rest of the network using two Ethernet cables. Power is supplied via a standard USB-C cable, making it easy to hide or even run the device from a power bank. On first boot, it automatically initializes, and within a few minutes, it is ready to use. Configuration and management are handled via a web interface or SSH, which you access through the special “Target port.” The initial setup consists only of setting a password and time zone.
The main strength of Packet Squirrel lies in its ability to run custom scripts (payloads)—essentially automated tasks that are triggered according to the position of the switch. Scripts are written in Ducky Script or Python and utilize advanced commands for network analysis, packet capture, blocking communication, DNS spoofing, or even encrypted data exfiltration. The new version also supports Wireguard and OpenVPN for quick setup of an encrypted tunnel from anywhere. Everything can be easily edited via the device’s built-in web interface or through the SSH terminal.
Packet Squirrel offers several network modes—NAT, Bridge, Transparent, or Jail/Isolate. Each mode is suited for a different scenario; for example, NAT is ideal for accessing the internet through the device, Bridge for discreet logging of all traffic, Transparent for maximum stealth, and Jail/Isolate for cutting off a device from the network. In all modes, you can easily capture traffic using the built-in tcpdump tool and save it to a USB drive or immediately upload it to the cloud via Cloud C².
Controlling and developing your own payloads is extremely easy thanks to the community library, documentation, and the built-in editor. Each payload has its own slot and clear description, and it can be activated simply by switching the mode and restarting the device. Besides custom scripting, you can also use ready-made scenarios for typical tasks—from passive data collection and network monitoring to advanced man-in-the-middle attacks.
Because of its size, discretion, and versatility, Packet Squirrel is the perfect choice for anyone needing to test network security, gain remote access, or simply monitor network traffic without raising suspicion. Detailed guides, usage examples, and the payload repository are available at docs.hak5.org and in the community sources on GitHub. Packet Squirrel by Hak5 is available here.
