Shark Jack by Hak5 is a discreet tool that looks like a small USB Ethernet adapter, but its capabilities go far beyond any ordinary device. It is designed primarily for penetration testers, network administrators, and IT specialists who need to quickly perform security tests or automate repetitive network tasks. Shark Jack is ideal not only for quick network reconnaissance, but also for data exfiltration or automated attacks within internal networks—all triggered by a simple flip of a switch.
The device comes in two variants: the original Shark Jack with a battery, and the Shark Jack Cable powered via USB-C. The battery version runs for about 10–15 minutes on a single charge, making it perfect for short audits directly in the field or during social engineering engagements. The Cable variant is intended for longer or permanent deployment—just plug it in for power and the device can run without limitation.
Operating the Shark Jack is very simple. With a small switch, you choose between “arming mode” (setup mode), where the device connects as a small Linux server and can be managed via SSH, and “attack mode,” where the selected script (payload) runs automatically. By default, it performs an nmap scan of the network and saves the results to the “loot” folder, from which you can easily download them later. Scripts for Shark Jack are written in Bash (with optional Ducky Script extensions) and can be edited in a standard text editor or downloaded from the community repository.
The LED on the device signals what is happening—color combinations indicate, for example, charging, attack mode, error, or task completion. For managing payloads and loot, there is also a simple helper script, sharkjack.sh, which streamlines uploading scripts, downloading results, or updating firmware. Shark Jack also supports remote connection via Hak5 Cloud C2, so you can automate results collection and device control remotely.
A key advantage of the Shark Jack is its support for various network modes—it can operate as a DHCP client, server, or in transparent mode for stealthy monitoring. It’s also possible to install additional network tools using the standard package manager (opkg). The Shark Jack community offers dozens of ready-made payloads—from simple port scanners and network information gathering, to advanced attacks and data collection.
Thanks to its tiny size, quick setup, and broad range of functions, Shark Jack is a perfect choice for anyone who wants to efficiently test the security of their own network, automate routine tasks, or just experience how easily data can be collected on a network. Detailed guides, tips, and a library of payloads can be found at docs.hak5.org and in community resources on GitHub. Shark Jack by Hak5 is available here.
