šŸ›

Plunder Bug

Pocket-Sized LAN Tap

Bug any Ethernet connection with USB-C convenience. Passive packet capture and active network scanning in one tiny, zero-config device.

PASSIVE SNIFFING ACTIVE SCANNING 10/100 BASE-T USB-C CROSS-PLATFORM ANDROID APP
// Overview
The Simplest Way to Tap a Network

The Plunder Bug is a hardware network tap in its purest form. Plug it inline between any two Ethernet devices and it mirrors all traffic to a USB-C monitoring port. No drivers, no payloads, no configuration ā€” just plug in and fire up Wireshark. In passive mode it's completely invisible to the network. In active mode it doubles as an unmanaged switch, letting your monitoring machine scan and interact with the network.

šŸ’»
Device A
e.g. Workstation
RJ45
šŸ›
Plunder Bug
Traffic Mirror
RJ45
šŸŒ
Device B
e.g. Switch / Router
MIRROR ā†“
šŸ”
Your Machine
USB-C ā†’ Wireshark / tcpdump
// Setup
Zero Configuration. Three Steps.
01
Connect USB-C
Plug the Plunder Bug into your laptop or Android phone via USB-C
02
Tap the Link
Insert inline between two Ethernet devices using two cables
03
Capture
Open Wireshark, select the ASIX interface, and start recording
// Operating Modes
Passive Monitoring vs Active Engagement
šŸ‘ļø
Passive Mode (Muted)
The USB-C tap port is silenced ā€” your monitoring machine can only receive mirrored traffic, never transmit. Completely invisible. No packets leak onto the tapped network.
āœ“ Receive mirrored traffic
āœ“ Zero network footprint
āœ“ Undetectable by IDS/IPS
āœ— Cannot transmit / scan
āš”
Active Mode (Unmuted)
The USB-C port acts as a full network interface. Your machine joins the network as an additional host ā€” enabling active scanning, ARP spoofing, and traffic injection.
āœ“ Receive mirrored traffic
āœ“ Transmit packets
āœ“ Run nmap, Responder, etc.
āœ— Visible on network
// Hardware Specs
Specifications
šŸ“”
Ethernet
Auto-negotiating 10/100 Base-T
Fast Ethernet ā€” 2Ɨ RJ45 ports
šŸ”Œ
Tap Interface
USB-C port
Tap + Power (5V, 20ā€“300 mA)
šŸ§©
Chipset
ASIX AX88772C
USB Ethernet controller
šŸ’”
Indicator
Green LED ā€” powered on
No LED during passive sniffing
šŸ“
Form Factor
Pocket-sized, ~100g
Inline Ethernet cable form
šŸ–„ļø
Compatibility
Windows, macOS, Linux
Android (root app)
// Capabilities
Key Features
ā–ø
True Hardware Tap ā€” Mirrors traffic at the physical layer. No software agents, no configuration on target devices, no detection risk in passive mode.
ā–ø
Wireshark Integration ā€” Shows up as a standard ASIX USB Ethernet interface. Open Wireshark, select the adapter, and capture. Full pcap output.
ā–ø
Mobile Capture ā€” Android root app enables packet capture directly from a smartphone. Record and share pcap files on the go ā€” no laptop needed.
ā–ø
Mode Switching Scripts ā€” Cross-platform scripts to mute/unmute the tap port. Toggle between passive monitoring and active network engagement in seconds.
ā–ø
Zero Config ā€” No firmware, no payloads, no setup wizard. Plug it in and it works. The simplest Hak5 tool in the lineup.
ā–ø
Active Scanning ā€” In unmuted mode, run nmap, Responder, or any network tool through the tap. The Plunder Bug acts as an unmanaged switch.
// Comparison
Plunder Bug vs Packet Squirrel

Both sit inline on Ethernet ā€” but they serve different purposes. The Plunder Bug is a pure tap; the Packet Squirrel is a full attack platform.

Feature Plunder Bug Packet Squirrel
Passive Sniffing āœ“ āœ“
Active Scanning āœ“ (unmuted) āœ“
Payloads / Scripting āœ— āœ“ DuckyScript + Bash + Python
VPN Tunneling āœ— āœ“ WireGuard + OpenVPN
DNS Spoofing āœ— āœ“ SPOOFDNS
Cloud CĀ² āœ— āœ“
Web UI āœ— āœ“
Configuration Zero ā€” plug & play Switch + Web UI + SSH
Mobile Capture āœ“ Android app āœ—
Power Source USB-C (host powered) USB-C (external power)
// Use Cases
Deployment Scenarios
šŸ“¹
IP Camera Surveillance
Tap into security camera Ethernet feeds. Use pcapfex to extract image frames, analyze streams, or identify firmware update traffic.
šŸ”
Network Troubleshooting
Diagnose connectivity issues by capturing raw traffic between any two network devices. No span ports or switch config needed.
šŸ•µļø
Covert Reconnaissance
Plant inline during physical access. Passive mode leaves zero footprint ā€” no ARP, no DHCP, nothing for IDS to detect.
šŸ“±
Mobile Field Capture
Pair with a rooted Android phone for portable packet capture without a laptop. Share pcaps directly from your device.
šŸ­
IoT / OT Auditing
Tap into industrial Ethernet, PLC networks, or IoT device links. Analyze protocol behavior and identify insecure communications.
šŸŽ“
Education & Labs
Teach network fundamentals with real hardware. Students see live traffic flow, protocol headers, and packet structure in Wireshark.