README.md
April 23, 2026 ยท View on GitHub
๐ NullSec Pineapple Suite
The Largest WiFi Pineapple Pager Payload Collection
125 payloads across 14 categories โ more than any other third-party suite
Quick Start โข Payload Catalog โข Categories โข Installation โข Contributing
๐ฏ Overview
NullSec Pineapple Suite is the most comprehensive third-party payload collection for the Hak5 WiFi Pineapple Pager. With 125 professional payloads spanning 14 categories, it covers every aspect of WiFi security testing โ from reconnaissance and interception to exfiltration and stealth operations.
Why NullSec Suite?
| Feature | NullSec Suite | Hak5 Official | Others |
|---|---|---|---|
| Total Payloads | 125 | 155 | 5-20 |
| Categories | 14 | ~10 | 2-4 |
| Attack Payloads | 19 | ~8 | 1-3 |
| Recon Payloads | 23 | ~9 | 1-5 |
| Stealth Suite | 11 | 0 | 0 |
| Blue Team | 8 | 0 | 0 |
| Games | 4 | 8 | 0 |
| NullSec Theme | โ (112 components) | โ | โ |
| FastBoot Optimizer | โ | โ | โ |
| One-Click Install | โ | โ | โ |
| Factory Restore Script | โ | โ | โ |
| Active Development | โ | โ | โ |
โก Quick Start
# Clone & install (one command)
git clone https://github.com/bad-antics/nullsec-pineapple-suite && cd nullsec-pineapple-suite && ./install.sh
# Or via SSH directly to Pineapple
ssh root@172.16.52.1 "cd /tmp && git clone https://github.com/bad-antics/nullsec-pineapple-suite && cd nullsec-pineapple-suite && ./install.sh"
After install: Dashboard โ Payloads โ User โ nullsec โ Pick any payload and run!
โ ๏ธ External adapter required. The Pineapple Pager has no internal recon radio โ its built-in wifi is management-only. All recon / attack / audit payloads need a USB adapter (the Hak5 MK7AC is the supported one). Plug it in before running any payload; it will usually enumerate as
wlan1. Payloads autodetect the right interface vialib/nullsec-iface.shand you can override withexport IFACE=wlanXor by writing/root/.nullsec_env. If scans come back with zero results, runip link show; iw dev; lsusbon the pager to confirm the adapter is present.
๐ฆ Categories
๐จ Alerts (7 payloads)
Real-time monitoring and alerting for security events.
| Payload | Description |
|---|---|
| DeauthAlert | Monitors for deauthentication frames and alerts on attacks |
| HandshakeAlert | Watches for WPA handshake captures in real-time |
| ClientAlert | Alerts when new clients connect to your AP |
| RogueAPAlert | Detects evil twin and rogue access points |
| IntrusionAlert | Lightweight IDS โ port scans, ARP spoofing, SYN floods |
| BandwidthAlert | Monitors bandwidth usage with configurable thresholds |
| GeoFenceAlert | GPS-based geofence monitoring for device tracking |
โ๏ธ Attack (19 payloads)
Offensive WiFi security testing tools.
| Payload | Description |
|---|---|
| AuthFlood | Authentication flood using aireplay-ng |
| Banshee | Multi-vector WiFi disruption |
| CaptivePortal | Custom captive portal for credential harvesting |
| ChannelJammer | Targeted channel jamming |
| DeauthStorm | Mass deauthentication with targeting |
| DNSHijack | DNS hijacking for traffic redirection |
| EvilTwin | Evil twin AP with automatic client migration |
| FloodGate | Combined deauth + beacon + auth flood assault |
| HotspotHijack | Hijack existing hotspot connections |
| KarmaAttack | Respond to all probe requests |
| MassDeauth | Mass deauthentication of all nearby clients |
| PixieDust | WPS Pixie Dust offline attack |
| PMKIDGrabber | Grab PMKID hashes without client interaction |
| ProbeAttack | Exploit probe requests to lure clients |
| Siren | Audio-visual attack alerts |
| TargetedDeauth | Precision deauth of specific clients |
| WPSBruteforce | WPS PIN brute force with Pixie Dust |
| WifiJammer | Broad-spectrum WiFi jamming |
๐ค Automation (5 payloads)
Set-and-forget automated attack chains.
| Payload | Description |
|---|---|
| AutoPwn | Fully automated: scan โ identify โ exploit chain |
| Reaper | Automated client harvesting and processing |
| ScheduledScan | Schedule recurring network scans |
| TimeBomb | Schedule attacks for delayed execution |
| ZeroClick | Zero-interaction automated exploitation |
๐ Capture (8 payloads)
Credential and handshake capture tools.
| Payload | Description |
|---|---|
| CredSniffer | Real-time credential sniffing from traffic |
| EAPHarvester | Harvest EAP/enterprise credentials |
| HandshakeHunter | Automated WPA/WPA2 handshake capture |
| PMKIDCapture | PMKID-based WPA capture (clientless) |
| PacketReplay | Capture and replay network packets |
| USBCredStealer | USB-based credential extraction |
| WPACracker | On-device WPA handshake cracking |
๐ค Exfiltration (5 payloads)
Data extraction and loot management.
| Payload | Description |
|---|---|
| DataVacuum | Extract URLs, cookies, credentials from traffic |
| CloudExfil | Upload loot to cloud storage (Dropbox, webhooks) |
| DNSExfil | Covert data exfiltration via DNS tunneling |
| ICMPTunnel | Covert data exfiltration via ICMP tunneling |
| LootSync | Sync all captured loot to USB storage |
๐ฎ Games (4 payloads)
Entertainment for downtime during engagements.
| Payload | Description |
|---|---|
| NumberCracker | Number guessing game with hacking theme |
| PagerPong | Text-based Pong game on Pager display |
| SignalHunt | WiFi signal strength treasure hunt |
| WarGames | WOPR-style hacking simulation (4 game modes) |
๐ต๏ธ Interception (5 payloads)
Man-in-the-middle and traffic interception.
| Payload | Description |
|---|---|
| MITMProxy | Transparent HTTP/HTTPS proxy with logging |
| ARPSpoof | ARP cache poisoning for MITM attacks |
| SSLStrip | HTTPS downgrade attacks |
| DNSSiphon | DNS query interception and browsing pattern analysis |
| PacketSniffer | Protocol-aware packet capture (HTTP/FTP/SMTP/DNS) |
๐ช Pranks (5 payloads)
Fun and harmless WiFi pranks.
| Payload | Description |
|---|---|
| BeaconSpam | Flood area with fake SSIDs |
| NetParasite | Inject content into HTTP traffic |
| RickRoll | Redirect all HTTP to Rick Astley |
| SSIDPranks | Creative SSID message broadcasting |
| WiFiConfuser | Generate confusing network environments |
๐ Recon (23 payloads)
The largest recon suite available for Pineapple Pager.
| Payload | Description |
|---|---|
| 5GHzHunter | Discover and enumerate 5 GHz networks |
| BluetoothScanner | Classic BT + BLE device discovery |
| ClientTracker | Track client devices across networks |
| DeviceFingerprint | OS and device fingerprinting via WiFi |
| DroneHunter | Detect and track nearby drones |
| HiddenNetFinder | Discover hidden/cloaked SSIDs |
| IoTScanner | Identify IoT devices on networks |
| NetworkMapper | Complete network topology mapping |
| PasspointScanner | Hotspot 2.0 / Passpoint network discovery |
| ProbeHunter | Capture and analyze probe requests |
| QuickScan | Fast area WiFi assessment |
| SignalTracker | Track signal strength over time |
| SocialMapper | Map social connections via device relationships |
| SpectrumAnalyzer | Channel utilization and interference analysis |
| StealthRecon | Low-profile reconnaissance |
| VendorHunt | Identify devices by OUI/vendor lookup |
| WAP3Scanner | WPA3/SAE network scanner |
| WPSScanner | WPS-enabled network discovery |
| WiFiAudit | Comprehensive WiFi security audit |
| WiFiTimeline | Temporal activity mapper โ tracks AP/client appear/disappear events over time |
๐ Remote Access (4 payloads)
Remote control and persistent access.
| Payload | Description |
|---|---|
| TunnelRat | Reverse SSH tunnel with auto-reconnect |
| C2Beacon | HTTP-based command & control beacon |
| PagerLink | Remote Pager UI access via SSH tunnel |
| VPNConnect | WireGuard/OpenVPN connectivity |
๐ญ Social Engineering (6 payloads)
Social engineering and phishing tools.
| Payload | Description |
|---|---|
| CoffeeShopAttack | Coffee shop credential harvesting scenario |
| FakeUpdate | Fake software update portal |
| NullSecDeface | Custom web page injection |
| NullSecPortal | NullSec-branded captive portal |
| PortalMaster | Advanced portal template management |
| SurveyPortal | Fake survey portal for data collection |
๐ป Stealth (11 payloads)
The most comprehensive stealth suite for any Pineapple payload collection.
| Payload | Description |
|---|---|
| GhostNetwork | Invisible C2 channel using null SSID |
| Honeypot | Decoy AP with attacker logging |
| LogWiper | Secure log wiping (3-pass overwrite) |
| MACRotator | Automatic MAC address rotation |
| Mimic | Clone and impersonate legitimate APs |
| Phantom | Appear/disappear on command |
| Poltergeist | Intermittent interference causing confusion |
| SignalCloak | Mask signal presence and RF signatures |
| Specter | Long-duration low-profile surveillance |
| TrafficMask | Disguise Pineapple as normal device (7 profiles) |
| Wraith | Channel-hopping stealth operations |
๐ง Utility (15 payloads)
System management and configuration tools.
| Payload | Description |
|---|---|
| BootOptimizer | Optimize Pineapple boot performance |
| ChannelCongestion | Analyzes WiFi channel congestion, scores each channel, recommends optimal operating channel |
| FirewallManager | Manage iptables rules from Pager UI |
| HeartbeatMonitor | Continuous health monitoring for long engagements โ alerts on CPU, memory, temp, interface degradation |
| MACChanger | Change MAC addresses (random/specific/vendor) |
| NullSecConfig | NullSec Suite configuration management |
| PackageManager | Manage opkg packages from Pager |
| PayloadUpdater | Update NullSec payloads from GitHub |
| QuickDiag | Quick device diagnostics and health check |
| RangeExtender | Extend WiFi range with repeater mode |
| ScheduleTask | Cron-based payload scheduling |
| SpeedTest | Internet connection speed testing |
| SystemInfo | Comprehensive system information display |
| WaveRider | Channel-hopping target pursuit |
| WordlistManager | Wordlist management for cracking |
๐ก๏ธ Blue Team (8 payloads)
Defensive WiFi security monitoring and audit tools.
| Payload | Description |
|---|---|
| AuditReporter | Generates professional WiFi security audit reports with risk scoring |
| ComplianceAuditor | Audits WiFi networks against security best practices (WPA3, WEP, open) |
| DeauthForensics | Captures deauth frames and fingerprints attacker tools (aireplay, mdk3/4, bully, etc.) |
| RogueDetector | Hunts for rogue APs, evil twins, and unauthorized SSIDs |
| RogueUSBGuard | Monitors USB ports for unauthorized device insertions โ defends Pineapple from BadUSB/implants |
| SignalMapper | Multi-point WiFi signal strength mapper for coverage analysis |
| WiFiGuard | Continuous WiFi security monitor โ detects rogue APs, evil twins, deauth attacks |
| WirelessIDS | Wireless intrusion detection system |
๐ Installation
Option 1: One-Click Install (Recommended)
git clone https://github.com/bad-antics/nullsec-pineapple-suite
cd nullsec-pineapple-suite
./install.sh
Option 2: Direct to Pineapple via SSH
ssh root@172.16.52.1 "cd /tmp && git clone https://github.com/bad-antics/nullsec-pineapple-suite && cd nullsec-pineapple-suite && ./install.sh"
Option 3: Manual Install via SSH
ssh root@172.16.52.1
# Create directories
mkdir -p /root/payloads/user/nullsec
mkdir -p /root/payloads/library
mkdir -p /mmc/root/themes/nullsec
mkdir -p /mmc/nullsec/{loot,captures/handshakes,captures/eap,logs/ids,scheduled}
# Clone and copy
cd /tmp && git clone https://github.com/bad-antics/nullsec-pineapple-suite
cp -r /tmp/nullsec-pineapple-suite/payloads/*/* /root/payloads/user/nullsec/
cp /tmp/nullsec-pineapple-suite/lib/*.sh /root/payloads/library/
cp -r /tmp/nullsec-pineapple-suite/theme/* /mmc/root/themes/nullsec/
# FastBoot (optional but recommended)
cp /tmp/nullsec-pineapple-suite/system/nullsec-fastboot /etc/init.d/
chmod +x /etc/init.d/nullsec-fastboot
/etc/init.d/nullsec-fastboot enable
/etc/init.d/nullsec-fastboot start
Option 4: USB Sideload
# On your computer
git clone https://github.com/bad-antics/nullsec-pineapple-suite
# Copy the repo folder to a USB drive, plug into Pineapple, then SSH in:
ssh root@172.16.52.1
# Create directories
mkdir -p /root/payloads/user/nullsec
mkdir -p /root/payloads/library
mkdir -p /mmc/root/themes/nullsec
mkdir -p /mmc/nullsec/{loot,captures/handshakes,captures/eap,logs/ids,scheduled}
# Copy from USB
cp -r /mnt/usb/nullsec-pineapple-suite/payloads/*/* /root/payloads/user/nullsec/
cp /mnt/usb/nullsec-pineapple-suite/lib/*.sh /root/payloads/library/
cp -r /mnt/usb/nullsec-pineapple-suite/theme/* /mmc/root/themes/nullsec/
# FastBoot (optional but recommended)
cp /mnt/usb/nullsec-pineapple-suite/system/nullsec-fastboot /etc/init.d/
chmod +x /etc/init.d/nullsec-fastboot
/etc/init.d/nullsec-fastboot enable
/etc/init.d/nullsec-fastboot start
Factory Reset Recovery
If you've factory-reset your Pineapple, use the full restore script to rebuild everything:
git clone https://github.com/bad-antics/nullsec-pineapple-suite
cd nullsec-pineapple-suite
./restore.sh
This installs tool dependencies (aircrack-ng, hcxdumptool, etc.), sets up SSH keys, deploys all payloads, theme, and FastBoot.
Requirements
- WiFi Pineapple Pager (firmware 1.0+)
- External WiFi adapter (for monitor mode payloads)
aircrack-ngsuite (pre-installed on Pager)- Optional:
nmap,hcxdumptool,reaver(install via PackageManager payload orrestore.sh)
๐ Usage
Standard Mode
Dashboard โ Payloads โ User โ nullsec โ Select & Run
Targeted Mode (Recommended)
- Run a Recon payload first (QuickScan, WiFiAudit)
- Select a target from scan results
- Run Attack/Capture payloads โ target info auto-injected!
Workflow Examples
Handshake Capture:
QuickScan โ HandshakeHunter โ WPACracker โ CloudExfil
Full Engagement:
WiFiAudit โ EvilTwin โ CredSniffer โ DataVacuum โ LootSync
Stealth Recon:
TrafficMask โ StealthRecon โ HiddenNetFinder โ PasspointScanner
๐ Project Structure
nullsec-pineapple-suite/
โโโ payloads/
โ โโโ alerts/ # ๐จ 7 monitoring & alerting payloads
โ โโโ attack/ # โ๏ธ 19 offensive payloads
โ โโโ automation/ # ๐ค 5 automated attack chains
โ โโโ capture/ # ๐ 8 credential/handshake capture
โ โโโ exfiltration/ # ๐ค 5 data extraction tools
โ โโโ games/ # ๐ฎ 4 entertainment payloads
โ โโโ interception/ # ๐ต๏ธ 5 MITM/traffic interception
โ โโโ pranks/ # ๐ช 5 harmless WiFi pranks
โ โโโ recon/ # ๐ 23 reconnaissance payloads
โ โโโ remote/ # ๐ 4 remote access tools
โ โโโ social/ # ๐ญ 6 social engineering
โ โโโ stealth/ # ๐ป 11 stealth operations
โ โโโ utility/ # ๐ง 15 system management tools
โ โโโ blue-team/ # ๐ก๏ธ 8 defensive security tools
โโโ lib/ # Core libraries & helpers
โโโ system/ # FastBoot optimizer init script
โโโ theme/ # NullSec Pager theme (112 components)
โโโ install.sh # One-click installer
โโโ restore.sh # Full factory-reset recovery script
โโโ LICENSE
โโโ README.md
๐ Related Projects
| Project | Description |
|---|---|
| nullsec-pineapple-ops | WiFi Pineapple Ops Center โ web-based C2 dashboard |
| nullsec-linux | Security-focused Linux distro with 140+ tools |
| nullsec-flipper-suite | Flipper Zero payloads, animations & tools |
| nullsec-exploit | Exploit development framework |
| marshall | NullSec Privacy Browser |
๐ค Contributing
Contributions welcome! See CONTRIBUTING.md for guidelines.
- Fork the repo
- Create your payload in the appropriate category
- Follow the payload template
- Submit a Pull Request
โ ๏ธ Legal Disclaimer
For authorized penetration testing and educational purposes ONLY.
- โ Do NOT use without explicit written permission
- โ Unauthorized network access is ILLEGAL
- โ Get written authorization before any testing
- โ Use only in controlled lab environments or with permission
- โ You are solely responsible for your actions
The authors assume no liability for misuse of these tools.
๐ Stats
| Metric | Value |
|---|---|
| Total Payloads | 125 |
| Categories | 14 |
| Largest Category | Recon (23) |
| Theme Components | 112 |
| Average Payload Size | ~150 lines |
| Platform | WiFi Pineapple Pager |
| Last Updated | April 2026 |
๐ License
MIT License โ See LICENSE for details.
NullSec โ 125 ways to own the airwaves ๐
github.com/bad-antics