The ~$15 'Cheap Yellow Display': an ESP32-WROOM-32 board with a built-in 2.8" touch TFT, microSD and USB-UART. Hugely popular as a cheap touchscreen pentest handheld — runs ESP32 Marauder (and CYD-specific forks), Bruce and Ghost ESP with a usable on-screen UI and no soldering. The linked repo is the community hardware/pinout reference.
The reference ESP32 Wi-Fi + BLE offensive/defensive firmware (~11k stars, actively maintained). Wi-Fi: scan APs/stations, packet sniff, GPS wardrive, deauth, beacon spam (list/random), probe-request flood, EAPOL/PMKID capture to SD, and an Evil Portal captive-portal credential harvester. BLE: scan/sniff, wardrive, AirTag sniff and spoof, and advertising spam (Apple/Sour Apple, Samsung, Swift Pair). Runs on ESP32/S2/S3/C5 and 20+ boards (Cardputer, CYD, Flipper Wi-Fi dev board) — but NOT the ESP32-C6. 2.4 GHz only. Representative of the ESP32 attack surface — authorised testing only on active features.
Predatory ESP32 red-team multitool firmware (~5.9k stars, AGPL-3.0; the repo moved from pr3y/Bruce to the BruceDevices org, the old path redirects). Wi-Fi: Evil Portal, wardriving, EAPOL handshake capture and deauth. BLE: scan, pairing-popup spam (AppleJuice / Sour Apple / Swift Pair / Android / Samsung) and Bad BLE (HID injection over a bonded link). Also drives sub-GHz, IR and RFID where the board supports it. Targets M5Stack and LilyGo boards plus the CYD. Authorised testing only.
Maintained ESP-IDF revival of Ghost ESP (~740 stars, GPL-3.0). The original Spooks4576/Ghost_ESP is archived (read-only since 2025-04); this Revival fork is the live successor and supports 40+ boards. Wi-Fi: AP/station scan, beacon spam, deauthentication, capture (probe/beacon/deauth/raw to SD) and Evil Portal. BLE: raw scan/wardrive, BLE-to-Wireshark advertising capture, BLE spam and AirTag spoof. Authorised testing only on active features.