Pocket keyboard-computer on the M5StampS3 (ESP32-S3): full keyboard, LCD, microSD, IR and battery in a card-sized case. A pentest-community favourite chassis — runs ESP32 Marauder, Bruce and Ghost ESP out of the box (Marauder added Cardputer ADV support in v1.12.0). Bruce's flagship target.
The reference ESP32 Wi-Fi + BLE offensive/defensive firmware (~11k stars, actively maintained). Wi-Fi: scan APs/stations, packet sniff, GPS wardrive, deauth, beacon spam (list/random), probe-request flood, EAPOL/PMKID capture to SD, and an Evil Portal captive-portal credential harvester. BLE: scan/sniff, wardrive, AirTag sniff and spoof, and advertising spam (Apple/Sour Apple, Samsung, Swift Pair). Runs on ESP32/S2/S3/C5 and 20+ boards (Cardputer, CYD, Flipper Wi-Fi dev board) — but NOT the ESP32-C6. 2.4 GHz only. Representative of the ESP32 attack surface — authorised testing only on active features.
Predatory ESP32 red-team multitool firmware (~5.9k stars, AGPL-3.0; the repo moved from pr3y/Bruce to the BruceDevices org, the old path redirects). Wi-Fi: Evil Portal, wardriving, EAPOL handshake capture and deauth. BLE: scan, pairing-popup spam (AppleJuice / Sour Apple / Swift Pair / Android / Samsung) and Bad BLE (HID injection over a bonded link). Also drives sub-GHz, IR and RFID where the board supports it. Targets M5Stack and LilyGo boards plus the CYD. Authorised testing only.
Maintained ESP-IDF revival of Ghost ESP (~740 stars, GPL-3.0). The original Spooks4576/Ghost_ESP is archived (read-only since 2025-04); this Revival fork is the live successor and supports 40+ boards. Wi-Fi: AP/station scan, beacon spam, deauthentication, capture (probe/beacon/deauth/raw to SD) and Evil Portal. BLE: raw scan/wardrive, BLE-to-Wireshark advertising capture, BLE spam and AirTag spoof. Authorised testing only on active features.