Pocket Pentest Stick – M5StickC Plus2

Name: Pocket Pentest Stick - M5StickC Plus2
SKU: M5STICK
Price: 24.99 USD
Availability: InStock

$24.99

Compact Wi-Fi/BLE audit tool with IR transmitter and crisp TFT. Fire up deauth, Evil-Twin, beacon spam, BLE tests, and IR control on the go with optional additional modules.

M5StickC Plus2 with Bruce firmware pre‑installed, tested and ready.
Pre‑flashed & QA‑verified
Quick‑start guide for first tests
Free firmware updates (guide)

+ Free 1 Month zSecurity Trial VIP membership.

Shipping Worldwide, dispatched within 24h of payment.

Wireless Radios – Powerful Wi-Fi + BLE radios in a pocketable platform for full protocol visibility and control.
Offensive Suite – Pre-built attacks and automation for fast lab testing and red-team workflows.
Modular Expansion – Plug in CC1101 or PN532 to add sub-GHz and NFC capabilities.
Payload Ready – Use stock or custom scripts
Pocket UI & Control – Bright TFT, USB-C, microSD, and SDKs — control from GUI or script.
Power & Responsible Use – Long-run battery, OTA-safe recovery, and clear ethical usage guidance.

Multi-Mode Operation

When connected directly, it functions as a HID keyboard for scripted keystroke execution. Over Wi-Fi, it allows remote payload execution, mouse control, and keystroke injection without physical interaction.

Wireless Network Simulation

The ZS Cactus PRO can create a honeypot or fake Wi-Fi network to simulate phishing and credential-harvesting scenarios in a controlled environment.

Customizable & Flexible

Use the included ready-to-run payloads for rapid testing, or upload your own scripts for tailored scenarios. Extract information through web-based commands or the built-in FTP server to replicate potential attack vectors.

Cross-Platform Compatibility

Compatible with Windows, Linux, and macOS, making it a versatile tool for labs, training, and penetration testing.

How it compares

If you’re choosing between the Pocket Pentest Stick and other crowd-favorite tools, here are the high-level differences that matter for wireless testing.

vs Flipper Zero

Our stick

Built-in Wi-Fi / BLE / IR
Add CC1101 / PN532 as needed

Flipper

Built-in sub-GHz, NFC, 125 kHz, IR, iButton
No Wi-Fi without add-on

Best pairing

Use stick for Wi-Fi/BLE & Evil-Twin; Flipper for badges and sub-GHz.

vs LilyGO T-Embed CC1101

Our stick

Smaller & cheaper
Focuses on Wi-Fi / BLE / IR first

T-Embed

Integrates CC1101 + PN532 + IR by default
Broader RF/NFC labs out of the box

Best pairing

Start with the stick, graduate to T-Embed for sub-GHz/NFC heavy work.

vs LilyGO T-Watch S3

Our stick

Handheld with IR
Great for hands-on Wi-Fi/IR demos and drops

T-Watch

Wearable stealth form factor
LoRa (not general sub-GHz)

Choose when

Pick T-Watch for on-person recon; use the stick for hands-on demos.

Applications

What the Pocket Pentest Stick can be used for:

- ✔️ Penetration Testing: Run deauth, Evil-Twin, beacon spam, and handshake capture to validate Wi-Fi defenses under scope.
- ✔️ Social Engineering: Spin up captive portals and rogue SSIDs to test user behavior and MFA flows safely.
- ✔️ Wireless Recon & PCAPs: Discover APs/clients, enumerate SSIDs, and capture frames for analysis and reporting.
- ✔️ Detection Tuning (Blue-Team): Generate known-bad patterns to calibrate WIPS/WIDS and SIEM rules without guesswork.
- ✔️ BLE/IoT Hardening: Scan and probe BLE devices and shadow IoT to verify segmentation, pairing, and access controls.

All Features & Possible Attacks

Connect to Wi-Fi (client mode)

Enable network tools on target SSID. Unlocks Scan Hosts, ARP spoof/poison, Telnet/SSH, TCP tools.

Wi-Fi Deauthentication

Stress-test client resilience / WIDS. Use only in lab or with written authorization.

Beacon / SSID Spam (presets)

Noise tolerance & detection tuning. Presets: Funny SSID, Rick Roll, Random; plus custom list from file.

Phishing Simulations

Separate test SSID; SD card add-on required to log creds to SD (Cardputer default; StickC supports external SD).

Offline Cracking Exercises

Export PCAPs from Bruce web UI; SD card add-on recommended for long captures.

Packet Capture for Analysis

Save full frames or EAPOL only; SD card add-on enables larger logs.

ARP sweep + TCP port scan

Discover hosts & services on LAN. Scans common ports (20, 21, 22, 23, 25, 80, 137, 139, 443, 3389, 8080, 8443, 9090...).

Station Deauth (targeted)

Kick a specific client device. Useful for session forcing / handshake capture tests.

ARP Spoofing (MITM)

Network disruption stress test. Randomizes MACs to cause routing chaos; use with extreme care.

ARP Poisoning (broadcast)

Network disruption stress test.

TCP Tools

Basic connectivity checks and quick service probes from the device UI.

SD Card Logging

Store longer captures and logs locally; useful for offline workflows.

Optional Add-on Possibilities

SD Card Expansion

Add removable storage for longer captures, logs, and payload libraries.

CC1101 Sub-GHz Module

Extend RF experiments into sub-GHz bands for broader lab simulations.

PN532 NFC Add-on

Add NFC read/write/emulation to test proximity workflows and badges.

High-Capacity Battery Pack

Longer untethered sessions and field exercises without recharging.

Bluetooth Antenna Upgrade

Improve BLE range and reliability for discovery and pairing tests.

Custom Firmware Builds

Tailored features, payload packs, or UI tweaks for your specific lab.

Technical specs

Core

MCU: ESP32-PICO-V3 (dual-core, Wi-Fi 2.4 GHz + BLE 5)
Display: 1.14″ IPS TFT (135×240)
Battery: ~200 mAh Li-Po (USB-C charging)
Sensors: IMU (motion), microphone

Radio & I/O

Wi-Fi: 802.11 b/g/n attack suite (deauth, Evil-Twin, handshake capture)
Bluetooth: BLE scan/advertise, beacon spam experiments
Infrared: TX diode onboard (TV-B-Gone and custom codes)
Expansion: Grove port for CC1101 (sub-GHz) & PN532 (NFC) modules

Capabilities depend on local law and target hardware. Use responsibly.

Detailed Specification

Spec	Detail
Brand	Alfa
Model	AWUS036ACH
Chipset	Realtek RTL8812AU
Wi-Fi standards	IEEE 802.11 a/b/g/n/ac
Data rates	802.11b – up to 11 Mbps 802.11g – up to 54 Mbps 802.11a – up to 54 Mbps 802.11n – up to 150 Mbps 802.11ac – up to 867 Mbps
Frequency range	2.4 GHz & 5 GHz
Antennas	2 × 6 dBi dual-band, RP-SMA detachable
OS support	Kali Linux (native or VM)
Security	WEP 64/128, 802.1X, WPA/WPA2 Personal & Enterprise, WPA-PSK, WPA2-PSK
Dimensions	L8.5cm x W6.3cm x H2.0cm

Looking for something different?

	Alfa AWUS036ACH	zSecurity RTL8812AU	zSecurity AR9271
Chipset	Realtek RTL8812AU	Realtek RTL8812AU	Atheros AR9271
Wi-Fi Standards	802.11 a/b/g/n/ac	802.11 a/b/g/n/ac	802.11 b/g/n
Dual-band	✅	✅	❌
Max speed	up to 867 Mbps	up to 867 Mbps	up to 150 Mbps
Frequency Range	2.4 & 5 GHz	2.4 & 5 GHz	2.4 GHz only
Interface	USB 3.0	USB 3.0	USB 2.0 Mini USB
Antennas	2 × 5 dBi	2 × 5 dBi	1 × 5 dBi
Security Protocols	WEP, WPA/WPA2, WPA-PSK	WEP, WPA/WPA2, WPA-PSK	WEP, WPA/WPA2, WPA-PSK
OS Support	Kali Linux (VM & Native)	Kali Linux (VM & Native)	Kali Linux (VM & Native)
Monitor & injection	✔	✔	✔
Signal Sensitivity	Not specified	Not specified	11b: -96dBm, 11g/n: -91dBm
Price (USD)	$69.99	$34.99	$24.99

Wi‑Fi Control Center

Configure and control ZS Cactus via a mobile‑friendly web interface. Connect to the “ZSCactus” network and browse to http://192.168.1.1/. Default credentials: admin / zscactus.

Built‑in Payloads

Ships with 10 built‑in payloads for Windows, Linux, and macOS: reverse shells, credential grabbers, Wi‑Fi password retrieval, and more. Deploy in seconds.

Honeypot & Fake Wi‑Fi

Spin up controlled honeypots or fake SSIDs for training and lab simulations. Test credential capture workflows safely and evaluate user awareness without touching production networks.

Rapid Deployment over Wi‑Fi

Upload, select, and launch payloads directly from your browser—no cables or extra tools required. Perfect for quick iterations during assessments and training labs.

Frequently Asked Questions

Is this legal?

Yes when used on networks/devices you own or have explicit, written authorization to test. Some features (e.g., deauth) may be restricted by local law. Always follow the rules of engagement.

Can it do sub‑GHz or NFC out of the box?

Out of the box it focuses on Wi‑Fi/BLE/IR. Add our CC1101 RF kit for 315/433/868/915 MHz replay or our PN532 kit for NFC labs.

Does it support BadUSB and BadBLE?

BadBLE (BLE HID) is built in. For USB BadUSB (HID over USB cable), add our CH9329 USB HID kit via the Grove port — Bruce supports DuckyScript on StickC Plus2 with this module.

How is this different from Flipper Zero?

Flipper includes sub‑GHz, NFC, 125 kHz and iButton built‑in but lacks Wi‑Fi. The Pocket Pentest Stick excels at Wi‑Fi/BLE/IR in a smaller, lower‑cost form; expand later as needed.

Can I script or extend it?

Absolutely. Bruce firmware offers a web UI and modular apps. You can also flash custom ESP32 firmware (Arduino/IDF/MicroPython).

What’s included?

Pocket Pentest Stick (M5StickC Plus2, Bruce pre‑installed), USB‑C cable, quick‑start card. Add‑ons sold separately.

Additional information

Weight	0.1 kg
Dimensions	10 × 10 × 1 cm
Location	Estimate Delivery Time
USA	2 – 5 working days.
Canada	3 – 7 working days.
Europe	5 – 10 working days.
Asia	10 – 15 working days.
All over the world	We ship to all countries, delivery time varies, please contact us for estimate delivery time.

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Become a Certified OSINT Professional

Become a Certified OSINT Professional

Shop

Pocket Pentest Stick – M5StickC Plus2