Developed during my work at InTheCyber Group
Features • Hardware • Architecture • Installation • Usage
PhantomPi is a Raspberry Pi-based network implant for red team operations requiring physical access. It positions itself inline between a corporate asset and the network switch, transparently forwarding all traffic while:
- Bypassing 802.1X/NAC by forwarding EAPOL frames
- Spoofing the inline device's identity (IP, MAC, hostname)
- Capturing network traffic and harvesting credentials in real-time
- Maintaining persistent access via 4G/LTE out-of-band channel
Note
📖 Technical Deep Dive on Medium
Part 1 — Hardware assembly, LTE modem configuration, WireGuard VPN, Resilience measures, Discord C2 bot
Part 2 — Bridge mode, traffic interception, 802.1X/NAC bypass, identity spoofing
| Capability | Description |
|---|---|
| Transparent Bridging | Layer 2 bridge with group_fwd_mask=8 for 802.1X EAPOL passthrough |
| Identity Spoofing | Auto-detection of target IP/MAC via ARP, hostname via LLDP, gateway and DNS |
| Out-of-Band Control | 4G/LTE modem (RNDIS) + WireGuard VPN + Discord bot management |
| Traffic Interception | Continuous packet capture with rolling PCAP storage + credential extraction with Discord alerts |
| Resilience | Hardware watchdog, WireGuard auto-reconnect, hidden WiFi AP fallback |
| Component | Link |
|---|---|
| Raspberry Pi 4 – Model B | Amazon |
| Waveshare 4G HAT (SIM7600G-H) | Amazon |
| PoE HAT Module | Amazon |
| Witty Pi 4 (RTC & Power Management) | UUGear |
| Component | Link |
|---|---|
| USB-Ethernet Adapter | Amazon |
| 4G Antenna SMA 6 dBi Omnidirectional | Amazon |
| RP-SMA to U.FL Low-Loss Coaxial Cable | Amazon |
| EIOTCLUB SIM Card | Amazon |
| Component | Link |
|---|---|
| Right-Angle Micro USB Connector | Amazon |
| Ribbon USB Cable – 20 cm | Amazon |
| USB-A Connector | Amazon |
| Right-Angle USB-C to USB-C Cable – 30 cm | Amazon |
| Passthrough USB-C Adapter | Amazon |
| Passthrough Ethernet Adapter | Amazon |
| Flexible Ethernet Cables – 25 cm | Amazon |
| Component | Link |
|---|---|
| Raspberry Pi Spacer Kit | Amazon |
| Brass Hex Spacer M2.5 × 15+6 mm (Male-Female) | Amazon |
| Brass Hex Spacer M2.5 × 16+6 mm (Male-Female) | Amazon |
| Self-Tapping Screws – M2 / M2.3 / M2.6 / M3 | Amazon |
| PLA Filament – 1 Kg | Amazon |
| Portable Case | Amazon |
The implant is built by stacking the boards and modules using M2.5 spacers of specific lengths:
| Layer | Spacer Type | Spacer Length |
|---|---|---|
| Bottom → Pi 4 | M2.5 Male-Female | 5 mm + 5 mm |
| Pi 4 → PoE HAT | M2.5 Male-Female | 16 mm + 6 mm |
| PoE HAT → 4G HAT | M2.5 Male-Female | 16 mm + 6 mm |
| 4G HAT → Witty Pi 4 | M2.5 Male-Female | 11 mm + 6 mm |
| Witty Pi → Printed Top HAT | M2.5 Female-Female | 11 mm |
| Top Screws on Printed HAT | M2.5 Screws | — |
| Case Cover Screws | M2.6 Screws | — |
⚠️ USB Port Assignment: The LTE module and USB-to-Ethernet adapter must be connected to specific USB ports to ensure consistent interface naming (eth1,eth2). See documentation for port mapping.
| Interface | Role |
|---|---|
eth0 |
Corporate network (PoE powered) |
eth1 |
LTE modem (RNDIS mode) |
eth2 |
Inline device connection |
flowchart TB
WG["WireGuard Server (Operator VPS)"]
subgraph PhantomPi
eth0[eth0]
br0[br0]
eth1["eth1 (LTE)"]
wg0["wg0 (WireGuard VPN)"]
eth2[eth2]
eth0 --- br0
br0 --- eth2
eth1 --- wg0
end
SW["Corporate Switch"] --- eth0
eth2 --- DEV["Inline Device (e.g. Workstation)"]
wg0 ---|4G/LTE| WG
/opt/implant/
├── config.env # Central configuration
├── scripts/
│ ├── bridge-sync.sh # Bridge lifecycle (auto create/teardown)
│ ├── spoof-target.sh # Identity detection & spoofing
│ ├── wg-keepalive.sh # VPN auto-reconnect
│ ├── hidden-hotspot.sh # Emergency WiFi AP
│ ├── modem-config.sh # LTE modem AT commands
│ ├── trigger-lldp.py # LLDP hostname extraction
│ └── BruteShark/ # Credential extraction
├── services/ # systemd units
├── timers/ # systemd timers
└── discord/ # Implant-side API (Flask/Gunicorn)
🚧 Under Construction
Automated installation scripts and detailed setup guides are being developed. Check the Medium articles for manual configuration steps.
🚧 Under Construction
Detailed usage documentation is being developed. Check the Medium articles for operational guidance.
STL files for the custom 3D-printed case:
| File | Description |
|---|---|
phantompi-implant-case.stl |
Main enclosure (body + cover) |
usb-to-eth-adapter-hat.stl |
USB-to-Ethernet adapter mount |