Full Offensive Platform

Five attack modes.
One device.

The Blacksight Phantom is five devices in one -- NAC bypass, credential harvesting, evil twin WiFi, Bluetooth attacks, and passive recon. Deploy it, walk away, and control everything remotely over 4G*.

Dual 2.5GbE WiFi 6 Bluetooth 5.2 4G Cellular PoE Powered Kill Switch
Order Phantom $1,999 Talk to Sales
Blacksight Phantom device

Five modes. One device.

Toggle each mode independently from the web panel or dashboard. Switch between modes or combine compatible ones -- no reconfiguration, no reboots.

Tap Mode

NAC Bypass

Transparent Layer-2 bridge that bypasses 802.1X and MAB authentication. Plug inline between a workstation and the switch -- the device inherits the authenticated session.

  • 802.1X NAC bypass
  • MAB authentication bypass
  • VLAN hopping (DTP negotiation)
  • 802.1Q double-tagging
  • Transparent bridge -- invisible to the network

Venom Mode

Credential Harvesting

Responder-based credential harvesting. Poisons LLMNR, NBT-NS, and mDNS to capture NTLMv2 hashes and relay credentials in real-time.

  • LLMNR/NBT-NS/mDNS poisoning
  • NTLMv2 hash capture
  • NTLM relay attacks
  • ARP cache poisoning
  • IPv6 WPAD/DNS takeover (mitm6)
  • Rogue DHCP server

Siren Mode

Evil Twin WiFi

Rogue access point and evil twin attacks. Clone legitimate SSIDs, deploy captive portals, and capture WPA handshakes -- all from the built-in WiFi 6 radio.

  • Evil twin AP (clone any SSID)
  • Rogue access point
  • Captive portal credential capture
  • WPA/WPA2 handshake capture
  • PMKID capture (clientless)
  • Deauthentication attacks

Fang Mode

Bluetooth Attacks

Dedicated Bluetooth and BLE attack suite. Relay connections, spoof devices, fuzz GATT services, and exploit legacy pairing -- all over the built-in Bluetooth 5.2 radio.

  • BLE relay/MITM (GATTacker-style)
  • Device spoofing and impersonation
  • GATT service enumeration + fuzzing
  • Legacy pairing exploitation
  • BLE advertisement injection
  • Bluetooth device tracking

Scope Mode

Passive Recon

Silent network reconnaissance. Full packet capture, asset discovery, and wireless enumeration -- all without sending a single packet.

  • Passive network mapping
  • Full PCAP recording (encrypted partition)
  • WiFi + Bluetooth/BLE enumeration
  • Asset discovery via traffic analysis
  • Zero network footprint

OPSEC built in.

Every feature designed to protect the engagement -- and the operator.

Kill Switch

Immediately stop all active attacks from the dashboard or your phone. One command via the relay, instant effect.

Self-Destruct

Remote command or physical button combo. Cryptographically erases all loot, keys, and logs. Resets to clean factory image.

4G Phone Home

Communicates exclusively over cellular. Never touches the target network's internet connection. Completely independent OPSEC channel.

E2E Encrypted Relay

Zero-knowledge architecture. The relay forwards encrypted blobs -- it cannot decrypt your traffic. Even if the Blacksight Relay is compromised, your data stays private. Learn more about how the relay works.

Stealth Mode

Master toggle for passive-only operation. Zero packets sent on the target network. Use for initial recon before going loud.

Scheduled Operations

Run attacks only during business hours to blend with normal traffic patterns. Per-mode time windows.

Auto-Exfiltration

Captured creds, hashes, and handshakes encrypted and pushed to dashboard over 4G in real-time. Or skip the relay and retrieve data physically.

Offline Mode

No 4G or WiFi required. The Phantom stores all findings locally on encrypted storage. Return after a few days, connect directly, and download everything.

Automated Playbooks

Chain attack sequences: run Scope for 30 minutes, auto-enable Venom, exfil every hour. Set-and-forget engagement profiles.

Engagement Reports

Auto-generate findings summaries from captured loot. Export or sync to the dashboard for team review.

How it connects.

The Phantom phones home over its own 4G cellular connection -- never through the target network. All data is end-to-end encrypted before it leaves the device. The Blacksight Relay forwards encrypted blobs to your Blacksight Connect app or web dashboard. The relay cannot decrypt anything -- it's zero-knowledge by design.

The relay is optional. You can keep all findings stored locally on the device -- no 4G or WiFi connection needed. Come back after a few days, connect directly to the Phantom over its local network interface, and download all captured credentials, hashes, PCAPs, and scan results. Whether you use the relay or retrieve data physically, we or anybody else can never see the plain data.

How the Relay Works

Device encrypts locally

All loot, commands, and PCAPs encrypted on the Phantom before transmission.

Relay forwards blindly

The relay matches your device to your client and passes encrypted blobs. No storage, no decryption.

You decrypt locally

Your Blacksight Connect app or dashboard decrypts everything on your machine. Keys never leave your device.

Or retrieve physically

Skip the relay entirely. All findings stay on the device. Return to the site, connect directly, and download everything.

Hardware specs.

Processor Intel N150 (Twin Lake)
RAM 8GB LPDDR5
Storage 128GB eMMC/SSD
Ethernet 2x 2.5GbE (1x PoE configurable)
WiFi WiFi 6 (Intel AX201)
Bluetooth Bluetooth 5.2
Cellular 4G LTE (internal M.2 2242 B-Key)
SIM Nano-SIM slot (customer provides SIM)
Dimensions 6.6 x 4.5 x 1.5 in
Power 12V DC / PoE (optional)
Cooling Fanless (passive)
OS Custom Debian (Kali-based)

Frequently Asked Questions

What is included with the Blacksight Phantom?

The Phantom device, power adapter, and quick start guide. Dashboard access, relay access, firmware updates, and unlimited team members are all included free. No subscriptions. You provide your own nano-SIM card with a data plan.

Do I need my own SIM card for the Phantom?

Yes. The Phantom has an internal nano-SIM slot. Any data SIM card works. The SIM is only used for the 4G uplink to the relay -- it is completely independent of the target network.

Can I use the Phantom without 4G or WiFi?

Yes. The Phantom stores all findings locally on encrypted storage. You can return after a few days, connect directly to the device, and download everything. The relay is optional.

How does the kill switch work?

One command from the dashboard or the Connect app instantly stops all active attacks. The self-destruct command goes further -- it cryptographically erases all loot, keys, and logs, then resets to a clean factory image.

Is the Phantom detectable on the target network?

In Tap mode, the Phantom operates as a transparent Layer-2 bridge and is invisible to the network. In Scope mode, it is purely passive -- zero packets sent. Active modes (Venom, Siren, Fang) generate traffic by design, but only on the target network segments you choose.

Is it legal to use the Blacksight Phantom?

The Phantom is designed for authorized penetration testing and legitimate security research. Using it against networks or systems without explicit written permission is illegal. All buyers must confirm authorized use at checkout.

Ready to deploy the Phantom?

Free dashboard and relay included. No subscriptions.

Order Phantom -- $1,999 Contact Sales

* SIM card with data plan required, not included.