Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.
Unleash your hacking creativity with the online payload editor: PayloadStudio
Link to your collections, sales and even external links
Add up to five columns
Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.
Unleash your hacking creativity with the online payload editor: PayloadStudio
Link to your collections, sales and even external links
Add up to five columns
Pull off the most creative and complex hotplug attacks.
From movies and TV to the hearts and toolkits of cybersecurity pros the world over,
the USB Rubber Ducky is a hacker culture icon synonymous with the attack it invented.
Computers trust humans. Humans use keyboards. Hence the universal spec — HID, or Human Interface Device.
A keyboard presents itself as a HID, and in turn it's inherently trusted as human by the computer.
The USB Rubber Ducky — which looks like an innocent flash drive to humans — abuses this trust to deliver powerful payloads, injecting keystrokes at superhuman speeds.
Â
The King of
Revolutionized
Craft incredibly intelligent payloads with
A feature rich structured programming language.
As simple as keystroke macros...
...or as complex as you can imagine!
variables, if/then flow control, while loops, functions, randomization, extensions & more
Side-Channel Exfiltration with
A revolutionary new exfiltration pathway that evades endpoint restrictions, firewalls & air-gaps.
Don't be suspicious. Easily mask attacks for
Mimic human typing cadence. File system spoofing hides loot & injection files. Even detect storage activity to detect device activity — all in simple DuckyScript.
Hack Any Target with
Passive OS fingerprinting identifies desktop and mobile devices in just one second to deploy target-specific payload actions.
Evade Endpoint Device Countermeasures with
Mimic any USB device's Vendor & Product ID, as well as manufacturer, serial number and product strings with a single command.
Impersonate any device with
Change device emulation on-the-fly. Mimics any combination of keyboard and storage with a familiar ATTACKMODE command.
Systematically test authentication systems with
Programmatically brute force PIN codes, passwords, even endpoint device block lists with intelligent success confirmation.
Looks just like a common
complete with "Disk content" decals.
Features a hidden, programmable
squeeze-to-press-button.
Hit the ground running and grow your skills with
Backwards compatible with classic DuckyScript. Hundreds of payloads to learn from and build on! Gain knowledge from the e-book, pocket guide, online course, or 270 page textbook with 50+ exercises & projects!
Hack Anything with
Modernized with USB-C and A to attack the widest variety of targets, from desktop to mobile!
Backwards compatible with Classic DuckyScript