This repository contains a collection of BadUSB scripts for Digispark ATTiny85 and Arduino Pro Micro boards. These scripts are intended for legitimate penetration testing, security research, and educational purposes only.
repo/
└── digispark/
├── wifi_password_stealer.ino # Extracts and exfiltrates WiFi credentials
└── auto_downloader.ino # Downloads and persists payloads
- Extracts saved WiFi profiles with clear-text passwords
- Exports credentials to XML files
- Can send data to webhook/server (configure URL)
- Self-cleaning (removes temp files)
- LED status indication
- Downloads executable from specified URL
- Installs to Windows Startup folder for persistence
- Immediate execution capability
- Hidden command prompt operation
- Visual completion indicator
-
Requirements:
- Digispark ATTiny85 board
- Arduino IDE with Digistump packages
- Micro-USB cable
-
Configuration:
- Set your target URLs/webhooks in each script
- Adjust delays if needed for different systems
-
Upload Process:
- Select correct board (Digispark 16.5mhz)
- Upload while Digispark is unplugged
- Insert Digispark when prompted
All scripts are provided for:
- Authorized security testing
- Educational demonstrations
- Defensive research
Unauthorized use against systems you don't own is illegal. Always obtain proper permissions before testing.
New script ideas are welcome. Please:
- Maintain clean, commented code
- Include basic documentation
- Test thoroughly before submitting PR
For issues/questions:
- Check Arduino error messages
- Verify Digispark drivers are installed
- Test with non-malicious payloads first