A collection of DuckyScript payloads for hacking the planet.
π edit2exfil π - Hak5 payload award winner (May, 2025)
π Droidex π - Hak5 payload award winner (May, 2025)
π Brisket_Breacher π - Hak5 payload award winner (July, 2025)
| Name | Targeted Operating System | Type | Description |
|---|---|---|---|
| Droidex | Android |
Data Exfiltration | Droidex exfiltrates the top file stored in the Downloads directory of target mobile device to a self-hosted python webserver over LAN. |
| Brisket_Breacher | Android |
Browser Exploitation | Sets a malicious homepage in the Google Chrome browser that points to a Browser Exploitation Framework (BeEF) C2 to allow for command and control of a target browser. |
| Brave_Breacher | Linux |
Credential Stealer | Exports a copy of all usernames and passwords stored in the Brave Browser password manager and exfiltrates them via Discord webhook. |
| Net_Enum | Linux |
Credential Stealer/Network Enumeration | Enumerates and steals credentials for: Networking interfaces, network manager connections, connected wireless network SSID and password, and IP logs public IP address. |
| edit2exfil | Linux |
Data Exfiltration | A file exfiltration payload that embeds itself as a cronjob running silently in the background allowing for persistent exfiltration of updated files. |
| Screen_Peeker | Linux |
Data Exfiltration | Embeds a Bash script as a cronjob that takes a screenshot of target system and then exfiltrate the screenshot via Discord webhook, every minute. |
| Web_Watcher | Linux |
Other | Embeds a Bash script as a cronjob that will take a picture via the onboard webcam of the machine user and then exfiltrates the image via Discord webhook. The webcam picture will be taken 90 seconds after the compromised machine boots. |
| Annoying_Linux | Linux |
Prank | An annoying payload that utilizes ducky/bash scripts to randomly turn on and off: wifi, capslock, numlock, press arrow keys, and teleports the mouse pointer around the screen. |
| Brick-n-troll | Linux |
Prank | THIS IS A DESTRUCTIVE PAYLOAD that plays the "trololol" song & video on max volume in full screen and then performs unauthenticated, recursive root file structure removal. A text editor will then open and print a "troll face" in ASCII art. |