This repository contains payloads and extensions for the Hak5 Key Croc. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads.
<br/><i>Get your payload in front of thousands. Enter to win over $2,000 in prizes in the <ahref="https://hak5.org/pages/payload-awards">Hak5 Payload Awards!</a></i>
- [Purchase the Key Croc - the world's smartest keylogger](https://hak5.org/products/key-croc "Purchase the Key Croc - the world's smartest keylogger")
The Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It's the ultimate key-logging pentest implant.
The Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It's the ultimate key-logging pentest implant.
Imagine capturing credentials and systematically using them to exfiltrate data. Or pentest from anywhere, live in a web browser with [Hak5 Cloud C²](https://shop.hak5.org/products/c2 "Hak5 Cloud C²").
It's simple too. A hidden button turns it into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.
<b> With the Key Croc in 2020, DuckyScript 2.0 has been introduced.</b>
While many of the Hak5 Tools run various versions of DuckyScript; like the [Bash Bunny](https://shop.hak5.org/products/bash-bunny) and even the [officially licenced DuckyScript compatible devices from O.MG](https://shop.hak5.org/collections/mischief-gadgets/ "O.MG") - the Key Croc uses an `INTERPRETED` version of DuckyScript
_Interpreted DuckyScript means the payload runs on the device straight from `source code` (the code you write e.g. `QUACK STRING test`)._
The files in this repository are _the source code_ for your payloads and run _directly on the device_**no compilation required** - simply place your `payload.txt` in the appropriate directory and you're ready to go!
<h1><ahref="https://payloadstudio.hak5.org">Build your payloads with PayloadStudio</a></h1>
<palign="center">
Take your DuckyScript™ payloads to the next level with this full-featured,<b> web-based (entirely client side) </b> development environment.
<i>Payload studio features all of the conveniences of a modern IDE, right from your browser. From syntax highlighting and auto-completion to live error-checking and repo synchronization - building payloads for Hak5 hotplug tools has never been easier!
<br/><br/>
Supports your favorite Hak5 gear - USB Rubber Ducky, Bash Bunny, Key Croc, Shark Jack, Packet Squirrel & LAN Turtle!
<br/><br/></i><br/>
<ahref="https://hak5.org/products/payload-studio-pro">Become a PayloadStudio Pro</a> and <b> Unleash your hacking creativity! </b>
<br/>
OR
<br/>
<ahref="https://payloadstudio.hak5.org/community/"> Try Community Edition FREE</a>
Support for different keyboard layouts can be found, modified or contributed to in the <b><ahref='https://github.com/keycroc/usbrubberducky-payloads/blob/master/languages'> languages/ </a></b> directory of this repository.
Unlike devices such as the Bash Bunny and USB Rubber Ducky - the Key Croc's language files are *just a bit different*.
Due to the nature of supporting **real time decoding** and **real time MATCH payloads** the Croc has a bit more on it's plate in regards to what it means to support a keyboard language layout.
For example, while performing Keystroke Injection - you may only ever require the `1` from the number row, or the right `GUI` key. The Key Croc on the other hand needs to not only know how to interpret _the entire keyboard_ but also a large variety of keyboard combinations to make matching and triggering on payloads work as you would expect it to; accurately and without delay. For these reasons, the Key Croc's language files are monolithic, statically and programatically generated to provide the absolute best possible experience.
The default language is US <ahref='https://github.com/hak5/keycroc-payloads/blob/master/languages/us.json'>(languages/us.json)</a>
Cloud C² makes it easy for pen testers and IT security teams to deploy and manage fleets of Hak5 gear from a simple cloud dashboard.
Cloud C² is available as an instant download. **A free license for Community Edition is available which is not for commercial use and comes with community support.**
The **Professional** and **Teams Editions** are for commercial use with standard support.
Cloud C² is a **self-hosted** web-based command and control suite for networked Hak5 gear that lets you **pentest from anywhere.**
Linux, Mac and Windows computers can host the Cloud C² server while Hak5 gear such as the WiFi Pineapple, LAN Turtle and Packet Squirrel can be provisioned as clients.
Once you have the Cloud C² server running on a public-facing machine (such as a VPS) and the Hak5 devices are provisioned and deployed, you can login to the Cloud C² web interface to manage these devices as if you were directly connected.
With multiple Hak5 devices deployed at a client site, aggregated data provides a big picture view of the wired and wireless environments.
Once you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.
Subject to change. Please ensure any submissions meet the [latest version](https://github.com/hak5/keycroc-payloads/blob/master/README.md) of these standards before submitting a Pull Request.
Please give your payload a unique, descriptive and appropriate name. Do not use spaces in payload, directory or file names. Each payload should be submit into its own directory, with `-` or `_` used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.
If the payload is OS agnostic (I.e., it substitutes text or otherwise make no interaction with the target OS), the filename should not include an OS prefix.
If multiple individual OS specific payloads are included, the directory name should be prefixed with `MULTI_` while each payload file name therein should be prefixed with the specific OS.
In many cases, payloads will require some level of configuration by the end payload user. Be sure to take the following into careful consideration to ensure your payload is easily tested, used and maintained.
If a payload requires additional documentation for use, such as requiring special dependency installation or use of the LED, it should be documented in the code block. In the case of LED for status, use the following:
Payloads from this repository are provided for educational purposes only. Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. Hak5 LLC and affiliates claim no responsibility for unauthorized or unlawful use.
Key Croc and DuckyScript are subject to the Hak5 license agreement (https://hak5.org/license)
DuckyScript is the intellectual property of Hak5 LLC for the sole benefit of Hak5 LLC and its licensees. To inquire about obtaining a license to use this material in your own project, contact us. Please report counterfeits and brand abuse to legal@hak5.org.
This material is for education, authorized auditing and analysis purposes where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 LLC claims no responsibility for unauthorized or unlawful use.
Hak5 LLC products and technology are only available to BIS recognized license exception ENC favorable treatment countries pursuant to US 15 CFR Supplement No 3 to Part 740.
# Disclaimer
Generally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness. As with any script, you are advised to proceed with caution.