Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      PayloadHub
      Previous  / Next

      MacDocsExfill

      Awarded Awarded-2023 Bash Bunny Exfiltration
      MacDocsExfill
      Download Copy
      Title: MacDocsExfill
      Author: afsh4ck

      Exfilter all the images from the principal folders on unlocked MacOS targets. Stashes them in /loot/MacDocsExfill

      🏆   Recognized with a Payload Award in September 2023

       

      Exfiltration is an involuntary backup. It's a technique for obtaining data from a network. Once obtained, the data may be removed using a number of methods. These may include traversing the network to a command and control server, such as Cloud C². The content is typically encrypted or obfuscated. In the case of physical access, a bring-your-own-network element may be included to evade detection. See all exfiltration payloads.

      This payload is for the Bash Bunny. Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.

      Submit your own payload, or browse more featured Bash Bunny Payloads.

      Bash Bunny

      View Product

       

       

      Related Payloads

      Strip Connected Clients
      Strip Connected Clients
      Pulls previously connected clients from the recon database and stores that list in a file located in /root/loot/info.
      Read More
      Strip Open AP
      Strip Open AP
      Strips open access points from the recon database and stores that list in a file located in /root/loot/pools.
      Read More
      SSID Chaos
      SSID Chaos
      SSID Chaos Engine is a themed SSID broadcast generator designed to weaponize curiosity, paranoia, humor, and confusion—p
      Read More

       


      Leaderboard

      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2023
      09: Follow someone on I...
      09: MacDocsExfill
      09: BunnyPicker
      09: MacFetch
      09: Email-Capture
      09: iOS-Logic-Bomb-Example
      09: Squirrel SSH Remote...
      09: X-Frame-Options Sca...
      09: Whatsapp Message Se...
      09: Hey! Got Any Grapes?
      09: Simple PSH Wallpape...
      09: Croc_Getonline
      09: EternalLock
      09: Windows Privilege E...
      09: ReverseDuckyUltimate
      09: Triggered_Bunny
      09: Morse Code
      09: Bash-History
      09: Deshellerator
      09: cApS-Troll

       

      2022

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      627 featured payloads in this library. Hundreds more at GitHub.com/Hak5.