Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      Brisket_Breacher

      Brisket_Breacher

      🏆   by OSINTI4L June 30, 2025

      Mobile-Android USB Rubber Ducky

      Brisket_Breacher is DuckyScript payload that targets the Android mobile device Google Chrome browser utilizing the Browser Exploitation Framework (BeEF). It ...
      Droidex

      Droidex

      🏆   by OSINTI4L May 30, 2025

      Mobile-Android USB Rubber Ducky

      Droidex exfiltrates the top file stored in the Downloads directory of target mobile device to a self-hosted python webserver over LAN.

      edit2exfil

      edit2exfil

      🏆   by OSINTI4L May 14, 2025

      Exfiltration USB Rubber Ducky

      edit2exfil is a persistent file exfiltration payload that embeds itself as a cronjob on Linux systems via bash script, running silently in the background all...
      PixelReflection

      PixelReflection

      🏆   by Cribbit May 11, 2025

      Exfiltration USB Rubber Ducky

      This payload exfiltrates files by creating a 1 pixel sized form in the top left of the screen and changes the background to black or white to represent the b...

      Simplex

      Simplex

      🏆   by Cribbit April 01, 2025

      Execution Key Croc

      This payload utilizes 2 KeyCrocs + netcat to send keystrokes from one croc to another.
      ExfilWindowsCreds

      ExfilWindowsCreds

      🏆   by jakobfriedl March 16, 2025

      Exfiltration USB Rubber Ducky

      This collection of payloads dumps Windows Credentials using mimikatz and features multiple exfiltration methods.

      Randomizing User-Agent

      Randomizing User-Agent

      🏆   by Aleff February 23, 2025

      Execution USB Rubber Ducky

      This DuckyScript payload automates the process of modifying the Google Chrome user-agent dynamically by integrating a random user-agent
      Stunnel

      Stunnel

      🏆   by p4p1 February 21, 2025

      LAN Turtle Remote Access

      pass a unsecure protocol through a SSL connection

      Hash Slinging Stasher

      Hash Slinging Stasher

      🏆   by theSW4n February 04, 2025

      Bash Bunny Exfiltration

      This payload copies files to Bash Bunny udisk from the target OS matching given extensions and file size while checking file checksum
      Screenshare Over LAN

      Screenshare Over LAN

      🏆   by beigeworm February 04, 2025

      Recon USB Rubber Ducky

      This payload starts up a HTTP server and streams the local desktop to a browser window for other devices on the network.

      Flood Gateway

      Flood Gateway

      🏆   by InfoSecREDD January 23, 2025

      Execution Shark Jack

      This payload detects the Gateway IP then proceeds to send SYN/ACK/RST/UDP to the Gateway
      Pebbles

      Pebbles

      🏆   by Cribbit January 07, 2025

      General Key Croc

      This Keycroc payload creates the game of pebbles base off of the game NIM, with the user battling the croc.

      FileHunter

      FileHunter

      🏆   by 0i41E January 03, 2025

      Exfiltration USB Rubber Ducky

      Crawls all drives of the target system for a specific file or file type, to then compress and exfiltrate them to the Ducky.
      USB Poison

      USB Poison

      🏆   by beigeworm January 03, 2025

      General USB Rubber Ducky

      This payload executes a script that waits for new USB flash storage devices to be connected. When a new device connects, this script will copy a desired file...

      Blind OS Command Injection using Serial Number

      Blind OS Command Injection using Serial Number

      🏆   by TW-D November 15, 2024

      Key Croc Remote Access

      This payload allows a remote attacker to execute commands on a Linux system using the serial number as a vector to pass the commands to be executed
      Bouncy Coil

      Bouncy Coil

      🏆   by Cribbit August 16, 2024

      General OMG

      This payload uses Powershell to create a O.MG Coil that bounces around the screen.

      Duckie Harvest

      Duckie Harvest

      🏆   by NiK0-Byt3 July 15, 2024

      Credentials USB Rubber Ducky

      This payload extracts and saves Wi-Fi passwords and browser credentials from Google Chrome, Brave, Firefox, and Microsoft Edge on the target machine. Additio...
      Windows Duck In The Middle

      Windows Duck In The Middle

      🏆   by PlumpyTurkey June 26, 2024

      Exfiltration USB Rubber Ducky

      This payload sets up a trustworthy proxy for the user, enabling a Man-in-the-middle attack. After executing your payload, the proxy server will intercept all...

      Leaderboard

      2024 Payload Heroes
      1. 🥇   Cribbit
      2. 🥈   InfoSecREDD
      3. 🥉   TW-D
      2023 Payload Heroes
      1. 🥇   Aleff
      2. 🥈   0i41E
      3. 🥉   Spywill
      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2025
      Brisket_Breacher
      Droidex
      edit2exfil
      PixelReflection
      Simplex
      ExfilWindowsCreds
      Randomizing User-Agent
      Stunnel
      Hash Slinging Stasher
      Screenshare Over LAN
      Flood Gateway
      Pebbles
      FileHunter
      USB Poison

       

      2024
      Blind OS Command In...
      Bouncy Coil
      Duckie Harvest
      Windows Duck In The...
      Linux Keystroke Ref...
      MacAlertPhisher
      TV-Menu-Trigger
      adb shell dumpsys
      KeyLogger

       

      2023
      Follow someone on I...
      MacDocsExfill
      BunnyPicker
      MacFetch
      Email-Capture
      iOS-Logic-Bomb-Example
      Squirrel SSH Remote...
      X-Frame-Options Sca...
      Whatsapp Message Se...
      Hey! Got Any Grapes?
      Simple PSH Wallpape...
      Croc_Getonline
      EternalLock
      Windows Privilege E...
      ReverseDuckyUltimate
      Triggered_Bunny
      Morse Code
      Bash-History
      Deshellerator
      cApS-Troll
      Standard Phishing C...
      USBScream
      ReverseDuckyPolymorph
      duckin8or
      Piano player payloa...
      ActiveSync-Exfil-Ex...

       

      2022
      ActiveSync-Exfil
      Printer-Recon
      Disable Windows Def...
      KeyLogin
      iOS-FullKeyboardAccess
      Simple-iOS-Profile-...
      DesktopDuck
      Shortcut-Jacker
      WifiProfile Stealer...
      3_Payload_Menu
      The Penny Drops
      BunnyLogger 2.0
      Image over key refl...
      Bookmark-Hog
      wifi-to-dropbox
      "Microsoft Windows"...
      Mac_Exfil
      DROP-ZIP-EXCECUTE
      Rick Roll Updater
      Add_Local_Admin
      Simple USB File Ext...
      SamDumpBunny
      SharkDOS
      My Pictures 2 Ascii...
      FollinaBunny
      ScreenSaver_FuNNN_b-b
      Blue_Harvester
      Chrome Exfil
      Credz-Plz
      ReverseBunnySSL
      Fake sudo
      ADV-Recon
      ADV-Recon
      BLE_EXFIL_DEMO
      Physical_Rick_Roll
      KeyManager Backup
      "Microsoft Windows"...
      AUTOinCORRECT
      FodCableII - UAC By...
      OMG Acid Burn
      screenGrab
      "Microsoft Windows"...
      OMG-AwarenessTraining
      Random Video
      Funni Stick V3
      BunnyLogger
      iMessage Data Grabber
      DuckyLogger
      Nmap Recon
      HashDumpBunny
      Forward Email
      ReverseDucky3
      PwnKit Vulnerabilit...
      PwnKit Vulnerabilit...
      RemoteDeskCroc
      Tic-tac-toe / Nough...
      Install Reverse She...
      Android Meterpreter...
      "Microsoft Windows ...

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      600 featured payloads in this library. Hundreds more at GitHub.com/Hak5.

      DEVICES

      CATEGORIES


      1 2 3 7 Next