Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability

      Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability

      by Aleff January 17, 2023

      Incident Response OMG

      This script allows you to set the Register Key block rule that will allow you to defend against CVE-2023-36884.
      Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966

      Exploit_Citrix_NetScaler_ADC_and_Gateway_through_CVE-2023-4966

      by Aleff January 17, 2023

      Incident Response USB Rubber Ducky

      This payload sends an HTTP request to a remote server using the curl command. If the request succeeds, it means the exploit was successful. Conversely, if th...

      Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability

      Defend yourself against CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability

      by Aleff January 17, 2023

      Incident Response USB Rubber Ducky

      This script allows you to set the Register Key block rule that will allow you to defend against CVE-2023-36884.
      Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273

      Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273

      by Aleff January 17, 2023

      Incident Response USB Rubber Ducky

      Use this script to set up an automated integrity verification system for your Cisco IOS XE machine in relation to the attack that could create a backdoor on ...

      GoodUSB

      GoodUSB

      by moosehadley May 19, 2022

      Incident Response USB Rubber Ducky

      GoodUSB is a script that downloads ClamAV, updates it, and scans your system memory for malware and terminates any processes it finds.
      ET Phone Home

      ET Phone Home

      by I am Jakoby May 10, 2022

      Incident Response USB Rubber Ducky

      This program is meant to locate your devices. When someone plugs it into their computer a one liner in the run box a script will be downloaded and executed t...

      ET-Phone-Home

      ET-Phone-Home

      by I am Jakoby May 10, 2022

      Incident Response OMG

      A script I put together to locate your stolen devices, or your stolen baited devices. This program is meant to locate your devices. Save the execution file o...
      OMG ET Phone Home

      OMG ET Phone Home

      by I am Jakoby April 29, 2022

      Incident Response OMG

      A script I put together to locate your stolen devices, or your *stolen* baited devices. This program is meant to locate your devices. Save the execution file...

      Link File Analysis

      Link File Analysis

      by Paul Murton October 05, 2021

      Bash Bunny Incident Response

      In an incident where a user is suspected of exfiltrating data to a USB storage device, CD/DVD etc, its possible that the user may subsequently open an exfilt...
      Hidden Images

      Hidden Images

      by Paul Murton October 05, 2021

      Bash Bunny Incident Response

      A (naive) user may attempt to hide image(picture) files by simply renaming them to appear to be other filetypes (i.e. Word documents etc). This payload uses ...

      Leaderboard

      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2023

       

      2022

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      542 featured payloads in this library. Hundreds more at GitHub.com/Hak5.

      DEVICES

      CATEGORIES