Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      Screenshare Over LAN

      Screenshare Over LAN

      🏆   by beigeworm February 04, 2025

      Recon USB Rubber Ducky

      This payload starts up a HTTP server and streams the local desktop to a browser window for other devices on the network.
      VM Detect

      VM Detect

      by beigeworm February 04, 2025

      Recon USB Rubber Ducky

      This payload uses various methods to determine if the machine is a VM and will generate a console readout and verbose text file

      FileHunter

      FileHunter

      🏆   by 0i41E January 03, 2025

      Exfiltration USB Rubber Ducky

      Crawls all drives of the target system for a specific file or file type, to then compress and exfiltrate them to the Ducky.
      Silent File Exfiltrator

      Silent File Exfiltrator

      by itsOwen January 03, 2025

      Exfiltration USB Rubber Ducky

      This DS1 payload executes a stealthy script that silently collects and exfiltrates specific file types through Discord webhooks.

      Global Powershell Logging and Transcription

      Global Powershell Logging and Transcription

      by beigeworm January 03, 2025

      Incident Response USB Rubber Ducky

      This payload executes a script that logs all PowerShell input and output to a text file in the documents folder.
      USB Poison

      USB Poison

      🏆   by beigeworm January 03, 2025

      General USB Rubber Ducky

      This payload executes a script that waits for new USB flash storage devices to be connected. When a new device connects, this script will copy a desired file...

      Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges

      Execute commands as NT AUTHORITY\SYSTEM with TrustedInstaller privileges

      by TW-D November 24, 2024

      Execution USB Rubber Ducky

      This payload launches a new cmd.exe process with elevated privileges under TrustedInstaller, by setting the TrustedInstaller process as the parent, the cmd.e...
      Exfiltrate NTLM Hash To SD

      Exfiltrate NTLM Hash To SD

      by luu176 November 04, 2024

      Exfiltration USB Rubber Ducky

      This payload exfiltrates NTLM hash files to the Rubber Ducky's SD card for further analysis.

      Same File Name Prank

      Same File Name Prank

      by Aleff September 24, 2024

      Prank USB Rubber Ducky

      This payload renames files and folders to all have a similar name.
      Exfiltrate NTLM Hash

      Exfiltrate NTLM Hash

      by luu176 September 24, 2024

      Exfiltration USB Rubber Ducky

      A payload used to exfiltrate the NTLM hash on a Windows machine.

      Local WLAN Borrower

      Local WLAN Borrower

      by yeetboy0330 September 17, 2024

      Credentials USB Rubber Ducky

      This script borrows the wifi passwords on the target system and puts them into a .txt file on the ducky.
      Windows Screenshot Exfil

      Windows Screenshot Exfil

      by thomasboegl1 August 06, 2024

      Exfiltration USB Rubber Ducky

      This payload captures screenshots from a Windows machine every 10 seconds and uploads them to a specified server using the Powershell.

      DNS TXT Command Injection

      DNS TXT Command Injection

      by nathansb2022 August 06, 2024

      Execution USB Rubber Ducky

      This payload uses Resolve-DnsName to perform a DNS name query resolution for a domain hosting a malicious TXT record
      WiFi Passwords Exfiltration Via SCP

      WiFi Passwords Exfiltration Via SCP

      by F1ll0ry July 23, 2024

      Exfiltration USB Rubber Ducky

      This payload finds WiFi SSIDs and passwords on a Windows machine, saves them to a file, and sends the file to a VPS using SCP.

      Duckie Harvest

      Duckie Harvest

      🏆   by NiK0-Byt3 July 15, 2024

      Credentials USB Rubber Ducky

      This payload extracts and saves Wi-Fi passwords and browser credentials from Google Chrome, Brave, Firefox, and Microsoft Edge on the target machine. Additio...
      Lazagne Exfil

      Lazagne Exfil

      by mrproxy July 11, 2024

      Exfiltration USB Rubber Ducky

      This payload downloads and runs Lazagne, stores all info to .txt file, sends file to telegram bot.

      Google Exfil

      Google Exfil

      by mrproxy July 11, 2024

      Exfiltration USB Rubber Ducky

      This payload runs Powershell script that zips google user data, uses gofile.io api to upload it, and then sends a download link through telegram bot or disco...
      Defend Yourself From CVE-2023-23397

      Defend Yourself From CVE-2023-23397

      by Aleff July 09, 2024

      Incident Response USB Rubber Ducky

      This script sets a Firewall rule that will defend you against CVE-2023-23397.

      Leaderboard

      2024 Payload Heroes
      1. 🥇   Cribbit
      2. 🥈   InfoSecREDD
      3. 🥉   TW-D
      2023 Payload Heroes
      1. 🥇   Aleff
      2. 🥈   0i41E
      3. 🥉   Spywill
      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2025
      Screenshare Over LAN
      FileHunter
      USB Poison

       

      2024
      Duckie Harvest
      Windows Duck In The...

       

      2023
      X-Frame-Options Sca...
      Whatsapp Message Se...
      Hey! Got Any Grapes?
      Simple PSH Wallpape...
      EternalLock
      Windows Privilege E...
      ReverseDuckyUlitmate
      Morse Code
      Bash-History
      Deshellerator
      cApS-Troll
      Standard Phishing C...
      USBScream
      ReverseDuckyPolymorph
      duckin8or
      Piano player payloa...

       

      2022
      Printer-Recon
      Disable Windows Def...
      DesktopDuck
      Shortcut-Jacker
      WifiProfile Stealer...
      3_Payload_Menu
      The Penny Drops
      Image over key refl...
      wifi-to-dropbox
      DROP-ZIP-EXCECUTE
      Rick Roll Updater
      Chrome Exfil
      Credz-Plz
      "Microsoft Windows"...
      AUTOinCORRECT
      Funni Stick V3
      iMessage Data Grabber
      DuckyLogger
      Forward Email
      ReverseDucky3

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      593 featured payloads in this library. Hundreds more at GitHub.com/Hak5.

      DEVICES

      CATEGORIES


      1 2 3 14 Next