Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      PayloadHub
      Previous  / Next

      X-Frame-Options Scanner

      Awarded Awarded-2023 Recon USB Rubber Ducky
      X-Frame-Options Scanner
      Download Copy
      Title: X-Frame-Options Scanner
      Author: TW-D

      Uses the "Microsoft Edge" web browser to search for web servers within a range of IPv4 addresses that do not have an "X-Frame-Options" header. Then exports the results to a PDF file accessible in the Rubber Ducky. The results contain the tested IPv4 addresses and the HTML rendering.

      🏆   Recognized with a Payload Award in September 2023

       

      Reconnaissance, or recon, is all about gathering information on a target — be it an individual computer or the network at large. Individual computers may be scanned using a hotplug tool like the Bash Bunny or USB Rubber Ducky coupled with keystroke injection techniques to obtain valuable information without the need to elevate privileges.

      Network reconnaissance techniques involve active scans, which may be observed by intrusion detection systems, or passive scans, which may go quietly undetected. The information obtained in a recon operation may assist in the red team's audit plan for future missions such as phishing campaigns or exfiltration. On the network enumeration side, many techniques exist for scanning the network from the outside. The same techniques may be applied to scanning inside the network, which is where hotplug Ethernet attack tools like the Shark Jack excel. See all recon payloads.

      This payload is for the USB Rubber Ducky — a "flash drive" that types keystroke injection payloads into unsuspecting computers at incredible speeds. It's no wonder this little quacker has made appearances on Mr. Robot, FBI, Blacklist, National Geography and more!

      Submit your own payload, or browse more featured USB Rubber Ducky Payloads.

      USB Rubber Ducky

      View Product

       

       

      Related Payloads

      Droidex
      Droidex
      Droidex exfiltrates the top file stored in the Downloads directory of target mobile device to a self-hosted python webse
      Read More
      edit2exfil
      edit2exfil
      edit2exfil is a persistent file exfiltration payload that embeds itself as a cronjob on Linux systems via bash script, r
      Read More
      PixelReflection
      PixelReflection
      This payload exfiltrates files by creating a 1 pixel sized form in the top left of the screen and changes the background
      Read More

       


      Leaderboard

      2024 Payload Heroes
      1. 🥇   Cribbit
      2. 🥈   InfoSecREDD
      3. 🥉   TW-D
      2023 Payload Heroes
      1. 🥇   Aleff
      2. 🥈   0i41E
      3. 🥉   Spywill
      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2025
      Brisket_Breacher
      Droidex
      edit2exfil
      PixelReflection
      Simplex
      ExfilWindowsCreds
      Randomizing User-Agent
      Stunnel
      Hash Slinging Stasher
      Screenshare Over LAN
      Flood Gateway
      Pebbles
      FileHunter
      USB Poison

       

      2024
      Blind OS Command In...
      Bouncy Coil
      Duckie Harvest
      Windows Duck In The...
      Linux Keystroke Ref...
      MacAlertPhisher
      TV-Menu-Trigger
      adb shell dumpsys
      KeyLogger

       

      2023
      Follow someone on I...
      MacDocsExfill
      BunnyPicker
      MacFetch
      Email-Capture
      iOS-Logic-Bomb-Example
      Squirrel SSH Remote...
      X-Frame-Options Sca...
      Whatsapp Message Se...
      Hey! Got Any Grapes?
      Simple PSH Wallpape...
      Croc_Getonline
      EternalLock
      Windows Privilege E...
      ReverseDuckyUltimate
      Triggered_Bunny
      Morse Code
      Bash-History
      Deshellerator
      cApS-Troll
      Standard Phishing C...
      USBScream
      ReverseDuckyPolymorph
      duckin8or
      Piano player payloa...
      ActiveSync-Exfil-Ex...

       

      2022

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      601 featured payloads in this library. Hundreds more at GitHub.com/Hak5.