Menu

      Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning podcasts, leading pentest gear, and inclusive community – where all hackers belong.

      PAYLOAD HUB
      Discover creative payloads from the Hak5 community with filtering by device and category.

      PAYLOAD STUDIO
      Unleash your hacking creativity with this full-featured web-based Payload development environment.

      PAYLOAD AWARDS
      Get your payload in front of thousands and enter to win. Nearly $10,000 in annual Hak5 prizes!

      ADVANCED DUCKYSCRIPT COURSE
      Learn directly from the creators! Unlock your creative potential with this comprehensive online course.

      [PAYLOAD] SERIES
      Join Hak5 hosts and collaborators as we dive into the techniques and code that make great payloads!

      Community developed payloads for Hak5 gear are featured and awarded at PayloadHub — a growing library of currated content.

      Unleash your hacking creativity with the online payload editor: PayloadStudio

      Link to your collections, sales and even external links

      Add up to five columns

      A_Cagey_Takeover

      A_Cagey_Takeover

      by the-jcksn April 17, 2022

      Prank USB Rubber Ducky

      Nicolas Cage themed Prank - Renames all files on desktop as "nicholas-cage-1.takeover", incrementing the digit. Then sets background image to Nicholas Cage b...
      persistent Reverse Bunny

      persistent Reverse Bunny

      by drapl0n April 14, 2022

      Bash Bunny Remote Access

      persistentReverseBunny provides you persistent reverse shell remotely/locally.

      ducky_crab

      ducky_crab

      by the-jcksn April 14, 2022

      Exfiltration USB Rubber Ducky

      Gives "screen crab" like capabilities to the USB rubber ducky. Creates a powershell script that captures screenshots and exfiltrates them via outlook, once a...
      KeyOS Croc

      KeyOS Croc

      by konstantingoretzki April 09, 2022

      General Key Croc

      KeyOS Croc is an extension for the Key Croc tool by Hak5. The main functionality of this extension is a basic operating system and keyboard layout detection ...

      ReverseCableSSL

      ReverseCableSSL

      by 0i41E April 09, 2022

      OMG Remote Access

      ReverseCableSSL gets you remote access to your target in seconds. Unlike ReverseCable, ReverseCableSSL offers encrypted traffic via OpenSSL.
      Talking_Duck

      Talking_Duck

      by JoustingZebra April 08, 2022

      Prank USB Rubber Ducky

      Uses .NET SpeechSynthesizer to make the computer talk.

      screenshot_exfil

      screenshot_exfil

      by the-jcksn April 08, 2022

      Exfiltration USB Rubber Ducky

      Creates zip folder of 5 most recent screenshots and sends them via outlook email.
      FodCableII - UAC Bypass

      FodCableII - UAC Bypass

      🏆   by 0i41E April 08, 2022

      Execution OMG

      Use your O.MG Cable / Plug to bypass UAC using one of the Fodhelper.exe methods. This POC will get you an elevated powershell instance and won't trigger AV a...

      OMG Acid Burn

      OMG Acid Burn

      🏆   by I am Jakoby April 08, 2022

      OMG Prank

      A script I put together to torment Call Center Scammers but can be used on your friends as well.. or Foes.
      screenGrab

      screenGrab

      🏆   by drapl0n April 08, 2022

      Bash Bunny Execution

      screenGrab payload captures snapshots of target's screen periodically and store them into bunny.

      OMG: TTS-MacOS

      OMG: TTS-MacOS

      by Kalani April 08, 2022

      OMG Prank

      On macOS, Launch terminal and use the command 'say' to read out a string. Requirements: Any DuckyScript Capable Device
      OMG: TTS-Windows

      OMG: TTS-Windows

      by Kalani April 08, 2022

      OMG Prank

      On Windows, Launch Powershell and use the System.speech to read out a string. Requirements: Any DuckyScript Capable Device

      imagesOfYore

      imagesOfYore

      by drapl0n April 08, 2022

      Bash Bunny Execution

      Taking advantaged of cached images, imagesOfYore is simple payload which exfiltrates every image that target ever had in his disk.
      bunnyDOS

      bunnyDOS

      by drapl0n April 08, 2022

      Bash Bunny Execution

      bunnyDOS payload intelligently search target's network for open http(configurable for https) ports and executes DOS it.

      camPeek

      camPeek

      by drapl0n April 01, 2022

      Bash Bunny Execution

      camPeek payload peeks through targets web cam and capture images and stores them in bunny.
      POP_CALC

      POP_CALC

      by Kalani March 31, 2022

      General OMG

      On execution, this payload will cause the target computer to launch the Calculator. This is tested working on Windows 2000 - Windows 11, and multiple Linux d...

      "Microsoft Windows" SMB Backdoor

      🏆   by TW-D March 29, 2022

      OMG Remote Access

      1. Adds a user account (OMG_User:OMG_P@ssW0rD). 2. Adds this local user to local administrator group. 3. Shares "C:" directory (OMG_SHARE). 4. Adds a rule to...
      Digital Rain

      Digital Rain

      by Angelina Tsuboi March 25, 2022

      Prank USB Rubber Ducky

      Opens a terminal window and produces a digital rain effect inspired by the Matrix using cmatrix.

      Leaderboard

      2024 Payload Heroes
      1. 🥇   Cribbit
      2. 🥈   InfoSecREDD
      3. 🥉   TW-D
      2023 Payload Heroes
      1. 🥇   Aleff
      2. 🥈   0i41E
      3. 🥉   Spywill
      2022 Payload Heroes
      1. 🥇   I AM JAKOBY
      2. 🥈   0iphor13
      3. 🥉   atomiczsec

      Get Rewarded

      Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards!

      Awarded Payloads

      2025

       

      2024

       

      2023

       

      2022

      Contribute

      Submit entries to a payload repository by pull request. New to github? See this Hak5 tutorial video.

      Collaborate

      Get inspired, showcase your work and receive helpful feedback on your payloads in the Hak5 Community!

      Caution

      Third-party payloads executing as root may cause damage and come AS-IS without warranty or guarantees.

      Disclaimer

      Payloads are for education and auditing where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 claims no responsibility for unauthorized or unlawful use.

      Stats

      608 featured payloads in this library. Hundreds more at GitHub.com/Hak5.

      DEVICES

      CATEGORIES


      Previous 1 25 26 27 28 29 34 Next