{"id":38249120,"url":"https://github.com/hak5/keycroc-payloads","last_synced_at":"2026-01-17T01:26:04.203Z","repository":{"id":39706635,"uuid":"263649728","full_name":"hak5/keycroc-payloads","owner":"hak5","description":"The Official Key Croc Payload Repository ","archived":false,"fork":false,"pushed_at":"2025-03-23T18:55:43.000Z","size":893,"stargazers_count":193,"open_issues_count":7,"forks_count":87,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-03-23T19:36:20.331Z","etag":null,"topics":["badusb","duckyscript","hak5","hid","implant","keystroke-injection","security-tools"],"latest_commit_sha":null,"homepage":"https://shop.hak5.org/products/key-croc","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hak5.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-13T14:13:54.000Z","updated_at":"2025-03-23T18:55:47.000Z","dependencies_parsed_at":"2024-06-07T21:28:11.565Z","dependency_job_id":"dceb887b-d581-4aff-9ef9-9889719ade1c","html_url":"https://github.com/hak5/keycroc-payloads","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hak5/keycroc-payloads","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hak5%2Fkeycroc-payloads","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hak5%2Fkeycroc-payloads/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hak5%2Fkeycroc-payloads/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hak5%2Fkeycroc-payloads/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hak5","download_url":"https://codeload.github.com/hak5/keycroc-payloads/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hak5%2Fkeycroc-payloads/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28491476,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T00:50:05.742Z","status":"ssl_error","status_checked_at":"2026-01-17T00:43:11.982Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["badusb","duckyscript","hak5","hid","implant","keystroke-injection","security-tools"],"created_at":"2026-01-17T01:26:03.624Z","updated_at":"2026-01-17T01:26:04.187Z","avatar_url":"https://github.com/hak5.png","language":"Shell","readme":"\n# Payload Library for the [Key Croc](https://hak5.org/products/key-croc) by [Hak5](https://hak5.org)\n\nThis repository contains payloads and extensions for the Hak5 Key Croc. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads.\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"https://img.shields.io/github/forks/hak5/keycroc-payloads?style=for-the-badge\"/\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003cimg src=\"https://img.shields.io/github/stars/hak5/keycroc-payloads?style=for-the-badge\"/\u003e\n\u003cbr/\u003e\n\u003cimg src=\"https://img.shields.io/github/commit-activity/y/hak5/keycroc-payloads?style=for-the-badge\"\u003e\n\u003cimg src=\"https://img.shields.io/github/contributors/hak5/keycroc-payloads?style=for-the-badge\"\u003e\n\u003c/div\u003e\n\u003cbr/\u003e\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://payloadhub.com\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/payloadhub.png?v=1652474600\"\u003e\u003c/a\u003e\n\u003cbr/\u003e\n\u003ca href=\"https://payloadhub.com/blogs/payloads/tagged/key-croc\"\u003eView Featured Key Croc Payloads and Leaderboard\u003c/a\u003e\n\u003cbr/\u003e\u003ci\u003eGet your payload in front of thousands. Enter to win over $2,000 in prizes in the \u003ca href=\"https://hak5.org/pages/payload-awards\"\u003eHak5 Payload Awards!\u003c/a\u003e\u003c/i\u003e\n\u003c/p\u003e\n\n\n\u003cdiv align=\"center\"\u003e\n\u003ca href=\"https://hak5.org/discord\"\u003e\u003cimg src=\"https://img.shields.io/discord/506629366659153951?label=Hak5%20Discord\u0026style=for-the-badge\"\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://youtube.com/hak5\"\u003e\u003cimg src=\"https://img.shields.io/youtube/channel/views/UC3s0BtrBJpwNDaflRSoiieQ?label=YouTube%20Views\u0026style=for-the-badge\"/\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://youtube.com/hak5\"\u003e\u003cimg src=\"https://img.shields.io/youtube/channel/subscribers/UC3s0BtrBJpwNDaflRSoiieQ?style=for-the-badge\"/\u003e\u003c/a\u003e\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n\u003ca href=\"https://twitter.com/hak5\"\u003e\u003cimg src=\"https://img.shields.io/badge/follow-%40hak5-1DA1F2?logo=twitter\u0026style=for-the-badge\"/\u003e\u003c/a\u003e\n\u003cbr/\u003e\u003cbr/\u003e\n\n\u003c/div\u003e\n\n# Shop\n- [Purchase the Key Croc - the world's smartest keylogger](https://hak5.org/products/key-croc \"Purchase the Key Croc - the world's smartest keylogger\")\n- [PayloadStudio Pro](https://hak5.org/products/payload-studio-pro \"Purchase PayloadStudio Pro\")\n- [Shop All Hak5 Tools](https://shop.hak5.org \"Shop All Hak5 Tools\")\n\n## Getting Started\n- [Build Payloads with PayloadStudio](#build-your-payloads-with-payloadstudio) | [QUICK START GUIDE](https://docs.hak5.org/key-croc/getting-started/basics \"QUICK START GUIDE\") \n\n## Documentation / Learn More\n-   [Documentation](https://docs.hak5.org/key-croc \"Documentation\") \n\n## Community\n*Got Questions? Need some help? Reach out:*\n-  [Discord](https://hak5.org/discord/ \"Discord\") | [Forums](https://forums.hak5.org/forum/106-key-croc/ \"Forums\")\n\n## Additional Links\n\u003cb\u003e Follow the creators \u003c/b\u003e\u003cbr/\u003e\n\u003cp \u003e\n\t\u003ca href=\"https://twitter.com/notkorben\"\u003eKorben's Twitter\u003c/a\u003e | \n\t\u003ca href=\"https://instagram.com/hak5korben\"\u003eKorben's Instagram\u003c/a\u003e\n\u003cbr/\u003e\n\t\u003ca href=\"https://twitter.com/hak5darren\"\u003eDarren's Twitter\u003c/a\u003e | \n\t\u003ca href=\"https://instagram.com/hak5darren\"\u003eDarren's Instagram\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cbr/\u003e\n\u003ch1\u003e\u003ca href=\"https://hak5.org/products/key-croc\"\u003eAbout the Key Croc\u003c/a\u003e\u003c/h1\u003e\n\nThe Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It's the ultimate key-logging pentest implant.\n\u003cb\u003e\n\u003cdiv align=\"center\"\u003e\n\u003ca href=\"https://www.youtube.com/watch?v=rDdA4ggyc8E\"\u003eLaunch Video\u003c/a\u003e\n\u003cbr/\u003e\n\u003c/div\u003e\n\u003c/b\u003e\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://hak5.org/products/key-croc\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/key-croc-diagram1_600x.png?v=1614333513\"\u003e\u003c/a\u003e\n\u003cbr/\u003e\u003ci\u003eHak5 Key Croc Hardware Features\u003c/i\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\nThe Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It's the ultimate key-logging pentest implant.\n\nMore than just recording and streaming keystrokes online, it exploits the target with payloads that trigger when keywords of interest are typed.\n\nBy emulating trusted devices like serial, storage, HID and Ethernet, it opens multiple attack vectors – from keystroke injection to network hijacking.\n\nImagine capturing credentials and systematically using them to exfiltrate data. Or pentest from anywhere, live in a web browser with [Hak5 Cloud C²](https://shop.hak5.org/products/c2 \"Hak5 Cloud C²\").\n\nIt's simple too. A hidden button turns it into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.\n\n\n\u003cp align=\"center\"\u003e\n\u003ci\u003e Hak5 Key Croc Pattern Matching Payloads\u003c/i\u003e\u003cbr/\u003e\n\u003ca href=\"https://payloadhub.com\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/payload-until_600x.png?v=1614341304\"\u003e\u003c/a\u003e\u003cbr/\u003e\n\u003ci\u003e Hak5 Key Croc Configuration - simply edit config.txt\u003c/i\u003e\u003cbr/\u003e\n\u003ca href=\"https://payloadhub.com\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/key-croc-config_600x.png?v=1614333508\"\u003e\u003c/a\u003e\n\u003cbr/\u003e\n\u003c/p\u003e\n\n# About DuckyScript™\n\u003cb\u003e With the Key Croc in 2020, DuckyScript 2.0 has been introduced.\u003c/b\u003e\n\nWhile many of the Hak5 Tools run various versions of DuckyScript; like the [Bash Bunny](https://shop.hak5.org/products/bash-bunny) and even the [officially licenced DuckyScript compatible devices from O.MG](https://shop.hak5.org/collections/mischief-gadgets/ \"O.MG\") - the Key Croc uses an `INTERPRETED` version of DuckyScript\n\n_Interpreted DuckyScript means the payload runs on the device straight from `source code` (the code you write e.g. `QUACK STRING test`)._\n\nThe files in this repository are _the source code_ for your payloads and run _directly on the device_ **no compilation required** - simply place your `payload.txt` in the appropriate directory and you're ready to go!\n\n\u003ch1\u003e\u003ca href=\"https://payloadstudio.hak5.org\"\u003eBuild your payloads with PayloadStudio\u003c/a\u003e\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\nTake your DuckyScript™ payloads to the next level with this full-featured,\u003cb\u003e web-based (entirely client side) \u003c/b\u003e development environment.\n\u003cbr/\u003e\n\u003ca href=\"https://payloadstudio.hak5.org\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/products/payload-studio-icon_180x.png?v=1659135374\"\u003e\u003c/a\u003e\n\u003cbr/\u003e\n\u003ci\u003ePayload studio features all of the conveniences of a modern IDE, right from your browser. From syntax highlighting and auto-completion to live error-checking and repo synchronization - building payloads for Hak5 hotplug tools has never been easier!\n\u003cbr/\u003e\u003cbr/\u003e\nSupports your favorite Hak5 gear - USB Rubber Ducky, Bash Bunny, Key Croc, Shark Jack, Packet Squirrel \u0026 LAN Turtle!\n\u003cbr/\u003e\u003cbr/\u003e\u003c/i\u003e\u003cbr/\u003e\n\u003ca href=\"https://hak5.org/products/payload-studio-pro\"\u003eBecome a PayloadStudio Pro\u003c/a\u003e and \u003cb\u003e Unleash your hacking creativity! \u003c/b\u003e\n\u003cbr/\u003e\nOR\n\u003cbr/\u003e\n\u003ca href=\"https://payloadstudio.hak5.org/community/\"\u003e Try Community Edition FREE\u003c/a\u003e \n\u003cbr/\u003e\u003cbr/\u003e\n\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/themes1_1_600x.gif?v=1659642557\"\u003e\n\u003cbr/\u003e\n\u003ci\u003e Payload Studio Themes Preview GIF \u003c/i\u003e\n\u003cbr/\u003e\u003cbr/\u003e\n\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/AUTOCOMPLETE3_600x.gif?v=1659640513\"\u003e\n\u003cbr/\u003e\n\u003ci\u003e Payload Studio Autocomplete Preview GIF \u003c/i\u003e\n\u003c/p\u003e\n\n\n## DuckyScript Ecosystem\n\n\u003ch3\u003e\u003ca href='https://github.com/keycroc/keycroc-payloads/blob/master/languages'\u003eLanguages \u003c/a\u003e\u003c/h3\u003e\n\nSupport for different keyboard layouts can be found, modified or contributed to in the \u003cb\u003e\u003ca href='https://github.com/keycroc/usbrubberducky-payloads/blob/master/languages'\u003e languages/ \u003c/a\u003e\u003c/b\u003e directory of this repository.\n\nUnlike devices such as the Bash Bunny and USB Rubber Ducky - the Key Croc's language files are *just a bit different*. \nDue to the nature of supporting **real time decoding** and **real time MATCH payloads** the Croc has a bit more on it's plate in regards to what it means to support a keyboard language layout. \n\nFor example, while performing Keystroke Injection - you may only ever require the `1` from the number row, or the right `GUI` key. The Key Croc on the other hand needs to not only know how to interpret _the entire keyboard_ but also a large variety of keyboard combinations to make matching and triggering on payloads work as you would expect it to; accurately and without delay. For these reasons, the Key Croc's language files are monolithic, statically and programatically generated to provide the absolute best possible experience.\n\nThe default language is US \u003ca href='https://github.com/hak5/keycroc-payloads/blob/master/languages/us.json'\u003e(languages/us.json)\u003c/a\u003e\n\n\n\u003ch1\u003e\u003ca href='https://shop.hak5.org/products/c2'\u003eHak5 Cloud C² \u003c/a\u003e\u003c/h1\u003e\nCloud C² makes it easy for pen testers and IT security teams to deploy and manage fleets of Hak5 gear from a simple cloud dashboard. \n\nCloud C² is available as an instant download. **A free license for Community Edition is available which is not for commercial use and comes with community support.**\nThe **Professional** and **Teams Editions** are for commercial use with standard support.\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://shop.hak5.org/products/c2\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/teams1.png?v=1614035533\"\u003e\u003c/a\u003e\n\u003cbr/\u003e\n\u003ci\u003e Hak5 Cloud C² Web Interface\u003c/i\u003e\n\u003c/p\u003e\n\n\nCloud C² is a **self-hosted** web-based command and control suite for networked Hak5 gear that lets you **pentest from anywhere.**\n\nLinux, Mac and Windows computers can host the Cloud C² server while Hak5 gear such as the WiFi Pineapple, LAN Turtle and Packet Squirrel can be provisioned as clients.\n\nOnce you have the Cloud C² server running on a public-facing machine (such as a VPS) and the Hak5 devices are provisioned and deployed, you can login to the Cloud C² web interface to manage these devices as if you were directly connected.\n\nWith multiple Hak5 devices deployed at a client site, aggregated data provides a big picture view of the wired and wireless environments.\n\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://shop.hak5.org/products/c2\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/teams2.png?v=1614035564\"/\u003e\u003c/a\u003e\n\u003cbr/\u003e\n\u003ci\u003e Hak5 Cloud C² Web Interface - Teams Edition - Sites \u003c/i\u003e\n\u003c/p\u003e\n\n\nHak5 Cloud C² Teams edition comes full of features designed to help you manage **all** of your remote Hak5 devices with ease:\n - Multi-User\n - Multi-Site\n - Role-Based Access Control\n - Advanced Auditing\n - Tunneling Services including web Terminal and WiFi Pineapple web interface proxy\n\n\u003ca href=\"https://shop.hak5.org/products/c2\"\u003eLearn More\u003c/a\u003e\n\n\u003ch1\u003e\u003ca href='https://payloadhub.com'\u003eContributing\u003c/a\u003e\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://payloadhub.com\"\u003e\u003cimg src=\"https://cdn.shopify.com/s/files/1/0068/2142/files/payloadhub.png?v=1652474600\"\u003e\u003c/a\u003e\n\u003cbr/\u003e\n\u003ca href=\"https://payloadhub.com\"\u003eView Featured Payloads and Leaderboard \u003c/a\u003e\n\u003c/p\u003e\n\n\nOnce you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.\n\n# Please adhere to the following best practices and style guides when submitting a payload.\n### Purely destructive payloads will not be accepted. No, it's not \"just a prank\".\n\nPayloads should be submitted to the most appropriate category directory. These include credentials, exfiltration, phishing, prank, recon, etc.\n\nSubject to change. Please ensure any submissions meet the [latest version](https://github.com/hak5/keycroc-payloads/blob/master/README.md) of these standards before submitting a Pull Request.\n\n## Naming Conventions\nPlease give your payload a unique, descriptive and appropriate name. Do not use spaces in payload, directory or file names. Each payload should be submit into its own directory, with `-` or `_` used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.\n\nEach payload should have a unique, descriptive directory and filename, e.g., `WIN_powershell_SMB_exfiltration.txt`\n\nThe directory name for the payload should match the payload file name.\n\nIf the payload is OS specific (I.e., a Windows Powershell attack), the filename should be prefixed with that OS. Prefixes include:\n* `WIN_` for Windows\n* `MAC_` for MacOS\n* `LINUX_` for all Linux flavors\n* `MULTI_` for multi-OS payloads\n\nIf the payload is OS agnostic (I.e., it substitutes text or otherwise make no interaction with the target OS), the filename should not include an OS prefix.\n\nIf multiple individual OS specific payloads are included, the directory name should be prefixed with `MULTI_` while each payload file name therein should be prefixed with the specific OS.\n\n\n## Payload Configuration\nIn many cases, payloads will require some level of configuration by the end payload user. Be sure to take the following into careful consideration to ensure your payload is easily tested, used and maintained. \n\n- Remember to use PLACEHOLDERS for configurable portions of your payload - do not share your personal URLs, API keys, Passphrases, etc...\n- Make note of both required and optional configuration(s) in your payload using comments at the top of your payload or \"inline\" where applicable\n- \n\n## Payload Documentation \nPayloads should begin with `#` comments specifying the title of the payload, the author, the target, and a brief description.\n\u003cpre\u003e\nExample:\n\tBEGINNING OF PAYLOAD\n\n\t# Title: Example Payload\n\t# Author: Korben Dallas\n\t# Description: Opens hidden powershell and\n\t# Target: Windows 10\n\t# Props: Hak5, Darren Kitchen, Korben\n\t# Version: 1.0\n\t# Category: General\n\u003c/pre\u003e\n\n\nIf a payload requires additional documentation for use, such as requiring special dependency installation or use of the LED, it should be documented in the code block. In the case of LED for status, use the following:\n\n```\n# LED ERROR: Dependency not found\n# LED SETUP: Starting services\n# LED ATTACK: Performing attack\n# LED SPECIAL: Exfiltrating loot\n# LED CLEANUP: Removing temp files\n# LED FINISH: Attack complete\n```\n\nIf custom color/patterns are used instead of standard LED states, designate these status indications accordingly.\n\nPayloads may optionally include a `readme.md` file for documentation.\n\n\u003ch1\u003e\u003ca href=\"https://hak5.org/pages/policy\"\u003eLegal\u003c/a\u003e\u003c/h1\u003e\n\nPayloads from this repository are provided for educational purposes only.  Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. Hak5 LLC and affiliates claim no responsibility for unauthorized or unlawful use.\n\nDuckyScript is a trademark of Hak5 LLC. Copyright © 2010 Hak5 LLC. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means without prior written permission from the copyright owner.\nKey Croc and DuckyScript are subject to the Hak5 license agreement (https://hak5.org/license)\nDuckyScript is the intellectual property of Hak5 LLC for the sole benefit of Hak5 LLC and its licensees. To inquire about obtaining a license to use this material in your own project, contact us. Please report counterfeits and brand abuse to legal@hak5.org.\nThis material is for education, authorized auditing and analysis purposes where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 LLC claims no responsibility for unauthorized or unlawful use.\nHak5 LLC products and technology are only available to BIS recognized license exception ENC favorable treatment countries pursuant to US 15 CFR Supplement No 3 to Part 740.\n\n# Disclaimer\nGenerally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness. As with any script, you are advised to proceed with caution.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhak5%2Fkeycroc-payloads","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhak5%2Fkeycroc-payloads","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhak5%2Fkeycroc-payloads/lists"}