• Stars
    star
    270
  • Rank 152,189 (Top 3 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created over 1 year ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repo contains my own Ducky/BadUSB scripts, related PowerShell scripts and other Flipper Zero related stuff.

Want to get the latest updates?
Be sure to ⭐ this repo!

Bad USB/

Stuff for Bad USB (or Bad KB on Xtreme) on the Flipper Zero

Ducky script/

  • Defensive/EyeLock_Edge_Win.txt - Awareness script. Found an unlocked Windows screen in your office? Fire this one off to open https://eyelockmyscreen.com in a full screen window.
  • Defensive/Phish_Office365_From_Usb.txt - Creates a phishing page for Office 365. The email address is extracted via Outlook :) If the user hits the sign-in button, a message appears in red "You typed your password inside a phishing page because you did not lock your screen!"
  • Defensive/Policy_Lock-Screen_Edge_Win.txt - Awareness script. Found an unlocked Windows screen? Fire this one off to open the company policy page and search for a specific control.
  • Defensive/Show_wifi_passwords_Win_PS.txt - Awareness script. Found an unlocked Windows screen? Fire this one off to open a Powershell window and show the user their wifi passwords.
  • Defensive/Website-FF-Android.txt - Opens a website with Firefox (only works when Firefox hasn't been opened).
  • Defensive/Website-Manual-Android.txt - Opens the default browser, then pauses. Manually select the address bar and hit the Run button. An awareness message is displayed.
  • Offensive/Pin_Bruteforcer_Netflix.txt - Bruteforces parental pin on Netflix app under Android. Created with: Create-PwdDictAttack.ps1 -PrintMode char -Wait 1000 -CharDelay 2000 -PreventOverflow -Enter
  • Offensive/Pin_Bruteforcer_HBO.txt - Bruteforces parental pin on HBO app under Android. Created with: Create-PwdDictAttack.ps1 -InputFile .\pincodes.txt -Wait 500
  • Offensive/Cookie-Facebook-WinChrome.txt - Opens facebook.com within Chrome browser and alerts the document.cookie for Facebook. Use your imagination for offensive purposes.
  • Offensive/Cookie-Facebook-WinDefaultBrowser.txt - Opens facebook.com within the default browser and alerts the document.cookie for Facebook. Use your imagination for offensive purposes.
  • Offensive/Cookie-Facebook-WinEdge.txt - Opens facebook.com within Edge browser and alerts the document.cookie for Facebook. Use your imagination for offensive purposes.
  • Offensive/ExfilToUsb.txt - Copies a folder recursively to an USB drive you bring along.
  • Offensive/ExeFromUsb.txt - Opens an executable from an USB drive you bring along.
  • Offensive/Exfil-Default-Pwd-Windows.txt - Steals DefaultPassword for automatic logon, exfils it via http://127.0.0.1 (edit this) and cleans up last opened MRU listing ("powershell"). Press button to close MS Edge.
  • Offensive/Exfil-Wifi-Pwd-Win10.txt - Steals wifi passwords (uptil win10, win11 needs admin for all passwords), exfils it via http://127.0.0.1 (edit this) and cleans up last opened MRU listing ("powershell"). Press button to close MS Edge.
  • Offensive/HookBeEF-WinDefaultBrowser.txt- Opens the BeEF demo page within the default browser so you can see interesting information on the victim.
  • Offensive/Password-top100.txt - Top 100 passwords turned into a Ducky script by Create-PwdDictAttack.ps1.
  • Offensive/PinCodes-top10000-ButtonWait.txt - 4 Number pin codes (easy to remember pin codes first) turned into a Ducky script by Create-PwdDictAttack.ps1. Waits until the run button has been pressed after each pin code.
  • Offensive/PinCodes-top10000-Delay2000.txt - 4 Number pin codes (easy to remember pin codes first) turned into a Ducky script by Create-PwdDictAttack.ps1. Waits 2 seconds after each pin code.
  • Offensive/Samsung-LEDTV-UE40F6500.txt - Changes the DNS settings of your Samsung LED TV UE40F6500 (2013 model) to 1.1.1.1.
  • Useful/DuckyScript_UDL.txt - Automatically installs User Defined Language in Notepad++ for Ducky Script.

PowerShell/

  • Offensive/Create-PwdDictAttack.ps1 - Creates a Ducky script that tries a list of passwords (or pincodes), for example against the Windows logon screen. Delay and wait time/method are configurable.
  • Offensive/Generate-PinCodes.ps1 - Generates 4 number pin codes, easy to remember pin codes first.
  • Useful/Convert-Ps2Ducky.ps1 - Converts a .ps1 file to a Ducky script.
  • Useful/Escape-DeadKeysAltcode.ps1 - Changes a Ducky script to escape dead keys (~ ` ' ") on some keyboards (replaces STRING with ALTCODE if a dead key is detected).
  • Useful/Escape-DeadKeysRepeat.ps1 - Changes a Ducky script to escape dead keys (~ ` ' ") on some keyboards (each dead key is repeated).

Ducky script creator/

  • Mobile page to create Ducky scripts on your phone when you don't have a laptop with you. Try it out here!

Infrared

  • JBL_SB1x0 - Remote for JBL soundbars SB120 / SB140 / SB170.

More Repositories

1

sitedorks

Search Google/Bing/Ecosia/DuckDuckGo/Yandex/Yahoo for a search term (dork) with a default set of websites, bug bounty programs or custom collection.
Python
813
star
2

wwwordlist

Wwwordlist is a wordlist generator for pentesters and bug bounty hunters. It extracts words from HTML, URLs, JS/HTTP/input variables, quoted texts in the text and mail files in order to generate wordlists.
Python
99
star
3

grepaddr

Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail addresses, MAC addresses.
Python
60
star
4

GoogleZorks

Google search queries for searching some kind of information about interesting stuff (OSINT)
Batchfile
9
star
5

1pfuscat0r

A tool to automatically generate alternative IP representations, a rewritten version of IPFuscator
Python
8
star
6

Wappaligner

Changes the output of Wappalyzer into something human readable. It also provides links to useful websites and a Google query for finding information on vulnerabilities.
Python
8
star
7

2cmd

Got a command that doesn't support input files like whois or sqlmap? Use 2cmd to take input from stdin and run each line with the command(s) given in the script file. Comes with lot's of pentest/red teaming/bug bounty/CTF scripts ready to use
Roff
7
star
8

rssfeeds

My personal security feeds divided into pentest feeds and other security feeds
6
star
9

2ulb

Easy shortcut to make scripts executable and link them from /usr/local/bin
Python
5
star
10

uniqurl

Use uniqurl to filter only unique content from a list of URLs with stdin, making it usable within piped commands
Python
5
star
11

WinIPFinder

Tries to find IP addresses from within Windows, useful when engaged in an on-prem pentest / red teaming exercise.
Batchfile
4
star
12

s3-bulk-cp

Copy all files found from AWS S3 bucket to local
Shell
4
star
13

hardening_guides

A gathered list of hardening guides
3
star
14

Nmap

Scripts around Nmap and plugins for Nmap
Batchfile
3
star
15

clio

Different tools that take input from stdin, does some stuff and give output stdout, making them perfect for use in pided commands
Python
3
star
16

Dangerous-Windows-Commands

This is a list of built-in Windows executables that are potentially dangerous an could be use by malware or another type of attacker.
3
star
17

kali-additions

My personal additions to Kali Linux
Shell
2
star
18

.KaliConfig

A script which install all scripts I want with a fresh Kali
Shell
2
star
19

hlt

Handy Linux Tools
Shell
2
star
20

useshttp

Takes host names as input (ports and HTTP status code are optional) and outputs the base URL if a GET request is successful, making it usable in piped commands.
Python
1
star
21

resolves

Takes host names as input and output the host name if it resolves, making it usable in piped commands.
Python
1
star
22

ZecList

Some lists I created / gathered and put together / improved
1
star
23

local_connectivity_check

Routes connectivity checks to pi-hole
Shell
1
star
24

splitfqdn

Split an FQDN in parts and rearrange its parts
Python
1
star
25

reusables

Predominantly contains functions that can be reused.
Python
1
star
26

WebCapper

Uitilizes subfinder and cutycapt to retrieve a list of hostnames and create a screenshot if a websites exists @ 80 or 443/TCP
Python
1
star
27

GetPdfAuthors

Download al files from a website and extract all authors from the PDF files
Shell
1
star
28

urldecode

Take a string from stdin a performs an urldecode x times
1
star
29

whoami-gui

AutoIt
1
star
30

urlcoding

Short script to encode or decode input from standard input
Python
1
star
31

mailgen

Use mailgen to generate bogus e-mail addresses.
Python
1
star
32

Linux-Fixes

When I stumbe across an issues, which I manage to fix, I'll add a solution. A big warning: DON'T JUST EXECUTE THESE SCRIPTS IF YOU DON'T KNOW WAT YOU'RE DOING, IT MIGHT BREAK STUFF!!!
Shell
1
star