DuckToolkit
Encoding Tools for Rubber Ducky. The duck tools are available in the browser at https://ducktoolkit.com. From here you can also generate payloads from a selection of predefined scripts and templates.
Disclaimer
The Duck Toolkit is an open source Penetration Testing tool for authorized network auditing and security analysis purposes only where permitted. Users are solely responsible for compliance with all laws of their locality. The Duck Toolkit software developers and affiliates claim no responsibility for unauthorized or unlawful use.
Installation
Download the release and install with python setup.py install
Or
sudo pip install --upgrade ducktoolkit
There are no external dependencies other than python. This has been tested on Ubuntu and Windows 10
Usage
The DuckToolkit is provided with a script that will allow you to easily encode and decode your files.
Encode
To encode point the script at your duckcode.txt file, select an output and a language as show in the example below:
ducktools.py -e -l gb /path/to/duck_text.txt /path/to/output.bin
Decode
To decode point the script at your inject.bin file, select an output and a language as show in the example below:
ducktools.py -d -l gb /path/to/inject.bin /path/to/output.txt
Library
The toolkit is python 3 compatible and can also be imported as a library.
from ducktoolkit import encoder
duck_text = 'STRING Hello'
language = 'gb'
duck_bin = encoder.encode_script(duck_text, language)
Limitations
The encoder can only deal with certain Command keys and key combinations. Please see https://usbrubberducky.com for details on supported commands.
The decoder is a best effort decoder. It will attempt to restore all command keys and strings. But its a lot harder going backwards. You will NOT be able to generate a valid duck script from an inject.bin
ToDo
- Support more keyboard layouts / languages.
- Improve the decoder.
- Pip Installation