arduck 0.0.6

Easy-to-use keystroke injection payload generator for the Arduino.

📦 arduck

Overview

This package provides a simple and flexible way to generate keystroke injection scripts. It supports a variety of boards and keyboard layouts.

Rather than relying on expensive proprietary devices (rubberducky cough cough), you can use any Arduino-compatible board that supports the Keyboard.h library.

Installation

Install the package from PyPI by running:

$ pip install arduck

Usage

Start generating payloads right away with the duck console script:

$ duck "helloworld!\n"

This will create a sketch.ino file in the current working directory. Compiling and uploading the code to an Arduino board will make it emulate the keystrokes when plugged into a computer. Be ready to quickly disconnect the board to avoid triggering the payload on your machine.

Special Keys

To inject special keys (e.g. CAPS_LOCK), wrap them in <>. When specifying a special key, the KEY_ prefix can be omitted.

$ duck "<F1>"

All default special keys are listed here. Note that some keyboards may have support for other non-standard keys.

Key Combinations

To emulate pressing multiple keys at once wrap them in <>, separated by a +.

$ duck "<LEFT_GUI+r>calc.exe\n"

Add delays

An optional delay in milliseconds can be added in between strings in the input.

$ duck "<LEFT_GUI+r>" 700 "notepad.exe\n" 500 "hello\n" "world!\n"

Presets...

Tired of writing the same payload over and over again just with minor adjustments? Not anymore! Presets take care of the repetitive aspects of writing a payload.

Let's illustrate their usefulness with an example: you need to write a payload for a Windows machine that opens up the run dialog box and executes a command. Instead of manually adding <LEFT_GUI+r> to the beginning of your payload, just use the win/run preset!

More complex presets can even have a custom argument parser (e.g. win/sclogon):

$ duck -p win/sclogon -- calc.exe -d "this task gets triggered at logon"

Note the use of the double dash -- to separate the preset arguments.

...and Templates!

While presets can only affect keystrokes, templates can change the structure of the payload.

For example, the win/alt template makes it so that every keystroke that the user provides is inserted as a Windows ALT code (cp1252). This can come in handy when injecting a Windows machine with an unknown keyboard layout, since ALT codes should be universal (emphasis on the should).

Presets and templates can be used together. The following example demonstrates how to create a payload that opens up the run dialog box on Windows and executes calc.exe while using ALT codes:

$ duck -p win/run -t win/alt "calc.exe\n"

A Word of Caution

Be careful when using and testing arduino scripts that emulate keyboard and mouse presses, because they might make it difficult to program your board. And please, always ask for permission from the owner of the machine before plugging in any external devices. Keep in mind that, if abused, this tool has the potential to cause serious harm.

This software is distributed ‘as is’ and without warranties of any kind, either express or implied. Use of the software is at your own risk.

Documentation

• Official Documentation
• CHANGELOG