A user-friendly open-source project to learn about keystroke injection attacks or BadUSBs.
What is a BadUSB?
By emulating a USB keyboard, a BadUSB can gain full access to a computer in a matter of seconds!
This is made possible by the fact that keyboards are trusted by computers. You can have complete control over a computer with just a keyboard.
A BadUSB pretends to be a keyboard to the computer to send keystrokes. But unlike a human, it can type hundreds of characters per second. By using a simple scripting language, it's easy to make BadUSBs type whatever you want.
The WiFi Duck goes a step further. By adding WiFi, it turns into a remote-controlled BadUSB/keyboard. You can connect to it and manage all scripts from within a web interface. This means that, unlike other BadUSBs, you don't need to install an app, log in, compile or copy scripts to an SD card.
- Plugin your WiFi Duck
- Connect to the WiFi network
wifiduckwith the password
- Open a browser and visit
- Write, save and run your first script
- [Recommended] Open
Settings(top right corner) and update SSID and password
We teamed up with DSTIKE and Maltronics to turn this project into a product!
A nicely encased, inconspicuous-looking BadUSB by Maltronics. Having USB-A and USB-C makes it compatible with all kinds of devices. It comes flashed with the WiFi Duck firmware and works plug and play.
DSTIKE WiFi Duck
A custom-designed development board by Travis Lin coming pre-flashed with the WiFi Duck firmware.
This tool is intended to be used for testing, training, and educational purposes only. Never use it to do harm or create damage!