A keystroke injection tool that extracts and exfiltrates stored WiFi credentials from Windows and Linux systems using USB devices like Rubber Ducky and Bash Bunny.
Simple Windows and Linux keystroke injection tool that exfiltrates stored WiFi data (SSID and password).
This tool is designed for penetration testers and red teamers to demonstrate physical access attacks by extracting WiFi SSIDs and passwords from unlocked target computers. It leverages keystroke injection devices to automate data theft and exfiltration via email or USB storage, simulating real-world attack scenarios.
Requires physical access to an unlocked computer with internet for email exfiltration or USB for physical data retrieval. Linux exploit needs victim's password. Intended strictly for authorized security research and penetration testing; unauthorized use is illegal and unethical.
Obtain physical access to an unlocked target computer with internet access
Prepare a Rubber Ducky device by transforming a Raspberry Pi Pico into pico-ducky
Copy and modify the payload script for your SMTP details (Windows) or Linux password and USB drive name
Connect the RPi Pico to the target computer via USB
For Linux exploits, ensure knowledge of the victim's password
Optionally prepare a USB flash drive for exfiltration on Linux systemsCopy modified payload to RPi Pico
Deploys the keystroke injection payload configured for target environment and exfiltration method
Use SMTP settings in payload for Windows exploit
Enables sending stolen WiFi credentials over email automatically
Use USB flash drive for Linux exploit
Stores extracted WiFi credentials on a USB device for physical retrieval