Simple-Ducky Payload Generator v1.1.1
Switch branches/tags
Nothing to show
Clone or download
skysploit Merge pull request #3 from kidovate/master
JAR Download and Execute and new Mac Reverse Shell
Latest commit f15079e Sep 10, 2013
Failed to load latest commit information.
.gitmodules updated history Jun 23, 2013 updated submodules Jun 23, 2013

Simple-Ducky Payload Generator v1.1.1


The simple-ducky is designed to quickly create reliable payloads and launch listener's.The Simple-Ducky currently uses version 2.6 of the duck encoder. The lastest version of the Simple-Ducky supports all Debian Linux distro's (i.e. Kali-Linux, Ubuntu, Linux Mint etc). The smart installer will take care of all the work for you.

With the simple-ducky in a matter of seconds you can;

  • Create your evil executable (its automatically placed in your web directory)
  • Create your inject.bin
  • And launch a listener (meterpreter or netcat).

Note: The newest version supports all Debian distro's i.e. Kali, Backtrack, Ubuntu, Linux Mint, Backbox, etc...


To install the Simple-Ducky on any Debian distro:

  • git clone --recursive git:// /usr/share/simple-ducky
  • bash /usr/share/simple-ducky/
  • Once installed run the simple-ducky by typing: simple-ducky

Note 1: Be sure to run option 9 "Dependency Checker" prior to running any other functions.

Note 2: If you have prior installs (v1.1.0 or prior) issue this command:

  • rm -rf /usr/share/ducky


To keep simple-ducky and all its modules updated:

  • On Debian-based distros: run simple-ducky-update from the command prompt
  • On Windows-based systems: run the included update.bat

Change Log

Here what has changed throughout the different version's of the simple-ducky.

v 1.1.1 Changes

  • Added tons of new features; Shells with dbd (incredibly powerful) and the Custom Payload Builder
  • Cleaned up the menu options
  • Made bug fixes to several payloads
  • Replaced Netcat with Ncat

v 1.1.0 Changes

  • Upgraded the encoder to version 2.6
  • Made changes to the main menu
  • Added a new paylod: LM/NTLM Hash Dump From Live System
  • Added an LM/NTLM Password Hasher
  • Added a new tool: Site2lst Custom Wordlist Builder
  • Upgraded the installer: Now there is just one version of the simple-ducky that supports all Debian distro's (Only tested on Linux Mint and Ubuntu)
  • Added a new directory titled "misc" this file will hold often used files during attacks

v 1.0.9 Changes

  • Added a new payload subset titled "Forced Phishing & Web Attacks"
  • Intergrated: SE-Toolkikt, Browser_Autopwn, and BurpSuite.
  • Added Payload: Local DNS Poisoning | SE-Toolkit's Java Applet Attack
  • Added Payload: Local DNS Poisoning | Metasploit's Browser_Autopwn
  • Added Payload: Proxy in the Middle (PiTM) | No Admin Access Needed | Burpsuite

v 1.0.8 Changes

  • Added OSX Single User Mode Reverse Shell Payload
  • Made minor scripting changes
  • Changed Encoder to version 2.5
  • Fixed bugs in the FTP Server Setup option
  • Created a User add function for the FTP Server Setup

v 1.0.7 Changes

  • Fixed command line entrance method on all Windows no UAC Vista/7 Payloads (Props to arzen)

v 1.0.6 Changes

  • Created two separate versions of the simple-ducky (1 for Kali-Linux and the other for Other Linux Distros)
  • Removed the install dependencies option on the Kali-Linux version (Kali will keep these up to date)(Other-Linux version still has it)
  • Updated the Powershell Download & Payloads to provide better obfuscation (tested on fully patched windows Vista/7/8 running McAfee)
  • Added a new function that configures the Pure-FTPD server for the user

v1.0.5 Changes

  • Complete Payload and Menu Revamp
  • Updated menu options

v1.0.4 Changes

  • Added Persistence payload
  • Updated menu options

v1.0.3 Changes

  • Payload Update
  • JDK update support for 64bit systems added
  • Added initial delay function (allows you to set a custom delay for driver install time).
  • Changed encoder version from 2.4 to 3.0

v1.0.2 Changes

  • International keyboard mapping added. -- Tester's would be greatly appreciated.
  • Aesthetic changes to text.

v1.0.1 Changes

  • Added Payloads
  • Encoder downgraded from v3.0 to v2.4 due to issues encoding the Windows 7 Reverse shell payload.

If you would like to contribute your payload to the Simple-Ducky please contact me -

Encoder Readme

This new version allows you to use alternative layout. It supports ASCII, ISO-8859-1 and unicode.

  • $java -jar duckencode.jar -i script.txt -o inject.bin -l fr
    • or
  • $java -jar duckencode.jar -i script.txt -o inject.bin -l resources/

Hak5 Duck Encoder 2.6

  • usage: duckencode -i [file ..] encode specified file
  • or: duckencode -i [file ..] -o [file ..] encode to specified file


  • -i [file ..] Input File
  • -o [file ..] Output File
  • -l [file ..] Keyboard Layout (us/uk/fr/pt or a path to a properties file)

Script Commands:

  • ALT [key name] (ex: ALT F4, ALT SPACE)
  • ALT-SHIFT (Input Lanugage Swap)
  • CTRL | CONTROL [key name] (ex: CTRL ESC)
  • CTRL-ALT [key name] (ex: CTRL-ALT DEL)
  • CTRL-SHIFT [key name] (ex: CTRL-SHIFT ESC)
  • DEFAULT_DELAY | DEFAULTDELAY [Time in millisecond * 10] (change the delay between each command)
  • DELAY [Time in millisecond * 10] (used to overide temporary the default delay)
  • GUI | WINDOWS [key name] (ex: GUI r, GUI l)
  • REM [anything] (used to comment your code, no obligation :) )
  • SHIFT [key name] (ex: SHIFT DEL)
  • REPEAT [Number] (Repeat last command N times)
  • STRING [any character of your layout]
  • [key name] (anything in the

Note: Getting strange behaviour with GUI to open windows-menu, WINDOWS appears to work ok (but GUI maps to WINDOWS), strange?