Simple-Ducky Payload Generator v1.1.1
Shell Java Visual Basic
Latest commit f15079e Sep 9, 2013 @skysploit Merge pull request #3 from kidovate/master
JAR Download and Execute and new Mac Reverse Shell
Failed to load latest commit information.
misc updated submodules Jun 23, 2013
payloads Replaced OSXReverse with a more compatible python reverse shell Sep 9, 2013
resources Simple-Ducky Payload Generator v1.1.1 Jun 22, 2013
.gitignore added gitignores for generated files Jun 23, 2013
.gitmodules i'm an idiot... Jun 23, 2013 updated history Jun 23, 2013 updated submodules Jun 23, 2013
encoder.jar Simple-Ducky Payload Generator v1.1.1 Jun 22, 2013 still derping today Jun 23, 2013 Replaced OSXReverse with a more compatible python reverse shell Sep 9, 2013
update.bat bugfixes to installers Jun 23, 2013

Simple-Ducky Payload Generator v1.1.1


The simple-ducky is designed to quickly create reliable payloads and launch listener's.The Simple-Ducky currently uses version 2.6 of the duck encoder. The lastest version of the Simple-Ducky supports all Debian Linux distro's (i.e. Kali-Linux, Ubuntu, Linux Mint etc). The smart installer will take care of all the work for you.

With the simple-ducky in a matter of seconds you can;

  • Create your evil executable (its automatically placed in your web directory)
  • Create your inject.bin
  • And launch a listener (meterpreter or netcat).

Note: The newest version supports all Debian distro's i.e. Kali, Backtrack, Ubuntu, Linux Mint, Backbox, etc...


To install the Simple-Ducky on any Debian distro:

  • git clone --recursive git:// /usr/share/simple-ducky
  • bash /usr/share/simple-ducky/
  • Once installed run the simple-ducky by typing: simple-ducky

Note 1: Be sure to run option 9 "Dependency Checker" prior to running any other functions.

Note 2: If you have prior installs (v1.1.0 or prior) issue this command:

  • rm -rf /usr/share/ducky


To keep simple-ducky and all its modules updated:

  • On Debian-based distros: run simple-ducky-update from the command prompt
  • On Windows-based systems: run the included update.bat

Change Log

Here what has changed throughout the different version's of the simple-ducky.

v 1.1.1 Changes

  • Added tons of new features; Shells with dbd (incredibly powerful) and the Custom Payload Builder
  • Cleaned up the menu options
  • Made bug fixes to several payloads
  • Replaced Netcat with Ncat

v 1.1.0 Changes

  • Upgraded the encoder to version 2.6
  • Made changes to the main menu
  • Added a new paylod: LM/NTLM Hash Dump From Live System
  • Added an LM/NTLM Password Hasher
  • Added a new tool: Site2lst Custom Wordlist Builder
  • Upgraded the installer: Now there is just one version of the simple-ducky that supports all Debian distro's (Only tested on Linux Mint and Ubuntu)
  • Added a new directory titled "misc" this file will hold often used files during attacks

v 1.0.9 Changes

  • Added a new payload subset titled "Forced Phishing & Web Attacks"
  • Intergrated: SE-Toolkikt, Browser_Autopwn, and BurpSuite.
  • Added Payload: Local DNS Poisoning | SE-Toolkit's Java Applet Attack
  • Added Payload: Local DNS Poisoning | Metasploit's Browser_Autopwn
  • Added Payload: Proxy in the Middle (PiTM) | No Admin Access Needed | Burpsuite

v 1.0.8 Changes

  • Added OSX Single User Mode Reverse Shell Payload
  • Made minor scripting changes
  • Changed Encoder to version 2.5
  • Fixed bugs in the FTP Server Setup option
  • Created a User add function for the FTP Server Setup

v 1.0.7 Changes

  • Fixed command line entrance method on all Windows no UAC Vista/7 Payloads (Props to arzen)

v 1.0.6 Changes

  • Created two separate versions of the simple-ducky (1 for Kali-Linux and the other for Other Linux Distros)
  • Removed the install dependencies option on the Kali-Linux version (Kali will keep these up to date)(Other-Linux version still has it)
  • Updated the Powershell Download & Payloads to provide better obfuscation (tested on fully patched windows Vista/7/8 running McAfee)
  • Added a new function that configures the Pure-FTPD server for the user

v1.0.5 Changes

  • Complete Payload and Menu Revamp
  • Updated menu options

v1.0.4 Changes

  • Added ~Persistence~ payload
  • Updated menu options

v1.0.3 Changes

  • Payload Update
  • JDK update support for 64bit systems added
  • Added initial delay function (allows you to set a custom delay for driver install time).
  • Changed encoder version from 2.4 to 3.0

v1.0.2 Changes

  • International keyboard mapping added. -- Tester's would be greatly appreciated.
  • Aesthetic changes to text.

v1.0.1 Changes

  • Added Payloads
  • Encoder downgraded from v3.0 to v2.4 due to issues encoding the Windows 7 Reverse shell payload.

If you would like to contribute your payload to the Simple-Ducky please contact me -

Encoder Readme

This new version allows you to use alternative layout. It supports ASCII, ISO-8859-1 and unicode.

  • $java -jar duckencode.jar -i script.txt -o inject.bin -l fr
    • or
  • $java -jar duckencode.jar -i script.txt -o inject.bin -l resources/

Hak5 Duck Encoder 2.6

  • usage: duckencode -i [file ..] encode specified file
  • or: duckencode -i [file ..] -o [file ..] encode to specified file


  • -i [file ..] Input File
  • -o [file ..] Output File
  • -l [file ..] Keyboard Layout (us/uk/fr/pt or a path to a properties file)

Script Commands:

  • ALT key name
  • ALT-SHIFT (Input Lanugage Swap)
  • CTRL | CONTROL key name
  • CTRL-ALT key name
  • CTRL-SHIFT key name
  • DEFAULT_DELAY | DEFAULTDELAY Time in millisecond * 10
  • DELAY Time in millisecond * 10
  • GUI | WINDOWS key name
  • REM anything )
  • SHIFT key name
  • REPEAT Number
  • STRING [any character of your layout]
  • key name

Note: Getting strange behaviour with GUI to open windows-menu, WINDOWS appears to work ok (but GUI maps to WINDOWS), strange?