USB Rubber Ducky
Looks like a USB drive. Types like a keyboard. The USB Rubber Ducky executes pre-programmed keystroke injection payloads the instant it's plugged in — faster than any human can type. Write payloads in simple DuckyScript to exfiltrate data, open reverse shells, install backdoors, or automate any keyboard-driven task. The go-to tool for social engineering and physical access engagements. Cross-platform with 1000+ community payloads available.
Key Features
- 60MHz 32-bit CPU
- MicroSD Storage
- DuckyScript Language
- 1000+ Payloads Available
- Cross-Platform
- Instant Execution
SKU: RD-USB
CUSTOMER REVIEWS
Based on 4 reviews
The OG payload delivery device
Dropped one of these in a client parking lot during a social engineering engagement. It was plugged in within 20 minutes and our payload executed perfectly. DuckyScript makes writing payloads incredibly simple — even our junior consultants can create custom attacks in minutes. The fact that it looks like a regular USB drive is what makes it so effective.
Classic use case! Social engineering combined with the Rubber Ducky is incredibly effective for demonstrating physical security risks.
Simple, effective, reliable
I have used this across dozens of engagements and it has never let me down. The execution speed is insane — the payload runs so fast the user barely sees anything on screen. Works perfectly on Windows, Mac, and Linux targets. The payload library on the Hak5 GitHub is massive. Best $80 I have ever spent on a security tool.
Bought this to test our defenses
I am actually on the blue team side and bought this to test our endpoint protection. Turns out, none of our DLP solutions caught it. That finding alone justified the purchase and led to a significant security improvement. Now I use it monthly to verify our USB device policies are working. Essential tool for both red and blue teams.