A duckyscript compatible Pi-Zero project, which utilises nmap - in particular the OS Detection features - to trigger OS-specific payloads.
The payloads are kept in the payloads directory, and are structured using the cpe output of nmap. The script run.py will extract the first OS match from the nmap scan, and iterate through the pieces of the cpe until a matching payload directory is found.
cpe:/o:apple:mac_os_x:10.7
The parts that are used for iteration are everything after cpe:/o:, split by the : character. This allows you to target not only specific operating systems, but also different versions. The highest level matching directory is used, and all scripts within that directory built and executed in order. The above cpe subsequently matches the example payload, under the directory payloads/apple/mac_os_x.
Payloads may either be duckyscript (an extension of .ds, or no extension at all), or bash (an extension of .sh).
The included setup.sh script should get you ready to run out of the box. Simply clone this repo and run the setup.sh script. When you reboot the Pi Zero, the NIC and HID devices will be setup, an nmap scan fired against 1.0.0.10, and any subsequent payloads will be triggered.
If you clone the repo to anywhere other than /root/flexiduck, you'll need to update the path in boot.sh, and setup.sh.
While I believe setup.sh should perform all the steps required to get this setup on a fresh Pi Zero, I have yet to test it fully. Your mileage may vary.
## Credits
- android-keyboard-gadget - Lifted
hid-gadget-testfrom here - duckhunter - Used to parse
duckyscriptin to a usable bash script - hardpass-passwordmanager - Influence taken for HID setup
- poisontap - Made me aware of the possibilities of the Pi Zero