Download

Introduction

Hi dear Hacker, welcome to DuckSploit Wiki!

Here, you can find our official documentation to help you to respond of your issues

We hope you find the solution you want

Our objectives

DuckSploit is made arround these objectives:

  • 💸 Free
  • 💡 Multiplatform
  • 📱 Easy to use

Note

⚠️ DuckSploit is made for legal purposes and for education. Please do nothin' which is illegal ⚠️: ❗❗ We're not responsive from our user's actions❗❗

Installation

This doc explain you how to install&configure DuckSploit for Windows, Linux and Android

Windows

  1. Download the installer (DSinstaller.exe)here
  2. Install the excutable
  3. Launch the terminal with admin rights
  4. type powershell Set-ExecutionPolicy bypass -force and hit enter
  5. Type ds in your terminal to launch the program

Linux

Warning

This version is build for Debian and Debian based OS (tested on Kali Linux)

  1. Download the installer (DSinstaller.deb)here
  2. Naviguate to Download foler with the command cd {path}
  3. Launch the executale by using the command dkpg -i DSinsaller.deb
  4. Type ds in your terminal to launch the program

Android

  1. Download the installer here
  2. Install the installer
  3. Open the application to launch the program
  4. Set your used port (default is 53)
  5. Click on 'start' and your phone will wait till someone launch your builded malware

Note

If DSinstaller.apk's installation doesn't work, try the unsigned apk (download here)

API

DuckSloit uses an API system, to make lighter malware and then bypass Anti-viruses.

To work, DuckSploit need to download the correct script with raw.github.io, download it to the temp folder and execute it.

To work, DuckSploit need to download the correct script with raw.github.io, download it to the temp folder and execute it.

Commands

Command Usage Result
help help getting the command list
mouseclick mouseclick [right, middle, left] click the desired mouse button
mousescroll mousescroll <int> symulate a scrolling with intensity
locatemouse locatemouse get current victom's mouse locations
uninstall uninstall uninstall ducksploit
credits credits get ducksploits credits
open open <app name> open desired app
install install <path to exe/msi file> install package on victim's pc
download download <url> download file in current url
shutdown shutdown shutdown the victim's pc
reboot reboot reboot the victim's pc
closesession closesession close current victim's session
host host host file at http://{victim's ip}:8080
network_info network_info get the victim's wifi infos
skull skull open cmd with skull and crossbones
msg msg <title> <line1> <line2> create alertbox with desired infos
rickroll rickroll rockroll your victim ;)
steal_pwd steal_pwd <firefox/google> get all victim's browser saved passwords
desktop_stream desktop_stream <start/stop> stream in real time victim's desktop
screenshot screenshot take screenshot
webcam_snap webcam_snap take webcam picture
info info get all stored victim's infos
malware malware <malware name> add malware to vour victim

Antiviruses bypassing

DuckSploit's payloads uses some hard systems to bypass some antiviruses

like the api system.

To bypass some small antiviruses like Windows Defender or Avast, a simple UDP (User Datagram Protocol) can hide our payload.

But other perfectionned antiviruses can detect trojan trough UDP. So we set the port to the 53 one. The port 53 is the UDP port which is used on your OS

Web Pannel Hosting (WPH)

WPH system is an huge part of the DuckSploit power.

DuckSploit automatically run the Node.js server when the payload is launched

- There you'll be able to find users-infos.txt, which contain all infos of your victim (IPV4, IPV6, HOSTNAME, USERNAME...);

- The exploits output like keylogger & screenshots;

- A sample website which can be edited as you want;

- A web page, called desktop_stream.html. This page is used with the command desktop_stream [start/stop] to see the victim's screen;

Startup System

DuckSploit's startup script is used to set custom task to do when your victim computer startup

Options avaliable when the computer startup:

- Re-run the payload

- Re-run the hosting system

- Lock the screen

Uninstallation

You want to uninstall DuckSloit?, then this part of the wiki os made for you!

Windows

  1. Open terminal
  2. Type ds
  3. Choose uninstall option
  4. Done !

Linux

  1. Open terminal
  2. Type ds
  3. Choose uninstall option
  4. Done !

Android

  1. Uninstall the application
  2. Done !

Payload Generation

Here, you'll find how to build your payload

Windows

  1. Open terminal
  2. Type ds
  3. Choose the payload generation option
  4. Choose your payload OS
  5. Type your ip address
  6. Done

Linux

  1. Open terminal
  2. Type ds
  3. Choose the payload generation option
  4. Choose your payload OS
  5. Type your ip address
  6. Done

Android

  1. DSandroid can't build a payload. Build with DSwindows or DSlinux
  2. Sorry ;(

FAQ

Do you have a question? Then read here!

Antiviruses

Why my antivirus says that DS is a virus when I try to install it?

No, DuckSploit isn't a virus, but it's always flaged as a malicious file cause it works with the trojans so it uses the same technology which's flaged 'like a virus'

How to solve this problem?

Just add a new path exeption in the folder %temp% and %userprofile%