i-am-jakoby/flipper-zero-badusb

This repository is a collection of BadUSB payloads written for the Flipper Zero, a small open-source multi-purpose hardware device popular with security researchers and hobbyists. A BadUSB attack works by plugging a device into a computer's USB port. The computer treats it as a keyboard, and the device then types commands automatically and very quickly, faster than a human could. The Flipper Zero can act as a USB keyboard when loaded with these scripts, executing commands on a connected computer without any interaction from its owner. The payloads here are mostly written in PowerShell, a scripting language built into Windows. Each payload is a short script designed to perform a specific action on the target machine. The collection includes scripts that record audio from the microphone and send the transcribed text to a Discord channel, grab saved Wi-Fi passwords and upload them to Dropbox or Discord, collect browser history and bookmarks, record the target's IP addresses, display a map of the target's current location, change the desktop wallpaper, prompt the user to enter credentials which are then sent away, or run jumpscare animations. The author designed most of them to work without any setup beyond loading the file onto the Flipper Zero, by hosting the necessary scripts at a personal short-link domain so that long URLs containing tokens and webhook addresses do not need to be embedded directly in the payload file. The repository is framed as educational content and security research, and the README includes a disclaimer. It was built alongside contributions to the Hak5 payload library, which is a well-known community resource for USB attack research. Usage of these scripts against systems you do not own and have not been given explicit permission to test would be illegal in most jurisdictions.