Skip to content
/ Ghost-Audit Public

The ultimate BadUSB recon payload designed for Flipper Zero, Rubber Ducky, and Digispark targeting Windows.

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zer0dayf/Ghost-Audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
Payloads
Payloads
Β 
Β 
.gitattributes
.gitattributes
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

πŸ‘» Ghost-Audit

Platform Device License

Ghost-Audit is an advanced post-exploitation and reconnaissance tool designed for BadUSB devices (Flipper Zero, USB Rubber Ducky, Digispark Attiny85). It targets Windows systems to gather comprehensive system, network, hardware, and Wi-Fi information in seconds using optimized command chains.

⚠️ Legal Disclaimer / Yasal Uyarı

EN: This project is intended for educational purposes and authorized security auditing only. Usage of these scripts on systems without prior mutual consent is illegal. The author assumes no liability and is not responsible for any misuse or damage caused by this program.

TR: Bu proje yalnızca eğitim amaçlı ve yetkili güvenlik denetimleri için geliştirilmiştir. İzinsiz sistemlerde kullanımı yasadışıdır. Bu yazılımın kâtüye kullanımından doğacak sorumluluk tamamen kullanıcıya aittir.

πŸš€ Features & Modes

Ghost-Audit features two distinct operational modes tailored for different engagement scenarios:

⚑ 1. Stealth Mode (Fast)

Designed for speed and invisibility. It executes chained commands in a minimized window to grab essential data instantly.

  • Payload Name: Stealth_Mode_PAYLOAD
  • Execution Time: ~5-8 Seconds
  • Technique: Minimized CMD window (cols=20), optimized command chaining (&).
  • Output: %USERPROFILE%\Desktop\Logs
  • Data: Basic IP/DNS, ARP Table, Wi-Fi Profiles, User Info.

πŸ” 2. Detailed Mode (Forensic)

Designed for deep system analysis. It creates a structured log hierarchy and digs deep into the system internals using stable delays.

  • Payload Name: Detailed_Mode_PAYLOAD
  • Execution Time: ~30-40 Seconds
  • Technique: Stable execution flow, detailed queries, registry parsing.
  • Output: %USERPROFILE%\Desktop\PC_Audit_Logs
  • Data:
    • πŸ–₯️ System: CPU/RAM/Disk details, Installed Software (Registry), USB Connection History, Services, Processes.
    • 🌐 Network: Full IP Config, DNS History, Route Table, Active Connections (Ports), Shares, Firewall State.
    • πŸ”‘ Wi-Fi: Exports ALL saved Wi-Fi profiles (SSID & Passwords) to XML files.

πŸ“‚ Repository Structure

Ghost-Audit/
β”œβ”€β”€ Payloads/
β”‚   β”œβ”€β”€ FlipperZero/            # .txt payloads for Flipper Zero / Rubber Ducky
β”‚   β”‚   β”œβ”€β”€ Stealth_Mode_PAYLOAD.txt
β”‚   β”‚   └── Detailed_Mode_PAYLOAD.txt
β”‚   β”‚
β”‚   └── Digispark/              # .ino sketches for Arduino IDE
β”‚       β”œβ”€β”€ Stealth_Mode_PAYLOAD/
β”‚       β”‚   └── Stealth_Mode_PAYLOAD.ino
β”‚       └── Detailed_Mode_PAYLOAD/
β”‚           └── Detailed_Mode_PAYLOAD.ino
β”‚
β”œβ”€β”€ LICENSE                     # MIT License
└── README.md                   # Documentation

About

The ultimate BadUSB recon payload designed for Flipper Zero, Rubber Ducky, and Digispark targeting Windows.

Topics

rubber-ducky badusb rubberducky rubber-ducky-script flipper-zero badusb-payloads

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages