Skip to product information
1 of 5


Key Croc

Key Croc

Regular price $315.00 AUD
Regular price Sale price $315.00 AUD
Sale Sold out
Tax included. Shipping calculated at checkout.


From the pioneers of Keystroke Injection comes the next generation of keylogging – with active attack payloads.

The Key Croc by Hak5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It's the ultimate key-logging pentest implant.

More than just recording and streaming keystrokes online, it exploits the target with payloads that trigger when keywords of interest are typed.

By emulating trusted devices like serial, storage, HID and Ethernet, it opens multiple attack vectors – from keystroke injection to network hijacking.

Imagine capturing credentials and systematically using them to exfiltrate data. Or pentest from anywhere, live in a web browser with Cloud C2.

It's simple too. A hidden button turns it into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.


Trigger payloads when the target's typing matches a pattern – from a simple keyword to an advanced regular expression – even if the target makes a typo and hits backspace. 

Save a number of keystrokes typed before or after a payload gets matched. Then use those keystrokes in a Cloud C2 notification, or actively against the target in an advanced payload.

Imagine capturing the keys pressed after a lock shortcut like [CTRL-ALT-DELETE] or [CTRL-CMD-Q], then using captured credentials to automatically trigger a silent network exfiltration payload.


Simultaneously emulate numerous trusted USB devices. Pass through and inject keystrokes with the HID attack mode. Gain network access to the target with the Ethernet attack mode. Present the Key Croc as a flash drive with the Storage attack mode. Even emulate a serial device for some crafty attacks using the Serial attack mode.

The full-featured Linux box has a root shell at the ready. And with its quad-core 1.2 GHz ARM CPU and desktop-class SSD, your favorite tools – from Nmap and Responder to Impacket and Metasploit are just a few commands away.


Pentest from anywhere online with the free self-hosted Cloud C2 and watch keystrokes in real-time. Or inject your own keystrokes live, exfiltrate loot, manage payloads, and even get a root shell for advanced attacks right from your web browser.


The Key Croc is already setup to record keystrokes out of the box. Just plug it in and away you go. It even clones the keyboard hardware IDs automatically.

Then to get the loot, simply press a hidden arming button. It'll become a flash drive, letting you copy logs by drag and drop.

Activating payloads and configuring settings like WiFi and SSH is as easy as editing a text file.


Plug and Play
No configuration necessary. Out of the box keystrokes are recorded to the loot folder.

Cloud C² Enabled
Remotely manage payloads, stream and inject keystrokes, exfiltrate loot, even get a terminal right from your web browser.

Detection Evasion
Don't be suspicious. Automatically clones hardware identifiers of the connected keyboard.

Simple Configuration
Turns into a flash drive with the press of a hidden button so setting options and payloads is just editing a text file.

RGB LED Status
Lights off while keylogging for stealth operation, yet incredibly useful while writing your next payload.

Keystroke Injection
Introducing Ducky Script 2.0 – enhancing the Keystroke Injection language pioneered by Hak5.

Network Hijacking
Get direct network access to the target, bypassing IDS and perimeter firewalls by emulating USB Ethernet.

Powerful Hardware
Featuring a quad-core 1.2 GHz ARM CPU and 8 GB desktop-class SSD, this is one formidable pentest implant.

Linux Base
Get root access to the Debian base from a dedicated serial console or SSH to find familiar pentest tools pre-installed.

WiFi Enabled
With an integrated 2.4 GHz antenna for great wireless performance.


View full details