This Atmega 32u4 and ESP-12S based device can be used to launch normal auto-run-style keystroke attacks plus much more!
Please note, replacing the firmware will permanently remove the custom zSecurity functions.
Wi-Fi Control Center
ZSCactus can be configured and controlled over Wi-Fi using a mobile-friendly web interface. Simply connect the device to a USB power supply and connect to it’s Wi-Fi network “ZSCactus“. The default password which can be changed from the settings is “zscactus“.
Once connected open up a web browser and navigate to http://192.168.1.1/ to access the control center.
This control center can be used to do the following remotely over Wi-Fi:
1. Execute ready payloads.
2. Manage custom payloads (upload, delete, set as auto-run).
3. Send live keystrikes.
4. Control the mouse.
5. Start the fake Wi-Fi access point (Honeypot).
6. Access the harvested information.
7. Change the device settings.
ZSCactus comes with 10 built-in payloads for Windows, Linux and OSX. These payloads can be used to gain full control over the target system, steal browser data including saved passwords, steal stored Wi-Fi passwords and even download and execute any file you want!
All you have to do is fill in one or two input boxes and ZSCactus will do the rest for you.
This mode can be used to steal login credentials. It creates a fake WiFi network that asks clients to login using their social media account to access the internet. It can also be configured to serve custom HTML pages to hook the connected clients to BeEF or steal other data.
To enable Honeypot Mode click on “Honeypot” from the left menu of the control center and click on “Enable“.
Set the network name in the SSID input box, leave the password blank for an open network, and select the social accounts that you want to enable on the login scree.
When done click on “Apply settings“. Now when people connect to the new fake network (Honeypot) they’ll automatically be get the following page asking them to login to access the internet.
ZSCactus stores the submitted information in it’s storage. Connect to the fake access point, disregard the login prompt and navigate to http://192.168.1.1/home to access the command center. Navigate to “Storage” and you should have a file named “honeypot-log.txt”.
This file contains all the data submitted to the fake login page.
This page allows you to manage your payloads, you can upload, run or delete custom payloads.
You can also set a payload to auto run when the device is connected to a computer.
This page allows you to send live keystrikes, payloads or mouse events remotely over Wi-Fi!
This page allows you to convert Ducky scripts into ZSCactus scripts.
Checkout the resources in the page for ready payloads and for some inspiration 😉
This page can be used to modify the device settings such as the Wi-Fi settings, the delays and more! The default credentials are “admin” / “zscactus”.
This page provides a detailed documentation of all the features that ZSCactus offers and how to use them.