• Premium IT-Security Tools
  • RFID Security
  • Digital Forensic
  • LEA & Rugged Products
  • Procurement
  • Premium IT-Security Tools
  • RFID Security
  • Digital Forensic
  • LEA & Rugged Products
  • Procurement

Key Croc HAK5

185.00 €
incl. VAT, plus delivery
In stock
Delivery time: 5 day(s)


Key Croc HAK5

Keylogger Implant for Pentester.

Key Croc! The Key Croc by HAK5 is a keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. It's the ultimate key-logging pentest implant.

More than just recording and streaming keystrokes online, it exploits the target with payloads that trigger when keywords of interest are typed.

By emulating trusted devices like serial, storage, HID and Ethernet, it opens multiple attack vectors – from keystroke injection to network hijacking.

Imagine capturing credentials and systematically using them to exfiltrate data. Or pentest from anywhere, live in a web browser with Cloud C2.

It's simple too. A hidden button turns it into a flash drive, where changing settings is just editing a text file. And with a root shell your favorite pentest tools like nmap, responder, impacket and metasploit are at the ready.


From the pioneers of Keystroke Injection comes the next generation of keylogging – with active attack payloads.


Pattern matching payloads

Trigger payloads when the target's typing matches a pattern – from a simple keyword to an advanced regular expression – even if the target makes a typo and hits backspace.

Save a number of keystrokes typed before or after a payload gets matched. Then use those keystrokes in a Cloud C2 notification, or actively against the target in an advanced payload.

Imagine capturing the keys pressed after a lock shortcut like [CTRL-ALT-DELETE] or [CTRL-CMD-Q], then using captured credentials to automatically trigger a silent network exfiltration payload.

Multi-vector attacks

Simultaneously emulate numerous trusted USB devices. Pass through and inject keystrokes with the HID attack mode. Gain network access to the target with the Ethernet attack mode. Present the Key Croc as a flash drive with the Storage attack mode. Even emulate a serial device for some crafty attacks using the Serial attack mode.

The full-featured Linux box has a root shell at the ready. And with its quad-core 1.2 GHz ARM CPU and desktop-class SSD, your favorite tools – from Nmap and Responder to Impacket and Metasploit are just a few commands away.


Pentest from anywhere online with the free self-hosted Cloud C2 and watch keystrokes in real-time. Or inject your own keystrokes live, exfiltrate loot, manage payloads, and even get a root shell for advanced attacks right from your web browser.

Simple Configuration

The Key Croc is already setup to record keystrokes out of the box. Just plug it in and away you go. It even clones the keyboard hardware IDs automatically.

Then to get the loot, simply press a hidden arming button. It'll become a flash drive, letting you copy logs by drag and drop.

Activating payloads and configuring settings like WiFi and SSH is as easy as editing a text file.

HAK5_Keylogger_KeyCroc Plug and Play!

No configuration necessary.

Out of the box keystrokes are recorded to the loot folder.

Cloud C² Enabled Remotely manage payloads, stream and inject keystrokes, exfiltrate loot, even get a terminal right from your web browser.

Detection Evasion

Don't be suspicious. Automatically clones hardware identifiers of the connected keyboard. Simple Configuration

Turns into a flash drive with the press of a hidden button so setting options and payloads is just editing a text file.

RGB LED Status Lights off while keylogging for stealth operation, yet incredibly useful while writing your next payload.

Keystroke Injection Introducing Ducky Script 2.0 – enhancing the de facto language for the Keystroke Injection attack pioneered by Hak5.

Network Hijacking Get direct network access to the target, bypassing IDS and perimeter firewalls by emulating USB Ethernet.

Powerful Hardware Featuring a quad-core 1.2 GHz ARM CPU and 8 GB desktop-class SSD, this is one formidable pentest implant.

Linux Base Get root access to the Debian base from a dedicated serial console or SSH to find familiar pentest tools pre-installed.

WiFi Enabled With an integrated 2.4 GHz antenna for great wireless performance.

Key Croc at HakMac