# rogandawes/p4wnp1 **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/rogandawes-p4wnp1).** 4,350 stars · 667 forks · Python · gpl-3.0 ## Links - GitHub: https://github.com/RoganDawes/P4wnP1 - awesome-repositories: https://awesome-repositories.com/repository/rogandawes-p4wnp1.md ## Description P4wnP1 is a hardware-based USB HID attack platform and peripheral emulator. It functions as a tool for emulating USB keyboards and mice to execute automated keystroke payloads, as well as a WiFi-enabled remote access tool that provides a wireless bridge for network relay and SSH access. The project is distinguished by its ability to establish covert bidirectional communication channels and remote shells using raw HID reports, specifically to bridge air-gapped systems. It further enables wireless network interception and the routing of network traffic over WiFi to facilitate man-in-the-middle operations. The platform includes capabilities for automating password cracking via emulated keyboard input and extracting browser credentials and system data to internal or external mass storage. It also supports executing payloads directly within system memory to avoid leaving a footprint on the target disk. ## Tags ### Security & Cryptography - [HID Covert Channels](https://awesome-repositories.com/f/security-cryptography/covert-backdoors/hid-covert-channels.md) — Emulates keyboards and mice to execute automated keystroke payloads and establish covert HID communication channels. - [In-Memory Payload Execution](https://awesome-repositories.com/f/security-cryptography/in-memory-payload-execution.md) — Delivers and runs multi-stage PowerShell payloads entirely in system memory without writing to disk. - [Remote Keystroke Injection](https://awesome-repositories.com/f/security-cryptography/usb-keystroke-injection-scripts/remote-keystroke-injection.md) — Sends arbitrary keystrokes or executes DuckyScript payloads on the target from a backdoor shell over HID or WiFi. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) - [HID Brute-Force Tools](https://awesome-repositories.com/f/security-cryptography/brute-force-protections/hid-brute-force-tools.md) — Automates brute-force unlocking of Windows 10 login screens using weak password lists through HID keyboard emulation. ([source](http://p4wnp1.readthedocs.io/en/latest)) - [HID File Transfers](https://awesome-repositories.com/f/security-cryptography/covert-backdoors/hid-covert-channels/hid-file-transfers.md) — Uploads and downloads files between the device and the target over the raw HID channel. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) - [Man-in-the-Middle Frameworks](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks.md) — Spoofs network interfaces to route target traffic through the device for interception and relay over WiFi. - [RNDIS Gateway Spoofers](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks/rndis-gateway-spoofers.md) — Spoofs RNDIS network interfaces to force target traffic through the device for man-in-the-middle interception. - [RNDIS Gateway Spoofing](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks/rndis-gateway-spoofing.md) — Fakes a high-speed RNDIS network interface to force the target to route traffic through the device for man-in-the-middle attacks. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) - [RNDIS MITM Bridges](https://awesome-repositories.com/f/security-cryptography/man-in-the-middle-frameworks/rndis-mitm-bridges.md) — Spoofs RNDIS network interfaces to intercept and route target traffic over WiFi for credential theft and network analysis. - [Lock Screen Backdoors](https://awesome-repositories.com/f/security-cryptography/system-backdoors/lock-screen-backdoors.md) — Plants a SYSTEM-level command shell accessible from the lock screen via sticky keys using a registry-based approach without filesystem changes. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) - [USB Mass Storage Exfiltrators](https://awesome-repositories.com/f/security-cryptography/usb-mass-storage-exfiltrators.md) — Types a PowerShell script via keyboard to dump stored credentials from Microsoft Edge or Internet Explorer and saves them to a USB drive. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) - [Browser Credential Dumpers](https://awesome-repositories.com/f/security-cryptography/usb-mass-storage-exfiltrators/browser-credential-dumpers.md) — Extracts stored browser credentials from targets and copies them to an emulated USB mass storage drive for exfiltration. ([source](http://p4wnp1.readthedocs.io/en/latest)) ### Development Tools & Productivity - [DuckyScript Payload Runners](https://awesome-repositories.com/f/development-tools-productivity/workflow-automation-tools/automation-execution-frameworks/automated-payload-execution/duckyscript-payload-runners.md) — Runs Rubber Ducky compatible scripts on demand, triggered remotely through HID, WiFi, Bluetooth, or internet relay. ([source](http://p4wnp1.readthedocs.io/en/latest)) ### DevOps & Infrastructure - [Air-Gapped Remote Access](https://awesome-repositories.com/f/devops-infrastructure/air-gapped-deployment-tools/air-gapped-remote-access.md) — Relays HID backdoor sessions over WiFi or Bluetooth to provide remote shell access to isolated, air-gapped targets. ([source](http://p4wnp1.readthedocs.io/en/latest)) - [HID-Based Shell Relays](https://awesome-repositories.com/f/devops-infrastructure/air-gapped-deployment-tools/air-gapped-remote-access/hid-based-shell-relays.md) — Relays interactive shell sessions over raw HID reports between air-gapped targets and WiFi-connected attacker devices. - [WiFi Bridge Tools](https://awesome-repositories.com/f/devops-infrastructure/air-gapped-deployment-tools/air-gapped-remote-access/wifi-bridge-tools.md) — Provides wireless bridge access and SSH connectivity to air-gapped systems through emulated USB peripherals and network interfaces. ### Hardware & IoT - [Multi-Trigger Payload Runners](https://awesome-repositories.com/f/hardware-iot/hid-emulations/keyboard-payloads/multi-trigger-payload-runners.md) — Executes DuckyScript and custom bash payloads triggered by HID, WiFi, Bluetooth, or keyboard LED events for automated target interaction. - [Composite USB Device Emulations](https://awesome-repositories.com/f/hardware-iot/usb-device-communication/usb-device-stacks/standard-usb-device-emulations/composite-usb-device-emulations.md) — Provides composite USB device emulation combining HID, mass storage, and network interfaces from a single hardware device. - [Composite USB Interface Emulations](https://awesome-repositories.com/f/hardware-iot/usb-device-communication/usb-device-stacks/standard-usb-device-emulations/composite-usb-interface-emulations.md) — Presents the device as a composite USB interface combining HID, mass storage, RNDIS, CDC ECM, and serial connections simultaneously. ([source](http://p4wnp1.readthedocs.io/en/latest)) ### Part of an Awesome List - [Lock Screen Credential Theft](https://awesome-repositories.com/f/awesome-lists/security/password-attacks/lock-screen-credential-theft.md) — Automates credential theft from a locked Windows machine by capturing hashes through network redirection, cracking them, and typing the password to unlock the target. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) ### Networking & Communication - [Event-Triggered Bash Payloads](https://awesome-repositories.com/f/networking-communication/request-payloads/execution-payload-tracing/adversarial-payload-execution/bash-driven-payloads/event-triggered-bash-payloads.md) — Executes bash payloads when events occur like network link up, target IP assignment, or SSH login. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md)) ### System Administration & Monitoring - [Remote Process Management](https://awesome-repositories.com/f/system-administration-monitoring/remote-process-management.md) — Creates, interacts with, and kills multiple remote processes on the target through the covert HID channel. ([source](https://cdn.jsdelivr.net/gh/rogandawes/p4wnp1@master/README.md))