🦆 FLUCKY

Advanced Bluetooth HID Security Research Platform

A Professional-Grade Wireless Security Testing Tool for Authorized Red Teams, Security Awareness Training, and Academic Research

⚠️ CRITICAL DISCLAIMER - READ BEFORE PROCEEDING

🎓 ETHICAL USE ONLY - THIS IS NON-NEGOTIABLE

This tool is designed EXCLUSIVELY for:

✅ Authorized security assessments with written permission

✅ Academic research with institutional oversight and ethics board approval

✅ Security awareness training with participant consent and knowledge

✅ Personal systems you own and control completely

✅ Educational environments with proper supervision and curriculum integration

✅ Penetration testing engagements with signed scope documents

✅ Red team exercises with explicit organizational authorization

✅ Cybersecurity competitions (CTFs) with defined rules and boundaries

🚫 STRICTLY PROHIBITED USES:

❌ Unauthorized access to any systems you don't own

❌ Malicious activities against individuals or organizations

❌ Any illegal purposes whatsoever under any circumstances

❌ Harassment, intimidation, or causing distress to any person

❌ Data theft, espionage, or unauthorized information gathering

❌ Disruption of services or causing denial of service

❌ Installing malware, ransomware, or any harmful software

❌ Violating any local, state, federal, or international laws

❌ Bypassing security controls without explicit authorization

❌ Using for personal gain at others' expense

⚖️ LEGAL CONSEQUENCES OF MISUSE:

Criminal prosecution under computer fraud and abuse laws (CFAA, GDPR, etc.)

Civil liability for all damages caused to affected parties

Permanent criminal record affecting future employment

Loss of professional certifications (CISSP, CEH, OSCP, etc.)

Potential imprisonment depending on severity of offenses

Financial penalties that can exceed millions of dollars

By using this tool, you acknowledge that you have read, understood, and agree to:

Use it ONLY for legitimate, authorized security testing purposes

Obtain written permission before ANY testing activity

Follow ALL applicable laws, regulations, and organizational policies

Accept full legal and moral responsibility for your actions

Report any vulnerabilities discovered through responsible disclosure

Maintain the highest ethical standards in all operations

</td> </tr> </table> </div>

📚 Table of Contents

| Part | Section | Description | |------|---------|-------------| | 0 | 🧭 Getting Started | The Creator's Manifesto & Ethical Foundation | | | 🎯 Why I Built FLUCKY | The Real Story Behind the Project | | | ⚖️ Ethical Usage Policy | Strict Ethical Usage Policy | | | 🎓 Educational Focus | Educational & Awareness Focus | | | 👨‍💻 About the Creator | About the Creator | | | 🤝 How to Support | How to Support This Project | | | 🔍 Important Disclaimer | AI-Assisted Documentation Notice | | | 🚀 Getting Started | Getting Started the Right Way | | I | ⚙️ Core Platform Overview | The Revolution in HID Attacks | | | 🚀 Quick Start Guide | Quick Start Guide | | | 🎮 Core Command System | Command Structure & Basic Operations | | II | 🕶️ Stealth Operations | Stealth, Encryption & Advanced Operations | | | 🔐 Encryption | Encryption & Security | | | 🎭 Obfuscation | Obfuscation & Evasion | | | ⏰ Timing & Scheduling | Timing & Scheduling | | | 🔄 Advanced Payload Management | Advanced Payload Management | | | 🎪 Chaos Mode | Chaos Mode & Behavioral Randomization | | | 🔧 Button Management | Button Management | | III | 🏴‍☠️ LOLBAS Integration | LOLBAS Integration | | | 🧠 Gaslighting | Psychological Operations | | | 🎯 Real-World Scenarios | Real-World Operational Scenarios | | | 🔧 Advanced OpSec | Advanced Operational Security | | | 🎯 Best Practices | Best Practices & Operational Guidelines | | IV | 📋 Command Reference | Complete Command Reference Table | | | 🚨 Troubleshooting | Troubleshooting & Error Guide | | | 🔧 Advanced Configuration | Advanced Configuration Guide | | | 🎯 Advanced Patterns | Advanced Usage Patterns | | | 🔒 Security Best Practices | Security Best Practices | | | 🤝 Community | Community & Contribution | | | 📚 Resources | Learning Resources | | | 🎊 Final Words | Final Words |

Part 0: Getting Started - The Creator's Manifesto & Ethical Foundation

</div> <div align="center">

Built for Education, Designed for Awareness, Limited for Responsibility

"Great power requires greater responsibility. This is where that journey begins."

</div>

🎯 Why I Built FLUCKY - The Real Story

The Gap in the Market

For years, I watched and observed some significant limitations in existing HID security testing tools:

Missing psychological elements in security testing: Traditional tools focused purely on technical keystroke injection without considering the human element of security. They could execute commands, but they couldn't test whether users would notice subtle system anomalies, whether they would question unexpected behavior, or whether security awareness training was actually effective. Security is not just about technology—it's about people, processes, and technology working together. When tools only address the technology component, they leave a massive gap in comprehensive security assessment capabilities.

Poor operational security in available tools: Many existing tools had significant fingerprints that made them easily detectable. They would create obvious logs, have visible indicators of compromise, and leave traces that any competent security team could identify. In real-world red team operations, stealth is paramount. If your testing tool is detected immediately, you're not actually testing the organization's security—you're just confirming that they can spot obvious threats. True operational security requires multiple layers: no serial output, no LED indicators, encrypted payload storage, and behavioral patterns that mimic legitimate device activity.

Limited real-world testing capabilities for awareness training: Security awareness training often relies on theoretical scenarios or simulated phishing emails. But what about testing whether users would notice if their keyboard started behaving strangely? What about testing if they would report when windows mysteriously minimized or their Caps Lock key seemed to have a mind of its own? Traditional HID tools couldn't provide this kind of subtle, realistic security awareness testing. They were designed for exploitation, not for education.

Wireless limitations requiring physical access: Every HID tool I encountered required physical USB connection. This meant you had to physically plug a device into the target computer, dramatically increasing the risk of detection and limiting testing scenarios. In modern environments with strict physical security controls, this approach is often impractical or impossible. A wireless approach opens up entirely new possibilities for security assessment while maintaining the ability to conduct realistic tests.

I didn't just want to make another ducky clone. I wanted to create something that would actually advance the field and help security professionals do their jobs better. I wanted a tool that understood that modern security testing isn't just about breaking in—it's about understanding how systems and people respond to subtle, sophisticated threats.

The Vision

FLUCKY represents what HID attack tools should be in 2025 and beyond:

📡 Wireless and Flexible: The transition from wired to wireless represents more than just convenience—it's a fundamental shift in how security assessments can be conducted. Wireless operation through Bluetooth Low Energy (BLE) means that assessments can be conducted from a distance, without the suspicious behavior of physically connecting a device. This opens up testing scenarios that were previously impossible, such as assessing security in spaces with strict physical controls, testing whether users would notice unusual Bluetooth devices, or conducting assessments without the risk of leaving physical evidence at the target location.

🧠 Psychologically Sophisticated: Security isn't just tech

FLUCKY

Install / Use

README