Base PIDGN Model

Lollipop For Scale

PIDGN is a stealthy, plug-and-play hacking device that merges USB attack capabilities with a wireless command hub—no external controller or physical interaction required. Designed for red teamers, penetration testers, and hardware hackers, PIDGN emulates a USB keyboard to deliver customizable payloads while hosting a local command center over its own password protected Wi-Fi hotspot.

Once plugged in, it instantly appears as a keyboard and executes tailored scripts, enabling HID attacks, remote command execution, and post-exploitation actions. Its browser-based interface requires no apps or pairing—just connect to the password protected hotspot and launch. Payloads can be created, sorted by attack phase, and dynamically updated with variables like C2 addresses, making PIDGN a compact, field-ready tool for on-the-fly operations.
‍

Control From 300+ Feet Away

Preloaded with Scripts for Every Phase of the Pen-Testing Methodology
‍
‍PIDGN comes preloaded with a full suite of scripts aligned with every phase of the pen-testing methodology, allowing penetration testers to act fast, pivot intelligently, and maintain momentum during assessments. Whether you're conducting recon, delivering payloads, or establishing persistence, PIDGN has pre-programmed routines ready to deploy at the push of a button. Once plugged in, it instantly appears as a keyboard and executes tailored scripts, enabling HID attacks, remote command execution, and post-exploitation actions. Its browser-based interface requires no apps or pairing—just connect to the password protected hotspot and launch. Payloads can be created, sorted by attack phase, and dynamically updated with variables like C2 addresses, making PIDGN a compact, field-ready tool for on-the-fly operations.
‍
Included Phases & Capabilities:
Below is a small list of the kinds of scripts found preloaded on PIDGN.
‍
‍Recon: Initiate scripts for tasks such as system identification, domain enumeration, and basic environment mapping.
‍
‍Scanning: Launch targeted scans for open ports, live hosts, and exposed services across the network.

‍Exploitation: Deploy pre-configured payloads to exploit discovered vulnerabilities and gain initial access.

‍Privilege Escalation: Execute routines to escalate access rights, harvest tokens, or bypass UAC restrictions.

‍Lateral Movement: Utilize built-in tools to move through the network, dump credentials, or reuse sessions.

‍Post Exploitation: Run cleanup scripts, establish persistence, or exfiltrate key data via your configured C2.

PIDGN which empowers testers with turnkey, on-demand payloads that reduce time spent typing and maximize impact during field operations.

Core Features:
Plug-and-Play USB HID Emulation: Acts as a keyboard to send keystrokes to the host machine Compatible with Windows and Linux.

‍Wi-Fi Access Point Mode: Broadcasts its own hotspot (default SSID: Pigeon) No internet required for use.

‍On-Device Web Interface: Hosted server with HTML interface (accessible via http://192.168.4.1) Works on mobile and desktop browsers.

‍Modular Payload System: Locally stored payloads organized by OS and/or testing  phase.

‍Web Interface Capabilities Command Execution: Execute predefined payloads via links. PIDGN also supports custom payload input via text input on the Custom tab.

‍Custom Scripting Support: Input raw payload lines (e.g., WIN+R, notepad, ENTER) which are sent live from your phone to execute on the target machines.

‍Live Output Rendering: Displays command line output after script executionUsed to show status, results, or error messages.

‍Settings Management: Update IP/Port for C2 communications, and SSID settings via the web interface.

‍Command Cheat Sheet: Quick reference for supported keystrokes and variables built into the server, no need for external research.

‍Stealth and Secure No Installation Required on Target Host: Executes payloads without leaving artifacts (unless intended).

‍Encrypted Payload Transfer (planned): Future support for AES-encrypted payload definitions.

‍Offline Usage: Device operates independently without external servers or external Internet source.

Scripting: PIDGN uses a lightweight scripting language designed for rapid offensive operations. It's based on simple, human-readable commands similar to batch scripting and keystroke injection syntax. You could call the language Batch+. Each line in a script represents a specific action—such as launching an app, typing text, or executing key combos—making it easy for both beginners and pros to write and modify payloads on the fly.

No coding experience? No problem. If you can type, you can script with PIDGN.

Under the hood