WiFi Pineapple Payloads are written in bash. Bash is a shell - the interactive text environment when you log into a system. If you are more familiar with Windows environments, it is similar (but not quite the same) as the Windows command line or powershell.

Like most shells, bash includes a scripting language for performing tasks; the Pager leverages this as the language behind Payloads.

An introduction

In these docs we’ll strive to give an introduction to basic scripting and programming concepts and how to make your first working payloads.

Beyond the basics, shell scripting can be incredibly power - but also incredibly complex. When moving beyond the basics, we suggest:

Editing payloads

Payloads can be edited or created anywhere with a text editor, including on the Pager itself using the vim or nano editors, using Hak5 Payload Studio, or on a computer using a syntax highlighting editor such as VSCode, SublimeText, or even a basic editor like Notepad.

The Bash shell

A shell is a command-line interface that allows users to interact with the operating system by executing commands. The shell acts as an intermediary between the user and the operating system, and is responsible for interpreting and executing user commands.

When a user enters a command into the shell, the shell parses the command and determines what action needs to be taken. The shell then initiates the required system calls to launch the command.

The shell also provides various features and utilities to help users manage and manipulate their environment. It provides the ability to define and use variables, create and execute scripts, and navigate the file system.

When you are logged into a system via the command line, chances are, you’re interacting with one of several standard shells. On Windows it is typically the legacy command shell or the more modern Powershell. On Linux, it is typically the bash or dash shells, however dozens exist. On macOS, typically you are using the z shell, or zsh.

With the exception of the Windows command shell and Powershell, most modern shell environments operate extremely similarly, and often scripts written for one shell will operate fine on another. Unfortunately there are some situations where this is not always true, especially when using more advanced pattern matching and other scripting features.

The WiFi Pineapple Pager payload system uses the bash shell: bash (the Bourne Again Shell) was derived from sh (the Bourne Shell). It was created in 1987 by Brian Fox for the GNU Project as a free software replacement for the Bourne shell (sh).

Bash incorporates many features of the original Bourne shell, as well as improvements and new features from other shells such as the C shell (csh) and the Korn shell (ksh). This includes features such as command-line editing, history, and job control, and critically for the payload system, the ability to define functions and variables.

Over the years, Bash has become the default shell on most Linux distributions, and was the default on macOS until it was replaced by zsh in macOS Catalina. It is also available on other operating systems such as Windows, where it can be installed using the Windows Subsystem for Linux.

Bash has continued to evolve over time, with new features and improvements being added in each release. It is a powerful and flexible shell that is widely used in the Linux and Unix communities, both for interactive use and for writing scripts and automation tasks.

DuckyScript Commands

Originating on the Hak5 USB Rubber Ducky as a standalone language, the WiFi Pineapple Pager uses DuckyScript commands to bring the ethos of easy-to-use actions to the payload language.

DuckyScript commands are always in all capital letters to distinguish them from other system or script language commands. Typically, they take a small number of options (or sometimes no options at all).

Payloads can be constructed of DuckyScript commands alone, or combined with the power of bash scripting and system commands to create fully custom, advanced actions.