HAXBD
HAXSTIK BDT 4,999
🔥 40% OFF LAUNCH OFFER Ends Soon
USE CODE EARLY BIRD COPY
BACK TO PRODUCTS
HAXSTIK 3D View HAXSTIK Front View HAXSTIK Interface HAXSTIK Architecture HAXSTIK Close Up HAXSTIK Detail
Video
3D View
Front View
Interface
Architecture
Close Up
Detail
NEW RELEASE

HAXSTIK

Professional USB HID security audit platform for authorized red-team labs, training, and hardware-based awareness testing.

  • Zero Driver Install
  • Built-in Wi-Fi OS
  • Live Audit Monitor
  • OTA Firmware Updates
COLOUR: BLACK
BDT 4,999 BDT
IN STOCK

Only 7 units left in stock

COD available 3-5 business days 7 days replacement Lifetime support

Sold only for authorized security testing, training labs, and approved research use.

SHARE:
ZERO DRIVERS REQUIRED
Pure HID hardware. No software install on the host machine — ever. Plug in and execute.
WORKS ON ANY OS
Windows, macOS, Linux, and Android — with OS-specific command sets pre-loaded for each platform.
SELF-CONTAINED ECOSYSTEM
Device hosts its own Wi-Fi. Write and fire payloads from your phone browser — no internet needed.
CAPABILITIES

Everything you need.
Nothing you don't.

PAYLOAD INJECTION ENGINE
DuckyScript v3 with VAR, IF/WHILE, and FUNCTION support. Inject complex sequences at superhuman keystroke speed.
HAXSTIK OS — NATIVE Wi-Fi
Connect from any smartphone. Access the Payload Studio, keystroke audit monitor, and captured data manager through a full browser-based interface. No app needed.
LIVE
LIVE KEYSTROKE AUDIT MONITOR
Real-time WebSocket stream in your browser. Captured data is persisted to onboard SPIFFS storage for offline forensic review.
USB IDENTITY MODULE
Adjust VID/PID from the OS interface to match common USB hardware profiles. Test USB whitelist enforcement on enterprise environments.
CAPTIVE PORTAL AWARENESS TESTING
Deploy credential-awareness portal templates for controlled training scenarios and measure how teams respond to simulated login prompts.
TELEGRAM AUDIT FORWARDING
Forward authorized audit captures to your private Telegram bot in real time over Wi-Fi. No extra infrastructure needed during controlled assessments.
01
HAX·AI ENGINE

Describe the audit task.
AI writes the payload.

HAXSTIK integrates a purpose-built AI payload engine directly into the device OS. Type a plain-English description of your authorized test objective and the AI generates production-ready DuckyScript in seconds, optimized for Windows, macOS, or Linux test systems.

  • Natural language to DuckyScript — no scripting knowledge needed
  • Context-aware rules for keystroke auditing, data capture, and recon payloads
  • Quick-action buttons for common audit tasks (WiFi grab, SysInfo, keylog)
  • Chip-ID authenticated — each device has its own AI access quota
HAX·AI Payload Engine
02
PAYLOAD STUDIO

Write. Execute. Iterate.
All from your phone.

The HAXSTIK creates its own Wi-Fi access point the moment it's plugged in. Connect from any smartphone, open the browser, and access the Payload Studio — no laptop, no app, no internet required.

  • DuckyScript v3 with VAR, IF, WHILE, FUNCTION support
  • Script library — save and manage multiple payloads
  • Adjustable injection delay for timing-sensitive sequences
  • OS fingerprint detection for automatic platform matching
Payload Studio Interface
03
KEYSTROKE MONITOR

Capture. Stream.
Analyze in real time.

Activate the keystroke audit monitor from the OS panel during approved testing. The HAXSTIK receives keystroke audit data through the CDC serial channel and streams it live to your browser via WebSocket while simultaneously writing to SPIFFS storage for offline review.

  • Real-time WebSocket stream in the OS browser panel
  • SPIFFS persistent storage — data survives power cycles
  • Telegram audit forwarding for approved captured data
  • One-click download from the captured data manager
Keystroke audit monitor and captured data manager
04
THE HARDWARE CORE

ESP32-S3 Core.
Engineered for precision.

A dual-core Xtensa LX7 processor running at 240 MHz handles simultaneous USB HID operations and Wi-Fi management without compromise. The custom HAXSTIK OS runs entirely from onboard flash — full functionality in a package smaller than a standard USB drive.

  • Dual-core Xtensa LX7 processor
  • Simultaneous USB HID + Wi-Fi AP operation
  • USB Type-A and Type-C with hardware CDC + HID profiles
  • Mouse Jiggler mode for screen sleep prevention during audits
ESP32-S3 Core Hardware
UNDER THE HOOD

Technical Specifications

ProcessorESP32-S3 Dual-Core Xtensa LX7
Wireless2.4 GHz Wi-Fi 802.11 b/g/n (Hidden AP Mode)
USB InterfaceType-A / Type-C — Hardware CDC + HID
StorageSPIFFS Onboard Flash Partition
Control OSHAXSTIK OS — Browser-based, no install
Script LanguageDuckyScript v3 (VAR, IF, WHILE, FUNCTION)
Audit ForwardingTelegram Bot API (via Wi-Fi)
Supported Test OSWindows, macOS, Linux, Android
Firmware UpdatesOTA — Over Wi-Fi, no hardware reflash
Network ModeHidden SSID AP (manual connect support)
NEED ANSWERS

Frequently Asked Questions

Do I need to install any software or drivers? +
No. The HAXSTIK presents itself as a standard HID keyboard and CDC serial device at the hardware level. The entire control interface is hosted on the device's own Wi-Fi chip — accessible from any smartphone browser with zero installation.
What security gap does HAXSTIK help test? +
The device operates as a standard USB HID keyboard and CDC serial device at the hardware layer. This helps authorized teams validate USB control policies, endpoint behavior, and staff awareness around physical-device risks.
Does it work on macOS and Linux? +
Yes. The HAXSTIK OS includes OS-specific DuckyScript command sets for Windows, macOS, Linux, and Android. The OS fingerprint detection module can automatically identify the target platform and switch command sets accordingly.
How does the keystroke capture work? +
The device uses a CDC Serial communication channel. Audit data from the host machine is written to the COM port, captured by the HAXSTIK, streamed live to your browser via WebSocket, and simultaneously saved to onboard SPIFFS storage for download.
Can I hide the Wi-Fi network it creates? +
Yes. The OS includes a Hidden Network toggle. When activated, the SSID will not broadcast in standard Wi-Fi scans. You connect by manually entering the network name — keeping the access point invisible to nearby scanners.
Is the firmware open-source? +
No. While we use community-standard scripting languages like DuckyScript, the HAXSTIK OS firmware is proprietary — engineered specifically for our hardware to ensure maximum injection speed, stability, and feature completeness.
How much storage is available for payloads and logs? +
The device uses an internal SPIFFS partition. Payload scripts and keylogger logs are text-based files (typically a few kilobytes each), so you can store hundreds of scripts and extensive capture data without running out of space.
Is this device legal to use? +
HAXBD tools are designed exclusively for authorized red teamers, penetration testers, and security researchers. You must only deploy these tools on systems you own or have explicit, documented written permission to audit. Unauthorized use is illegal and unethical.

VERIFIED BUYERS

Customer Reviews

First reviews coming soon.

Follow Us

⚠️ WARNING: AUTHORIZED AUDITING ONLY      ⚠️ WARNING: AUTHORIZED AUDITING ONLY      ⚠️ WARNING: AUTHORIZED AUDITING ONLY      ⚠️ WARNING: AUTHORIZED AUDITING ONLY     

Built for Red Teamers. Engineered for Precision. HAXBD tools are designed exclusively for authorized physical and wireless penetration testing. Deploy payloads only on systems you own or have explicit written permission to test.

ADDED TO CART

HΛX•STIK has been added to your cart.