Introducing a Modern Web Interface for USB Army Knife: Built for the Future
I've created a brand new web interface for the USB Army Knife project - a complete reimagination built with modern web technologies and client-side best practices. While the original USB Army Knife is a powerful ESP32-based security tool, I wanted to build a modern, maintainable UI that leverages contemporary web development standards and provides a better user experience.
What is USB Army Knife?
USB Army Knife is an ESP32-based multitool designed for security research, penetration testing, and hardware hacking. Built on the versatile ESP32 platform, it combines multiple capabilities into a single portable device, including BadUSB functionality, WiFi attacks, file management, and custom script execution.
Why a New Modern Interface?
While the original USB Army Knife has a functional interface, I wanted to create something that embraced modern web development practices:
Modern Client Code: Built with current web standards and frameworks for better performance and maintainability
Easier Maintenance: Clean, modular codebase that's straightforward to update and extend
Better UX: Intuitive design with responsive layouts and smooth interactions
Developer-Friendly: Well-structured code that other developers can easily contribute to
This isn't meant to replace the official interface - rather, it's an alternative for users who prefer a more modern web application experience and developers who want cleaner code to work with.
The New Web Interface
The new web interface provides a comprehensive dashboard accessible through your browser, offering real-time device monitoring and full control over all device capabilities. The interface is designed with usability in mind, featuring a clean navigation structure and intuitive controls.
Key Features
1. Real-Time Device Dashboard
The dashboard provides an at-a-glance view of your device status:
Device uptime and current status
USB mode indicator (Serial + HID)
Memory and heap usage monitoring
SD card storage status
Error tracking
Agent connection status
Hardware capabilities (SD, WiFi, TFT, Button, LED, Marauder)
System information including chip type and firmware version
2. File Management
The file management system allows you to:
Browse all files stored on the device's SD card
Upload new files directly through the browser
Download files from the device
Edit text-based configuration files
Execute scripts with a single click
View and display images stored on the device
Delete unwanted files
The interface supports multiple file types including scripts (.ds), images (.png), text files (.txt), and configuration files (.json).
3. Script Execution
One of the most powerful features is the script execution system:
Run DuckyScript files and custom commands
Browse available scripts with easy-to-read listings
Access a comprehensive command reference
Execute raw commands directly
View execution results in real-time
The built-in command reference includes support for delays, keyboard inputs, LED control, and display operations.
4. Display & LED Control
Control the device's display and LED indicators:
Display custom text at specific coordinates
Show images from the SD card
Control RGB LEDs (Red, Green, Blue, Off)
Clear the display
Upload and display custom graphics
5. ESP32 Marauder Integration
For WiFi security testing, the interface includes full ESP32 Marauder support:
Execute Marauder attack commands
Common commands readily available (attack, scan, sniff, beacon, deauth, probe, list, select, clear, help)
View command results in the device logs
Easy command input with helpful placeholders
6. On-Screen Keyboard
Send keystrokes to target devices using the virtual keyboard:
Full QWERTY layout with all standard keys
Support for modifier keys (Ctrl, Shift, Alt, Win)
Function keys (F1-F12)
Special keys (Tab, Caps, Enter, Backspace, etc.)
Navigation keys (Home, End, PgUp, PgDn, Insert, Delete)
Text input area for typing longer strings
7. Device Logs
Monitor all device activity through the comprehensive logging system:
Real-time log viewing
Track script execution
Monitor command execution
View display operations
Debug device behavior
Refresh logs on demand
Clear logs when needed
8. Complete API Documentation
For developers, the interface includes full API documentation:
REST API endpoints for all device functions
WebSocket connections for real-time updates
Device status and information endpoints
File management operations
Script and command execution
Agent operations
Display control
Marauder command execution
Audio capture and streaming
Settings configuration
Getting It Running
The CORS Thing
Okay, so there's this annoying browser security thing called CORS. Basically, browsers don't like it when web pages talk to random devices on your network (for good reason). The fix? Use Corsy, a lightweight CORS proxy I made. It's super simple and solves the problem.
If you're running the interface locally (like, actually cloning the repo and running it on your machine), you don't need Corsy. Otherwise, yeah, you'll want it.
Quick Start
- Make sure your USB Army Knife is powered up and on your network
- Set up Corsy if you need it (using the GitHub Pages version or accessing remotely)
- Open the interface - either the live demo, or clone it and run locally
- Start playing around!
What Can You Do With This?
Honestly? Tons of stuff:
- Security Research: Test WiFi networks, try out different attacks, see what works
- Penetration Testing: BadUSB payloads, automated keystroke injection, all that good stuff
- Hardware Hacking: Build ESP32 projects, mess with sensors, debug weird behavior
- Learning: Figure out how this hardware/software combo works, break things, fix things
- IoT Experiments: Test device security, poke at protocols, find vulnerabilities
But really, the best use case is "I wonder what happens if I do this..." and then spending your weekend finding out.
Links
- This Modern Interface: USBArmyKnife-web
- CORS Proxy: Corsy
- Live Demo: https://niradler.github.io/USBArmyKnife-web/
- Original USB Army Knife: USBArmyKnife
Wrap Up
This project is what happens when you combine curiosity, modern web dev, and a love for hardware that does cool stuff. It's not perfect, it's not trying to be corporate, and it's definitely not the "official" anything. It's just a fun alternative that works well and is easy to tinker with.
The whole point is learning and experimentation - mixing software and hardware, seeing what you can build, and maybe learning something along the way. If you want to add features, change things, or just see how it works, go for it. The code is there, the hardware is fun, and there's always something new to try.
Whether you're into security research, hardware hacking, or just like building things that do stuff, give it a shot. And if you break something, hey, that's half the fun.
Contributing
Pull requests welcome! Found a bug? Cool. Want to add a feature? Even better. The codebase is clean enough that you won't want to cry when you look at it, which is always a plus.
Disclaimer: This is for learning, research, and authorized testing only. Don't be that person who uses this stuff without permission. Seriously, don't.
