Downloads

Choose what you need

ET Ducky ships in two flavors. The Desktop App runs locally on a single Windows machine and gives you the full diagnostics dashboard, ETW monitoring, and AI live sessions without deploying anything else. The Endpoint Agent is installed on the machines you want to monitor remotely — one binary handles inventory, behavioral-security rules, ransomware kill-chain detection, and live root-cause analysis. The same dashboard, the same AI, on Windows or Linux.

All installers below are signed and version-pinned. The SHA256SUMS file at the bottom of this page lets you verify the Linux packages before installing.

Desktop App

Windows 10 / 11

ET Ducky Desktop App v1.8.1

The standalone client. Runs a local ETW collector, correlates kernel-level events, and gives you the full AI live-session experience on your own machine — no agent deployment required. Auto-updates when a new release ships.

Installer (.exe) ~43 MB Auto-update enabled

Download for Windows

Endpoint Agent

Install on the endpoints you want to monitor. Same agent code on every OS; same dashboard, alerts, and AI live sessions.

Windows

Windows Agent Installer v2.0.1.5

ETW-based kernel monitoring with behavioral-security rules and ransomware kill-chain detection. Installs as a Windows service and registers itself with your tenant on first start.

Installer (.exe) ~22 MB Auto-update enabled

Download .exe

Debian / Ubuntu

Linux Agent (.deb) v2.0.1.5

eBPF-based kernel diagnostics for Debian, Ubuntu, and derivatives. Installs as a systemd service via apt. amd64.

Debian package (.deb) ~27 MB amd64

Download .deb

RHEL / Fedora / CentOS

Linux Agent (.rpm) v2.0.1.5

eBPF-based kernel diagnostics for RHEL, Fedora, CentOS Stream, AlmaLinux, and Rocky Linux. Install with dnf or rpm -i. x86_64.

RPM package (.rpm) ~25 MB x86_64

Download .rpm

Other Linux

Linux Agent (universal .run) v2.0.1.5

Self-extracting installer for distros without first-class .deb / .rpm support — Arch, openSUSE, Alpine (with glibc compatibility), or custom builds. Run with sudo sh etducky-agent-2.0.1.5.run.

Self-extracting (.run) ~33 MB x86_64

Download .run

Verify your download

Compare the SHA-256 hash of any Linux agent package against the signed checksum file below before installing. On Linux, run sha256sum -c SHA256SUMS in the directory where you downloaded the file.

Download SHA256SUMS View version.json

Loading checksums…

Windows installers are Authenticode-signed — right-click the downloaded .exe, choose Properties → Digital Signatures, and confirm the publisher before running.

Looking for source or self-hosted builds?

Self-hosted deployments and on-prem image bundles are documented in the self-hosted guide. Air-gapped customers can request signed offline installers through support — see deployment options for details.