Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/maxdcb/powershellwebdelivery

Generate a Powershell oneliner to deliver a Shellcode generated from any Windows Module without touching the disk
https://github.com/maxdcb/powershellwebdelivery

c2 cybersecurity malware-research redteam

Last synced: about 2 months ago
JSON representation

Generate a Powershell oneliner to deliver a Shellcode generated from any Windows Module without touching the disk

Host: GitHub
URL: https://github.com/maxdcb/powershellwebdelivery
Owner: maxDcb
License: mit
Created: 2023-04-25T08:24:00.000Z (over 1 year ago)
Default Branch: master
Last Pushed: 2024-07-20T10:28:45.000Z (6 months ago)
Last Synced: 2024-07-20T11:39:47.495Z (6 months ago)
Topics: c2, cybersecurity, malware-research, redteam
Language: Python
Homepage:
Size: 284 KB
Stars: 2
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # GeneratePowershellLauncher

pip3 install pycryptodome

Generate a powershell dropper for any DLL or EXE. The shellcode of the payload is generated with [Donut](https://github.com/TheWover/donut). Two powershell script are generated, the first is an AMSI bypass (credit to rasta-mouse) the second is the injector (credit to [Metasploit](https://github.com/rapid7/metasploit-framework) web-delivery PSH). The output is store on ./web, the final command to launch on the victime host is display on the console.  

See [AMSITrigger](https://github.com/RythmStick/AMSITrigger) and [Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) for AMSI bypass.

Compatible with linux (GeneratePowershellLauncher.py) and windows (GeneratePowershellLauncher.ps1).  

![alt text](https://github.com/maxDcb/PowershellWebDelivery/blob/master/ressources/image1.png?raw=true)