https://github.com/maxdcb/powershellwebdelivery

Generate a Powershell oneliner to deliver a Shellcode generated from any Windows Module without touching the disk
https://github.com/maxdcb/powershellwebdelivery

c2 cybersecurity malware-research redteam

Last synced: about 1 year ago
JSON representation

Generate a Powershell oneliner to deliver a Shellcode generated from any Windows Module without touching the disk

• Host: GitHub
• URL: https://github.com/maxdcb/powershellwebdelivery
• Owner: maxDcb
• License: mit
• Created: 2023-04-25T08:24:00.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2025-02-05T15:13:10.000Z (over 1 year ago)
• Last Synced: 2025-04-06T14:12:57.129Z (about 1 year ago)
• Topics: c2, cybersecurity, malware-research, redteam
• Language: Python
• Homepage:
• Size: 360 KB
• Stars: 6
• Watchers: 1
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# GeneratePowershellLauncher

pip3 install pycryptodome

Generate a powershell dropper for any DLL or EXE. The shellcode of the payload is generated with [Donut](https://github.com/TheWover/donut). Two powershell script are generated, the first is an AMSI bypass (credit to rasta-mouse) the second is the injector (credit to [Metasploit](https://github.com/rapid7/metasploit-framework) web-delivery PSH). The output is store on ./web, the final command to launch on the victime host is display on the console.  

See [AMSITrigger](https://github.com/RythmStick/AMSITrigger) and [Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) for AMSI bypass.

Compatible with linux (GeneratePowershellLauncher.py) and windows (GeneratePowershellLauncher.ps1).  

![alt text](https://github.com/maxDcb/PowershellWebDelivery/blob/master/ressources/image1.png?raw=true)