Skip to content

holdsworth/PSPunch

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

PS>Punch is in a super limited Proof of Concept state right now. You can see where the project is at and download a precompiled binary of the alpha here

A lot of this README is place holder indicating where the project will be at when it's "done". It's under heavy, active development and should be taking shape rapidly, with a "1.0" release planned early 2016. I'm writing an ongoing series of articles about where this project (and it's parent, PS>Attack) is at here

If you have any questions or suggestions for PS>Attack and PSPunch, feel free to reachout on twitter or via email: jaredhaight at prontonmail.com

PS>Punch

An portable console aimed at making pentesting with PowerShell a little easier.

What is it

PS>Punch combines some of the best projects in the infosec powershell community into a self contained executable. It's designed to evade antivirus and Incident Response teams.

  1. It doesn't rely on powershell.exe. Instead it calls powershell directly through the dotNet framework.
  2. The modules that are bundled with the exe are encrypted. When PS>Punch starts, they are decrypted into memory. The unencrypted payloads never touch disk, making it difficult for most antivirus engines to catch them.

Offensively, PS>Punch contains commands for Privilege Escalation, Recon and Data Exfilitration. It does this by including the following modules and commands:

  • Powersploit
    • Invoke-Mimikatz
    • Invoke-GPPPassword
    • Invoke-NinjaCopy
    • Invoke-Shellcode
    • Invoke-WMICommand
  • PowerTools
    • PowerUp
    • PowerView
  • Nishang
    • Gupt-Backdoor
    • Do-Exfiltration
    • DNS-TXT-Pwnage
    • Get-Infromation
    • Get-WLAN-Keys
  • Powercat

How to use it

PS>Punch works best when you generate your own version through PS>Attack. PS>Attack will handle downloading PS>Punch, updating the modules to the latest versions, encrypting them with a custom key and then compiling the whole thing into an executable.

If you want to just try PS>Punch, you can download a compiled release from the releases tab. This binary will work, but the modules may be out of date and the encrypted files aren't custom so they're going to be much easier to spot by AV or IR teams.

Of course, you can also just clone the repo and compile the code yourself. You can use Visual Studio Community Edition to work with it and compie it.

Gr33tz

PS>Punch was inspired by and benefits from a lot of incredible people in the PowerShell community. Particularly mattifiestation of PowerSploit and sixdub, engima0x3 and harmj0y of Empire. Besides writing the modules and commands that give PS>Punch it's.. punch, their various projects have inspired alot of my approach to PS>Attack and PS>Punch as well as my decision to try and contirbute something back to the community.

A huge thank you to Ben0xA, who's PoshSecFramework was used to figure out a lot of things about how to build a powershell console.

About

An offensive Powershell console

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C# 100.0%