PS>Punch is available as a beta. You can see where the project is at and download a precompiled binary of the alpha here
It's under heavy, active development and should be taking shape rapidly, with a "1.0" release planned early 2016. I'm writing an ongoing series of articles about where this project (and it's parent, PS>Attack) is at here
You can find a list of commands that have been tested here
If you have any questions or suggestions for PS>Attack and PSPunch, feel free to reachout on twitter or via email: jaredhaight at prontonmail.com
A portable console aimed at making pentesting with PowerShell a little easier.
PS>Punch combines some of the best projects in the infosec powershell community into a self contained executable. It's designed to evade antivirus and Incident Response teams.
- It doesn't rely on powershell.exe. Instead it calls powershell directly through the dotNet framework.
- The modules that are bundled with the exe are encrypted. When PS>Punch starts, they are decrypted into memory. The unencrypted payloads never touch disk, making it difficult for most antivirus engines to catch them.
Offensively, PS>Punch contains over 100 commands for Privilege Escalation, Recon and Data Exfilitration. It does this by including the following modules and commands:
- Powersploit
- Invoke-Mimikatz
- Get-GPPPassword
- Invoke-NinjaCopy
- Invoke-Shellcode
- Invoke-WMICommand
- VolumeShadowCopyTools
- PowerTools
- PowerUp
- PowerView
- Nishang
- Gupt-Backdoor
- Do-Exfiltration
- DNS-TXT-Pwnage
- Get-Infromation
- Get-WLAN-Keys
- Invoke-PsUACme
- Powercat
- Inveigh
It also comes bundled with get-attack, a command that allows you to search through the included commands and find the attack that you're looking for.
PS>Punch works best when you generate your own version through PS>Attack. PS>Attack will handle downloading PS>Punch, updating the modules to the latest versions, encrypting them with a custom key and then compiling the whole thing into an executable.
If you want to just try PS>Punch, you can download a compiled release from the releases tab. This binary will work, but the modules may be out of date and the encrypted files aren't custom so they're going to be much easier to spot by AV or IR teams.
Of course, you can also just clone the repo and compile the code yourself. You can use Visual Studio Community Edition to work with it and compie it.
PS>Punch was inspired by and benefits from a lot of incredible people in the PowerShell community. Particularly mattifiestation of PowerSploit and sixdub, engima0x3 and harmj0y of Empire. Besides writing the modules and commands that give PS>Punch it's.. punch, their various projects have inspired alot of my approach to PS>Attack and PS>Punch as well as my decision to try and contirbute something back to the community.
A huge thank you to Ben0xA, who's PoshSecFramework was used to figure out a lot of things about how to build a powershell console.