This PowerShell script is designed to gather system information and perform various tasks for security auditing purposes.
-
User Information: Gathers details like username, full name, email, and geolocation.
-
System Information: Retrieves data on UAC and RDP state, LSASS status, and Gathers information about the computer, BIOS, operating system, CPU, mainboard, RAM, and video card
-
Network Information: Provides public IP, local IP with MAC address, WiFi profiles, and nearby WiFi networks
-
Startup Contents: Lists items in the startup folder for potential persistence mechanisms.
-
Scheduled Tasks: Displays scheduled tasks on the system.
-
Logon Sessions: Shows active logon sessions.
-
Recent Files: Retrieves the 50 most recent files in the user's profile
-
HDD Information: Retrieves details about connected hard drives.
-
Processes: Displays information about running processes, listeners, services, software, drivers, and video cards
-
Browser Data: Gathers history and bookmarks from Google Chrome, Microsoft Edge, and Mozilla Firefox.
Automatically runs upon inserting a USB drive
-
Windows environment
-
PowerShell execution policy set to allow script execution
- Insert the USB drive
- The script creates a loot folder, gathers information, and generates a zip file.
- Autorun deletes the temporary files on the local system and Data is saved in the USB drive.
- A popup message signals the completion of the payload.
To run the script manually, use the following command:
powershell.exe -NoProfile -ExecutionPolicy Bypass -File (F:/path/to/file/)Badusb.ps1
or just
powershell.exe (F:/path/to/file/)Badusb.ps1
If you find my work helpful or enjoyable, consider supporting me with a cup of coffee! ☕
-
Browser Password Extraction: Included functionality to extract saved passwords from popular browsers (Chrome, Firefox, Edge).
-
Installation of SQLite: The script now checks for SQLite's presence. If not found, it automatically installs SQLite to ensure seamless password extraction
-
User Registry Information: Gathers relevant information from the user's registry (UAC , Firewall , NetworkInfo , CurrentUserInfo)
-
Zip File and SQL URL Update: Before using the script, ensure to update the zip file name and the SQLite URL with the latest information from https://sqlite.org/index.html. This guarantees that you're using the most up-to-date resources
-
The loot file is moved to a specified destination (replace 'F:' with your pendrive's drive letter (line 779)).