Skip to content
/ Badboy Public

A PowerShell script designed for security auditing purposes. It gathers system information and automatically runs upon inserting a USB drive.

License

Notifications You must be signed in to change notification settings

sddion/Badboy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 

Repository files navigation

Bad USB - Reconnaissance PowerShell Script

instagram logo tutanota logo telegram logo


Overview

This PowerShell script is designed to gather system information and perform various tasks for security auditing purposes.

dot-net logo

Features

  1. User Information: Gathers details like username, full name, email, and geolocation.

  2. System Information: Retrieves data on UAC and RDP state, LSASS status, and Gathers information about the computer, BIOS, operating system, CPU, mainboard, RAM, and video card

  3. Network Information: Provides public IP, local IP with MAC address, WiFi profiles, and nearby WiFi networks

  4. Startup Contents: Lists items in the startup folder for potential persistence mechanisms.

  5. Scheduled Tasks: Displays scheduled tasks on the system.

  6. Logon Sessions: Shows active logon sessions.

  7. Recent Files: Retrieves the 50 most recent files in the user's profile

  8. HDD Information: Retrieves details about connected hard drives.

  9. Processes: Displays information about running processes, listeners, services, software, drivers, and video cards

  10. Browser Data: Gathers history and bookmarks from Google Chrome, Microsoft Edge, and Mozilla Firefox.

Automatically runs upon inserting a USB drive

Prerequisites

  • Windows environment

  • PowerShell execution policy set to allow script execution

Usage

  1. Insert the USB drive
  2. The script creates a loot folder, gathers information, and generates a zip file.
  3. Autorun deletes the temporary files on the local system and Data is saved in the USB drive.
  4. A popup message signals the completion of the payload.

Script Execution

To run the script manually, use the following command:

powershell.exe -NoProfile -ExecutionPolicy Bypass -File (F:/path/to/file/)Badusb.ps1

or just

powershell.exe (F:/path/to/file/)Badusb.ps1 

If you find my work helpful or enjoyable, consider supporting me with a cup of coffee! ☕

Buy Me a Coffee

NEW UPDATES GOES HERE :

  1. Browser Password Extraction: Included functionality to extract saved passwords from popular browsers (Chrome, Firefox, Edge).

  2. Installation of SQLite: The script now checks for SQLite's presence. If not found, it automatically installs SQLite to ensure seamless password extraction

  3. User Registry Information: Gathers relevant information from the user's registry (UAC , Firewall , NetworkInfo , CurrentUserInfo)

IMPORTANT NOTES :

  1. Zip File and SQL URL Update: Before using the script, ensure to update the zip file name and the SQLite URL with the latest information from https://sqlite.org/index.html. This guarantees that you're using the most up-to-date resources

  2. The loot file is moved to a specified destination (replace 'F:' with your pendrive's drive letter (line 779)).

About

A PowerShell script designed for security auditing purposes. It gathers system information and automatically runs upon inserting a USB drive.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published