Spotter is a tool to wrap payloads in environmentally-keyed, AES256-encrypted launchers. These keyed launchers provide a way to ensure your payload is running on its intended target, as well as provide a level of protection for the launcher itself.
python3 spotter.py --help
usage: spotter.py [-h] {ps,cs-process,cs-inject} ...
This script will build an AES256-encrypted payload launcher using
environmental keys.
positional arguments:
{ps,cs-process,cs-inject}
Payload method help
ps PowerShell help
cs-process C# Process help
cs-inject C# PE Injection help
optional arguments:
-h, --help show this help message and exit
PowerShell Example:
python3 spotter.py ps --payload_file payload.txt --outfile spotter.ps1 --domain ACME.CORP
C# Process Creation:
python3 spotter.py cs-process -d ACME.CORP -x calc.exe
C# Injection:
python3 spotter.py cs-inject -d ACME.CORP --payload_file evilDotNet.exe
Released at aRcTicCON '18