- $600/1 Week: Full access (Launcher, Console, POC Generator).
- Valid only for 1 week. Long-term subscriptions are currently unavailable.
- Why?: The development team cannot predict the content and risks of future updates. Therefore, short-term licenses are offered for stability and security.
Compatible with all modern browsers, including:
- Google Chrome (v95+)
- Mozilla Firefox (v100+)
- Microsoft Edge (Chromium-based, v95+)
- Safari (macOS, v15+)
- Opera (v80+)
- Brave Browser (v1.35+)
- Windows 10/11 (20H2 or later)
- Windows Server 2019/2022
- Note: Limited support for vlan32NT 6.2.9200.0-based systems.
- x86 & x64 Executable (.exe, .dll):
- Maximum Size: 10MB.
- Why?: Files over 10MB are easily detected by antivirus/IDS/IPS systems and pose a risk.
- Payload distribution must be done via HTTP only.
- Why?: HTTPS certificate verification may block the file download process.
- During PE-to-PDF conversion, a PowerShell script automatically performs "HEX → Binary" decoding.
- Example:
putty.exe (9.8MB) → putty.pdf (10.2MB).
- Users do not see the "This file is unsafe" warning for email attachments or browser-based downloads (due to HTTP).
- PE files under 10MB evade antivirus detection via AMSI bypass and obfuscation.
- UAC (User Account Control) is bypassed for operations requiring Administrator privileges.
- Create a URL like
http://example.com/payload.exe. - Send the PDF to the target via email or browser-based traps.
- When the user opens the PDF:
- PowerShell decodes the HEX embedded in the PDF and saves the PE file to the
%Temp%folder. - The PE file executes and initiates a Bind Shell.
- PowerShell decodes the HEX embedded in the PDF and saves the PE file to the
- This tool should only be used for legal and ethical penetration testing.
- Files over 10MB or prolonged usage significantly increase detection risks.