Invoke-Transfer is a PowerShell Clipboard Data Transfer.
This tool helps you to send files in highly restricted environments such as Citrix, RDP, VNC, Guacamole.. using the clipboard function.
As long as you can send text through the clipboard, you can send files in text format, in small Base64 encoded chunks. Additionally, you can transfer files from a screenshot, using the native OCR function of Microsoft Windows.
It is recommended to clone the complete repository or download the zip file. You can do this by running the following command:
git clone https://github.com/JoelGMSec/Invoke-Transfer
.\Invoke-Transfer.ps1 -h
___ _ _____ __
|_ _|_ __ _ __ __ | | __ __ |_ _| __ __ _ _ __ ___ / _| ___ _ __
| || '_ \ \ / / _ \| |/ / _ \____| || '__/ _' | '_ \/ __| |_ / _ \ '__|
| || | | \ V / (_) | < __/____| || | | (_| | | | \__ \ _| __/ |
|___|_| |_|\_/ \___/|_|\_\___| |_||_| \__,_|_| |_|___/_| \___|_|
----------------------- by @JoelGMSec & @3v4Si0N ---------------------
Info: This tool helps you to send files in highly restricted environments
such as Citrix, RDP, VNC, Guacamole... using the clipboard function
Usage: .\Invoke-Transfer.ps1 -split {FILE} -sec {SECONDS}
Send 120KB chunks with a set time delay of seconds
Add -guaca to send files through Apache Guacamole
.\Invoke-Transfer.ps1 -merge {B64FILE} -out {FILE}
Merge Base64 file into original file in de sired path
.\Invoke-Transfer.ps1 -read {IMGFILE} -out {FILE}
Read screenshot with Windows OCR and save output to file
Warning: This tool only works on Windows 10 or greater
OCR reading may not be entirely accurate
https://darkbyte.net/transfiriendo-ficheros-en-entornos-restringidos-con-invoke-transfer
This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.
This tool has been created and designed from scratch by Joel Gámez Molina (@JoelGMSec) and Héctor de Armas Padrón (@3v4si0n).
This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.
For more information, you can find us on Twitter as @JoelGMSec, @3v4si0n and on my blog darkbyte.net.
Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue
Graph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them. Querying this graph can drive higher-level organizational outcomes such as audit, policy, risk management, and even developer assistance.
Conceptually, GUAC occupies the “aggregation and synthesis” layer of the software supply chain transparency logical model:
A few examples of questions answered by GUAC include:
Refer to the Setup + Demo document to learn how to prepare your environment and try GUAC out!
Here is an overview of the architecture of GUAC:
We encourage discussions to be done on github issues. We also have a public slack channel on the OpenSSF slack.
For security issues or code of conduct concerns, an e-mail should be sent to guac-maintainers@googlegroups.com.
Information about governance can be found here.