Powershell-RAT – Gmail Exfiltration RAT

The New Acunetix V12 Engine


Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.

Powershell-RAT - Gmail Exfiltration RAT


This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

It claims to not need Administrator access and is not currently detected by Anti-virus software.

How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address

How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send screenshot as attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. Attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C

Some other related tools are:

PyExfil – Python Data Exfiltration Tools
DET – Data Exfiltration Toolkit
dnsteal – DNS Exfiltration Tool

And using Gmail as a backchannel there is:

Gdog – Python Windows Backdoor With Gmail Command & Control
Gcat – Python Backdoor Using Gmail For Command & Control

You can download Powershell-RAT here:

Powershell-RAT-master.zip

Or read more here.

Posted in: Hacking Tools

, ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


2 Responses to Powershell-RAT – Gmail Exfiltration RAT

  1. exif June 25, 2018 at 8:39 am #

    Is this really a RAT or backdoor? I cannot see any remote connectivity.

    • Darknet June 25, 2018 at 8:49 pm #

      Yah I think exfiltration backdoor is a more accurate title, calling it a RAT is pushing it a bit.