Loading repository data…
Loading repository data…
rishieissocool / repository
PhantomReg is a Python tool that generates a stealthy Windows registry exploit to execute hidden payloads on startup. It modifies the Winlogon registry keys to run base64-encoded PowerShell commands, with customizable payloads. Designed for educational purposes, it includes obfuscation features to enhance evasion of detection.
A transparent discovery signal based on current public GitHub metadata.
This score does not audit code, security, maintainers, documentation quality, or suitability. Verify the repository and its current documentation before adoption.
PhantomReg is a Python-based registry exploit generator designed to inject malicious payloads into the Windows startup process via the registry. It includes a base64-encoded PowerShell payload and optional obfuscation to evade detection by antivirus software.
PhantomReg allows for the creation of registry files (.reg) that modify the Windows startup to run a malicious PowerShell script. The payload is encoded to evade detection, and the program offers an option for obfuscation, making it harder for security tools to detect the exploit.
The generated .reg file adds entries to the Windows registry (Shell and Userinit) to run a PowerShell command that executes a payload when the system starts. The script can be used for educational purposes or to simulate malware payloads in a controlled environment.
.reg file to make it harder to identify as malicious.Clone the Repository
Clone this repository to your local machine using Git:
git clone https://github.com/rishieissocool/PhantomReg.git
Install Dependencies
Make sure you have Python 3.x installed. You can install the necessary dependencies by running:
pip install -r requirements.txt
To generate a malicious registry payload, run the script with the desired options:
python phantom_reg.py <payload_file> --obfuscate --obf_length_kb <length> --reg_filename <filename> --misleading_name <name>
.reg file (default: monkey.reg)..reg file (default: empty).An example command to generate a malicious payload with 512 KB obfuscation and a custom filename would be:
python phantom_reg.py payload.exe --obfuscate --obf_length_kb 512 --reg_filename "malicious_payload.reg" --misleading_name "SUSPICIOUS FILE"
This will create a .reg file with the specified settings.
This project is licensed under the MIT License - see the LICENSE file for details.
Feel free to fork this repository, create pull requests, or open issues for discussion. Contributions are welcome!