Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.

Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by our own David Kennedy and Josh Kelly at Defcon 18.

Usage is simple. Ensure Metasploit is installed and in the right path. Run Magic Unicorn.

This will generate a powershell command. Simply paste this to a command line window or through a payload delivery system.


The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It’s super simple to configure and add them and only takes a few minute.

To download Unicorn, type the following command in Linux:

git clone https://github.com/trustedsec/unicorn /unicorn

View on git