Magic Unicorn

LSE toolsLSE toolsMagic Unicorn (195)Magic Unicorn (195)

Tool and Usage

Project details

Custom license
Programming language
David Kennedy
Latest release
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Magic Unicorn is a tool to perform a PowerShell downgrade attack and inject shellcode into memory.

How it works

The tool is used together with Metasploit. If Magic Unicorn is located within the right path, then execute the tool. Upon execution, a PowerShell command is generated that can be pasted in a command line window. Another option is to use a payload delivery system from within Metasploit.

Background information

Magic Unicorn is based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by our own David Kennedy and Josh Kelly at DEF CON 18.

Usage and audience

Magic Unicorn is commonly used for penetration testing or shellcode injection. Target users for this tool are pentesters and security professionals.


  • Command line interface

Example usage and output

-------------------- Magic Unicorn Attack Vector -----------------------------

Native x86 powershell injection attacks on any Windows platform.
Written by: Dave Kennedy at TrustedSec (
Twitter: @TrustedSec, @HackingDave
Credits: Matthew Graeber, Justin Elze, Chris Gates

Happy Magic Unicorns.

Usage: python payload reverse_ipaddr port <optional hta or macro, crt>
PS Example: python windows/meterpreter/reverse_https 443
PS Down/Exec: python windows/download_exec url=
Macro Example: python windows/meterpreter/reverse_https 443 macro
Macro Example CS: python <cobalt_strike_file.cs> cs macro
Macro Example Shellcode: python <path_to_shellcode.txt> shellcode macro
HTA Example: python windows/meterpreter/reverse_https 443 hta
HTA Example CS: python <cobalt_strike_file.cs> cs hta
HTA Example Shellcode: python <path_to_shellcode.txt>: shellcode hta
DDE Example: python windows/meterpreter/reverse_https 443 dde
CRT Example: python <path_to_payload/exe_encode> crt
Custom PS1 Example: python <path to ps1 file>
Custom PS1 Example: python <path to ps1 file> macro 500
Cobalt Strike Example: python <cobalt_strike_file.cs> cs (export CS in C# format)
Custom Shellcode: python <path_to_shellcode.txt> shellcode (formatted 0x00)
Help Menu: python --help

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + More than 1000 GitHub stars
  • + Many releases available
  • + The source code of this software is available

History and highlights

  • Demo at DEF CON 26 Demo Labs

Author and Maintainers

Magic Unicorn is under development by David Kennedy.


Supported operating systems

Magic Unicorn is known to work on Linux.

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information


This tool is categorized as a PowerShell exploitation tool.

Related topics