🛡️ HID-NetAudit is a standalone PowerShell HID script that runs from a USB device (based on ATmega32u4 with SD card), designed for local network connection, port, and process audit on Windows systems without requiring administrator rights.
| File | Description |
|---|---|
HID-NetAudit.ino |
Arduino sketch for ATmega32u4 with HID + SD |
script.txt |
PowerShell command script for analysis |
README.md |
Documentation |
README.ru.md |
Documentation on Russian |
The setup uses a simple and accessible configuration based on Arduino:
| Component | Description |
|---|---|
| 🔌 ATmega32u4 HID | Board with ATmega32u4 chip supporting USB HID + microSD slot |
| 💾 SD card | Any microSD card (FAT32 format) |
📦 Example board on Aliexpress:
➡️ ATmega32u4 with SD slot (AliExpress)
💡 Connects directly via USB and works driver-free.
The SD card stores the script.txt file which is executed as keyboard input by the HID device.
🖥 USB HID (ATmega32u4)
⬇️
⌨️ Keyboard input emulation
⬇️
💻 PowerShell launch
⬇️
📄 Execute script.txt
⬇️
📡 Get IP addresses
📊 Show connection table
🛡 Check RDP / listening ports
Sketch functionality:
- Uses
Keyboard.handSD.h - Automatically launches PowerShell (
Win+R → powershell) - Reads and executes
script.txtfrom SD card - Types PowerShell commands symbol by symbol
- Does not require admin privileges on the target
📎 Compatible with:
- Arduino Leonardo
- Teensy 2.0++
- Any HID + SD compatible device
Key features:
- 🌐 Retrieve local IPs
- 🔗 Analyze active TCP connections (
Established)- Show PID and process name
- Highlight external IPs
- Color-code trusted / known / unknown processes
- 🔎 Scan
LISTENports- Match against trusted whitelist
- Highlight suspicious services
- 🔐 Detect RDP status (optional)
- 🧩 Requires no extra PowerShell modules
📋 Example Output:
Local IPs: 192.168.1.10
ESTABLISHED CONNECTIONS
8.8.8.8 443 3120 chrome
212.45.66.1 445 4444 unknown.exe
LISTENING PORTS CHECK
445 4 System Trusted
5555 1111 backdoor ⚠ Unknown ⚠
- 💻 Quick local system audit
- 🔐 Silent network inspection (no logs)
- 🔍 SOC/BlueTeam investigation & monitoring
- 📚 Education & live demonstrations
This project is intended strictly for audit, educational, and defensive purposes.
Unauthorized use may violate local laws or organizational policies.


