A collection of powershell tools
Post exploitation
- BloodHoundAD/BARK - BloodHound Attack Research Kit
- DarkCoderSc/PowerRunAsAttached - This script allows to spawn a new interactive console as another user account in the same calling console (console instance/window)
- MScholtes/PS2EXE - Module to compile powershell scripts to executables
- homjxi0e/PowerAvails - PowerAvails Powershell .NET System Operating
- Cn33liz/p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
- fridgehead/Powershell-SSHTools - A bunch of useful SSH tools for powershell
- samratashok/nishang - Offensive PowerShell for red team, penetration testing and offensive security
- besimorhino/Pause-Process - PowerShell script which allows pausing/unpausing Win32/64 exes
- giuliano108/SeBackupPrivilege - Use SE_BACKUP_NAME/SeBackupPrivilege to access objects you shouldn't have access to - DLL 实现的,得导入
Misc scripts collections
- xorrior/RandomPS-Scripts
- FuzzySecurity/PowerShell-Suite
- Mr-Un1k0d3r/RedTeamPowershellScripts
- SadProcessor/SomeStuff
- HarmJ0y/Misc-PowerShell
- NetSPI/PowerShell
- tobor88/PowerShell-Red-Team - Collection of PowerShell functions a Red Teamer may use to collect data from a machine
Uncategorized
- S3cur3Th1sSh1t/Invoke-SharpLoader - Load encrypted and compressed C# Code from a remote Webserver or from a local file straight to memory and execute it there
- jcwalker/WiFiProfileManagement - Module used for management of wireless profiles - 能获取wifi明文密码,不依赖netsh
- mikemaccana/powershell-profile - Mike's Powershell Profile (and how to set up Windows console if you've been using nix for 20 years)
- FuzzySecurity/PSKernel-Primitives - Exploit primitives for PowerShell
- mattifestation/PowerShellArsenal - A PowerShell Module Dedicated to Reverse Engineering
- p3nt4/Invoke-TmpDavFS - In Memory Powershell WebDav Server
- rvrsh3ll/Misc-Powershell-Scripts
- Parses signature data from the db and dbx UEFI variables
- felixweyne/ProcessSpawnControl - a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it
- tyranid/DotNetInteropDemos - A set of demos and a PowerShell module to interact with DotNetInterop