For ./ScriptModification/ :

-PSScriptAnalyzering -Tweaking of synopsis blocks in order to support platyPS -Code standardization -Generated docs
2016-12-14 18:50:58 -05:00 · 2016-12-14 18:50:58 -05:00 · 59e6f94e76
parent 9ed26d65a8
commit 59e6f94e76
12 changed files with 574 additions and 53 deletions
--- a/README.md
+++ b/README.md
@ -36,7 +36,7 @@ Compresses, Base-64 encodes, and outputs generated code to load a managed dll in
 Encrypts text files/scripts.
-#### `Remove-Comments`
+#### `Remove-Comment`
 Strips comments and extra whitespace from a script. 
--- a/ScriptModification/Out-CompressedDll.ps1
+++ b/ScriptModification/Out-CompressedDll.ps1
@ -5,12 +5,12 @@ function Out-CompressedDll
 Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
-PowerSploit Function: Out-CompressedDll
+PowerSploit Function: Out-CompressedDll  
-Author: Matthew Graeber (@mattifestation)
+Author: Matthew Graeber (@mattifestation)  
-License: BSD 3-Clause
+License: BSD 3-Clause  
-Required Dependencies: None
+Required Dependencies: None  
-Optional Dependencies: None
+Optional Dependencies: None  
- 
+
 .DESCRIPTION
 Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
@ -21,7 +21,7 @@ Specifies the path to a managed executable.
 .EXAMPLE
-C:\PS> Out-CompressedDll -FilePath evil.dll
+Out-CompressedDll -FilePath evil.dll
 Description
 -----------
@ -36,7 +36,9 @@ Only pure MSIL-based dlls can be loaded using this technique. Native or IJW ('it
 http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
 #>
-    [CmdletBinding()] Param (
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $True)]
        [String]
        $FilePath
@ -51,7 +53,7 @@ http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html
    $FileBytes = [System.IO.File]::ReadAllBytes($Path)
-    if (($FileBytes[0..1] | % {[Char]$_}) -join '' -cne 'MZ')
+    if (($FileBytes[0..1] | ForEach-Object {[Char]$_}) -join '' -cne 'MZ')
    {
        Throw "$Path is not a valid executable."
    }
--- a/ScriptModification/Out-EncodedCommand.ps1
+++ b/ScriptModification/Out-EncodedCommand.ps1
@ -5,12 +5,12 @@ function Out-EncodedCommand
 Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
-PowerSploit Function: Out-EncodedCommand
+PowerSploit Function: Out-EncodedCommand  
-Author: Matthew Graeber (@mattifestation)
+Author: Matthew Graeber (@mattifestation)  
-License: BSD 3-Clause
+License: BSD 3-Clause  
-Required Dependencies: None
+Required Dependencies: None  
-Optional Dependencies: None
+Optional Dependencies: None  
- 
+
 .DESCRIPTION
 Out-EncodedCommand prepares a PowerShell script such that it can be pasted into a command prompt. The scenario for using this tool is the following: You compromise a machine, have a shell and want to execute a PowerShell script as a payload. This technique eliminates the need for an interactive PowerShell 'shell' and it bypasses any PowerShell execution policies.
@ -49,13 +49,13 @@ Base-64 encodes the entirety of the output. This is usually unnecessary and effe
 .EXAMPLE
-C:\PS> Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
+Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
 powershell -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String('Cy/KLEnV9cgvLlFQz0jNycnXUSjPL8pJUVQHAA=='),[IO.Compression.CompressionMode]::Decompress)),[Text.Encoding]::ASCII)).ReadToEnd()
 .EXAMPLE
-C:\PS> Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
+Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
 powershell -NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcATABjAGkAeABDAHMASQB3AEUAQQBEAFEAWAAzAEUASQBWAEkAYwBtAEwAaQA1AEsAawBGAEsARQA2AGwAQgBCAFIAWABDADgAaABLAE8ATgBwAEwAawBRAEwANAAzACsAdgBRAGgAdQBqAHkAZABBADkAMQBqAHEAcwAzAG0AaQA1AFUAWABkADAAdgBUAG4ATQBUAEMAbQBnAEgAeAA0AFIAMAA4AEoAawAyAHgAaQA5AE0ANABDAE8AdwBvADcAQQBmAEwAdQBYAHMANQA0ADEATwBLAFcATQB2ADYAaQBoADkAawBOAHcATABpAHMAUgB1AGEANABWAGEAcQBVAEkAagArAFUATwBSAHUAVQBsAGkAWgBWAGcATwAyADQAbgB6AFYAMQB3ACsAWgA2AGUAbAB5ADYAWgBsADIAdAB2AGcAPQA9ACcAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkALABbAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA=
@ -72,7 +72,8 @@ This cmdlet was inspired by the createcmd.ps1 script introduced during Dave Kenn
 http://www.exploit-monday.com
 #>
-    [CmdletBinding( DefaultParameterSetName = 'FilePath')] Param (
+    [CmdletBinding( DefaultParameterSetName = 'FilePath')]
    Param (
        [Parameter(Position = 0, ValueFromPipeline = $True, ParameterSetName = 'ScriptBlock' )]
        [ValidateNotNullOrEmpty()]
        [ScriptBlock]
--- a/ScriptModification/Out-EncryptedScript.ps1
+++ b/ScriptModification/Out-EncryptedScript.ps1
@ -5,11 +5,11 @@ function Out-EncryptedScript
 Encrypts text files/scripts.
-PowerSploit Function: Out-EncryptedScript
+PowerSploit Function: Out-EncryptedScript  
-Author: Matthew Graeber (@mattifestation)
+Author: Matthew Graeber (@mattifestation)  
-License: BSD 3-Clause
+License: BSD 3-Clause  
-Required Dependencies: None
+Required Dependencies: None  
-Optional Dependencies: None
+Optional Dependencies: None  
 .DESCRIPTION
@ -36,7 +36,8 @@ is randomly generated by default.
 .EXAMPLE
-C:\PS> Out-EncryptedScript .\Naughty-Script.ps1 password salty
+$Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
 Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
 Description
 -----------
@ -48,10 +49,10 @@ function 'de' and the base64-encoded ciphertext.
 .EXAMPLE
-C:\PS> [String] $cmd = Get-Content .\evil.ps1
+[String] $cmd = Get-Content .\evil.ps1
-C:\PS> Invoke-Expression $cmd
+Invoke-Expression $cmd
-C:\PS> $decrypted = de password salt
+$decrypted = de password salt
-C:\PS> Invoke-Expression $decrypted
+Invoke-Expression $decrypted
 Description
 -----------
@ -64,34 +65,39 @@ unencrypted script is called via Invoke-Expression
 This command can be used to encrypt any text-based file/script
 #>
-    [CmdletBinding()] Param (
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
    [CmdletBinding()]
    Param (
        [Parameter(Position = 0, Mandatory = $True)]
        [String]
        $ScriptPath,
-    
+
        [Parameter(Position = 1, Mandatory = $True)]
-        [String]
+        [Security.SecureString]
        $Password,
-    
+
        [Parameter(Position = 2, Mandatory = $True)]
        [String]
        $Salt,
-    
+
        [Parameter(Position = 3)]
        [ValidateLength(16, 16)]
        [String]
-        $InitializationVector = ((1..16 | % {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''),
+        $InitializationVector = ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join ''),
-    
+
        [Parameter(Position = 4)]
        [String]
        $FilePath = '.\evil.ps1'
    )
    $TempCred = New-Object System.Management.Automation.PSCredential('a', $Password)
    $PlaintextPassword = $TempCred.GetNetworkCredential().Password
    $AsciiEncoder = New-Object System.Text.ASCIIEncoding
    $ivBytes = $AsciiEncoder.GetBytes($InitializationVector)
    # While this can be used to encrypt any file, it's primarily designed to encrypt itself.
    [Byte[]] $scriptBytes = Get-Content -Encoding Byte -ReadCount 0 -Path $ScriptPath
-    $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($Password, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
+    $DerivedPass = New-Object System.Security.Cryptography.PasswordDeriveBytes($PlaintextPassword, $AsciiEncoder.GetBytes($Salt), "SHA1", 2)
    $Key = New-Object System.Security.Cryptography.TripleDESCryptoServiceProvider
    $Key.Mode = [System.Security.Cryptography.CipherMode]::CBC
    [Byte[]] $KeyBytes = $DerivedPass.GetBytes(16)
--- a/ScriptModification/Remove-Comments.ps1
+++ b/ScriptModification/Remove-Comments.ps1
@ -1,19 +1,19 @@
-function Remove-Comments
+function Remove-Comment
 {
 <#
 .SYNOPSIS
 Strips comments and extra whitespace from a script.
-PowerSploit Function: Remove-Comments
+PowerSploit Function: Remove-Comment  
-Author: Matthew Graeber (@mattifestation)
+Author: Matthew Graeber (@mattifestation)  
-License: BSD 3-Clause
+License: BSD 3-Clause  
-Required Dependencies: None
+Required Dependencies: None  
-Optional Dependencies: None
+Optional Dependencies: None  
- 
+
 .DESCRIPTION
-Remove-Comments strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
+Remove-Comment strips out comments and unnecessary whitespace from a script. This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
 A major portion of this code was taken from the Lee Holmes' Show-ColorizedContent script. You rock, Lee!
@ -27,11 +27,11 @@ Specifies the path to your script.
 .EXAMPLE
-C:\PS> $Stripped = Remove-Comments -Path .\ScriptWithComments.ps1
+$Stripped = Remove-Comment -Path .\ScriptWithComments.ps1
 .EXAMPLE
-C:\PS> Remove-Comments -ScriptBlock {
+Remove-Comment -ScriptBlock {
 ### This is my awesome script. My documentation is beyond reproach!
      Write-Host 'Hello, World!' ### Write 'Hello, World' to the host
 ### End script awesomeness
@ -41,7 +41,7 @@ Write-Host 'Hello, World!'
 .EXAMPLE
-C:\PS> Remove-Comments -Path Inject-Shellcode.ps1 | Out-EncodedCommand
+Remove-Comment -Path Inject-Shellcode.ps1 | Out-EncodedCommand
 Description
 -----------
@ -57,15 +57,17 @@ Accepts either a string containing the path to a script or a scriptblock.
 System.Management.Automation.ScriptBlock
-Remove-Comments returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
+Remove-Comment returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
 .LINK
 http://www.exploit-monday.com
 http://www.leeholmes.com/blog/2007/11/07/syntax-highlighting-in-powershell/
 #>
-
+    
-    [CmdletBinding( DefaultParameterSetName = 'FilePath' )] Param (
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')]
    [CmdletBinding( DefaultParameterSetName = 'FilePath' )]
    Param (
        [Parameter(Position = 0, Mandatory = $True, ParameterSetName = 'FilePath' )]
        [ValidateNotNullOrEmpty()]
        [String]
--- a/ScriptModification/ScriptModification.psd1
+++ b/ScriptModification/ScriptModification.psd1
@ -26,6 +26,6 @@ FunctionsToExport = '*'
 # List of all files packaged with this module
 FileList = 'ScriptModification.psm1', 'ScriptModification.psd1', 'Out-CompressedDll.ps1', 'Out-EncodedCommand.ps1', 
-               'Out-EncryptedScript.ps1', 'Remove-Comments.ps1', 'Usage.md'
+               'Out-EncryptedScript.ps1', 'Remove-Comment.ps1', 'Usage.md'
 }
--- a/docs/ScriptModification/Out-CompressedDll.md
+++ b/docs/ScriptModification/Out-CompressedDll.md
@ -0,0 +1,60 @@
 # Out-CompressedDll
 ## SYNOPSIS
 Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
 PowerSploit Function: Out-CompressedDll  
 Author: Matthew Graeber (@mattifestation)  
 License: BSD 3-Clause  
 Required Dependencies: None  
 Optional Dependencies: None
 ## SYNTAX
 ```
 Out-CompressedDll [-FilePath] <String>
 ```
 ## DESCRIPTION
 Out-CompressedDll outputs code that loads a compressed representation of a managed dll in memory as a byte array.
 ## EXAMPLES
 ### -------------------------- EXAMPLE 1 --------------------------
 ```
 Out-CompressedDll -FilePath evil.dll
 ```
 Description
 -----------
 Compresses, base64 encodes, and outputs the code required to load evil.dll in memory.
 ## PARAMETERS
 ### -FilePath
 Specifies the path to a managed executable.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ## INPUTS
 ## OUTPUTS
 ## NOTES
 Only pure MSIL-based dlls can be loaded using this technique.
 Native or IJW ('it just works' - mixed-mode) dlls will not load.
 ## RELATED LINKS
 [http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html](http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html)
--- a/docs/ScriptModification/Out-EncodedCommand.md
+++ b/docs/ScriptModification/Out-EncodedCommand.md
@ -0,0 +1,186 @@
 # Out-EncodedCommand
 ## SYNOPSIS
 Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
 PowerSploit Function: Out-EncodedCommand  
 Author: Matthew Graeber (@mattifestation)  
 License: BSD 3-Clause  
 Required Dependencies: None  
 Optional Dependencies: None
 ## SYNTAX
 ### FilePath (Default)
 ```
 Out-EncodedCommand [[-Path] <String>] [-NoExit] [-NoProfile] [-NonInteractive] [-Wow64] [-WindowStyle <String>]
 [-EncodedOutput]
 ```
 ### ScriptBlock
 ```
 Out-EncodedCommand [[-ScriptBlock] <ScriptBlock>] [-NoExit] [-NoProfile] [-NonInteractive] [-Wow64]
 [-WindowStyle <String>] [-EncodedOutput]
 ```
 ## DESCRIPTION
 Out-EncodedCommand prepares a PowerShell script such that it can be pasted into a command prompt.
 The scenario for using this tool is the following: You compromise a machine, have a shell and want to execute a PowerShell script as a payload.
 This technique eliminates the need for an interactive PowerShell 'shell' and it bypasses any PowerShell execution policies.
 ## EXAMPLES
 ### -------------------------- EXAMPLE 1 --------------------------
 ```
 Out-EncodedCommand -ScriptBlock {Write-Host 'hello, world!'}
 ```
 powershell -C sal a New-Object;iex(a IO.StreamReader((a IO.Compression.DeflateStream(\[IO.MemoryStream\]\[Convert\]::FromBase64String('Cy/KLEnV9cgvLlFQz0jNycnXUSjPL8pJUVQHAA=='),\[IO.Compression.CompressionMode\]::Decompress)),\[Text.Encoding\]::ASCII)).ReadToEnd()
 ### -------------------------- EXAMPLE 2 --------------------------
 ```
 Out-EncodedCommand -Path C:\EvilPayload.ps1 -NonInteractive -NoProfile -WindowStyle Hidden -EncodedOutput
 ```
 powershell -NoP -NonI -W Hidden -E cwBhAGwAIABhACAATgBlAHcALQBPAGIAagBlAGMAdAA7AGkAZQB4ACgAYQAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgAKABhACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoAFsASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AXQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACcATABjAGkAeABDAHMASQB3AEUAQQBEAFEAWAAzAEUASQBWAEkAYwBtAEwAaQA1AEsAawBGAEsARQA2AGwAQgBCAFIAWABDADgAaABLAE8ATgBwAEwAawBRAEwANAAzACsAdgBRAGgAdQBqAHkAZABBADkAMQBqAHEAcwAzAG0AaQA1AFUAWABkADAAdgBUAG4ATQBUAEMAbQBnAEgAeAA0AFIAMAA4AEoAawAyAHgAaQA5AE0ANABDAE8AdwBvADcAQQBmAEwAdQBYAHMANQA0ADEATwBLAFcATQB2ADYAaQBoADkAawBOAHcATABpAHMAUgB1AGEANABWAGEAcQBVAEkAagArAFUATwBSAHUAVQBsAGkAWgBWAGcATwAyADQAbgB6AFYAMQB3ACsAWgA2AGUAbAB5ADYAWgBsADIAdAB2AGcAPQA9ACcAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkALABbAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA=
 Description
 -----------
 Execute the above payload for the lulz.
 \>D
 ## PARAMETERS
 ### -ScriptBlock
 Specifies a scriptblock containing your payload.
 ```yaml
 Type: ScriptBlock
 Parameter Sets: ScriptBlock
 Aliases: 
 Required: False
 Position: 1
 Default value: None
 Accept pipeline input: True (ByValue)
 Accept wildcard characters: False
 ```
 ### -Path
 Specifies the path to your payload.
 ```yaml
 Type: String
 Parameter Sets: FilePath
 Aliases: 
 Required: False
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -NoExit
 Outputs the option to not exit after running startup commands.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -NoProfile
 Outputs the option to not load the Windows PowerShell profile.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -NonInteractive
 Outputs the option to not present an interactive prompt to the user.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Wow64
 Calls the x86 (Wow64) version of PowerShell on x86_64 Windows installations.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -WindowStyle
 Outputs the option to set the window style to Normal, Minimized, Maximized or Hidden.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -EncodedOutput
 Base-64 encodes the entirety of the output.
 This is usually unnecessary and effectively doubles the size of the output.
 This option is only for those who are extra paranoid.
 ```yaml
 Type: SwitchParameter
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ## INPUTS
 ## OUTPUTS
 ## NOTES
 This cmdlet was inspired by the createcmd.ps1 script introduced during Dave Kennedy and Josh Kelley's talk, "PowerShell...OMFG" (https://www.trustedsec.com/files/PowerShell_PoC.zip)
 ## RELATED LINKS
 [http://www.exploit-monday.com](http://www.exploit-monday.com)
--- a/docs/ScriptModification/Out-EncryptedScript.md
+++ b/docs/ScriptModification/Out-EncryptedScript.md
@ -0,0 +1,148 @@
 # Out-EncryptedScript
 ## SYNOPSIS
 Encrypts text files/scripts.
 PowerSploit Function: Out-EncryptedScript  
 Author: Matthew Graeber (@mattifestation)  
 License: BSD 3-Clause  
 Required Dependencies: None  
 Optional Dependencies: None
 ## SYNTAX
 ```
 Out-EncryptedScript [-ScriptPath] <String> [-Password] <SecureString> [-Salt] <String>
 [[-InitializationVector] <String>] [[-FilePath] <String>]
 ```
 ## DESCRIPTION
 Out-EncryptedScript will encrypt a script (or any text file for that
 matter) and output the results to a minimally obfuscated script -
 evil.ps1 by default.
 ## EXAMPLES
 ### -------------------------- EXAMPLE 1 --------------------------
 ```
 $Password = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
 ```
 Out-EncryptedScript .\Naughty-Script.ps1 $Password salty
 Description
 -----------
 Encrypt the contents of this file with a password and salt.
 This will
 make analysis of the script impossible without the correct password
 and salt combination.
 This command will generate evil.ps1 that can
 dropped onto the victim machine.
 It only consists of a decryption
 function 'de' and the base64-encoded ciphertext.
 ### -------------------------- EXAMPLE 2 --------------------------
 ```
 [String] $cmd = Get-Content .\evil.ps1
 ```
 Invoke-Expression $cmd
 $decrypted = de password salt
 Invoke-Expression $decrypted
 Description
 -----------
 This series of instructions assumes you've already encrypted a script
 and named it evil.ps1.
 The contents are then decrypted and the
 unencrypted script is called via Invoke-Expression
 ## PARAMETERS
 ### -ScriptPath
 Path to this script
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Password
 Password to encrypt/decrypt the script
 ```yaml
 Type: SecureString
 Parameter Sets: (All)
 Aliases: 
 Required: True
 Position: 2
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Salt
 Salt value for encryption/decryption.
 This can be any string value.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: True
 Position: 3
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -InitializationVector
 Specifies a 16-character the initialization vector to be used.
 This
 is randomly generated by default.
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: 4
 Default value: ((1..16 | ForEach-Object {[Char](Get-Random -Min 0x41 -Max 0x5B)}) -join '')
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -FilePath
 {{Fill FilePath Description}}
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: 5
 Default value: .\evil.ps1
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ## INPUTS
 ## OUTPUTS
 ## NOTES
 This command can be used to encrypt any text-based file/script
 ## RELATED LINKS
--- a/docs/ScriptModification/Remove-Comment.md
+++ b/docs/ScriptModification/Remove-Comment.md
@ -0,0 +1,110 @@
 # Remove-Comment
 ## SYNOPSIS
 Strips comments and extra whitespace from a script.
 PowerSploit Function: Remove-Comment  
 Author: Matthew Graeber (@mattifestation)  
 License: BSD 3-Clause  
 Required Dependencies: None  
 Optional Dependencies: None
 ## SYNTAX
 ### FilePath (Default)
 ```
 Remove-Comment [-Path] <String>
 ```
 ### ScriptBlock
 ```
 Remove-Comment [-ScriptBlock] <ScriptBlock>
 ```
 ## DESCRIPTION
 Remove-Comment strips out comments and unnecessary whitespace from a script.
 This is best used in conjunction with Out-EncodedCommand when the size of the script to be encoded might be too big.
 A major portion of this code was taken from the Lee Holmes' Show-ColorizedContent script.
 You rock, Lee!
 ## EXAMPLES
 ### -------------------------- EXAMPLE 1 --------------------------
 ```
 $Stripped = Remove-Comment -Path .\ScriptWithComments.ps1
 ```
 ### -------------------------- EXAMPLE 2 --------------------------
 ```
 Remove-Comment -ScriptBlock {
 ```
 ### This is my awesome script.
 My documentation is beyond reproach!
      Write-Host 'Hello, World!' ### Write 'Hello, World' to the host
 ### End script awesomeness
 }
 Write-Host 'Hello, World!'
 ### -------------------------- EXAMPLE 3 --------------------------
 ```
 Remove-Comment -Path Inject-Shellcode.ps1 | Out-EncodedCommand
 ```
 Description
 -----------
 Removes extraneous whitespace and comments from Inject-Shellcode (which is notoriously large) and pipes the output to Out-EncodedCommand.
 ## PARAMETERS
 ### -Path
 Specifies the path to your script.
 ```yaml
 Type: String
 Parameter Sets: FilePath
 Aliases: 
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -ScriptBlock
 Specifies a scriptblock containing your script.
 ```yaml
 Type: ScriptBlock
 Parameter Sets: ScriptBlock
 Aliases: 
 Required: True
 Position: 1
 Default value: None
 Accept pipeline input: True (ByValue)
 Accept wildcard characters: False
 ```
 ## INPUTS
 ### System.String, System.Management.Automation.ScriptBlock
 Accepts either a string containing the path to a script or a scriptblock.
 ## OUTPUTS
 ### System.Management.Automation.ScriptBlock
 Remove-Comment returns a scriptblock. Call the ToString method to convert a scriptblock to a string, if desired.
 ## NOTES
 ## RELATED LINKS
 [http://www.exploit-monday.com
 http://www.leeholmes.com/blog/2007/11/07/syntax-highlighting-in-powershell/]()
--- a/docs/index.md
+++ b/docs/index.md
@ -15,7 +15,7 @@ Modify and/or prepare scripts for execution on a compromised machine.
    Out-EncodedCommand - Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
    Out-CompressedDll - Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
    Out-EncryptedScript - Encrypts text files/scripts.
-    Remove-Comments - Strips comments and extra whitespace from a script.
+    Remove-Comment - Strips comments and extra whitespace from a script.
 ### Persistence
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -139,3 +139,9 @@ pages:
        - Add-Persistence: 'Persistence/Add-Persistence.md'
        - Install-SSP: 'Persistence/Install-SSP.md'
        - Get-SecurityPackage: 'Persistence/Get-SecurityPackage.md'
 - ScriptModification:
    - Functions:
        - Out-CompressedDll: 'ScriptModification/Out-CompressedDll.md'
        - Out-EncodedCommand: 'ScriptModification/Out-EncodedCommand.md'
        - Out-EncryptedScript: 'ScriptModification/Out-EncryptedScript.md'
        - Remove-Comment: 'ScriptModification/Remove-Comment.md'