Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Another try at getting readthedocs.io working

This commit is contained in:
HarmJ0y 2016-12-12 21:58:50 -05:00
parent fb90773639
commit 9033f2f544
3 changed files with 469 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
docs/Recon/index.md Normal file
View File

@ -0,0 +1,125 @@
To install this module, drop the entire Recon folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
To use the module, type `Import-Module Recon`
To see the commands imported, type `Get-Command -Module Recon`
For help on each individual command, Get-Help is your friend.
Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
## PowerView
PowerView is a PowerShell tool to gain network situational awareness on
Windows domains. It contains a set of pure-PowerShell replacements for various
windows "net *" commands, which utilize PowerShell AD hooks and underlying
Win32 API functions to perform useful Windows domain functionality.
It also implements various useful metafunctions, including some custom-written
user-hunting functions which will identify where on the network specific users
are logged into. It can also check which machines on the domain the current
user has local administrator access on. Several functions for the enumeration
and abuse of domain trusts also exist. See function descriptions for appropriate
usage and available options. For detailed output of underlying functionality, pass
the -Verbose or -Debug flags.
For functions that enumerate multiple machines, pass the -Verbose flag to get a
progress status as each host is enumerated. Most of the "meta" functions accept
an array of hosts from the pipeline.
### Misc Functions:
Export-PowerViewCSV - thread-safe CSV append
Resolve-IPAddress - resolves a hostname to an IP
ConvertTo-SID - converts a given user/group name to a security identifier (SID)
Convert-ADName - converts object names between a variety of formats
ConvertFrom-UACValue - converts a UAC int value to human readable form
Add-RemoteConnection - pseudo "mounts" a connection to a remote path using the specified credential object
Remove-RemoteConnection - destroys a connection created by New-RemoteConnection
Invoke-UserImpersonation - creates a new "runas /netonly" type logon and impersonates the token
Invoke-RevertToSelf - reverts any token impersonation
Get-DomainSPNTicket - request the kerberos ticket for a specified service principal name (SPN)
Invoke-Kerberoast - requests service tickets for kerberoast-able accounts and returns extracted ticket hashes
Get-PathAcl - get the ACLs for a local/remote file path with optional group recursion
### Domain/LDAP Functions:
Get-DomainDNSZone - enumerates the Active Directory DNS zones for a given domain
Get-DomainDNSRecord - enumerates the Active Directory DNS records for a given zone
Get-Domain - returns the domain object for the current (or specified) domain
Get-DomainController - return the domain controllers for the current (or specified) domain
Get-Forest - returns the forest object for the current (or specified) forest
Get-ForestDomain - return all domains for the current (or specified) forest
Get-ForestGlobalCatalog - return all global catalogs for the current (or specified) forest
Find-DomainObjectPropertyOutlier- inds user/group/computer objects in AD that have 'outlier' properties set
Get-DomainUser - return all users or specific user objects in AD
New-DomainUser - creates a new domain user (assuming appropriate permissions) and returns the user object
Get-DomainUserEvent - enumerates account logon events (ID 4624) and Logon with explicit credential events
Get-DomainComputer - returns all computers or specific computer objects in AD
Get-DomainObject - returns all (or specified) domain objects in AD
Set-DomainObject - modifies a gven property for a specified active directory object
Get-DomainObjectAcl - returns the ACLs associated with a specific active directory object
Add-DomainObjectAcl - adds an ACL for a specific active directory object
Find-InterestingDomainAcl - finds object ACLs in the current (or specified) domain with modification rights set to non-built in objects
Get-DomainOU - search for all organization units (OUs) or specific OU objects in AD
Get-DomainSite - search for all sites or specific site objects in AD
Get-DomainSubnet - search for all subnets or specific subnets objects in AD
Get-DomainSID - returns the SID for the current domain or the specified domain
Get-DomainGroup - return all groups or specific group objects in AD
New-DomainGroup - creates a new domain group (assuming appropriate permissions) and returns the group object
Get-DomainManagedSecurityGroup - returns all security groups in the current (or target) domain that have a manager set
Get-DomainGroupMember - return the members of a specific domain group
Add-DomainGroupMember - adds a domain user (or group) to an existing domain group, assuming appropriate permissions to do so
Get-DomainFileServer - returns a list of servers likely functioning as file servers
Get-DomainDFSShare - returns a list of all fault-tolerant distributed file systems for the current (or specified) domain
### GPO functions
Get-DomainGPO - returns all GPOs or specific GPO objects in AD
Get-DomainGPOLocalGroup - returns all GPOs in a domain that modify local group memberships through 'Restricted Groups' or Group Policy preferences
Get-DomainGPOUserLocalGroupMapping - enumerates the machines where a specific domain user/group is a member of a specific local group, all through GPO correlation
Get-DomainGPOComputerLocalGroupMapping - takes a computer (or GPO) object and determines what users/groups are in the specified local group for the machine through GPO correlation
Get-DomainPolicy - returns the default domain policy or the domain controller policy for the current domain or a specified domain/domain controller
### Computer Enumeration Functions
Get-NetLocalGroup - enumerates the local groups on the local (or remote) machine
Get-NetLocalGroupMember - enumerates members of a specific local group on the local (or remote) machine
Get-NetShare - returns open shares on the local (or a remote) machine
Get-NetLoggedon - returns users logged on the local (or a remote) machine
Get-NetSession - returns session information for the local (or a remote) machine
Get-RegLoggedOn - returns who is logged onto the local (or a remote) machine through enumeration of remote registry keys
Get-NetRDPSession - returns remote desktop/session information for the local (or a remote) machine
Test-AdminAccess - rests if the current user has administrative access to the local (or a remote) machine
Get-NetComputerSiteName - returns the AD site where the local (or a remote) machine resides
Get-WMIRegProxy - enumerates the proxy server and WPAD conents for the current user
Get-WMIRegLastLoggedOn - returns the last user who logged onto the local (or a remote) machine
Get-WMIRegCachedRDPConnection - returns information about RDP connections outgoing from the local (or remote) machine
Get-WMIRegMountedDrive - returns information about saved network mounted drives for the local (or remote) machine
Get-WMIProcess - returns a list of processes and their owners on the local or remote machine
Find-InterestingFile - searches for files on the given path that match a series of specified criteria
### Threaded 'Meta'-Functions
Find-DomainUserLocation - finds domain machines where specific users are logged into
Find-DomainProcess - finds domain machines where specific processes are currently running
Find-DomainUserEvent - finds logon events on the current (or remote domain) for the specified users
Find-DomainShare - finds reachable shares on domain machines
Find-InterestingDomainShareFile - searches for files matching specific criteria on readable shares in the domain
Find-LocalAdminAccess - finds machines on the local domain where the current user has local administrator access
Find-DomainLocalGroupMember - enumerates the members of specified local group on machines in the domain
### Domain Trust Functions:
Get-DomainTrust - returns all domain trusts for the current domain or a specified domain
Get-ForestTrust - returns all forest trusts for the current forest or a specified forest
Get-DomainForeignUser - enumerates users who are in groups outside of the user's domain
Get-DomainForeignGroupMember - enumerates groups with users outside of the group's domain and returns each foreign member
Get-DomainTrustMapping - this function enumerates all trusts for the current domain and then enumerates all trusts for each domain it finds

264
docs/index.md Normal file
View File

@ -0,0 +1,264 @@
### PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:
## CodeExecution
**Execute code on a target machine.**
#### `Invoke-DllInjection`
Injects a Dll into the process ID of your choosing.
#### `Invoke-ReflectivePEInjection`
Reflectively loads a Windows PE file (DLL/EXE) in to the powershell process, or reflectively injects a DLL in to a remote process.
#### `Invoke-Shellcode`
Injects shellcode into the process ID of your choosing or within PowerShell locally.
#### `Invoke-WmiCommand`
Executes a PowerShell ScriptBlock on a target computer and returns its formatted output using WMI as a C2 channel.
## ScriptModification
**Modify and/or prepare scripts for execution on a compromised machine.**
#### `Out-EncodedCommand`
Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
#### `Out-CompressedDll`
Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
#### `Out-EncryptedScript`
Encrypts text files/scripts.
#### `Remove-Comments`
Strips comments and extra whitespace from a script.
## Persistence
**Add persistence capabilities to a PowerShell script**
#### `New-UserPersistenceOption`
Configure user-level persistence options for the Add-Persistence function.
#### `New-ElevatedPersistenceOption`
Configure elevated persistence options for the Add-Persistence function.
#### `Add-Persistence`
Add persistence capabilities to a script.
#### `Install-SSP`
Installs a security support provider (SSP) dll.
#### `Get-SecurityPackages`
Enumerates all loaded security packages (SSPs).
## AntivirusBypass
**AV doesn't stand a chance against PowerShell!**
#### `Find-AVSignature`
Locates single Byte AV signatures utilizing the same method as DSplit from "class101".
## Exfiltration
**All your data belong to me!**
#### `Invoke-TokenManipulation`
Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.
#### `Invoke-CredentialInjection`
Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon).
#### `Invoke-NinjaCopy`
Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
#### `Invoke-Mimikatz`
Reflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz.
#### `Get-Keystrokes`
Logs keys pressed, time and the active window.
#### `Get-GPPPassword`
Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
#### `Get-GPPAutologon`
Retrieves autologon username and password from registry.xml if pushed through Group Policy Preferences.
#### `Get-TimedScreenshot`
A function that takes screenshots at a regular interval and saves them to a folder.
#### `New-VolumeShadowCopy`
Creates a new volume shadow copy.
#### `Get-VolumeShadowCopy`
Lists the device paths of all local volume shadow copies.
#### `Mount-VolumeShadowCopy`
Mounts a volume shadow copy.
#### `Remove-VolumeShadowCopy`
Deletes a volume shadow copy.
#### `Get-VaultCredential`
Displays Windows vault credential objects including cleartext web credentials.
#### `Out-Minidump`
Generates a full-memory minidump of a process.
#### 'Get-MicrophoneAudio'
Records audio from system microphone and saves to disk
## Mayhem
**Cause general mayhem with PowerShell.**
#### `Set-MasterBootRecord`
Proof of concept code that overwrites the master boot record with the
message of your choice.
#### `Set-CriticalProcess`
Causes your machine to blue screen upon exiting PowerShell.
## Privesc
**Tools to help with escalating privileges on a target.**
#### `PowerUp`
Clearing house of common privilege escalation checks, along with some weaponization vectors.
## Recon
**Tools to aid in the reconnaissance phase of a penetration test.**
#### `Invoke-Portscan`
Does a simple port scan using regular sockets, based (pretty) loosely on nmap.
#### `Get-HttpStatus`
Returns the HTTP Status Codes and full URL for specified paths when provided with a dictionary file.
#### `Invoke-ReverseDnsLookup`
Scans an IP address range for DNS PTR records.
#### `PowerView`
PowerView is series of functions that performs network and Windows domain enumeration and exploitation.
## Recon\Dictionaries
**A collection of dictionaries used to aid in the reconnaissance phase of a penetration test. Dictionaries were taken from the following sources.**
* admin.txt - <http://cirt.net/nikto2/>
* generic.txt - <http://sourceforge.net/projects/yokoso/files/yokoso-0.1/>
* sharepoint.txt - <http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity-project/>
## License
The PowerSploit project and all individual scripts are under the [BSD 3-Clause license](https://raw.github.com/mattifestation/PowerSploit/master/LICENSE) unless explicitly noted otherwise.
## Usage
Refer to the comment-based help in each individual script for detailed usage information.
To install this module, drop the entire PowerSploit folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
To use the module, type `Import-Module PowerSploit`
To see the commands imported, type `Get-Command -Module PowerSploit`
If you're running PowerShell v3 and you want to remove the annoying 'Do you really want to run scripts downloaded from the Internet' warning, once you've placed PowerSploit into your module path, run the following one-liner:
`$Env:PSModulePath.Split(';') |
% { if ( Test-Path (Join-Path $_ PowerSploit) )
{Get-ChildItem $_ -Recurse | Unblock-File} }`
For help on each individual command, Get-Help is your friend.
Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
## Contribution Rules
We need contributions! If you have a great idea for PowerSploit, we'd love to add it. New additions will require the following:
* The script must adhere to the style guide. Any exceptions to the guide line would need an explicit, valid reason.
* The module manifest needs to be updated to reflect the new function being added.
* A brief description of the function should be added to this README.md
* Pester tests must accompany all new functions. See the Tests folder for examples but we are looking for tests that at least cover the basics by testing for expected/unexpected input/output and that the function exhibits desired functionality. Make sure the function is passing all tests (preferably in mutiple OSes) prior to submitting a pull request. Thanks!
## Script Style Guide
**For all contributors and future contributors to PowerSploit, I ask that you follow this style guide when writing your scripts/modules.**
* Avoid Write-Host **at all costs**. PowerShell functions/cmdlets are not command-line utilities! Pull requests containing code that uses Write-Host will not be considered. You should output custom objects instead. For more information on creating custom objects, read these articles:
* <http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/19/create-custom-objects-in-your-powershell-script.aspx>
* <http://technet.microsoft.com/en-us/library/ff730946.aspx>
* If you want to display relevant debugging information to the screen, use Write-Verbose. The user can always just tack on '-Verbose'.
* Always provide descriptive, comment-based help for every script. Also, be sure to include your name and a BSD 3-Clause license (unless there are extenuating circumstances that prevent the application of the BSD license).
* Make sure all functions follow the proper PowerShell verb-noun agreement. Use Get-Verb to list the default verbs used by PowerShell. Exceptions to supported verbs will be considered on a case-by-case basis.
* I prefer that variable names be capitalized and be as descriptive as possible.
* Provide logical spacing in between your code. Indent your code to make it more readable.
* If you find yourself repeating code, write a function.
* Catch all anticipated errors and provide meaningful output. If you have an error that should stop execution of the script, use 'Throw'. If you have an error that doesn't need to stop execution, use Write-Error.
* If you are writing a script that interfaces with the Win32 API, try to avoid compiling C# inline with Add-Type. Try to use the PSReflect module, if possible.
* Do not use hardcoded paths. A script should be useable right out of the box. No one should have to modify the code unless they want to.
* PowerShell v2 compatibility is highly desired.
* Use positional parameters and make parameters mandatory when it makes sense to do so. For example, I'm looking for something like the following:
* `[Parameter(Position = 0, Mandatory = $True)]`
* Don't use any aliases unless it makes sense for receiving pipeline input. They make code more difficult to read for people who are unfamiliar with a particular alias.
* Try not to let commands run on for too long. For example, a pipeline is a natural place for a line break.
* Don't go overboard with inline comments. Only use them when certain aspects of the code might be confusing to a reader.
* Rather than using Out-Null to suppress unwanted/irrelevant output, save the unwanted output to $null. Doing so provides a slight performance enhancement.
* Use default values for your parameters when it makes sense. Ideally, you want a script that will work without requiring any parameters.
* If a script creates complex custom objects, include a ps1xml file that will properly format the object's output.

160
mkdocs.yml
View File

@ -1,85 +1,85 @@
site_name: PowerSploit site_name: PowerSploit
repo_url: https://github.com/PowerShellMafia/PowerSploit/tree/dev repo_url: https://github.com/PowerShellMafia/PowerSploit/
site_favicon: favicon.ico site_favicon: favicon.ico
pages: pages:
- Home: 'README.md' - Home: 'index.md'
- Recon : 'Recon/README.md' - Recon : 'Recon/index.md'
- Export-PowerViewCSV: 'docs/Recon/Export-PowerViewCSV.md' - Export-PowerViewCSV: 'Recon/Export-PowerViewCSV.md'
- Resolve-IPAddress: 'docs/Recon/Resolve-IPAddress.md' - Resolve-IPAddress: 'Recon/Resolve-IPAddress.md'
- ConvertTo-SID: 'docs/Recon/ConvertTo-SID.md' - ConvertTo-SID: 'Recon/ConvertTo-SID.md'
- ConvertFrom-SID: 'docs/Recon/ConvertFrom-SID.md' - ConvertFrom-SID: 'Recon/ConvertFrom-SID.md'
- Convert-ADName: 'docs/Recon/Convert-ADName.md' - Convert-ADName: 'Recon/Convert-ADName.md'
- ConvertFrom-UACValue: 'docs/Recon/ConvertFrom-UACValue.md' - ConvertFrom-UACValue: 'Recon/ConvertFrom-UACValue.md'
- Add-RemoteConnection: 'docs/Recon/Add-RemoteConnection.md' - Add-RemoteConnection: 'Recon/Add-RemoteConnection.md'
- Remove-RemoteConnection: 'docs/Recon/Remove-RemoteConnection.md' - Remove-RemoteConnection: 'Recon/Remove-RemoteConnection.md'
- Invoke-UserImpersonation: 'docs/Recon/Invoke-UserImpersonation.md' - Invoke-UserImpersonation: 'Recon/Invoke-UserImpersonation.md'
- Invoke-RevertToSelf: 'docs/Recon/Invoke-RevertToSelf.md' - Invoke-RevertToSelf: 'Recon/Invoke-RevertToSelf.md'
- Get-DomainSPNTicket: 'docs/Recon/Get-DomainSPNTicket.md' - Get-DomainSPNTicket: 'Recon/Get-DomainSPNTicket.md'
- Invoke-Kerberoast: 'docs/Recon/Invoke-Kerberoast.md' - Invoke-Kerberoast: 'Recon/Invoke-Kerberoast.md'
- Get-PathAcl: 'docs/Recon/Get-PathAcl.md' - Get-PathAcl: 'Recon/Get-PathAcl.md'
- Get-DomainDNSZone: 'docs/Recon/Get-DomainDNSZone.md' - Get-DomainDNSZone: 'Recon/Get-DomainDNSZone.md'
- Get-DomainDNSRecord: 'docs/Recon/Get-DomainDNSRecord.md' - Get-DomainDNSRecord: 'Recon/Get-DomainDNSRecord.md'
- Get-Domain: 'docs/Recon/Get-Domain.md' - Get-Domain: 'Recon/Get-Domain.md'
- Get-DomainController: 'docs/Recon/Get-DomainController.md' - Get-DomainController: 'Recon/Get-DomainController.md'
- Get-Forest: 'docs/Recon/Get-Forest.md' - Get-Forest: 'Recon/Get-Forest.md'
- Get-ForestDomain: 'docs/Recon/Get-ForestDomain.md' - Get-ForestDomain: 'Recon/Get-ForestDomain.md'
- Get-ForestGlobalCatalog: 'docs/Recon/Get-ForestGlobalCatalog.md' - Get-ForestGlobalCatalog: 'Recon/Get-ForestGlobalCatalog.md'
- Find-DomainObjectPropertyOutlier: 'docs/Recon/Find-DomainObjectPropertyOutlier.md' - Find-DomainObjectPropertyOutlier: 'Recon/Find-DomainObjectPropertyOutlier.md'
- Get-DomainUser: 'docs/Recon/Get-DomainUser.md' - Get-DomainUser: 'Recon/Get-DomainUser.md'
- New-DomainUser: 'docs/Recon/New-DomainUser.md' - New-DomainUser: 'Recon/New-DomainUser.md'
- Get-DomainUserEvent: 'docs/Recon/Get-DomainUserEvent.md' - Get-DomainUserEvent: 'Recon/Get-DomainUserEvent.md'
- Get-DomainComputer: 'docs/Recon/Get-DomainComputer.md' - Get-DomainComputer: 'Recon/Get-DomainComputer.md'
- Get-DomainObject: 'docs/Recon/Get-DomainObject.md' - Get-DomainObject: 'Recon/Get-DomainObject.md'
- Set-DomainObject: 'docs/Recon/Set-DomainObject.md' - Set-DomainObject: 'Recon/Set-DomainObject.md'
- Get-DomainObjectAcl: 'docs/Recon/Get-DomainObjectAcl.md' - Get-DomainObjectAcl: 'Recon/Get-DomainObjectAcl.md'
- Add-DomainObjectAcl: 'docs/Recon/Add-DomainObjectAcl.md' - Add-DomainObjectAcl: 'Recon/Add-DomainObjectAcl.md'
- Find-InterestingDomainAcl: 'docs/Recon/Find-InterestingDomainAcl.md' - Find-InterestingDomainAcl: 'Recon/Find-InterestingDomainAcl.md'
- Get-DomainOU: 'docs/Recon/Get-DomainOU.md' - Get-DomainOU: 'Recon/Get-DomainOU.md'
- Get-DomainSite: 'docs/Recon/Get-DomainSite.md' - Get-DomainSite: 'Recon/Get-DomainSite.md'
- Get-DomainSubnet: 'docs/Recon/Get-DomainSubnet.md' - Get-DomainSubnet: 'Recon/Get-DomainSubnet.md'
- Get-DomainSID: 'docs/Recon/Get-DomainSID.md' - Get-DomainSID: 'Recon/Get-DomainSID.md'
- Get-DomainGroup: 'docs/Recon/Get-DomainGroup.md' - Get-DomainGroup: 'Recon/Get-DomainGroup.md'
- New-DomainGroup: 'docs/Recon/New-DomainGroup.md' - New-DomainGroup: 'Recon/New-DomainGroup.md'
- Get-DomainManagedSecurityGroup: 'docs/Recon/Get-DomainManagedSecurityGroup.md' - Get-DomainManagedSecurityGroup: 'Recon/Get-DomainManagedSecurityGroup.md'
- Get-DomainGroupMember: 'docs/Recon/Get-DomainGroupMember.md' - Get-DomainGroupMember: 'Recon/Get-DomainGroupMember.md'
- Add-DomainGroupMember: 'docs/Recon/Add-DomainGroupMember.md' - Add-DomainGroupMember: 'Recon/Add-DomainGroupMember.md'
- Get-DomainFileServer: 'docs/Recon/Get-DomainFileServer.md' - Get-DomainFileServer: 'Recon/Get-DomainFileServer.md'
- Get-DomainDFSShare: 'docs/Recon/Get-DomainDFSShare.md' - Get-DomainDFSShare: 'Recon/Get-DomainDFSShare.md'
- Get-DomainGPO: 'docs/Recon/Get-DomainGPO.md' - Get-DomainGPO: 'Recon/Get-DomainGPO.md'
- Get-DomainGPOLocalGroup: 'docs/Recon/Get-DomainGPOLocalGroup.md' - Get-DomainGPOLocalGroup: 'Recon/Get-DomainGPOLocalGroup.md'
- Get-DomainGPOUserLocalGroupMapping: 'docs/Recon/Get-DomainGPOUserLocalGroupMapping.md' - Get-DomainGPOUserLocalGroupMapping: 'Recon/Get-DomainGPOUserLocalGroupMapping.md'
- Get-DomainGPOComputerLocalGroupMapping: 'docs/Recon/Get-DomainGPOComputerLocalGroupMapping.md' - Get-DomainGPOComputerLocalGroupMapping: 'Recon/Get-DomainGPOComputerLocalGroupMapping.md'
- Get-DomainPolicy: 'docs/Recon/Get-DomainPolicy.md' - Get-DomainPolicy: 'Recon/Get-DomainPolicy.md'
- Get-NetLocalGroup: 'docs/Recon/Get-NetLocalGroup.md' - Get-NetLocalGroup: 'Recon/Get-NetLocalGroup.md'
- Get-NetLocalGroupMember: 'docs/Recon/Get-NetLocalGroupMember.md' - Get-NetLocalGroupMember: 'Recon/Get-NetLocalGroupMember.md'
- Get-NetShare: 'docs/Recon/Get-NetShare.md' - Get-NetShare: 'Recon/Get-NetShare.md'
- Get-NetLoggedon: 'docs/Recon/Get-NetLoggedon.md' - Get-NetLoggedon: 'Recon/Get-NetLoggedon.md'
- Get-NetSession: 'docs/Recon/Get-NetSession.md' - Get-NetSession: 'Recon/Get-NetSession.md'
- Get-RegLoggedOn: 'docs/Recon/Get-RegLoggedOn.md' - Get-RegLoggedOn: 'Recon/Get-RegLoggedOn.md'
- Get-NetRDPSession: 'docs/Recon/Get-NetRDPSession.md' - Get-NetRDPSession: 'Recon/Get-NetRDPSession.md'
- Test-AdminAccess: 'docs/Recon/Test-AdminAccess.md' - Test-AdminAccess: 'Recon/Test-AdminAccess.md'
- Get-NetComputerSiteName: 'docs/Recon/Get-NetComputerSiteName.md' - Get-NetComputerSiteName: 'Recon/Get-NetComputerSiteName.md'
- Get-WMIRegProxy: 'docs/Recon/Get-WMIRegProxy.md' - Get-WMIRegProxy: 'Recon/Get-WMIRegProxy.md'
- Get-WMIRegLastLoggedOn: 'docs/Recon/Get-WMIRegLastLoggedOn.md' - Get-WMIRegLastLoggedOn: 'Recon/Get-WMIRegLastLoggedOn.md'
- Get-WMIRegCachedRDPConnection: 'docs/Recon/Get-WMIRegCachedRDPConnection.md' - Get-WMIRegCachedRDPConnection: 'Recon/Get-WMIRegCachedRDPConnection.md'
- Get-WMIRegMountedDrive: 'docs/Recon/Get-WMIRegMountedDrive.md' - Get-WMIRegMountedDrive: 'Recon/Get-WMIRegMountedDrive.md'
- Get-WMIProcess: 'docs/Recon/Get-WMIProcess.md' - Get-WMIProcess: 'Recon/Get-WMIProcess.md'
- Find-InterestingFile: 'docs/Recon/Find-InterestingFile.md' - Find-InterestingFile: 'Recon/Find-InterestingFile.md'
- Find-DomainUserLocation: 'docs/Recon/Find-DomainUserLocation.md' - Find-DomainUserLocation: 'Recon/Find-DomainUserLocation.md'
- Find-DomainProcess: 'docs/Recon/Find-DomainProcess.md' - Find-DomainProcess: 'Recon/Find-DomainProcess.md'
- Find-DomainUserEvent: 'docs/Recon/Find-DomainUserEvent.md' - Find-DomainUserEvent: 'Recon/Find-DomainUserEvent.md'
- Find-DomainShare: 'docs/Recon/Find-DomainShare.md' - Find-DomainShare: 'Recon/Find-DomainShare.md'
- Find-InterestingDomainShareFile: 'docs/Recon/Find-InterestingDomainShareFile.md' - Find-InterestingDomainShareFile: 'Recon/Find-InterestingDomainShareFile.md'
- Find-LocalAdminAccess: 'docs/Recon/Find-LocalAdminAccess.md' - Find-LocalAdminAccess: 'Recon/Find-LocalAdminAccess.md'
- Find-DomainLocalGroupMember: 'docs/Recon/Find-DomainLocalGroupMember.md' - Find-DomainLocalGroupMember: 'Recon/Find-DomainLocalGroupMember.md'
- Get-DomainTrust: 'docs/Recon/Get-DomainTrust.md' - Get-DomainTrust: 'Recon/Get-DomainTrust.md'
- Get-ForestTrust: 'docs/Recon/Get-ForestTrust.md' - Get-ForestTrust: 'Recon/Get-ForestTrust.md'
- Get-DomainForeignUser: 'docs/Recon/Get-DomainForeignUser.md' - Get-DomainForeignUser: 'Recon/Get-DomainForeignUser.md'
- Get-DomainForeignGroupMember: 'docs/Recon/Get-DomainForeignGroupMember.md' - Get-DomainForeignGroupMember: 'Recon/Get-DomainForeignGroupMember.md'
- Get-DomainTrustMapping: 'docs/Recon/Get-DomainTrustMapping.md' - Get-DomainTrustMapping: 'Recon/Get-DomainTrustMapping.md'
- Get-ComputerDetails: 'docs/Recon/Get-ComputerDetails.md' - Get-ComputerDetails: 'Recon/Get-ComputerDetails.md'
- Get-HttpStatus: 'docs/Recon/Get-HttpStatus.md' - Get-HttpStatus: 'Recon/Get-HttpStatus.md'
- Invoke-Portscan: 'docs/Recon/Invoke-Portscan.md' - Invoke-Portscan: 'Recon/Invoke-Portscan.md'
- Invoke-ReverseDnsLookup: 'docs/Recon/Invoke-ReverseDnsLookup.md' - Invoke-ReverseDnsLookup: 'Recon/Invoke-ReverseDnsLookup.md'
- About: - About:
- License: 'LICENSE.md' - License: 'LICENSE.md'