Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
495 Commits 2 Branches 2 Tags 16 MiB
Commit Graph

48 Commits

Author SHA1 Message Date
HarmJ0y 59e6f94e76 For ./ScriptModification/ : 
-PSScriptAnalyzering
    -Tweaking of synopsis blocks in order to support platyPS
    -Code standardization
    -Generated docs
 2016-12-14 18:50:58 -05:00
HarmJ0y f4f5fb1460 Added Set-DomainUserPassword to reset a particular user's password. 
Reformatted documentation.
 2016-12-13 16:00:28 -05:00
Oddvar Moe de955ef270 Added Get-GPPAutologon.ps1 2016-11-21 20:16:02 +01:00
PowerShellMafia b01a8127bc Added volume shadow copy functions to README.md 2015-12-16 16:52:53 -08:00
PowerShellMafia 70f25c90e2 Update README.md 2015-12-16 15:24:18 -08:00
Harmj0y 8ab8c49a0d Added ./Privesc/ folder that integrates PowerUp.ps1 
Updated README.md's
 2015-12-03 21:56:08 -05:00
Matt Graeber 18b7a10f89 Removing Invoke-ShellcodeMSIL 
This was only ever intended to be a PoC. I'll bring this back if
requested but it exhibits duplicate functionality.
 2015-11-05 13:26:05 -05:00
Matt Graeber 03ed2adb56 Adding Invoke-WmiCommand 2015-09-23 15:25:39 -07:00
mattifestation 956e4c968a Moving all RE functionality to PowerShellArsenal 
https://github.com/mattifestation/PowerShellArsenal

PowerSploit will now stay true to its roots of being a purely offensive
PowerShell module.
 2014-11-16 10:26:11 -05:00
mattifestation 0ca33b0347 Added Install-SSP and Get-SecurityPackages 2014-10-01 20:47:14 -04:00
mattifestation 9d412f0d6a Updating the script style guide #2 2014-09-13 12:39:19 -04:00
mattifestation 6df4cf971b Updating the script style guide 2014-09-13 12:37:50 -04:00
mattifestation 258c760c61 Adding MBR infector Set-MasterBootRecord 2014-08-29 21:44:14 -04:00
mattifestation 2e00756b59 Removing New-Object proxy function 2014-08-09 20:26:17 -04:00
mattifestation 225fbfbc86 Updated Get-VaultCredential name in README 2014-06-30 17:02:03 -04:00
mattifestation 29a5d48c3f Adding Mayhem module and Set-CriticalProcess 2014-06-19 20:28:50 -04:00
mattifestation 80ffa19fa3 Removing Watch-BlueScreen 
This vulnerability was patched a while ago making this function largely
irrelevant.
 2014-06-19 20:16:26 -04:00
mattifestation 890247deec Issue #43 - Adding Get-VaultCredentials 
Displays Windows vault credential objects including cleartext web
credentials.
 2014-05-30 21:22:31 -04:00
mattifestation 5fabddcf1d Fixed error in PowerSploit ADS removal one-liner 2014-03-16 10:09:52 -04:00
mattifestation b450a70dbf Added Get-VolumeShadowCopy and Mount-VolumeShadowCopy 2014-03-01 18:26:31 -05:00
mattifestation bbd382e52a #31 Persistence module function nouns are now singular 
The function names New-UserPersistenceOption and
New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform
to PowerShell naming best practices.
 2014-02-23 10:35:55 -05:00
mattifestation 22f0c1b13a Changed Inject-LogonCredentials name to Invoke-CredentialInjection 2014-02-12 19:44:12 -05:00
mattifestation 92fcfdc384 Add Get-Entropy 2014-02-03 18:37:36 -05:00
mattifestation 7157507d99 Added Capstone Engine PowerShell binding 
Consider this to be an alpha release until the C# binding is published.
 2013-12-22 12:46:39 -05:00
mattifestation 46baff5ef2 Added Inject-LogonCredentials to README 2013-11-18 06:30:19 -05:00
mattifestation 22f232920b Added Invoke-TokenManipulation to README.md 2013-11-04 05:51:33 -05:00
mattifestation 737fd832e0 Updated usage tip 2013-10-05 08:39:25 -04:00
mattifestation babad35dae Added a usage tip 
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
 2013-10-05 08:35:48 -04:00
mattifestation a6c0c940bf Slight clarification to license statement 2013-10-05 08:21:07 -04:00
mattifestation 511b682620 Modified license verbiage 2013-10-01 17:47:28 -04:00
mattifestation 70a3a43f24 Added exfil script synopses to README.md 
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
 2013-10-01 17:41:54 -04:00
mattifestation e62121ea27 Added Get-LibSymbols 
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
 2013-09-29 17:12:16 -04:00
mattifestation 6807da424f Added ProcessModuleTrace cmdlets 
Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis.
 2013-08-29 19:56:01 +00:00
Matt Graeber 9bb31fc9b9 Removing Get-PEArchitecture 
This functionality is present and maintained in Get-PEHeader.
 2013-08-17 17:16:38 -04:00
Matt Graeber 55a6dbd019 Added Get-ObjDump 
Get-ObjDump parses and return information about one or more Windows
object files. It is similar to dumpbin but it returns objects!
 2013-07-09 20:17:01 -04:00
Matt Graeber b507290d78 Added Invoke-Portscan to README 2013-07-06 13:38:35 -04:00
Matt Graeber 371c65c9a7 Updated Get-GPPPassword 2013-07-03 05:46:44 -04:00
Matt Graeber 717950d00c Added Get-Keystrokes 
Get-Keystrokes is a PowerShell keylogger
 2013-06-30 11:15:02 -04:00
Matt Graeber e210c89f39 Added New-Object proxy function 
You can provide a CLSID (i.e. a Guid) to New-Object via the -ComObject
parameter in addition to a ProgId.
 2013-06-05 22:03:27 -04:00
Matt Graeber dfec277813 Added Invoke-ReflectivePEInjection 
Another awesome addition from Joe Bialek. Invoke-ReflectivePEInjection
is a vast improvement over Invoke-ReflectiveDllInjection. It adds the
following features:

* Now supports loading exe files in memory
* Supports reflective dll injection into a remote process
* Additional sample Visual Studio solutions
 2013-05-31 19:35:26 -04:00
Matt Graeber af04f7e528 Added Out-Minidump 
Out-Minidump writes a process dump file with all process memory to disk.
This is similar to running procdump.exe with the '-ma' switch.
 2013-05-15 20:54:16 -04:00
Matt Graeber 2a17b8fb56 Added Watch-BlueScreen 
Causes a blue-screen (bugcheck) to occur.
 2013-05-13 20:01:59 -04:00
Matt Graeber ea0dc9a2b8 Added Get-NtSystemInformation 
Get-NtSystemInformation is a wrapper function for
NtQuerySystemInformation. It is a swiss-army knife tool for obtaining
internal OS information. It can currently be used to query the
following: global flags, handles, objects, kernel pool allocations, and
loaded kernel modules
 2013-05-12 10:27:15 -04:00
Matt Graeber 2224f4dca9 Adding reflective DLL loading capability 
Adding Invoke-ReflectiveDllInjection. PowerSploit now has reflective DLL
loading capabilities!!! Thanks to Joe Bialek @JosephBialek for writing
this awesome code!
 2013-04-06 07:04:16 -04:00
Matt Graeber 014a7bb421 Adding Invoke-ShellcodeMSIL 
Invoke-ShellcodeMSIL executes shellcode without making any Win32
function calls.
 2013-04-05 14:06:58 -04:00
Matt Graeber 577be2fea5 Adding Persistence module 2013-04-04 15:10:09 -04:00
bitform 46aead39c6 PowerSploit is now a respectable module! 
PowerSploit just got a complete makeover! It is now comprised of a
collection of modules grouped by category.
 2013-01-20 21:40:02 -05:00
bitform 710514553b Updated PowerSploit README with proper markdown 2013-01-20 18:28:52 -05:00