debe4a565e
Added Get-MicrophoneAudio.ps1 and associated Pester tests
2016-05-12 10:58:27 -04:00
b01a8127bc
Added volume shadow copy functions to README.md
2015-12-16 16:52:53 -08:00
70f25c90e2
Update README.md
2015-12-16 15:24:18 -08:00
8ab8c49a0d
Added ./Privesc/ folder that integrates PowerUp.ps1
...
Updated README.md's
2015-12-03 21:56:08 -05:00
18b7a10f89
Removing Invoke-ShellcodeMSIL
...
This was only ever intended to be a PoC. I'll bring this back if
requested but it exhibits duplicate functionality.
2015-11-05 13:26:05 -05:00
03ed2adb56
Adding Invoke-WmiCommand
2015-09-23 15:25:39 -07:00
956e4c968a
Moving all RE functionality to PowerShellArsenal
...
https://github.com/mattifestation/PowerShellArsenal
PowerSploit will now stay true to its roots of being a purely offensive
PowerShell module.
2014-11-16 10:26:11 -05:00
0ca33b0347
Added Install-SSP and Get-SecurityPackages
2014-10-01 20:47:14 -04:00
9d412f0d6a
Updating the script style guide #2
2014-09-13 12:39:19 -04:00
6df4cf971b
Updating the script style guide
2014-09-13 12:37:50 -04:00
258c760c61
Adding MBR infector Set-MasterBootRecord
2014-08-29 21:44:14 -04:00
2e00756b59
Removing New-Object proxy function
2014-08-09 20:26:17 -04:00
225fbfbc86
Updated Get-VaultCredential name in README
2014-06-30 17:02:03 -04:00
29a5d48c3f
Adding Mayhem module and Set-CriticalProcess
2014-06-19 20:28:50 -04:00
80ffa19fa3
Removing Watch-BlueScreen
...
This vulnerability was patched a while ago making this function largely
irrelevant.
2014-06-19 20:16:26 -04:00
890247deec
Issue #43 - Adding Get-VaultCredentials
...
Displays Windows vault credential objects including cleartext web
credentials.
2014-05-30 21:22:31 -04:00
5fabddcf1d
Fixed error in PowerSploit ADS removal one-liner
2014-03-16 10:09:52 -04:00
b450a70dbf
Added Get-VolumeShadowCopy and Mount-VolumeShadowCopy
2014-03-01 18:26:31 -05:00
bbd382e52a
#31 Persistence module function nouns are now singular
...
The function names New-UserPersistenceOption and
New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform
to PowerShell naming best practices.
2014-02-23 10:35:55 -05:00
22f0c1b13a
Changed Inject-LogonCredentials name to Invoke-CredentialInjection
2014-02-12 19:44:12 -05:00
92fcfdc384
Add Get-Entropy
2014-02-03 18:37:36 -05:00
7157507d99
Added Capstone Engine PowerShell binding
...
Consider this to be an alpha release until the C# binding is published.
2013-12-22 12:46:39 -05:00
46baff5ef2
Added Inject-LogonCredentials to README
2013-11-18 06:30:19 -05:00
22f232920b
Added Invoke-TokenManipulation to README.md
2013-11-04 05:51:33 -05:00
737fd832e0
Updated usage tip
2013-10-05 08:39:25 -04:00
babad35dae
Added a usage tip
...
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
2013-10-05 08:35:48 -04:00
a6c0c940bf
Slight clarification to license statement
2013-10-05 08:21:07 -04:00
511b682620
Modified license verbiage
2013-10-01 17:47:28 -04:00
70a3a43f24
Added exfil script synopses to README.md
...
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
2013-10-01 17:41:54 -04:00
e62121ea27
Added Get-LibSymbols
...
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
2013-09-29 17:12:16 -04:00
6807da424f
Added ProcessModuleTrace cmdlets
...
Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis.
2013-08-29 19:56:01 +00:00
9bb31fc9b9
Removing Get-PEArchitecture
...
This functionality is present and maintained in Get-PEHeader.
2013-08-17 17:16:38 -04:00
55a6dbd019
Added Get-ObjDump
...
Get-ObjDump parses and return information about one or more Windows
object files. It is similar to dumpbin but it returns objects!
2013-07-09 20:17:01 -04:00
b507290d78
Added Invoke-Portscan to README
2013-07-06 13:38:35 -04:00
371c65c9a7
Updated Get-GPPPassword
2013-07-03 05:46:44 -04:00
717950d00c
Added Get-Keystrokes
...
Get-Keystrokes is a PowerShell keylogger
2013-06-30 11:15:02 -04:00
e210c89f39
Added New-Object proxy function
...
You can provide a CLSID (i.e. a Guid) to New-Object via the -ComObject
parameter in addition to a ProgId.
2013-06-05 22:03:27 -04:00
dfec277813
Added Invoke-ReflectivePEInjection
...
Another awesome addition from Joe Bialek. Invoke-ReflectivePEInjection
is a vast improvement over Invoke-ReflectiveDllInjection. It adds the
following features:
* Now supports loading exe files in memory
* Supports reflective dll injection into a remote process
* Additional sample Visual Studio solutions
2013-05-31 19:35:26 -04:00
af04f7e528
Added Out-Minidump
...
Out-Minidump writes a process dump file with all process memory to disk.
This is similar to running procdump.exe with the '-ma' switch.
2013-05-15 20:54:16 -04:00
2a17b8fb56
Added Watch-BlueScreen
...
Causes a blue-screen (bugcheck) to occur.
2013-05-13 20:01:59 -04:00
ea0dc9a2b8
Added Get-NtSystemInformation
...
Get-NtSystemInformation is a wrapper function for
NtQuerySystemInformation. It is a swiss-army knife tool for obtaining
internal OS information. It can currently be used to query the
following: global flags, handles, objects, kernel pool allocations, and
loaded kernel modules
2013-05-12 10:27:15 -04:00
2224f4dca9
Adding reflective DLL loading capability
...
Adding Invoke-ReflectiveDllInjection. PowerSploit now has reflective DLL
loading capabilities!!! Thanks to Joe Bialek @JosephBialek for writing
this awesome code!
2013-04-06 07:04:16 -04:00
014a7bb421
Adding Invoke-ShellcodeMSIL
...
Invoke-ShellcodeMSIL executes shellcode without making any Win32
function calls.
2013-04-05 14:06:58 -04:00
577be2fea5
Adding Persistence module
2013-04-04 15:10:09 -04:00
46aead39c6
PowerSploit is now a respectable module!
...
PowerSploit just got a complete makeover! It is now comprised of a
collection of modules grouped by category.
2013-01-20 21:40:02 -05:00
710514553b
Updated PowerSploit README with proper markdown
2013-01-20 18:28:52 -05:00
sixdub
PowerShellMafia
Harmj0y
Matt Graeber
bitform