diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 57 |
1 files changed, 53 insertions, 4 deletions
@@ -68,14 +68,26 @@ Add persistence capabilities to a script. An in-memory and on-disk PE parsing utility. -#### `Get-PEArchitecture` +#### `Get-ObjDump` -Returns the architecture for which an executable was compiled. +Displays information about one or more Windows object files. + +#### `Get-LibSymbols` + +Displays symbolic information from Windows lib files. #### `Get-DllLoadPath` Returns the path from which Windows will load a Dll for the given executable. +## Capstone + +**A PowerShell binding for the Capstone Engine disassembly framework.** + +#### `Get-CSDisassembly` + +Disassembles a byte array using the Capstone Engine disassembly framework. + ## ReverseEngineering **Tools to aid in reverse engineering.** @@ -116,6 +128,18 @@ Converts the bytes of a file to a string that has a 1-to-1 mapping back to the f Get the unmanaged function address of a .NET method. +#### `Register-ProcessModuleTrace` + +Starts a trace of loaded process modules + +#### `Get-ProcessModuleTrace` + +Displays the process modules that have been loaded since the call to Register-ProcessModuleTrace + +#### `Unregister-ProcessModuleTrace` + +Stops the running process module trace + ## AntivirusBypass **AV doesn't stand a chance against PowerShell!** @@ -128,6 +152,22 @@ Locates single Byte AV signatures utilizing the same method as DSplit from "clas **All your data belong to me!** +#### `Invoke-TokenManipulation` + +Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread. + +#### `Inject-LogonCredentials` + +Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon). + +#### `Invoke-NinjaCopy` + +Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures. + +#### `Invoke-Mimikatz` + +Reflectively loads Mimikatz 1.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz. + #### `Get-Keystrokes` Logs keys pressed, time and the active window. @@ -148,6 +188,10 @@ Generates a full-memory minidump of a process. **Tools to aid in the reconnaissance phase of a penetration test.** +#### `Invoke-Portscan` + +Does a simple port scan using regular sockets, based (pretty) loosely on nmap. + #### `Get-HttpStatus` Returns the HTTP Status Codes and full URL for specified paths when provided with a dictionary file. @@ -166,7 +210,7 @@ Scans an IP address range for DNS PTR records. This script is useful for perform ## License -The PowerSploit project and all individual scripts are under the [BSD 3-Clause license](https://raw.github.com/mattifestation/PowerSploit/master/LICENSE). +The PowerSploit project and all individual scripts are under the [BSD 3-Clause license](https://raw.github.com/mattifestation/PowerSploit/master/LICENSE) unless explicitly noted otherwise. ## Usage @@ -181,6 +225,11 @@ To use the module, type `Import-Module PowerSploit` To see the commands imported, type `Get-Command -Module PowerSploit` +If you're running PowerShell v3 and you want to remove the annoying 'Do you really want to run scripts downloaded from the Internet' warning, once you've placed PowerSploit into your module path, run the following one-liner: +`$Env:PSModulePath.Split(';') | + % { if ( Test-Path (Join-Path $_ PowerSploit) ) + {Get-ChildItem -Recurse | Unblock-File} }` + For help on each individual command, Get-Help is your friend. Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability. @@ -195,7 +244,7 @@ Note: The tools contained within this module were all designed such that they ca * If you want to display relevant debugging information to the screen, use Write-Verbose. The user can always just tack on '-Verbose'. -* Always provide descriptive, comment-based help for every script. Also, be sure to include your name and a BSD 3-Clause license. +* Always provide descriptive, comment-based help for every script. Also, be sure to include your name and a BSD 3-Clause license (unless there are extenuating circumstances that prevent the application of the BSD license). * Make sure all functions follow the proper PowerShell verb-noun agreement. Use Get-Verb to list the default verbs used by PowerShell. |