| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* I renamed RE_Tools to ReverseEngineering and made it a module.
* Slight consistency modifications were made to documentation.
* This is one step in the process of modularizing all of PowerSploit.
|
|
|
|
A function that takes screenshots at a regular interval and saves them
to a folder.
Developed by @obscuresec
|
|
Returns the process environment block (PEB) of a process.
|
|
Marshals data from an unmanaged block of memory in an arbitrary process
to a newly allocated managed object of the specified type. In other
words, it will parse and return a structure at a known memory address in
any process.
|
|
Returns loaded kernel module information.
|
|
A tool for bypassing AV signatures.
|
|
A script to aid in the loading of managed dlls in memory
|
|
Prepare-Payload compresses, Base-64 encodes, and generates command-line
output for a PowerShell payload script. This script was inspired by and
an improvement upon createcmd.ps1
(https://www.trustedsec.com/files/PowerShell_PoC.zip)
|
|
|
|
Get-Strings dumps strings from any file in Ascii and/or Unicode.
|
|
New Features/Changes:
- Dramatically simplified parameters. Removed redundancies and named
parameter sets more appropriately
- Added 'Shellcode' parameter. Now, you can optionally specify shellcode
as a byte array rather than having to copy and paste shellcode into the
$Shellcode32 and/or $Shellcode64 variables
- Added 'Payload' parameter. Naming is now consistant with Metasploit
payloads. Currently, only 'windows/meterpreter/reverse_http' and
'windows/meterpreter/reverse_https' payloads are supported.
- Inject-Shellcode will now prompt the user to continue the 'dangerous'
action unless the -Force switch is provided. Hopefully, this will
prevent some people from carrying out stupid/regrettable actions.
- Added the 'ListMetasploitPayloads' switch to display the Metasploit
payloads supported by Inject-Shellcode
Bug fixes/Miscellaneous:
- Added UserAgent parameter to help documentation
- Code is much more readable now
- Changed internal helper functions to 'local' scope
- Now using proper error handling versus Write-Warning statements
- Added a subtle warning to the built-in shellcode...
|
|
This extends the built-in Get-Member cmdlet by adding the '-Private'
parameter for dissecting .NET types.
|
|
|
|
* All recon scripts not live in the 'Recon' directory
* Added Get-HttpStatus - An http[s] enumeration tool
* Added default dictionary for Get-HttpStatus - .\Dictionaries\admin.txt
* Moved Invoke-ReverseDnsLookup to 'Recon'
|
|
Get-PEHeader is a 32 and 64-bit in-memory and on-disk PE parsing
utility.
PETools is now a PowerShell module that can be loaded with
`Import-Module PETools`
|
|
Added Get-ILDisassembly.
Added RE_Tools folder for all current and future reverse engineering
tools.
|
|
Fixed some spelling errors in README.
Added additional usage information
|
|
Added: Get-DllLoadPath, Get-PEArchitecture
Updated: Readme to reflect new additions
|
|
|
|
|
|
Used with permission from @obscuresec (www.obscuresecurity.blogspot.com)
|
|
|