reddit hackernews mail facebook facebook linkedin


A PowerShell Post-Exploitation Framework.

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:

CodeExecution: execute code on a target machine:
- Invoke-DllInjection
- Invoke-ReflectivePEInjection
- Invoke-Shellcode
- Invoke-WmiCommand

ScriptModification: modify and/or prepare scripts for execution on a compromised machine:
- Out-EncodedCommand
- Out-CompressedDll
- Out-EncryptedScript
- Remove-Comment

Persistence: add persistence capabilities to a PowerShell script:
- New-UserPersistenceOption
- New-ElevatedPersistenceOption
- Add-Persistence
- Install-SSP
- Get-SecurityPackages

AntivirusBypass: AV doesn't stand a chance against PowerShell:
- Find-AVSignature

Exfiltration: all your data belong to me:
- Invoke-TokenManipulation
- Invoke-CredentialInjection
- Invoke-NinjaCopy
- Invoke-Mimikatz
- Get-Keystrokes
- Get-GPPPassword
- Get-GPPAutologon
- Get-TimedScreenshot
- New-VolumeShadowCopy
- Get-VolumeShadowCopy
- Mount-VolumeShadowCopy
- Remove-VolumeShadowCopy
- Get-VaultCredential
- Out-Minidump
- Get-MicrophoneAudio

Mayhem: cause general mayhem with PowerShell:
- Set-MasterBootRecord
- Set-CriticalProcess

Privesc: tools to help with escalating privileges on a target:
- PowerUp

Recon: tools to aid in the reconnaissance phase of a penetration test:
- Invoke-Portscan
- Get-HttpStatus
- Invoke-ReverseDnsLookup
- PowerView