Powershell
Explore 32 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.
A PowerShell script that assesses security configurations of Siemens SIMATIC PCS 7 industrial control systems by collecting and analyzing data from various Windows and PCS7-specific sources.
SharpAppLocker provides a C# adaptation of the Get-AppLockerPolicy cmdlet for managing application control policies.
SharpAppLocker provides a C# adaptation of the Get-AppLockerPolicy cmdlet for managing application control policies.
ForensicMiner, Redefine DFIR Automations
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
A collection of Microsoft PowerShell modules for penetration testing purposes.
A collection of Microsoft PowerShell modules for penetration testing purposes.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
A collection of YARA rules for research and hunting purposes.
A collection of YARA rules for research and hunting purposes.
A tool to secure your shell commands history by clearing sensitive commands
A tool to secure your shell commands history by clearing sensitive commands
A PowerShell module for threat hunting via Windows Event Logs
PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.
PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
A .NET wrapper for libyara that provides a simplified API for developing tools in C# and PowerShell.
A .NET wrapper for libyara that provides a simplified API for developing tools in C# and PowerShell.
Repository documenting common techniques to bypass AppLocker with verified, unverified, and generic bypasses.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.
A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
Monitor WMI consumers and processes for potential malicious activity
Monitor WMI consumers and processes for potential malicious activity