{"id":21400692,"url":"https://github.com/cybersecurityup/powershell-for-pentest","last_synced_at":"2025-10-15T07:36:50.920Z","repository":{"id":110995724,"uuid":"399873058","full_name":"CyberSecurityUP/Powershell-for-PenTest","owner":"CyberSecurityUP","description":null,"archived":false,"fork":false,"pushed_at":"2021-08-25T15:43:39.000Z","size":4,"stargazers_count":29,"open_issues_count":0,"forks_count":10,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-23T02:45:44.067Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CyberSecurityUP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-25T15:43:27.000Z","updated_at":"2024-10-16T02:07:04.000Z","dependencies_parsed_at":"2024-02-24T18:31:02.727Z","dependency_job_id":null,"html_url":"https://github.com/CyberSecurityUP/Powershell-for-PenTest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FPowershell-for-PenTest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FPowershell-for-PenTest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FPowershell-for-PenTest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CyberSecurityUP%2FPowershell-for-PenTest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CyberSecurityUP","download_url":"https://codeload.github.com/CyberSecurityUP/Powershell-for-PenTest/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243893905,"owners_count":20364916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-22T15:23:37.718Z","updated_at":"2025-10-15T07:36:45.885Z","avatar_url":"https://github.com/CyberSecurityUP.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Powershell for PenTest by Joas\n\n## Introduction\n\n### https://docs.microsoft.com/en-us/powershell/scripting/developer/prog-guide/windows-powershell-concepts?view=powershell-7.1\n\n### https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7.1\n\n### https://www.techrepublic.com/blog/10-things/10-fundamental-concepts-for-powershell-scripting/\n\n### https://en.wikipedia.org/wiki/PowerShell\n\n### https://www.networkworld.com/article/2268752/chapter-2--basic-powershell-concepts.html\n\n### https://www.guru99.com/powershell-tutorial.html\n\n### https://thecrazyconsultant.com/powershell-study-guide-core-concepts/\n\n### https://www.pcmag.com/encyclopedia/term/powershell\n\n### https://www.techopedia.com/definition/25975/powershell\n\n### https://www.youtube.com/watch?v=u3zXMv69uNA\u0026ab_channel=ResearchTrianglePowerShellUsersGroup\n\n## Recon\n\n### https://sid-500.com/2017/11/12/test-port-use-powershell-as-a-port-scanner/\n\n### https://techcommunity.microsoft.com/t5/itops-talk-blog/powershell-basics-how-to-scan-open-ports-within-a-network/ba-p/924149\n\n### http://5ubtools.blogspot.com/\n\n### https://github.com/Z3R0TH-13/ENUM\n\n### https://github.com/PyroTek3/PowerShell-AD-Recon\n\n### https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/\n\n### https://medium.com/@smurf3r5/recon-domain-shares-872914697980\n\n### https://www.hebunilhanli.com/wonderland/ad-pentest/recon-with-powershell/\n\n### https://periciacomputacional.com/pentesting-with-powershell-in-six-steps/\n\n### https://github.com/EliteLoser/PSnmap\n\n### https://medium.com/@drag0n/some-useful-interesting-powershell-scripts-9b9490cee0cd\n\n### https://adsecurity.org/?p=2535\n\n### https://www.varonis.com/blog/powerview-for-penetration-testing/\n\n### https://www.sans.org/blog/pen-test-poster-white-board-powershell-built-in-port-scanner/\n\n### https://github.com/scipag/PowerShellUtilities\n\n### https://www.adamcouch.co.uk/conducting-powershell-port-scan/\n\n### https://www.infosecmatter.com/port-scanner-in-powershell-tcp-udp-ps1/\n\n### https://github.com/xorrior/RemoteRecon\n\n### https://github.com/XORRIOR/REMOTERECON\n\n## Exploit\n\n### https://github.com/PowerShellMafia/PowerSploit\n\n### https://pentestlab.blog/tag/powersploit/\n\n### https://www.cyberpunk.rs/powersploit-powershell-post-exploitation-framework\n\n### https://www.darknet.org.uk/2015/12/powersploit-powershell-post-exploitation-framework/\n\n### https://attack.mitre.org/software/S0194/\n\n### https://adsecurity.org/?tag=powersploit\n\n### https://medium.com/@benoit.sevens/powershell-av-evasion-4e4bb6a6a961\n\n### https://www.youtube.com/watch?v=otpPnWbEaDA\u0026ab_channel=ChiefRiver\n\n### https://www.youtube.com/watch?v=LEll6qa-REY\u0026ab_channel=Metasploitation\n\n### https://www.youtube.com/watch?v=b-XjnmFZ7Ls\u0026ab_channel=%5BMister_Bert0ni%5D\n\n### https://www.youtube.com/watch?v=zbmOs_fNxng\u0026ab_channel=SecurityNotes\n\n### https://www.youtube.com/watch?v=52xkWbDMUUM\u0026ab_channel=HackerSploit\n\n### https://www.youtube.com/watch?v=0gHS3U9zMKI\u0026ab_channel=GusKhawaja\n\n### https://www.powershellempire.com/\n\n### https://ratiros01.medium.com/tryhackme-ps-empire-bd96fbf822cc\n\n### https://stealthbits.com/blog/next-gen-open-source-c2-frameworks/\n\n## Post Exploitation\n\n### https://www.hackingarticles.in/hacking-with-empire-powershell-post-exploitation-agent/\n\n### https://null-byte.wonderhowto.com/how-to/use-powershell-empire-getting-started-with-post-exploitation-windows-hosts-0178664/\n\n### https://www.cyberpunk.rs/empire-powershell-post-exploitation-framework\n\n### https://github.com/jaredhaight/Invoke-MetasploitPayload\n\n### https://medium.com/SWLH/FUN-WITH-POWERSHELL-PAYLOAD-EXECUTION-AND-EVASION-F5051FD149B2\n\n### https://github.com/trustedsec/unicorn\n\n### https://github.com/loadenmb/tvasion\n\n### https://threat.tevora.com/dissecting-veil-evasion-powershell-payloads-and-converting-to-a-bind-shell/\n\n### https://hakin9.org/xencrypt-a-powershell-script-anti-virus-evasion-tool/\n\n### https://arno0x0x.wordpress.com/2016/04/13/meterpreter-av-ids-evasion-powershell/\n\n### https://hack-ed.net/2016/04/04/veil-evasion-payloads-made-easy/\n\n### https://kaizensecurity.wordpress.com/2016/08/19/metasploit-av-evasion-with-powershell/\n\n### https://www.blackhat.com/docs/eu-17/materials/eu-17-Thompson-Red-Team-Techniques-For-Evading-Bypassing-And-Disabling-MS-Advanced-Threat-Protection-And-Advanced-Threat-Analytics.pdf\n\n### https://www.blackhat.com/docs/us-14/materials/us-14-Kazanciyan-Investigating-Powershell-Attacks-WP.pdf\n\n### https://resources.infosecinstitute.com/topic/powershell-for-pentesters-part-5-remoting-with-powershell/\n\n### https://pentestn00b.wordpress.com/2016/08/22/powershell-psremoting-pwnage/\n\n### https://kalilinuxtutorials.com/evil-winrm-hacking-pentesting/\n\n### https://www.rapid7.com/DB/MODULES/EXPLOIT/WINDOWS/LOCAL/POWERSHELL_REMOTING/\n\n### https://www.youtube.com/watch?v=tVgJ-9FJKxE\u0026ab_channel=Hak5\n\n### https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md\n\n### https://www.youtube.com/watch?v=KKfrjTlm5LI\u0026ab_channel=InfoSecAddicts\n\n### https://hackersinterview.com/OSCP/REVERSE-SHELL-ONE-LINERS-OSCP-CHEATSHEET/\n\n### https://www.youtube.com/watch?v=KKfrjTlm5LI\u0026ab_channel=InfoSecAddicts\n\n### https://www.offensive-security.com/offsec/kali-linux-powershell-pentesting/\n\n### https://securityonline.info/reverse-powershell/\n\n### https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/get-injectedthread\n\n### https://medium.com/@threatpointer/pentesting-powershell-remoting-fa605ef325d4\n\n### https://medium.com/@subhammisra45/lateral-movement-powershell-remoting-89da402a9885\n\n### https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f\n\n### https://pt.slideshare.net/kieranjacobsen/lateral-movement-with-power-shell-2\n\n### https://www.ired.team/offensive-security/lateral-movement/wmi-+-powershell-desired-state-configuration-lateral-movement\n\n### https://gennaromigliaccio.com/LATERAL-MOVEMENT-TACTICS-AND-TECHNIQUES\n\n### https://www.snaplabs.io/insights/lateral-movement-methods-and-good-practices\n\n### https://gist.github.com/jaredcatkinson/c95fd1e4e76a4b9b966861f64782f5a9\n\n### https://attack.mitre.org/software/S0029/\n\n### https://www.offensive-security.com/metasploit-unleashed/psexec-pass-hash/\n\n### https://www.contextis.com/us/blog/lateral-movement-a-deep-look-into-psexec\n\n### https://www.mindpointgroup.com/blog/lateral-movement-with-psexec\n\n### https://redcanary.com/blog/threat-hunting-psexec-lateral-movement/\n\n### https://medium.com/@upadhyay.varun/pass-the-hash-attack-b0f214b2884a\n\n### https://periciacomputacional.com/windows-account-hijacking-psexec-e-suas-possibilidades/\n\n### https://pentestlab.blog/tag/psexec/\n\n### https://www.poftut.com/use-psexec-tools-run-commands-get-shell-remote-windows-systems/\n\n### https://www.ired.team/offensive-security/lateral-movement/lateral-movement-with-psexec\n\n### https://www.varonis.com/blog/how-to-use-powershell-for-privilege-escalation-with-local-computer-accounts/\n\n### https://github.com/frizb/Windows-Privilege-Escalation\n\n### https://www.youtube.com/watch?v=-sBXN-cGUD0\u0026ab_channel=PentesterAcademyTV\n\n### https://hakin9.org/privesccheck-privilege-escalation-enumeration-script-for-windows/\n\n### https://githacktools.blogspot.com/2019/04/winroothelper-windows-privilege-escalation-powershell-script.html\n\n### https://www.hackingarticles.in/window-privilege-escalation-automated-script/\n\n### https://www.youtube.com/watch?v=bAnohAiAQ7U\u0026ab_channel=SANSOffensiveOperations\n\n### https://www.youtube.com/watch?v=v0zYorQ0eEY\u0026ab_channel=PowerShellEmpireTutorials\n\n### https://www.youtube.com/watch?v=dzJfiIw3kZE\u0026ab_channel=Moss%C3%A9CyberSecurityInstitute\n\n### https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/PrivescPostEx.md\n\n### https://pentestlab.blog/2017/08/19/COMMAND-AND-CONTROL-POWERSHELL/\n\n### https://enigma0x3.net/2014/01/17/command-and-control-using-powershell-and-your-favorite-website/\n\n### https://www.snaplabs.io/insights/command-and-control-with-powershell-empire-pt1\n\n### https://www.youtube.com/watch?v=OH-lcn5K9k8\u0026ab_channel=Cover6Solutions\n\n### https://truneski.github.io/blog/2017/03/03/dropbox-command-and-control-over-powershell-with-invoke-dbc2/\n\n### https://www.cover6solutions.com/webinar-intro-to-c2-with-powershell-empire/\n\n### https://pentestlab.blog/2019/11/05/persistence-powershell-profile/\n\n### https://pentestlab.blog/2019/11/04/PERSISTENCE-SCHEDULED-TASKS/\n\n### https://github.com/emilyanncr/Windows-Post-Exploitation\n\n### https://adsecurity.org/?p=429\n\n### https://www.ired.team/offensive-security/exfiltration\n\n### https://www.hackingarticles.in/DATA-EXFILTRATION-USING-POWERSHELL-EMPIRE/\n\n### https://www.sans.org/webcasts/pen-testing-powershell-data-exfiltration-techniques-108740/\n\n### https://blog.stackattack.net/2019/03/14/quick-hit-base64-powershell-exfiltration/\n\n### https://www.sevenlayers.com/index.php/305-powershell-data-exfil\n\n## My Social Networks\n\n### https://www.linkedin.com/in/joas-antonio-dos-santos\n\n### https://twitter.com/C0d3Cr4zy\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fpowershell-for-pentest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcybersecurityup%2Fpowershell-for-pentest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcybersecurityup%2Fpowershell-for-pentest/lists"}