{"id":27968547,"url":"https://github.com/redsiege/wmimplant","last_synced_at":"2025-05-07T21:04:18.679Z","repository":{"id":39707792,"uuid":"59578096","full_name":"RedSiege/WMImplant","owner":"RedSiege","description":"This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.","archived":false,"fork":false,"pushed_at":"2024-06-25T12:02:26.000Z","size":1686,"stargazers_count":814,"open_issues_count":1,"forks_count":147,"subscribers_count":54,"default_branch":"master","last_synced_at":"2025-05-07T21:04:12.731Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedSiege.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-24T14:00:14.000Z","updated_at":"2025-05-05T11:10:36.000Z","dependencies_parsed_at":"2024-07-30T14:18:55.394Z","dependency_job_id":"e820d5c5-4057-4b03-9a9c-50300f3cff71","html_url":"https://github.com/RedSiege/WMImplant","commit_stats":null,"previous_names":["redsiege/wmimplant","fortynorthsecurity/wmimplant"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FWMImplant","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FWMImplant/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FWMImplant/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FWMImplant/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedSiege","download_url":"https://codeload.github.com/RedSiege/WMImplant/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252954409,"owners_count":21830902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-07T21:04:18.067Z","updated_at":"2025-05-07T21:04:18.667Z","avatar_url":"https://github.com/RedSiege.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WMImplant\n\nWMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results.  WMImplant will likely require local administrator permissions on the targeted machine.\n\nDeveloped by [@christruncer](https://twitter.com/christruncer)\n\n\n# WMImplant Functions:\n\n## Meta Functions\n    change_user                         -   Change the context of the user you will execute WMI commands as\n    exit                                -   Exits WMImplant\n    gen_cli                             -   Generate the command line command to use WMImplant non-interactively\n    set_default                         -   Sets the targeted system's WMI property back to its default value\n    help                                -   View the list of commands and descriptions\n\n## File Operations\n    cat                                 -   Reads the contents of a file\n    copy                                -   Copies a file from one location to another\n    download                            -   Download a file from the targeted machine\n    ls                                  -   File/Directory listing of a specific directory\n    search                              -   Search for a file on a user-specified drive\n    upload                              -   Upload a file to the targeted machine\n\n## Lateral Movement Facilitation\n    command_exec                        -   Run a command line command and receive the output\n    disable_wdigest                     -   Removes registry value UseLogonCredential\n    disable_winrm                       -   Disables WinRM on the targeted system\n    enable_wdigest                      -   Adds registry value UseLogonCredential\n    enable_winrm                        -   Enables WinRM on the targeted system\n    registry_mod                        -   Modify the registry on the targeted machine\n    remote_posh                         -   Run a PowerShell script on a remote machine and receive the output\n    sched_job                           -   Manipulate scheduled jobs\n    service_mod                         -   Create, delete, or modify system services\n\n## Process Operations\n    process_kill                        -   Kill a process via name or process id on the targeted machine\n    process_start                       -   Start a process on the targeted machine\n    ps                                  -   Process listing\n\n## System Operations\n    active_users                        -   List domain users with active processes on the targeted system\n    basic_info                          -   Used to enumerate basic metadata about the targeted system\n    drive_list                          -   List local and network drives\n    ifconfig                            -   Receive IP info from NICs with active network connections\n    installed_programs                  -   Receive a list of the installed programs on the targeted machine\n    logoff                              -   Log users off the targeted machine\n    reboot                              -   Reboot the targeted machine\n    power_off                           -   Power off the targeted machine\n    vacant_system                       -   Determine if a user is away from the system\n\n## Log Operations\n    logon_events                        -   Identify users that have logged onto a system\n\n# Usage\n\nThe easiest way to get up and running with WMImplant is to import the script and run Invoke-WMImplant. This will present you with the main menu and you can instantly start choosing a command to run. Within the main menu, you can also choose to have WMImplant output the command line command you would need to use in order to run WMImplant in a non-interactive manner.\n\nThanks to:\n    [@evan_Pena2003](https://twitter.com/evan_pena2003) - For your help with code reviews and adding functionality into the tool\n    [@danielbohannon](https://twitter.com/danielhbohannon) - For your help with code obfuscation\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredsiege%2Fwmimplant","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredsiege%2Fwmimplant","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredsiege%2Fwmimplant/lists"}