Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/JavelinNetworks/IR-Tools
IR-Tools - PowerShell tools for IR
https://github.com/JavelinNetworks/IR-Tools
Last synced: about 2 months ago
JSON representation
IR-Tools - PowerShell tools for IR
- Host: GitHub
- URL: https://github.com/JavelinNetworks/IR-Tools
- Owner: JavelinNetworks
- Created: 2017-02-09T10:54:47.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-07-10T12:06:06.000Z (about 7 years ago)
- Last Synced: 2024-05-18T11:33:06.851Z (4 months ago)
- Language: PowerShell
- Homepage: http://www.javelin-networks.com
- Size: 750 KB
- Stars: 129
- Watchers: 15
- Forks: 34
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - JavelinNetworks/IR-Tools - IR-Tools - PowerShell tools for IR (PowerShell)
README
### Collection of Microsoft PowerShell modules that can be used to aid with forensics of domain based attacks on an infected host.
## CodeExecution
**Execute code on a target machine using Import-Module.**
#### `Get-ShellContent`
Extracts live input and output of any commandline process, running or dumped, encrypted or plaintext from a remote computer.
#### `Get-SessionsAnomaly`
Finds existence of Pass-The-Ticket and Pass-The-Hash attacks on a remote machine.
## License
The IT-Tools project and all individual scripts are under the [BSD 3-Clause license] unless explicitly noted otherwise.
## Usage
To install any of these modules, drop the powershell scripts into a directory and type `Import-Module PathTo\scriptName.ps1`
Then run the Module from the Powershell.
Refer to the comment-based help in each individual script for detailed usage information.