Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/biffalo/handy-posh
Handy powershell/batch scripts
https://github.com/biffalo/handy-posh
Last synced: about 2 months ago
JSON representation
Handy powershell/batch scripts
- Host: GitHub
- URL: https://github.com/biffalo/handy-posh
- Owner: biffalo
- License: bsd-2-clause
- Created: 2022-11-07T18:06:13.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-04T13:43:26.000Z (4 months ago)
- Last Synced: 2024-09-05T17:37:15.035Z (4 months ago)
- Language: PowerShell
- Homepage:
- Size: 146 KB
- Stars: 8
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
![logo](https://github.com/biffalo/handy-posh/raw/main/handy-logo.png)
## Handy powershell/bat scripts for security and quality of life. Scripts are commented. General descriptions for each below:
### **AIO-IR.ps1**
> Comprehensive Incident Response Script that gathers common forensic info from a windows system for later analysis.
### **chainsaw-what.ps1**
> Powershell wrapper for chainsaw from https://github.com/WithSecureLabs/chainsaw.
### **disable-iso-mount.ps1**
> Disables native iso mounting via registry to protect against malicious ISOs.
### **extra-logging.cmd**
> Enables extra windows logging to catch threat actors. Best paired with RMM or SIEM.
### **fsrm-backup-protect.ps1**
> Creates FSRM (file server resource manager) file screen/group that only allows specificed file extensions to be written to a given share. Writes eventlog entry if it is violated.
### **get-logs.ps1**
> Copies various log files to desired folder with goal of using them for IR.
### **get-tasks.ps1**
> Gets scheduled task names and actions from task sch root / and displays them. If action contains powershell/cmd/rundll it is likely malicious.
### **malicious-lnk-finder.ps1**
> Searches C:\Users recursivley to find any LNK files pointing to cmd.exe, rundll.exe, or powershell.exe
### **nmap-audit.ps1**
> Installs NMAP via choco, runs scan on desired host/IP. Outputs results to styled XML and opens in edge.### **office-365-have-i-been-pwned-check.ps1**
> Checks haveibeenpwned for all emails in a M365 tenancy. Outputs to terminal and csv. Required HIBP API key.
### **server-disco.ps1**
> Gathers various information about a Windows server and outputs to a text file. Useful for trying to determine what a server does for decom or upgrades.
### **test-port-loop.ps1**
> Uses Test-NetConnection to check if a given port is open on a host. Prompts for host and port. Uses TCP instead of ICMP. Loops until you close your posh window.
### **ublock-chrome-installer.ps1**
> Pushes Ublock Origin using registry settings. Handy for non domain environments.
### **web-nav-killer.ps1**
> Removes WebNavigator/Blaze browser adware/pup binaries and tasks.
### **windows-hardening.cmd**
> Fixes some silly defaults in Windows 10/11 and sets additional settings to reduce chances of TA gaining foothold on an endpoint. Heavily commented. Goal here is to be effective with least breakage.