https://github.com/notoriousrebel/find-lolbas

Simple powershell script to find living off land binaries and scripts on a system.
https://github.com/notoriousrebel/find-lolbas

blueteam living-off-the-land powershell redteam

Last synced: about 1 year ago
JSON representation

Simple powershell script to find living off land binaries and scripts on a system.

• Host: GitHub
• URL: https://github.com/notoriousrebel/find-lolbas
• Owner: NotoriousRebel
• License: bsd-3-clause
• Created: 2019-06-26T20:33:28.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2019-08-24T01:28:17.000Z (almost 7 years ago)
• Last Synced: 2025-03-25T14:21:46.605Z (over 1 year ago)
• Topics: blueteam, living-off-the-land, powershell, redteam
• Language: PowerShell
• Size: 23.4 KB
• Stars: 20
• Watchers: 1
• Forks: 10
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Find-LOLBAS

A simple Powershell script for enumerating living off the land binaries and scripts on a system.

## Why

Manually verifying if the binaries or scripts are on the system 


would take a while, with automating the process this increases overall productivity

of redteamers 


who need to quickly bypass applocker or need to execute code in unique ways.

## How to Use?

By simply running the script the rest is taken care of! 


The output will be on the screen for you to assess, it will be in the format 


of the Binary or Script name, path, and an example command utilizing it.

## License

This project is licensed under the BSD 3-Clause License -

see the [License](LICENSE) file for details

## Acknowledgments

This project wouldn't be possible without the [LOLBAS](https://github.com/LOLBAS-Project/LOLBAS) project.

### Roadmap

- [ ] Add option to run script by executing C# code in Powershell

- [ ] Add option to allow user to encode payload by loading Crypt32.dll