powershellmafia/powersploit

PowerSploit is a collection of PowerShell scripts designed for use during penetration tests, which are authorized security assessments where professionals attempt to find weaknesses in a system before attackers do. The README notes that the project is no longer actively supported or maintained. The collection is organized into modules that correspond to different phases of a security assessment. The CodeExecution module contains tools for running code on a target machine in various ways, including loading software into memory without writing it to disk. The Recon module provides tools for scanning networks, looking up DNS records, and mapping out Windows domain environments. PowerView, included in the Recon module, is a set of functions for gathering information about Active Directory domains, which are the directory systems organizations use to manage computers, users, and permissions. The Exfiltration module contains tools for extracting sensitive information from a compromised machine. This includes capturing keystrokes, taking periodic screenshots, recording microphone audio, and pulling stored passwords from various sources such as Windows credential vaults and Group Policy files. The Persistence module offers ways to make scripts run automatically when a system reboots, which is a technique used during authorized tests to simulate how a real attacker might maintain access. The AntivirusBypass module includes a tool for locating the specific bytes in a file that antivirus software uses to flag it as malicious, which helps security researchers understand detection signatures. The Privesc module, primarily through a sub-tool called PowerUp, checks for common configuration weaknesses that could allow a user to gain higher levels of access than they should have. To use PowerSploit, you drop the folder into a PowerShell module directory and import it with a standard PowerShell command. The project is licensed under the BSD 3-Clause license.