PSRR - Remote Registry PowerShell 3.0 Module

  •        291

Remote Registry PowerShell Module to manage the registry with Windows PowerShell. This version supports the new improvement in .NET 4 to specify a 32-bit or 64-bit view of the registry with the Microsoft.Win32.RegistryView enumeration when you open base keys.

http://psrr.codeplex.com/

Tags
Implementation
License
Platform

   




Related Projects

SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop

  •    PowerShell

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems, jump boxes, or point-of-sale terminals.

SessionGopher - SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop

  •    PowerShell

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. SessionGopher is a PowerShell tool that finds and decrypts saved session information for remote access tools. It has WMI functionality built in so it can be run remotely. Its best use case is to identify systems that may connect to Unix systems, jump boxes, or point-of-sale terminals.

RemoteRecon - Remote Recon and Collection

  •    PowerShell

RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot (or some other miniscule task) against a person/host of interest. Why should you have to push over beacon, empire, innuendo, meterpreter, or a custom RAT to the target? This increases the footprint that you have in the target environment, exposes functionality in your agent, and most likely your C2 infrastructure. An alternative would be to deploy a secondary agent to targets of interest and collect intelligence. Then store this data for retrieval at your discretion. If these compromised endpoints are discovered by IR teams, you lose those endpoints and the information you've collected, but nothing more. Below is a visual representation of how I imagine an adversary would utilize this. RemoteRecon utilizes the registry for data storage, with WMI as an internal C2 channel. All commands are executed in a asynchronous, push and pull manner. Meaning that you will send commands via the powershell controller and then retrieve the results of that command via the registry. All results will be displayed in the local console.

Posh-SSH - PowerShell Module for automating tasks on remote systems using SSH

  •    CSharp

Windows Powershell module that leverages a custom version of the SSH.NET Library http://sshnet.codeplex.com/ to provide basic SSH functionality in Powershell. The main purpose of the module is to facilitate automating actions against one or multiple SSH enabled servers. This module is for Windows PowerShell 3.0 or above. It is compiled for .NET Framework 4.5.


PowerShell Remote File Explorer

  •    

This project intends to develop a Windows forms based file explorer to browse/transfer files over PowerShell 2.0 remoting channel. The file transfer module if being written by @oising. This project will use that module as is for file transfers.

Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator

  •    PowerShell

Invoke-CradleCrafter is a PowerShell v2.0+ compatible PowerShell remote download cradle generator and obfuscator. In the Fall of 2016 after releasing Invoke-Obfuscation, I continued updating my spreadsheet of PowerShell remote download cradles thinking that one day I might add a "cradle selector" menu into Invoke-Obfuscation. This list consisted of cradles that were obscure to me, and many of which were not prevelently (or at all) being observed in the wild.

PSRecon - :rocket: PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team

  •    PowerShell

PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally. One nice part about the report is that everything is self-contained, making it easy to share as there is no reliance on a centralize server. Even the images are encoded directly into the report's HTML.

Visual Studio 2010 PowerShell Code Generator

  •    CSharp

Brings rich PowerShell functionalities into VS Templating. You can access the file system, the registry, and many other PowerShell features. You can also run PowerShell cmdlets, import modules and more.

PowerShellGet - PowerShellGet is the Package Manager for PowerShell

  •    PowerShell

PowerShellGet is a PowerShell module with commands for discovering, installing, updating and publishing the PowerShell artifacts like Modules, DSC Resources, Role Capabilities and Scripts. PowerShellGet module is also integrated with the PackageManagement module as a provider, users can also use the PackageManagement cmdlets for discovering, installing and updating the PowerShell artifacts like Modules and Scripts.

PowerShell Module distribution using NuGet.

  •    

PSModule serves as default package tag and also collection of PowerShell module that will be distributed through NuGet. It makes easier for IT-PRO or IT-DEV to add, remove, and update PowerShell module. You will no longer have to manually check for an update and download c...

PowerShell WMI Extensions (Beta)

  •    

Expose WMI classes as rich PowerShell commands with detailed documentation and manage local and remote systems using WMI via the wmix module for PowerShell.

WinRM - Ruby library for Windows Remote Management

  •    Ruby

This is a SOAP library that uses the functionality in Windows Remote Management(WinRM) to call native object in Windows. This includes, but is not limited to, running batch scripts, powershell scripts and fetching WMI variables. For more information on WinRM, please visit Microsoft's WinRM site. As of version 2.0, this gem retains the WinRM name but all powershell calls use the more modern Powershell Remoting Protocol (PSRP) for initializing runspace pools as well as creating and processing powershell pipelines.

PowerShell Management Library for TEM

  •    

A project to provide a PowerShell functionality for managing your Tivoli Endpoint Manager (built upon BigFix technology). You can locally or remotely manage endpoints and relays via these simple and easy to use PowerShell Module.

Powershell Configurator for Server Core R2 / HyperV Server r2

  •    

A PowerShell module and front end menu to manage installed Windows Components, Network, Firewall, Pagefile, remote management / remote desktop, shell, Windows activation and more.

PowerShell Proxy Extensions (Beta)

  •    

Create proxy functions without writing proxy command internals with the PowerShell Proxy Extensions module. Creating proxy functions has never been easier!

ImportExcel - PowerShell module to import/export Excel spreadsheets, without Excel

  •    PowerShell

Install from the PowerShell Gallery. This PowerShell Module allows you to read and write Excel files without installing Microsoft Excel on your system. No need to bother with the cumbersome Excel COM-object. Creating Tables, Pivot Tables, Charts and much more has just become a lot easier.

PowerShell Script Provider

  •    

Write your own PowerShell provider using only script, no C# required. Module definition is provided by a Windows PowerShell 2.0 Module, which may be pure script, binary or a mix of both.

PowerShell Module Installer

  •    

PSModuleInstaller is a PowerShell module to create self-contained installation scripts for PowerShell module for easy distribution.