# PowerShellMafia/PowerSploit **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/powershellmafia-powersploit).** 12,880 stars · 4,730 forks · PowerShell · other · archived ## Links - GitHub: https://github.com/PowerShellMafia/PowerSploit - awesome-repositories: https://awesome-repositories.com/repository/powershellmafia-powersploit.md ## Description PowerSploit is a collection of PowerShell modules designed for security assessment, penetration testing, and red team operations. It provides a framework for auditing Windows system configurations and evaluating the effectiveness of security defenses within an enterprise environment. The framework focuses on techniques that leverage native system administration tools and scripting environments to perform operations. It includes capabilities for executing arbitrary commands, escalating user privileges, and maintaining system persistence through event subscriptions. By utilizing in-memory execution and reflective loading, the modules allow for the operation of payloads without writing files to the disk, assisting in the simulation of advanced adversary behavior. Beyond core exploitation tasks, the project supports network reconnaissance and the modification of existing scripts to test system responses. These tools are intended for authorized security assessments and the hardening of individual workstations against potential vulnerabilities. ## Tags ### Security & Cryptography - [Penetration Testing Suites](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team/offensive-security-frameworks/penetration-testing-suites.md) — Provides a comprehensive framework of PowerShell modules for security assessment and penetration testing. - [Offensive & Red Team Operations](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/offensive-red-team.md) — Simulates advanced adversary behavior to evaluate the effectiveness of detection and response capabilities. - [Privilege Escalation Tools](https://awesome-repositories.com/f/security-cryptography/privilege-escalation-tools.md) — Exploits misconfigurations to gain administrative access and perform actions requiring higher-level permissions. ([source](https://github.com/PowerShellMafia/PowerSploit/tree/master/docs/)) - [Memory-Only Execution](https://awesome-repositories.com/f/security-cryptography/volatile-memory-processing/memory-only-execution.md) — Executes malicious payloads entirely within volatile memory to minimize forensic footprints on storage. - [Persistence Mechanisms](https://awesome-repositories.com/f/security-cryptography/access-control-systems/persistence-mechanisms.md) — Ensures continued access to a compromised system after reboots by installing backdoors or scheduled tasks. ([source](https://github.com/PowerShellMafia/PowerSploit/tree/master/docs/)) - [Security Software Evasion](https://awesome-repositories.com/f/security-cryptography/security-configurations/security-check-bypasses/security-software-evasion.md) — Avoids detection by antivirus and endpoint protection tools to run unauthorized scripts. ([source](https://github.com/PowerShellMafia/PowerSploit/tree/master/docs/)) - [Process Token Manipulators](https://awesome-repositories.com/f/security-cryptography/security-token-management/process-token-manipulators.md) — Manipulates security access tokens of active system processes to elevate user privileges. - [Security Testing and Auditing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing.md) — Identifies misconfigurations and potential attack vectors on individual workstations to strengthen security posture. - [Network Reconnaissance Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/network-reconnaissance-tools.md) — Gathers information about system configurations and network topology to identify potential attack vectors. ([source](https://github.com/PowerShellMafia/PowerSploit/tree/master/docs/)) ### Development Tools & Productivity - [Arbitrary](https://awesome-repositories.com/f/development-tools-productivity/command-execution/arbitrary.md) — Runs custom scripts or system commands directly on a target machine to facilitate remote control. ([source](https://github.com/PowerShellMafia/PowerSploit/tree/master/docs/)) - [Security Injection Techniques](https://awesome-repositories.com/f/development-tools-productivity/platform-script-execution/dynamic-script-execution-environments/security-injection-techniques.md) — Provides techniques for injecting arbitrary code into process memory to evade security detection. ### Operating Systems & Systems Programming - [Windows Administration Utilities](https://awesome-repositories.com/f/operating-systems-systems-programming/system-administration-maintenance/windows-administration-utilities.md) — Manages and audits local system configurations and user permissions using native scripting tools. ### Web Development - [Reflective Loading Mechanisms](https://awesome-repositories.com/f/web-development/dynamic-loading-strategies/dynamic-stylesheet-loading/reflective-loading-mechanisms.md) — Loads compiled binary modules into memory without writing to disk to avoid antivirus file scanning. ### Software Engineering & Architecture - [Administrative Living-Off-The-Land Techniques](https://awesome-repositories.com/f/software-engineering-architecture/native-bridges/native-script-execution-environments/administrative-living-off-the-land-techniques.md) — Leverages built-in system administration tools to perform operations while appearing as legitimate administrative activity. ### Networking & Communication - [System Event Triggers](https://awesome-repositories.com/f/networking-communication/communication-platforms-services/messaging-notification-systems/messaging-services/event-subscriptions/system-event-triggers.md) — Registers persistent system triggers that automatically execute commands upon specific events to maintain long-term access.