Re-play Security Events
Support
Quality
Security
License
Reuse
This repository is used for Windows client for IT Pro content on Microsoft Learn.
Support
Quality
Security
License
Reuse
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
Support
Quality
Security
License
Reuse
The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
Support
Quality
Security
License
Reuse
Adversary Tactics - PowerShell Training
Support
Quality
Security
License
Reuse
P
PSAppDeployToolkitby PSAppDeployToolkit
PowerShell 
1377 Version:Current License: Weak Copyleft (LGPL-3.0)
Project Homepage & Forums
Support
Quality
Security
License
Reuse
Microsoft Public GDK
Support
Quality
Security
License
Reuse
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
Support
Quality
Security
License
Reuse
JAWS - Just Another Windows (Enum) Script
Support
Quality
Security
License
Reuse
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
Support
Quality
Security
License
Reuse
Welcome to the Microsoft Defender for Cloud community repository
Support
Quality
Security
License
Reuse
A Powershell incident response framework
Support
Quality
Security
License
Reuse
w
windows-development-environmentby felixrieseberg
PowerShell 1337 Version:Current License: Permissive (MIT)
:telescope: Turning Windows into an environment ready for modern development
Support
Quality
Security
License
Reuse
NetRipper - Smart traffic sniffing for penetration testers
Support
Quality
Security
License
Reuse
M
PowerShell 1300 Version:Current License: Permissive (MIT)
Microsoft Integration, Azure, Power Platform, Office 365 and much more Stencils Pack it’s a Visio package that contains fully resizable Visio shapes (symbols/icons) that will help you to visually represent On-premise, Cloud or Hybrid Integration and Enterprise architectures scenarios (BizTalk Server, API Management, Logic Apps, Service Bus, Event Hub…), solutions diagrams and features or systems that use Microsoft Azure and related cloud and on-premises technologies in Visio 2016/2013
Support
Quality
Security
License
Reuse
CobaltStrike后渗透测试插件
Support
Quality
Security
License
Reuse
PowerShell Pass The Hash Utils
Support
Quality
Security
License
Reuse
The binary distribution of openHAB
Support
Quality
Security
License
Reuse
C++ Documentation
Support
Quality
Security
License
Reuse
Public content repository for Windows Server 2016 content.
Support
Quality
Security
License
Reuse
Module for creating and displaying Toast Notifications on Microsoft Windows 10.
Support
Quality
Security
License
Reuse
a
active-directory-aspnetcore-webapp-openidconnect-v2by Azure-Samples
PowerShell 1200 Version:Current License: Permissive (MIT)
An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
Support
Quality
Security
License
Reuse
m
microsoft-graph-docsby microsoftgraph
PowerShell 1194 Version:Current License: Permissive (CC-BY-4.0)
Documentation for the Microsoft Graph REST API
Support
Quality
Security
License
Reuse
Windows Exploits
Support
Quality
Security
License
Reuse
RedSnarf is a pen-testing / red-teaming tool for Windows environments
Support
Quality
Security
License
Reuse
SharePoint & Viva Connections Developer Documentation
Support
Quality
Security
License
Reuse
Repeatable, reboot resilient windows environment installations made easy using Chocolatey packages
Support
Quality
Security
License
Reuse
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
Support
Quality
Security
License
Reuse
Exchange Server support tools and scripts
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
📦 The default bucket for Scoop.
Support
Quality
Security
License
Reuse
Azure Security Resources and Notes
Support
Quality
Security
License
Reuse
"Extras" bucket for Scoop
Support
Quality
Security
License
Reuse
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
Support
Quality
Security
License
Reuse
Solarized color settings for Windows command prompt
Support
Quality
Security
License
Reuse
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Support
Quality
Security
License
Reuse
Easily move your WSL distros VHDX file to a new location.
Support
Quality
Security
License
Reuse
A PowerShell based utility for the creation of malicious Office macro documents.
Support
Quality
Security
License
Reuse
Useful PowerShell scripts
Support
Quality
Security
License
Reuse
A collection of Red Team focused tools, scripts, and notes
Support
Quality
Security
License
Reuse
Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
Support
Quality
Security
License
Reuse
p
powershell-intune-samplesby microsoftgraph
PowerShell 1043 Version:Current License: Permissive (MIT)
This repository of PowerShell sample scripts show how to access Intune service resources. They demonstrate this by making HTTPS RESTful API requests to the Microsoft Graph API from PowerShell.
Support
Quality
Security
License
Reuse
Manages, configures, extracts and monitors Microsoft 365 tenant configurations
Support
Quality
Security
License
Reuse
Support
Quality
Security
License
Reuse
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
Support
Quality
Security
License
Reuse
Active Directory Assessment and Privilege Escalation Script
Support
Quality
Security
License
Reuse
Technical documentation for Microsoft SQL Server, tools such as SQL Server Management Studio (SSMS) , SQL Server Data Tools (SSDT) etc.
Support
Quality
Security
License
Reuse
A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
Support
Quality
Security
License
Reuse
The Shadow Attack Framework
Support
Quality
Security
License
Reuse
Random PowerShell Work
Support
Quality
Security
License
Reuse
S
Security-Datasetsby OTRF
Re-play Security Events
PowerShell 1429Updated: 2 y ago License: Permissive (MIT)
1429Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
w
windows-itpro-docsby MicrosoftDocs
This repository is used for Windows client for IT Pro content on Microsoft Learn.
PowerShell 1414Updated: 2 y ago License: Permissive (CC-BY-4.0)
1414Updated: 2 y ago License: Permissive (CC-BY-4.0)Support
Quality
Security
License
Reuse
D
DomainPasswordSprayby dafthack
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
PowerShell 1410Updated: 2 y ago License: Permissive (MIT)
1410Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
E
Enterprise-Scaleby Azure
The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
PowerShell 1393Updated: 2 y ago License: Permissive (MIT)
1393Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
at-psby specterops
Adversary Tactics - PowerShell Training
PowerShell 1388Updated: 2 y ago License: Proprietary (Proprietary)
1388Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
P
PSAppDeployToolkitby PSAppDeployToolkit
Project Homepage & Forums
PowerShell 1377Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)
1377Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)Support
Quality
Security
License
Reuse
G
GDKby microsoft
Microsoft Public GDK
PowerShell 1375Updated: 2 y ago License: Proprietary (Proprietary)
1375Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
S
Sparrowby cisagov
Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.
PowerShell 1372Updated: 2 y ago License: Permissive (CC0-1.0)
1372Updated: 2 y ago License: Permissive (CC0-1.0)Support
Quality
Security
License
Reuse
J
JAWSby 411Hall
JAWS - Just Another Windows (Enum) Script
PowerShell 1369Updated: 2 y ago License: Permissive (MIT)
1369Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
PersistenceSniperby last-byte
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Made with ❤️ by @last0x00 and @dottor_morte
PowerShell 1369Updated: 2 y ago License: Proprietary (Proprietary)
1369Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
M
Microsoft-Defender-for-Cloudby Azure
Welcome to the Microsoft Defender for Cloud community repository
PowerShell 1363Updated: 2 y ago License: Permissive (MIT)
1363Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
K
Kansaby davehull
A Powershell incident response framework
PowerShell 1362Updated: 2 y ago License: Permissive (Apache-2.0)
1362Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
w
windows-development-environmentby felixrieseberg
:telescope: Turning Windows into an environment ready for modern development
PowerShell 1337Updated: 2 y ago License: Permissive (MIT)
1337Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
N
NetRipperby NytroRST
NetRipper - Smart traffic sniffing for penetration testers
PowerShell 1303Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1303Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
M
Microsoft-Integration-and-Azure-Stencils-Pack-for-Visioby sandroasp
Microsoft Integration, Azure, Power Platform, Office 365 and much more Stencils Pack it’s a Visio package that contains fully resizable Visio shapes (symbols/icons) that will help you to visually represent On-premise, Cloud or Hybrid Integration and Enterprise architectures scenarios (BizTalk Server, API Management, Logic Apps, Service Bus, Event Hub…), solutions diagrams and features or systems that use Microsoft Azure and related cloud and on-premises technologies in Visio 2016/2013
PowerShell 1300Updated: 2 y ago License: Permissive (MIT)
1300Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
E
Erebusby DeEpinGh0st
CobaltStrike后渗透测试插件
PowerShell 1286Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1286Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
I
Invoke-TheHashby Kevin-Robertson
PowerShell Pass The Hash Utils
PowerShell 1278Updated: 2 y ago License: Permissive (BSD-3-Clause)
1278Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
o
openhab-distroby openhab
The binary distribution of openHAB
PowerShell 1236Updated: 2 y ago License: Weak Copyleft (EPL-2.0)
1236Updated: 2 y ago License: Weak Copyleft (EPL-2.0)Support
Quality
Security
License
Reuse
c
cpp-docsby MicrosoftDocs
C++ Documentation
PowerShell 1223Updated: 2 y ago License: Permissive (CC-BY-4.0)
1223Updated: 2 y ago License: Permissive (CC-BY-4.0)Support
Quality
Security
License
Reuse
w
windowsserverdocsby MicrosoftDocs
Public content repository for Windows Server 2016 content.
PowerShell 1212Updated: 2 y ago License: Permissive (CC-BY-4.0)
1212Updated: 2 y ago License: Permissive (CC-BY-4.0)Support
Quality
Security
License
Reuse
B
BurntToastby Windos
Module for creating and displaying Toast Notifications on Microsoft Windows 10.
PowerShell 1206Updated: 2 y ago License: Permissive (MIT)
1206Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
a
active-directory-aspnetcore-webapp-openidconnect-v2by Azure-Samples
An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
PowerShell 1200Updated: 2 y ago License: Permissive (MIT)
1200Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
m
microsoft-graph-docsby microsoftgraph
Documentation for the Microsoft Graph REST API
PowerShell 1194Updated: 2 y ago License: Permissive (CC-BY-4.0)
1194Updated: 2 y ago License: Permissive (CC-BY-4.0)Support
Quality
Security
License
Reuse
E
Exploitsby WindowsExploits
Windows Exploits
PowerShell 1188Updated: 2 y ago
License: No License (No License)
1188Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
r
redsnarfby nccgroup
RedSnarf is a pen-testing / red-teaming tool for Windows environments
PowerShell 1173Updated: 2 y ago License: Permissive (Apache-2.0)
1173Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
s
sp-dev-docsby SharePoint
SharePoint & Viva Connections Developer Documentation
PowerShell 1171Updated: 2 y ago License: Permissive (CC-BY-4.0)
1171Updated: 2 y ago License: Permissive (CC-BY-4.0)Support
Quality
Security
License
Reuse
b
boxstarterby chocolatey
Repeatable, reboot resilient windows environment installations made easy using Chocolatey packages
PowerShell 1168Updated: 2 y ago License: Permissive (Apache-2.0)
1168Updated: 2 y ago License: Permissive (Apache-2.0)Support
Quality
Security
License
Reuse
i
icebreakerby DanMcInerney
Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
PowerShell 1162Updated: 2 y ago License: Permissive (MIT)
1162Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
C
CSS-Exchangeby microsoft
Exchange Server support tools and scripts
PowerShell 1154Updated: 2 y ago License: Permissive (MIT)
1154Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
P
PowerSharpPackby S3cur3Th1sSh1t
PowerShell 1144Updated: 2 y ago License: No License (No License)
1144Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
M
Mainby ScoopInstaller
📦 The default bucket for Scoop.
PowerShell 1143Updated: 2 y ago License: Permissive (Unlicense)
1143Updated: 2 y ago License: Permissive (Unlicense)Support
Quality
Security
License
Reuse
A
Azure-Red-Teamby rootsecdev
Azure Security Resources and Notes
PowerShell 1132Updated: 2 y ago License: No License (No License)
1132Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
s
scoop-extrasby lukesampson
"Extras" bucket for Scoop
PowerShell 1120Updated: 4 y ago License: Permissive (Unlicense)
1120Updated: 4 y ago License: Permissive (Unlicense)Support
Quality
Security
License
Reuse
T
ThreatPursuit-VMby mandiant
Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.
PowerShell 1118Updated: 2 y ago License: Proprietary (Proprietary)
1118Updated: 2 y ago License: Proprietary (Proprietary)Support
Quality
Security
License
Reuse
c
cmd-colors-solarizedby neilpa
Solarized color settings for Windows command prompt
PowerShell 1107Updated: 2 y ago License: No License (No License)
1107Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
C
Chimeraby tokyoneon
Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
PowerShell 1091Updated: 2 y ago License: No License (No License)
1091Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
m
move-wslby pxlrbt
Easily move your WSL distros VHDX file to a new location.
PowerShell 1090Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1090Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
l
luckystrikeby curi0usJack
A PowerShell based utility for the creation of malicious Office macro documents.
PowerShell 1077Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
1077Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
P
PowerShellby clymb3r
Useful PowerShell scripts
PowerShell 1072Updated: 2 y ago License: No License (No License)
1072Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
r
red-team-scriptsby threatexpress
A collection of Red Team focused tools, scripts, and notes
PowerShell 1061Updated: 2 y ago License: Permissive (BSD-3-Clause)
1061Updated: 2 y ago License: Permissive (BSD-3-Clause)Support
Quality
Security
License
Reuse
M
MSLabby microsoft
Azure Stack HCI, Windows 10 and Windows Server rapid lab deployment scripts
PowerShell 1051Updated: 2 y ago License: Permissive (MIT)
1051Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
p
powershell-intune-samplesby microsoftgraph
This repository of PowerShell sample scripts show how to access Intune service resources. They demonstrate this by making HTTPS RESTful API requests to the Microsoft Graph API from PowerShell.
PowerShell 1043Updated: 2 y ago License: Permissive (MIT)
1043Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
M
Microsoft365DSCby microsoft
Manages, configures, extracts and monitors Microsoft 365 tenant configurations
PowerShell 1042Updated: 2 y ago License: Permissive (MIT)
1042Updated: 2 y ago License: Permissive (MIT)Support
Quality
Security
License
Reuse
A
Azure-Functionsby Azure
PowerShell 1042Updated: 2 y ago License: No License (No License)
1042Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
S
SessionGopherby Arvanaghi
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally.
PowerShell 1037Updated: 2 y ago License: No License (No License)
1037Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
A
ADAPE-Scriptby hausec
Active Directory Assessment and Privilege Escalation Script
PowerShell 1020Updated: 2 y ago License: No License (No License)
1020Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
s
sql-docsby MicrosoftDocs
Technical documentation for Microsoft SQL Server, tools such as SQL Server Management Studio (SSMS) , SQL Server Data Tools (SSDT) etc.
PowerShell 998Updated: 2 y ago License: Permissive (CC-BY-4.0)
998Updated: 2 y ago License: Permissive (CC-BY-4.0)Support
Quality
Security
License
Reuse
P
PSSW100AVBby tihanyin
A list of useful Powershell scripts with 100% AV bypass (At the time of publication).
PowerShell 978Updated: 2 y ago License: No License (No License)
978Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse
A
AutoRDPwnby JoelGMSec
The Shadow Attack Framework
PowerShell 969Updated: 2 y ago License: Strong Copyleft (GPL-3.0)
969Updated: 2 y ago License: Strong Copyleft (GPL-3.0)Support
Quality
Security
License
Reuse
R
Random-PowerShell-Workby adbertram
Random PowerShell Work
PowerShell 968Updated: 2 y ago License: No License (No License)
968Updated: 2 y ago License: No License (No License)Support
Quality
Security
License
Reuse