JavelinNetworks / Ir Tools
IR-Tools - PowerShell tools for IR
Stars: ✭ 128
Programming Languages
powershell
5483 projects
Collection of Microsoft PowerShell modules that can be used to aid with forensics of domain based attacks on an infected host.
CodeExecution
Execute code on a target machine using Import-Module.
Get-ShellContent
Extracts live input and output of any commandline process, running or dumped, encrypted or plaintext from a remote computer.
Get-SessionsAnomaly
Finds existence of Pass-The-Ticket and Pass-The-Hash attacks on a remote machine.
License
The IT-Tools project and all individual scripts are under the [BSD 3-Clause license] unless explicitly noted otherwise.
Usage
To install any of these modules, drop the powershell scripts into a directory and type Import-Module PathTo\scriptName.ps1
Then run the Module from the Powershell.
Refer to the comment-based help in each individual script for detailed usage information.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].