├── .gitattributes ├── .gitignore ├── Disassembly ├── Get-CSDisassembly.ps1 └── Get-ILDisassembly.ps1 ├── Lib ├── Capstone │ ├── Capstone.psd1 │ ├── LICENSE.TXT │ ├── README │ └── lib │ │ ├── capstone.dll │ │ ├── place_capstone.dll_here │ │ ├── x64 │ │ ├── libcapstone.dll │ │ └── place_64-bit_libcapstone.dll_here │ │ └── x86 │ │ ├── libcapstone.dll │ │ └── place_32-bit_libcapstone.dll_here ├── De4dot │ ├── AssemblyData.dll │ ├── de4dot.blocks.dll │ ├── de4dot.code.dll │ ├── de4dot.mdecrypt.dll │ └── dnlib.dll ├── Formatters │ ├── Get-CSDisassembly.format.ps1xml │ ├── Get-ILDisassembly.format.ps1xml │ ├── Get-LibSymbols.format.ps1xml │ ├── Get-NtSystemInformation.format.ps1xml │ ├── Get-ObjDump.format.ps1xml │ ├── Get-PE.format.ps1xml │ ├── Get-PEB.format.ps1xml │ ├── MemoryTools.format.ps1xml │ └── ProcessModuleTrace.format.ps1xml └── PSReflect │ ├── Examples │ ├── Get-NetShare.ps1 │ └── SimplePEParser.ps1 │ ├── LICENSE │ ├── PSReflect.psd1 │ ├── PSReflect.psm1 │ └── README.md ├── MalwareAnalysis ├── Hosts.ps1 ├── dotNetMalwareAnalysis.ps1 ├── funcdelegate.ps1 └── loadlib.ps1 ├── MemoryTools └── MemoryTools.ps1 ├── Misc ├── ConvertTo-String.ps1 ├── Get-Entropy.ps1 ├── Get-Member.ps1 └── Get-Strings.ps1 ├── Parsers ├── Get-LibSymbols.ps1 ├── Get-ObjDump.ps1 └── Get-PE.ps1 ├── PowerShellArsenal.psd1 ├── PowerShellArsenal.psm1 ├── README.md └── WindowsInternals ├── Get-NtSystemInformation.ps1 ├── Get-PEB.ps1 ├── Get-SystemInfo.ps1 └── ProcessModuleTrace.ps1 /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/.gitattributes -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/.gitignore -------------------------------------------------------------------------------- /Disassembly/Get-CSDisassembly.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Disassembly/Get-CSDisassembly.ps1 -------------------------------------------------------------------------------- /Disassembly/Get-ILDisassembly.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Disassembly/Get-ILDisassembly.ps1 -------------------------------------------------------------------------------- /Lib/Capstone/Capstone.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Capstone/Capstone.psd1 -------------------------------------------------------------------------------- /Lib/Capstone/LICENSE.TXT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Capstone/LICENSE.TXT -------------------------------------------------------------------------------- /Lib/Capstone/README: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Capstone/README -------------------------------------------------------------------------------- /Lib/Capstone/lib/capstone.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Capstone/lib/capstone.dll -------------------------------------------------------------------------------- /Lib/Capstone/lib/place_capstone.dll_here: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Lib/Capstone/lib/x64/libcapstone.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Capstone/lib/x64/libcapstone.dll -------------------------------------------------------------------------------- /Lib/Capstone/lib/x64/place_64-bit_libcapstone.dll_here: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Lib/Capstone/lib/x86/libcapstone.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Capstone/lib/x86/libcapstone.dll -------------------------------------------------------------------------------- /Lib/Capstone/lib/x86/place_32-bit_libcapstone.dll_here: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Lib/De4dot/AssemblyData.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/De4dot/AssemblyData.dll -------------------------------------------------------------------------------- /Lib/De4dot/de4dot.blocks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/De4dot/de4dot.blocks.dll -------------------------------------------------------------------------------- /Lib/De4dot/de4dot.code.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/De4dot/de4dot.code.dll -------------------------------------------------------------------------------- /Lib/De4dot/de4dot.mdecrypt.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/De4dot/de4dot.mdecrypt.dll -------------------------------------------------------------------------------- /Lib/De4dot/dnlib.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/De4dot/dnlib.dll -------------------------------------------------------------------------------- /Lib/Formatters/Get-CSDisassembly.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-CSDisassembly.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/Get-ILDisassembly.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-ILDisassembly.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/Get-LibSymbols.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-LibSymbols.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/Get-NtSystemInformation.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-NtSystemInformation.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/Get-ObjDump.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-ObjDump.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/Get-PE.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-PE.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/Get-PEB.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/Get-PEB.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/MemoryTools.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/MemoryTools.format.ps1xml -------------------------------------------------------------------------------- /Lib/Formatters/ProcessModuleTrace.format.ps1xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/Formatters/ProcessModuleTrace.format.ps1xml -------------------------------------------------------------------------------- /Lib/PSReflect/Examples/Get-NetShare.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/PSReflect/Examples/Get-NetShare.ps1 -------------------------------------------------------------------------------- /Lib/PSReflect/Examples/SimplePEParser.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/PSReflect/Examples/SimplePEParser.ps1 -------------------------------------------------------------------------------- /Lib/PSReflect/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/PSReflect/LICENSE -------------------------------------------------------------------------------- /Lib/PSReflect/PSReflect.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/PSReflect/PSReflect.psd1 -------------------------------------------------------------------------------- /Lib/PSReflect/PSReflect.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/PSReflect/PSReflect.psm1 -------------------------------------------------------------------------------- /Lib/PSReflect/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Lib/PSReflect/README.md -------------------------------------------------------------------------------- /MalwareAnalysis/Hosts.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/MalwareAnalysis/Hosts.ps1 -------------------------------------------------------------------------------- /MalwareAnalysis/dotNetMalwareAnalysis.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/MalwareAnalysis/dotNetMalwareAnalysis.ps1 -------------------------------------------------------------------------------- /MalwareAnalysis/funcdelegate.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/MalwareAnalysis/funcdelegate.ps1 -------------------------------------------------------------------------------- /MalwareAnalysis/loadlib.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/MalwareAnalysis/loadlib.ps1 -------------------------------------------------------------------------------- /MemoryTools/MemoryTools.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/MemoryTools/MemoryTools.ps1 -------------------------------------------------------------------------------- /Misc/ConvertTo-String.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Misc/ConvertTo-String.ps1 -------------------------------------------------------------------------------- /Misc/Get-Entropy.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Misc/Get-Entropy.ps1 -------------------------------------------------------------------------------- /Misc/Get-Member.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Misc/Get-Member.ps1 -------------------------------------------------------------------------------- /Misc/Get-Strings.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Misc/Get-Strings.ps1 -------------------------------------------------------------------------------- /Parsers/Get-LibSymbols.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Parsers/Get-LibSymbols.ps1 -------------------------------------------------------------------------------- /Parsers/Get-ObjDump.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Parsers/Get-ObjDump.ps1 -------------------------------------------------------------------------------- /Parsers/Get-PE.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/Parsers/Get-PE.ps1 -------------------------------------------------------------------------------- /PowerShellArsenal.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/PowerShellArsenal.psd1 -------------------------------------------------------------------------------- /PowerShellArsenal.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/PowerShellArsenal.psm1 -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/README.md -------------------------------------------------------------------------------- /WindowsInternals/Get-NtSystemInformation.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/WindowsInternals/Get-NtSystemInformation.ps1 -------------------------------------------------------------------------------- /WindowsInternals/Get-PEB.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/WindowsInternals/Get-PEB.ps1 -------------------------------------------------------------------------------- /WindowsInternals/Get-SystemInfo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/WindowsInternals/Get-SystemInfo.ps1 -------------------------------------------------------------------------------- /WindowsInternals/ProcessModuleTrace.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/HarmJ0y/PowerShellArsenal/HEAD/WindowsInternals/ProcessModuleTrace.ps1 --------------------------------------------------------------------------------