Open Source PowerShell Security Software
Sort By:
PowerShell Security Software
View 5807 business solutionsBrowse free open source PowerShell Security Software and projects below. Use the toggles on the left to filter open source PowerShell Security Software by OS, license, language, programming language, and project status.
-
Shoplogix Smart Factory PlatformReal-time Visibility into Your Shop Floor's Performance. The Shoplogix smart factory platform enables manufacturers to increase overall equipment effectiveness, reduce operational costs, sustain growth and improve profitability by allowing them to visualize, integrate and act on production and machine performance in real-time. Manufacturers that trust us to drive efficiency in their factories. Real-time visual data and analytics provide valuable insights to make better informed decisions. Uncover hidden shop floor potential and drive rapid time to value. Develop a continuously improving culture through training, education and data-driven decisions. Compete in the i4.0 world by making the Shoplogix Smart Factory Platform the cornerstone of your digital transformation. Connect to any equipment or device to automate data collection and exchange it with other manufacturing technologies. Automatically monitor, report and analyze machine states to track real-time production.
-
Unrivaled Embedded Payments Solutions | NMINMI Payments is an embedded payments solution that lets SaaS platforms, Software companies and ISVs integrate, brand, and manage payment acceptance directly within their software—without becoming a PayFac or building complex infrastructure. As a full-stack processor, acquirer, and technology partner, NMI handles onboarding, compliance, and risk so you can stay focused on growth. The modular, white-label platform supports omnichannel payments, from online, mobile and in-app to in-store and unattended. Choose from full-code, low-code, or no-code integration paths and launch in weeks, not months. Built-in risk tools, flexible monetization, and customizable branding help you scale faster while keeping full control of your experience. With NMI’s developer-first tools, sandbox testing, and modern APIs, you can embed payments quickly and confidently.
-
1
malware-samples
A collection of malware samples and relevant dissection information
This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves. -
2
FLARE VM
A collection of software installations scripts for Windows systems
FLARE VM is a security-focused Windows workstation distribution designed for malware analysis, reverse engineering, penetration testing, and threat hunting. It bundles a curated set of tools—disassemblers, debuggers, decompilers, virtualization, forensics utilities, packet capture tools, exploit frameworks, and hex editors—preconfigured to work together. The environment configures paths, dependencies, environment variables, and common tool integrations so analysts can focus on tasks rather than setup. Updates and modular installation let users include only the tools that match their workflow, keeping the VM lean and current. Because security toolchains often clash (DLL versions, signing, privileges), FLARE VM’s packaging handles compatibility issues ahead of time. For investigations involving malware unpacking, sandboxing, static analysis, or code reversing on Windows, the platform dramatically accelerates readiness and consistency across analysts. -
3
Flipper Zero BadUSB
Repository for my flipper zero badUSB payloads
The repository is a public GitHub collection of BadUSB payloads prepared to run from a Flipper Zero device; it’s presented as a plug-and-play library that bundles payload scripts, a README, and supporting files so users can pick and use payloads without heavy setup. The project is heavily PowerShell-oriented and organized into a payloads folder with documentation (README, FAQs) and helper scripts, and the author says they formatted the collection to be easy for others to use. The maintainer also set up short-URL infrastructure to simplify embedding webhooks or tokens into compact one-liners for payload configuration, and the repo includes social/contact links and acknowledgments to related projects. The repository is actively used by a community (many stars, forks and hundreds of commits), and the author explicitly warns about responsible use and includes guidance in the docs. -
4
SpotX
SpotX patcher used for patching the desktop version of Spotify
SpotX is a community-built Spotify desktop client patcher that blocks audio, video, and banner ads and unlocks premium-like features—such as unlimited skips and custom themes—on Windows, macOS, and Linux. It injects tweaks client-side to redefine the Spotify experience. -
Ditto Edge Server is a lightweight standalone server for resource-constrained edge environments, based on the core Ditto Edge SDK.Ditto's Edge SDK is the only thing your edge devices need to ensure your application is operational in any environment, regardless of network conditions.
-
5
BadUSB
Flipper Zero badusb payload library
This project explores USB device emulation attacks—commonly called BadUSB—by demonstrating how commodity USB hardware can impersonate keyboards, network adapters, or storage devices to perform scripted actions on a host. It typically contains firmware examples, payloads, and explanations showing how a device presenting as a Human Interface Device (HID) can inject keystrokes, open shells, or orchestrate data exfiltration when plugged into a machine. The codebase is frequently intended for security research and defensive testing: defenders and red teams use it to validate endpoint controls, USB whitelisting, and user training. Due to the dual-use nature of such techniques, responsible repositories emphasize lab-only experiments, consent-based testing, and mitigations like disabling autorun, enforcing device policies, and using endpoint detection. -
6
Windows Super God Mode
Creates shortcuts to virtually every special location or action built
This project packages a set of Windows tweaks, shortcuts, and convenience scripts that surface many of the OS’s hidden settings and advanced controls into a single, easy-to-use place. It automates creation of “God Mode” folders and other control-panel shortcuts, removes the need to manually hunt through layers of Settings or the Registry, and often bundles helper scripts for common maintenance tasks. The intent is to put power-user features—tweaks for privacy, appearance, power management, and system behavior—within quick reach so administrators and enthusiasts can configure machines consistently. Because many of the actions touch system settings, the collection emphasizes clear instructions and reversible steps so users can roll back changes if needed. It’s valuable for technicians who want a reproducible baseline for customizing Windows installs, or for home users curious about otherwise-obscure controls. -
7
BloodHound Legacy
Six Degrees of Domain Admin
BloodHound Legacy is the deprecated open‑source version of the BloodHound Active Directory attack path analysis tool. It uses graph theory to model and visualize privileged relationships in AD, Entra ID, and Azure environments. Security professionals use it to enumerate domain privilege escalation paths, misconfigurations, and attack surfaces in corporate networks -
8
Tookie-OSINT
Username OSINT tool for discovering accounts across many websites
Tookie-OSINT is an open source intelligence tool designed to help security researchers, ethical hackers, and investigators discover online accounts associated with a specific username. It automates the process of searching for usernames across multiple websites, making it easier to identify a person's presence on different platforms. By entering a target username, Tookie-OSINT scans a list of supported sites and checks whether the username exists on those platforms. This approach removes the need for manual checks and significantly speeds up OSINT investigations. It is similar in concept to tools such as Sherlock, focusing on identifying user profiles across social media and other online services. Tookie-OSINT includes both command-line and optional web interface functionality, giving users flexible ways to run scans and analyze results. Tookie-OSINT was created to help beginners and aspiring security professionals learn about OSINT techniques. -
9
ScubaGear
Automation to assess the state of your M365 tenant against CISA
ScubaGear is a PowerShell-based assessment tool developed by CISA to verify that Microsoft 365 tenant configuration aligns with Secure Cloud Business Application (SCuBA) baselines. It automates scanning of M365 environments like Exchange, Defender, Teams, and SharePoint, and outputs compliance reports to help administrators align with best practice security configurations. -
The CRM you will want to use every dayAct! Premium is perfect for small and midsize businesses looking to market better, sell more, and create customers for life. With unparalleled flexibility and freedom of choice, Act! Premium accommodates the unique ways you do business. Whether it’s customizations to fit your specific business or industry processes or your preferences for deployment and access, the possibilities with Act! Premium are limitless.
-
10
BloodHound
Six Degrees of Domain Admin
BloodHound is a single-page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Azure environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment. BloodHound Enterprise is an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. You can remove millions, even billions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive techniques. -
11
Security Datasets
Re-play Security Events
Security‑Datasets is a community-driven repository maintained by the Open Threat Research Forge (OTRF) that curates publicly available malicious and benign datasets for threat-hunting, machine learning, event analysis, and cybersecurity research. Datasets include Windows events, logs, alerts, and simulated attack data to support detection engineering and academic research. -
12
powercat
Netshell features all in version 2 powershell
PowerCat is a compact PowerShell implementation of netcat-style networking utilities that makes it easy to create TCP/UDP clients and listeners, forward ports, and move data between sockets and files. It provides both interactive shells and single-command execution modes so operators can create bind shells, reverse shells, or simple file upload/download endpoints using only PowerShell. The tool supports encrypted connections (SSL/TLS) and can act as a basic SOCKS proxy or relay, enabling flexible pivot and tunneling workflows. PowerCat is implemented as a single, portable PowerShell script that favors minimal dependencies and is convenient to drop into a target or use from an admin workstation. Because it reimplements low-level socket behavior in managed code it is especially useful in Windows environments where native tools like netcat are unavailable or restricted. -
13
Claw Hunter
MDM-ready scripts for detecting and monitoring OpenClaw
Claw Hunter is an open-source security tool designed to detect, analyze, and mitigate risks associated with autonomous AI agents, specifically those built on platforms like OpenClaw. As agentic AI systems gain popularity, they introduce a new class of security challenges because they can execute commands, access files, and interact with external systems with minimal human oversight. Claw-Hunter addresses this emerging threat landscape by providing visibility into these agents, helping organizations identify instances running within their environments. It focuses on uncovering “shadow AI,” which refers to unauthorized or unmanaged AI agents that operate outside traditional security controls. The tool performs risk assessment by auditing agent permissions, capabilities, and access levels, allowing security teams to evaluate potential attack surfaces. It also helps ensure that these agents do not unintentionally expose sensitive data or create unauthorized access paths across systems. -
14
Offensive Reverse Shell
Collection of reverse shells for red team operations
The Offensive Reverse Shell Cheat Sheet is a compilation of reverse shell payloads useful for red team operations and penetration testing. It provides ready-to-use code snippets in various programming languages, facilitating the establishment of reverse shells during security assessments. -
15
DeepBlueCLI
PowerShell Module for Threat Hunting via Windows Event Logs
DeepBlueCLI is a PowerShell-centric threat-hunting toolkit built to extract, normalize, and flag suspicious activity from Windows event logs and Sysmon telemetry. It parses common sources—including Windows Security, System, Application, PowerShell logs, and Sysmon event ID 1—then applies a rich set of detection heuristics for things like suspicious account changes, password guessing and spraying, service tampering, PowerShell obfuscation and download-string usage, long or unusual command lines, and credential dumping attempts. Output is emitted as native PowerShell objects so analysts can pipe results to CSV, JSON, HTML, GridView, or custom pipelines for further triage and reporting. The codebase includes helpers for command-line decoding and de-obfuscation (automatic base64/deflate handling), safelisting/hash workflows (DeepBlueHash), and sample EVTX files so teams can test the tool on realistic attack traces. -
16
GOAD (Game of Active Directory)
game of active directory
GOAD (Gather Open Attack Data) is a security reconnaissance framework for collecting, enriching, and visualizing open-source intelligence (OSINT) around hosts, domains, and certificates. It automates queries to certificate transparency logs, passive DNS, subdomain enumeration, web endpoints, and other public threat feeds. The tool aggregates results into structured formats and can produce interactive graphs to highlight relationships between entities (e.g. domain → IP → cert → ASN). Analysts can filter, cluster, and explore these relationships to identify infrastructure patterns, potential subdomains, or attack surfaces. Integrations may include metadata like geolocation, WHOIS, and risk scoring to prioritize leads. GOAD helps teams transition from fragmented OSINT tools to a unified reconnaissance dashboard where exploration and filtering are first-class. -
17
PoshC2
C2 framework used to aid red teamers with post-exploitation
PoshC2 is a proxy-aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX. Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth. Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security. Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic. -
18
windows_hardening
HardeningKitty and Windows Hardening Settings
This repository, also known as HardeningKitty, is a comprehensive Windows hardening checklist for personal and enterprise environments. It translates security benchmarks (e.g., CIS, Microsoft Security Baselines) into actionable Group Policy and registry recommendations. Though designed primarily for Windows 10, it includes workaround modes such as “HailMary” for Windows Home users lacking the Group Policy Editor. -
19
EmLogs (NoCheating)
A maneira mais prática de verificar se alguém está usando cheats.
por: Desenvolvido para auxiliar na detecção de programas ilegais utilizados em jogos. eng: Developed to assist in the detection of illegal programs used in games. -
20
BashBunny Payloads
The Official Bash Bunny Payload Repository
This repository is a curated collection of payload scripts and examples for the Hak5 Bash Bunny device, a programmable USB attack platform. Payloads demonstrate how the device can emulate human interface devices (keyboard/mouse), Ethernet adapters, serial gadgets, or mass storage to automate complex workflows once plugged into a host. The collection ranges from benign administrative automation to offensive security demonstrations used in penetration testing, showcasing patterns like keystroke automation, reverse shells, credential capture (for lab use), and lateral transport techniques. Each payload typically includes a payload.txt control file with stages and configurable parameters so operators can adapt behavior to different targets. Because the device and its payloads are powerful, the repository emphasizes responsible use—training, red-team engagements with authorization, and awareness of legal/ethical boundaries. -
21
Domain Password Spray
A tool written in PowerShell to perform password assessments
DomainPasswordSpray is a focused security tool designed to perform enterprise-scale password spraying assessments against Active Directory environments. It automates the process of attempting common or customized passwords against many accounts while respecting timing and throttling controls to reduce obvious lockout noise. The project includes features for credential list management, target selection (users, service accounts, or collections), and configurable rate limits so testers can tune the balance between coverage and stealth. Output formats include summary reports and structured logs to help analysts triage which accounts were hit and where to prioritize defensive follow-up. The codebase is written to be used by penetration testers, red teams, and security assessors in authorized engagements and emphasizes responsible use; the README explicitly warns against unauthorized use and stresses running tests only with permission. -
22
PersistenceSniper
Powershell module that can be used by Blue Teams, Incident Responders
PersistenceSniper is a digitally signed PowerShell module aimed at blue teams and incident responders for automated detection of persistence mechanisms on Windows systems. It implements detection logic for techniques listed in MITRE ATT&CK (e.g. registry run keys, scheduled tasks, service modifications) and is regularly updated with new detection paths. -
23
Sihas
Helps you to ensure your cyber security through cyber hygiene
Deffend.net Sihas aims to help small companies and individuals to avoid cyber security threats through cyber hygiene. It runs on Windows desktop and looks for misconfigurations that may result in cyber security risks. Ensuring cyber hygiene is the first step of preventing cyber security threats. Sihas will help to individuals who lack cyber security knowledge and to companies who can not afford getting cyber security consultancy. -
24
Active Directory Exploitation
A cheat sheet that contains common enumeration and attack methods
Active-Directory-Exploitation-Cheat-Sheet is a comprehensive, community-curated cheat sheet that collects practical enumeration commands, attack techniques, and quick references for attacking and auditing Windows Active Directory environments. The repository is organized as a stepwise kill-chain: recon, domain enumeration, local privilege escalation, user hunting, BloodHound guidance, lateral movement, persistence, domain-admin takeover, cross-trust attacks, data exfiltration, and a toolbox of payloads and helper scripts. It aggregates short, copy-ready PowerShell, C, .NET and Python snippets as well as command examples so operators can quickly run checks or reproduce techniques in lab environments. The content also includes .NET payload patterns, reverse PowerShell helpers, notes on privileged accounts and groups, and practical tips for hunting or protecting high-value targets. -
25
AzureAD Attack Defense
This publication is a collection of various common attack scenarios
AzureAD-Attack-Defense is a community-maintained playbook that collects common attack scenarios against Microsoft Entra ID (formerly Azure Active Directory) together with detection and mitigation guidance. The repository is organized into focused chapters — for example: Password Spray, Consent Grant, Service Principals in Azure DevOps, Entra Connect Sync Service Account, Replay of Primary Refresh Token (PRT), Entra ID Security Config Analyzer, and Adversary-in-the-Middle — each written to explain the attack, show detection approaches, and recommend mitigation steps. For each scenario the playbook describes the attack flow, maps the techniques to the MITRE ATT&CK framework, and explains how to leverage Microsoft’s security stack (Microsoft Defender XDR, Microsoft Sentinel, Azure Entra ID Connect, and Defender for Cloud) to detect and respond.
