Open Source PowerShell Security Software - Page 2
Sort By:
PowerShell Security Software
View 5807 business solutionsBrowse free open source PowerShell Security Software and projects below. Use the toggles on the left to filter open source PowerShell Security Software by OS, license, language, programming language, and project status.
-
The AI workplace management platformBy combining AI workflows, predictive intelligence, and automated insights, OfficeSpace gives leaders a complete view of how their spaces are used and how people work. Facilities, IT, HR, and Real Estate teams use OfficeSpace to optimize space utilization, enhance employee experience, and reduce portfolio costs with precision.
-
Premier Construction SoftwareRated #1 Construction Accounting Software by Forbes Advisor in 2022 & 2023. Our modern SAAS solution is designed to meet the needs of General Contractors, Developers/Owners, Homebuilders & Specialty Contractors.
-
1
Deffend.net Otus
Helps you to ensure your cyber security through cyber hygiene
Deffend.net Otus aims to help small companies and individuals to avoid cyber security threats through cyber hygiene. It runs on Windows desktop and looks for misconfigurations that may result in cyber security risks. Ensuring cyber hygiene is the first step of preventing cyber security threats. Otus will help to individuals who lack cyber security knowledge and to companies who can not afford getting cyber security consultancy. -
2
-
3
Invoke-PSImage
Encodes a PowerShell script in the pixels of a PNG file
Invoke-PSImage is a PowerShell utility that hides, extracts, and optionally executes PowerShell payloads inside image files using simple steganography techniques. It can embed a script or binary blob into an image (commonly PNG or JPEG) and later recover that payload without leaving a separate file on disk, enabling in-memory execution workflows. The tool offers options for compression and encryption so the embedded content is both smaller and protected by a passphrase when required. It includes helpers to encode a payload into an image, decode an embedded payload back to readable form, and run the extracted content directly from memory to avoid touching disk. Designed as a compact, single-file PowerShell script, it relies on .NET imaging APIs to manipulate pixel data or metadata and to store the payload in a way that survives ordinary file transfers. -
4
Invoke-TheHash
PowerShell Pass The Hash Utils
Invoke-TheHash is a PowerShell module providing utilities to perform “Pass-the-Hash” style remote operations over WMI and SMB by supplying NTLM hashes instead of plaintext passwords. The project includes multiple scripts/modules (Invoke-WMIExec, Invoke-SMBExec, Invoke-SMBEnum, Invoke-SMBClient, and a wrapper Invoke-TheHash) so operators can choose enumeration, file access, or command execution modes. It uses .NET’s TcpClient for direct SMB/WMI connections and performs authentication by inserting an NTLM hash into the NTLMv2 protocol flow. The module supports both local accounts and domain accounts (via domain parameter), and it accepts either LM:NTLM or pure NTLM format hashes. For command execution, it can create services on remote hosts (SMBExec style) or use WMI class methods. Since it works over network protocols rather than relying on built-in Windows clients, it can bypass some limitations or restrictions in constrained environments. -
Data management solutions for confident marketingVerify, deduplicate, manipulate, and assign records automatically to keep your CRM data accurate, complete, and ready for business.
-
5
MicroBurst
A collection of scripts for assessing Microsoft Azure security
MicroBurst is a PowerShell toolkit from NetSPI focused on assessing Microsoft Azure security by automating discovery, enumeration, and targeted auditing of cloud services and configurations. It bundles many functions to enumerate Azure resources (subscriptions, VMs, storage accounts, container registries, App Services and more), probe common misconfigurations, and harvest sensitive artifacts when available (for example storage blobs, keys, automation account credentials, and other subscription-level secrets). The project exposes both interactive helpers and scripted commands (e.g., Invoke-EnumerateAzureBlobs, Invoke-EnumerateAzureSubDomains, REST-based VM command execution and storage key retrieval routines) so operators can pivot from discovery to validated proof-of-concept actions during authorized penetration tests. -
6
Microsoft Defender for Cloud
Welcome to the Microsoft Defender for Cloud community repository
Microsoft Defender for Cloud (the community repository) is a centralized collection of programmatic automations, policy definitions, remediation scripts, and visualization workbooks designed to help organizations manage and operationalize Microsoft Defender for Cloud at scale. It packages ready-to-use Azure Policy definitions, Logic App templates, PowerShell automation, remediation actions, and custom workbooks so teams can deploy detections, enforce security posture, and automate responses across subscriptions and tenants. The repo includes playbooks and examples for translating recommendations into automated remediation, along with onboarding and deployment artifacts (including Terraform helpers) to simplify large-scale rollout. Content is explicitly presented as community-driven: contributors can submit Logic Apps, policies, and scripts, and the project documents contribution guidelines and CLA requirements for submissions. -
7
Nishang
Offensive PowerShell for red team and penetration testing
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing. Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all cases, the function name is same as the script name. Nishang scripts are flagged by many Anti Viruses as malicious. The scrripts on a target are meant to be used in memory which is very easy to do with PowerShell. Two basic methods to execute PowerShell scripts in memory. Use the in-memory dowload and execute: Use below command to execute a PowerShell script from a remote shell, meterpreter native shell, a web shell etc. and the function exported by it. -
8
PowerSharpPack
Offensive CSharp Projects wraped into Powershell for easy usage
PowerSharpPack is a consolidated offensive-security toolkit that wraps many standalone C# projects into an easy-to-use PowerShell loader. The author compiles, gzip-compresses and base64-encodes each C# binary, then dynamically loads the assemblies into the PowerShell process so operators can invoke powerful .NET tools without dropping executables on disk. The bundle exposes a single entry script (PowerSharpPack.ps1) with switches to select which embedded tool to run and an optional -Command argument to pass tool-specific parameters. Included projects cover a broad range of post-exploitation and reconnaissance needs: Kerberos tooling, host survey utilities, credential and browser data extractors, AD enumeration, privilege escalation helpers, persistence frameworks, and file/handle utilities. For convenience the repo also ships per-binary PowerShell loaders when users prefer to avoid loading the entire pack, plus helper binaries used for compression/encoding. -
9
TigerSafe
Free open source password manager
TigerSafe is a free open source password manager. It allows to store passwords in a file, without internet, by encrypting them with a single password. The user can then use a different password for every website he wants to use, and only has to remember a single password: the one used to encrypt/decrypt the file storing his passwords. It is highly recommended to do backups of the file storing passwords with TigerSafe, for example copy/paste it in USB flash drives, cloud drives like Google Drive, Dropbox... Indeed, users are solely responsible for their data. TigerSafe also enables you to store the 2-factor authentication mechanism mostly used by modern websites (TOTP 2FA) in a secure way. Since TigerSafe is particularly sensitive, no binary installation file is provided (because it could be infected by a virus, or have a vulnerability in its dependencies such as the JDK implementation used). Instead, installation instructions are provided, and a YouTube video for Windows. -
Field Service+ for MS Dynamics 365 & SalesforceResco’s mobile solution streamlines your field service operations with offline work, fast data sync, and powerful tools for frontline workers, all natively integrated into Dynamics 365 and Salesforce.
-
10
Ultimate AppLocker Bypass List
The most common techniques to bypass AppLocker
UltimateAppLockerByPassList is a community-curated repository that collects known techniques, patterns, and candidate binaries that have been observed or proposed to bypass Microsoft AppLocker and similar executable control policies. The project functions as a living catalog: entries list binaries, script hosts, and patterns that researchers have tested or reported in the wild, along with notes about context, platform constraints, and mitigation ideas. It is aimed primarily at defenders, incident responders, and security researchers who need a consolidated reference to understand common bypass vectors and to validate detection logic. The repository emphasizes defensive use—helping blue teams craft allow-list policies, create detection rules, and test policy hardening in isolated lab environments—rather than offensive exploitation. -
11
WSUS CWE
Get know which WSUS client are not in sync
PowerShell scripts for notification of WSUS client status. Default summary report from WSUS server does not notify about inactual WSUS clients. WSUS CWE collects information about errors and if client is in sync from last month. -
12
WinPwn
Automation for internal Windows Penetrationtest / AD-Security
WinPwn is a PowerShell-based toolkit for automating internal Windows penetration testing and Active Directory reconnaissance. It streamlines many manual steps by integrating reconnaissance modules like Seatbelt, Inveigh, Rubeus, and PrivescCheck. With proxy auto‑detection, endpoint enumeration, and exploitation routines, it's widely used in red team and blue team tool chains. -
13
sRDI
Shellcode implementation of Reflective DLL Injection
sRDI is a compact project that implements a shellcode form of Reflective DLL Injection, enabling DLLs to be converted into position-independent shellcode and loaded in memory by a small in-process PE loader. The codebase groups a C implementation of a reflective PE loader with multiple loader/wrapper components (native C loader, a .NET loader, Python and PowerShell conversion helpers) so authors can produce and embed sRDI blobs in different environments. The loader aims to behave like a proper PE loader: it preserves section permissions, supports TLS callbacks, performs sanity checks, and exposes flags to control behaviors such as header clearing, memory wiping, import obfuscation, and whether the shellcode receives the base address. The repository also provides utility scripts to convert DLL binaries into embedded blobs and to update static encodings used by the supplied loaders. -
14
vulnerable-AD
Create a vulnerable active directory
Vulnerable-AD is a PowerShell toolkit that automates the creation of a deliberately insecure Active Directory domain for hands-on labs and testing. It builds a domain controller (or augments an existing AD installation) with a variety of common misconfigurations and intentional weaknesses so practitioners can exercise attack techniques such as Kerberoast, AS-REP roast, DCSync, Pass-the-Hash, Silver/Golden Ticket attacks, and more. The project can create user objects with default or weak passwords, inject passwords into object descriptions, disable SMB signing, and manipulate ACLs to reproduce real-world privilege escalation and persistence scenarios. A convenience wrapper and examples make it straightforward to deploy in a local lab: you can install AD services, run the script on a domain controller, and generate hundreds of vulnerable accounts and conditions for testing. The repository emphasizes full coverage of the listed attack types and includes options to randomize which weakness
