πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β295Mar 29, 2026Updated 2 months ago
Alternatives and similar repositories for AutoRuns
Users that are interested in AutoRuns are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.β47Jun 5, 2017Updated 9 years ago
- Python script for analyis of the "Trust.csv" file generated by Veil PowerView. Provides graph based analysis and output.β121Aug 18, 2020Updated 5 years ago
- PowerForensics provides an all in one platform for live disk forensic analysisβ1,435Nov 16, 2023Updated 2 years ago
- Generates anti-sandbox analysis HTA files without payloadsβ121Mar 16, 2017Updated 9 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.β103Nov 17, 2020Updated 5 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer β’ AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- PowerShell Empire module for logging USB keystrokes via ETWβ31Nov 11, 2016Updated 9 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.β321Jun 5, 2017Updated 9 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's sβ¦β108Jul 2, 2017Updated 8 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.β386Jun 25, 2024Updated last year
- Powershell module to assist in attacking Exchange/Outlook Web Accessβ182Sep 22, 2016Updated 9 years ago
- Custom scripts released for BSidesDC 2016β14Oct 19, 2016Updated 9 years ago
- Fileless SQL Server CLR-based Custom Stored Procedure Command Executionβ35Mar 6, 2017Updated 9 years ago
- β67Dec 19, 2018Updated 7 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across alβ¦β658Aug 19, 2019Updated 6 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer β’ AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Automated, Collection, and Enrichment Platformβ326Nov 14, 2019Updated 6 years ago
- PowerShell module to play with Kerberos S4U extensionsβ52Apr 2, 2017Updated 9 years ago
- A script for advanced discovery of Privileged Accounts - includes Shadow Adminsβ828Sep 9, 2019Updated 6 years ago
- β267Oct 25, 2025Updated 7 months ago
- Exploit the credentials present in files and memoryβ845May 25, 2023Updated 3 years ago
- Currently not updated for WMIEvent module...β263Feb 23, 2016Updated 10 years ago
- Powershell Threat Hunting Moduleβ291Sep 21, 2016Updated 9 years ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ228Oct 14, 2018Updated 7 years ago
- Random Toolsβ851Oct 20, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer β’ AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PoC: process watcher patterns to make killing a process hard.β11Aug 1, 2018Updated 7 years ago
- Windows PowerShell domain scanning toolβ54Apr 23, 2016Updated 10 years ago
- Port of eternal blue exploits to powershellβ151Jun 3, 2017Updated 9 years ago
- In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)β171Jun 8, 2017Updated 9 years ago
- Collection of PowerShell scriptsβ451Dec 18, 2017Updated 8 years ago
- Module to provide PowerShell functions that abstract Win32 API functionsβ252Jun 6, 2024Updated 2 years ago
- Invoke-LiveResponseβ150Feb 22, 2022Updated 4 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted daβ¦β493Jul 29, 2017Updated 8 years ago
- A PowerShell based utility for the creation of malicious Office macro documents.β1,108Nov 3, 2017Updated 8 years ago
- 1-Click AI Models by DigitalOcean Gradient β’ AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- C# Targeted Attack Reconnissance Toolsβ120Jan 11, 2021Updated 5 years ago
- β80Sep 27, 2015Updated 10 years ago
- Executes common PowerSploit Powerview functions then combines output into a spreadsheet for easy analysis.β71Jul 26, 2018Updated 7 years ago
- Powershell VNC injectorβ348Jun 29, 2020Updated 5 years ago
- A .NET tool that uses AppDomain's to enable dynamic execution and escape detection.β29Nov 25, 2019Updated 6 years ago
- PowerShell Scripts focused on Post-Exploitation Capabilitiesβ320Dec 29, 2017Updated 8 years ago
- NetSPI PowerShell Scriptsβ345Feb 10, 2026Updated 3 months ago