Giters

N3mes1s / IR-Tools

IR-Tools - PowerShell tools for IR

Home Page:http://www.javelin-networks.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Collection of Microsoft PowerShell modules that can be used to aid with forensics of domain based attacks on an infected host.

CodeExecution

Execute code on a target machine using Import-Module.

Get-ShellContent

Extracts live input and output of any commandline process, running or dumped, encrypted or plaintext from a remote computer.

Get-SessionsAnomaly

Finds existence of Pass-The-Ticket and Pass-The-Hash attacks on a remote machine.

License

The IT-Tools project and all individual scripts are under the [BSD 3-Clause license] unless explicitly noted otherwise.

Usage

To install any of these modules, drop the powershell scripts into a directory and type Import-Module PathTo\scriptName.ps1

Then run the Module from the Powershell.

Refer to the comment-based help in each individual script for detailed usage information.

About

IR-Tools - PowerShell tools for IR

http://www.javelin-networks.com

Languages

Language:PowerShell 88.7%Language:C++ 7.6%Language:C 3.6%Language:Objective-C 0.1%