This repository has nothing related to the existing PowerView.py project that is already publicly available. This is only meant for my personal learning purpose and would like to share the efforts with everyone interested. This project will be supported by the collaborators from time to time, so don't worry.
This is still in beta mode as bugs are likely to occur during execution. Please submit issue if you encounter any issues with the tool.
PowerView.py is an alternative for the awesome original PowerView script. Most of the modules used in PowerView are available in this project ( some of the flags are changed ).
- Embeded user session
- Mini PowerView.py console to make you feel like home when using PowerView in Powershell
- Auto-completer, so no more memorizing commands
- Cross-Domain interactions (might or might not work) Maybe more?
As most of yall know, PowerView.ps1 is highly likely to get detected by Defender or AV vendors once downloaded onto the PC. An offensive tool to get detected by AV is a red flag during engagement. Maybe some of you thinking, why not just bypass AMSI and import the script undetected? Well, some of the big companies normally have EDR installed on most endpoints and EDRs are normally hook amsi patching and also most likely would get detected during AMSI patching. So, PowerView.py FTW!
python3 setup.py install
Note that some of the kerberos functions are still not functioning well just yet
- Init connection
powerview.py range.net/lowpriv:Password123 --dc-ip 192.168.86.192 [-h]
- Filter results
Get-DomainUser -Where 'samaccountname [contains][in][eq] admins'
- Count resulsts
Get-DomainUser -Count
Module | Alias | Description |
---|---|---|
Get-Domain | Get-NetDomain | |
Get-DomainController | Get-NetDomainController | |
Get-DomainDNSZone | ||
Get-DomainCA | Get-NetCA | |
Get-DomainGPO | Get-NetGPO | |
Get-DomainGPOLocalGroup | Get-GPOLocalGroup | |
Get-DomainOU | Get-NetOU | |
Get-DomainTrust | Get-NetTrust | |
Get-DomainUser | Get-NetUser | |
Get-DomainGroup | Get-NetGroup | |
Get-DomainGroupMember | Get-NetGroupMember | |
Get-NamedPipes | ||
Get-Shares | Get-NetShares | |
Get-DomainComputer | Get-NetComputer | |
Get-DomainObject | Get-ADObject | |
Get-DomainObjectAcl | Get-ObjectAcl | |
Add-DomainObjectAcl | Add-ObjectAcl | Supported rights so far are All, DCsync, RBCD, ShadowCred, WriteMembers |
Remove-DomainObjectAcl | Remove-ObjectAcl | |
Add-DomainGroupMember | Add-GroupMember | |
Remove-DomainGroupmember | Remove-GroupMember | |
Add-DomainComputer | Add-ADComputer | |
Remove-DomainComputer | Remove-ADComputer | |
Add-DomainUser | Add-ADUser | |
Remove-DomainUser | Remove-ADUser | |
Set-DomainObject | Set-Object | |
Set-DomainUserPassword | ||
Find-LocalAdminAccess | ||
Invoke-Kerberoast | ||
ConvertFrom-SID |
- Add Set-DomainObjectOwner module
- Add a wiki?