Discover the top trending PowerShell repositories and projects on Github. Explore the latest trends in PowerShell development.

Trending Repositories

1

winutil

Chris Titus Tech's Windows Utility - Install Programs, Tweaks, Fixes, and Updates
🔥🔥🔥
2

Win11Debloat

A simple powershell script to remove bloatware apps from windows, disable telemetry, bing in windows search aswell as perform various other changes to declutter and improve your windows experience. This script works for both windows 10 and windows 11.
🔥🔥🔥
3

runner-images

GitHub Actions runner images
🔥🔥
4

EDR-Telemetry

This project aims to compare and evaluate the telemetry of various EDR products.
🔥
5

sudo

It's sudo, for Windows
🔥
6

Scoop

A command-line installer for Windows.
📣
7

Windows-Local-Privilege-Escalation-Cookbook

Windows Local Privilege Escalation Cookbook
📣
8

Win-Debloat-Tools

These scripts will Customize, Debloat and Improve Privacy/Performance and System Responsiveness on Windows 10+.
📣
9

Easy-GPU-PV

A Project dedicated to making GPU Partitioning on Windows easier!
📣
10

core

Home repository for .NET Core
📣
11

SpotX

Modified Spotify client. Blocks ads and updates, and more.
📣
12

gcopy

A clipboard synchronization tool that based on Git.
📣
13

WSL

Issues found on WSL
⬆️
14

Microsoft-Analyzer-Suite

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID
⬆️
15

flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
⬆️
16

Main

📦 The default bucket for Scoop.
⬆️
17

svg-explorer-extension

Extension module for Windows Explorer to render SVG thumbnails, so that you can have an overview of your SVG files
⬆️
18

AMSI-BYPASS

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
⬆️
19

PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework
⬆️
20

ResolutionAutomation

Automates changing the host resolution to match the client resolution of Moonlight, with capabilities of supersampling if required
⬆️
21

EventViewer-UACBypass

🍊 Orange Tsai EventViewer RCE
⬆️
22

GraphRunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API
⬆️
23

selfhosted-apps-docker

Guide by Example
⬆️
24

commando-vm

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]
⬆️
25

WinPwn

Automation for internal Windows Penetrationtest / AD-Security
⬆️
26

PersistenceSniper

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
⬆️
27

Sophia-Script-for-Windows

⚡ The most powerful PowerShell module on GitHub for fine-tuning Windows 10 & Windows 11
⬆️
28

TokenTactics

Azure JWT Token Manipulation Toolset
⬆️
29

BloodHound

Six Degrees of Domain Admin
⬆️
30

monkey365

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
⬆️
31

usbrubberducky-payloads

The Official USB Rubber Ducky Payload Repository
⬆️
32

ios-safari-remote-debug-kit

Remotely debugging iOS Safari on Windows and Linux
⬆️
33

RedTeaming-Tactics-and-Techniques

Red Teaming Tactics and Techniques
⬆️
34

PowerShell

500+ PowerShell scripts (.ps1) for every system!
⬆️
35

lando

A development tool for all your projects that is fast, easy, powerful and liberating
⬆️
36

wireshark-rdp

Wireshark RDP resources
⬆️
37

red_team_attack_lab

Red Team Attack Lab for TTP testing & research
⬆️
38

PingCastle-Notify

Monitor your PingCastle scans to highlight the rule diff between two scans
⬆️
39

BARK

BloodHound Attack Research Kit
⬆️
40

GDK

Microsoft Public GDK
⬆️
41

HardeningKitty

HardeningKitty - Checks and hardens your Windows configuration
⬆️
42

scripts

Public library of scripts maintained by Ironman Software.
⬆️
43

LME

Logging Made Easy (LME) is a no-cost and open logging and protective monitoring solution serving all organizations.
⬆️
44

M365Documentation

Automatic Microsoft 365 Documentation to simplify the life of admins and consultants.
⬆️
45

AzureAD-Attack-Defense

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.
⬆️
46

ARI

Azure Resource Inventory - It's a Powerful tool to create EXCEL inventory from Azure Resources with low effort
⬆️
47

powercat

netshell features all in version 2 powershell
⬆️
48

sRDI

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
⬆️
49

Active-Directory-Exploitation-Cheat-Sheet

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
⬆️
50

MicroBurst

A collection of scripts for assessing Microsoft Azure security
⬆️
51

PowerShellAIAssistant

Enhance PowerShell scripting with AI using PowerShell AI Assistant module.
⬆️
52

PowerUpSQL

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
⬆️
53

Office365itpros

Office 365 for IT Pros PowerShell examples
⬆️
54

move-wsl

Easily move your WSL distros VHDX file to a new location.
⬆️
55

posh-git

A PowerShell environment for Git
⬆️
56

MFASweep

A tool for checking if MFA is enabled on multiple Microsoft Services
⬆️
57

ADeleginator

A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory
⬆️
58

WSL

Source code behind the Windows Subsystem for Linux documentation.
⬆️
59

cobalt-arsenal

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
⬆️
60

MSOLSpray

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
⬆️
61

PSFzf

A PowerShell wrapper around the fuzzy finder fzf
⬆️
62

JAWS

JAWS - Just Another Windows (Enum) Script
⬆️
63

Windows10Debloater

Script to remove Windows 10 bloatware.
⬆️
64

ConPtyShell

ConPtyShell - Fully Interactive Reverse Shell for Windows
⬆️
65

psgetsystem

getsystem via parent process using ps1 & embeded c#
⬆️
66

PowerSharpPack

⬆️
67

psutils

Command line utilities written in Powershell
⬆️
68

BadShares

A tool to create randomly insecure file shares that also contain unsecured credential files
⬆️
69

Run-in-Sandbox

Run PS1, VBS, CMD, EXE, MSI, Intunewin, MSIX, or extract ISO, ZIP in Windows Sandbox very quickly just from a right-click
⬆️
70

ps-evm

High-performance EVM implementation written in modern PowerShell language.
⬆️
71

Fido

A PowerShell script to download Windows or UEFI Shell ISOs
⬆️
72

Install

📥 Next-generation Scoop (un)installer
⬆️
73

Penetration-Testing-Tools

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
⬆️
74

Microsoft-Extractor-Suite

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
⬆️
75

invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
⬆️
76

DomainPasswordSpray

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
⬆️
77

BadBlood

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
⬆️
78

MailSniper

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.
⬆️
79

PwshSpectreConsole

👻 PwshSpectreConsole is an opinionated wrapper for the awesome Spectre.Console library
⬆️
80

Creds

Some usefull Scripts and Executables for Pentest & Forensics
⬆️
81

Windows-Optimize-Harden-Debloat

Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.
⬆️
82

aspire-mobile

.NET Aspire support for .NET MAUI and other mobile clients
⬆️
83

CVE-2021-34527

⬆️
84

ServerUntrustAccount

A technique for Active Directory domain persistence
⬆️
85

ADACLScanner

Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory
⬆️
86

PoshC2

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
⬆️
87

ADRecon

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
⬆️
88

DCToolbox

Tools for Microsoft cloud fans
⬆️
89

Invoke-DHCPCheckup

⬆️
90

kbupdate

🛡 KB Viewer, Saver, Installer and Uninstaller
⬆️
91

corecycler

Stability test script for PBO & Curve Optimizer stability testing on AMD Ryzen processors
⬆️
92

AutoHDRSwitch

Automates turning off HDR on host if the Moonlight client is asking for an SDR stream.
⬆️
93

Windows-Containers

This repository is offered for tracking features and issues with Windows Containers. The Windows Containers product team will monitor this repo in order to engage with our community and discuss questions, customer scenarios, or feature requests.
⬆️
94

scoop-lemon

🍋Yet Another Personal Bucket for Scoop
⬆️
95

physmem_drivers

A collection of various vulnerable (mostly physical memory exposing) drivers.
⬆️
96

Invoke-Obfuscation

PowerShell Obfuscator
⬆️
97

PowerHuntShares

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
⬆️
98

K8tools

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
⬆️
99

PowerZure

PowerShell framework to assess Azure security
⬆️
100

PSPKIAudit

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.
⬆️