Skip to content

Latest commit

 

History

History
52 lines (36 loc) · 2.15 KB

README.md

File metadata and controls

52 lines (36 loc) · 2.15 KB

PowerShell debugging tool

PowerShell-Debug is a tool that reveals what an obfuscated command is actually doing, no matter how much it is concealed (at least that is the aim).
So far, it logs this using the following methods, neither of which have any known methods of interception (at least to my knowledge):
Prints to the terminal itself using Console.WriteLine
Writes all commands executed to a .txt on the desktop, alongside timestamps.

Current commands that give output:

Get-Content
Out-File
Invoke-Expression
Invoke-WebRequest

Commands not yet done (but planned to):

New-ItemProperty (writes registry)
Test-Path (tests if a path exists)
Get-ItemProperty (Read registry)

Suggestions:

To suggest features, simply put up an issue or pull request, and i'll probably impliment it.

ToDo:

Change a bunch of the .md files to actually represent the new repo. Report registry functions (if anyone wants to figure this out, good luck, as the file for registry stuff is ~4000 lines long...) Change/Add to the current way of reporting commands to setting an eventViewer event, as this is more permanent and also catchable if the program is not run in a visable window.

Downloading the Source Code

You can just clone the repository:

git clone https://github.com/PowerShell/PowerShell.git

See working with the PowerShell repository for more information.

Legal and Licensing

PowerShell is licensed under the MIT license.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.