The PowerShell Armoury is meant for pentesters, "insert-color-here"-teamers and everyone else who uses a variety of PowerShell tools during their engagements. It allows you to download and store all of your favourite PowerShell scripts in a single, encrypted file.
You do not have to hassle with updating nishang, powersploit, ... manually. Just create a configuration file once or use the default one included with the tool. From now on, you just have to run "New-PSArmoury" before you head to the next engagement. In addition, your new and shiny armoury is encrypted and includes a bypass for AMSI, so you dont have to worry about AV.
Note: you have to provide a valid github account as well as a personal access token, so the script can properly use the github API.
Use the commands below to create an armoury with all default settings. You can start with the sample config file in this repository for inspiration.
. .\New-PSArmoury.ps1
New-PSArmoury -Config .\PSArmoury.json
This will create an encrypted .ps1 file called "MyArmoury.ps1" in the current working directory. Password and salt for encryption are randomly generated and included in cleartext in the file. (note that we use encryption only to prevent detection on disk and not for confidentiality)
You can load the armoury into your current session by using
cat -raw .\MyArmoury.ps1 | iex
Loading your armoury invokes the following steps:
- Load all encrypted powershell functions into the current session as part of an array
- Disable AMSI
- Disable console history (can help preventing detection)
- Decrypt everything and pipe into iex
After that, all powershell code you put in the armoury will be available. Just invoke the cmdlets as usual like this
Invoke-AllCheck
Invoke-Bloodhound
Get-DomainGroupMember -Identity "Domain Admins" -Recurse
If it happens that you don't remember what you put inside the armoury, just load it and call the inventory :-)
Get-PSArmoury