PowerSploit: PowerShell Post-Exploitation Framework

Last Release: 12/19/2015     Last Commit: 08/17/2020

PowerSploit: PowerShell Post-Exploitation Framework

PowerSploit is a collection of Microsoft PowerShell modules which can help the penetration tester during all phases of a penetration test.

PowerSploit: PowerShell Post-Exploitation Framework

These modules allow you to run scripts on the target machine, prepare scripts for execution on a target machine, add persistence capabilities to a PowerShell script, extract data from the target machine and aid the user in performing reconnaissance during the penetration test.  PowerSploit consists of a total of 8 modules and 36 scripts to help the user in the post-exploitation phase.

Modules & Scripts:


Execute code on a target machine.
– Invoke-DllInjection
– Invoke-ReflectivePEInjection
– Invoke-Shellcode
– Invoke-WmiCommand


Modify and/or prepare scripts for execution on a compromised machine.
– Out-EncodedCommand
– Out-CompressedDll
– Out-EncryptedScript
– Remove-Comments


Add persistence capabilities to a PowerShell script
– New-UserPersistenceOption
– New-ElevatedPersistenceOption
– Add-Persistence
– Install-SSP
– Get-SecurityPackages


All your data belongs to me!
– Invoke-TokenManipulation
– Invoke-CredentialInjection
– Invoke-NinjaCopy
– Invoke-Mimikatz
– Get-Keystrokes
– Get-GPPPassword
– Get-GPPAutologon
– Get-TimedScreenshot
– New-VolumeShadowCopy
– Get-VolumeShadowCopy
– Mount-VolumeShadowCopy
– Remove-VolumeShadowCopy
– Get-VaultCredential
– Out-Minidump
– Get-MicrophoneAudio


Cause general mayhem with PowerShell.
– Set-MasterBootRecord
– Set-CriticalProcess


Tools to aid in the reconnaissance phase of a penetration test.
– Invoke-Portscan
– Get-HttpStatus
– Invoke-ReverseDnsLookup
– PowerView


AV doesn’t stand a chance against PowerShell!
– Find-AVSignature


Tools to help with escalating privileges on a target.
– PowerUp


  • Allows the user to run scripts on target system
  • Bypass anti-virus
  • Extract data from target machine
  • Listen to microphone of target machine

Supported Platforms:

  • Linux
  • Windows


  • PowerShell

Install PowerSploit

Clone the GitHub repo:

$ git clone https://github.com/PowerShellMafia/PowerSploit.git

To install this module, drop the entire PowerSploit folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.

The default per-user module path is:


And the default computer-level module path is:



To use the module, type the following in the PowerShell window:

Import-Module PowerSploit 

To list imported commands type:

Get-Command-Module PowerSploit 

For help on each command, run:

Note: Each tool within the module is designed in such way that it can be run individually, which increases portability.
Trick: To remove the annoying ‘Do you really want to run scripts downloaded from the Internet‘ warning, place the PowerSploit into your module path and run:
$Env:PSModulePath.Split(';') | % { if ( Test-Path (Join-Path $_ PowerSploit) ) {Get-ChildItem $_ -Recurse | Unblock-File} }  
Documentation Box
Download Box