Open Source PowerShell Frameworks

PowerSploit is a PowerShell-based post‑exploitation framework widely used by penetration testers, red‑teamers, and security researchers. It includes modules for code execution, introspection, lateral movement, persistence, and data exfiltration—deeply integrated into Windows environments.

AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2019, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc. AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requires Windows Management Framework 5+ (Windows). Requires Intel VT-x or AMD/V capable CPU, a decent amount of RAM, and low-latency high-throughput storage (No spinning disks please, as there are issues related to them). This solution supports setting up virtual machines with Windows 7, 2008 R2, 8 / 8.1 and 2012 / 2012 R2, 10 / 2016, 2019, and SQL Server 2008, 2008R2, 2012, 2014, 2016, 2017, 2019.

Pester is a testing and mocking framework for PowerShell that provides tools to write, run, and verify automated tests for PowerShell code and scripts. It supports behavior-driven development (BDD) style test definitions, assertions, mocking, and code coverage measurements, integrating with CI/CD pipelines. It is the de-facto testing framework in PowerShell, widely used to ensure code quality for modules, scripts, DSC configurations, and more.

PowerHub is a post-exploitation tool with a web-application front end that helps penetration testers deploy PowerShell-based payloads in stealthy ways. It is designed to assist in bypassing endpoint protection and application whitelisting by providing fileless / in-memory execution, encrypted/obfuscated payload delivery, and module management. It supports features for transferring output/data back via the webapp or CLI, supports certificate pinning, AMSI bypass, and offers helper routines for invoking common offensive/recon tools via modules.

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. To install this module, drop the entire PowerSploit folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.

Blazor lets you build interactive web UIs using C# instead of JavaScript. Blazor apps are composed of reusable web UI components implemented using C#, HTML, and CSS. Both client and server code is written in C#, allowing you to share code and libraries. Blazor is a feature of ASP.NET, the popular web development framework that extends the .NET developer platform with tools and libraries for building web apps. Blazor can run your client-side C# code directly in the browser, using WebAssembly. Because it's real .NET running on WebAssembly, you can re-use code and libraries from server-side parts of your application. Alternatively, Blazor can run your client logic on the server. Client UI events are sent back to the server using SignalR - a real-time messaging framework. Once execution completes, the required UI changes are sent to the client and merged into the DOM. Blazor uses open web standards without plug-ins or code transpilation.

Powershell-based bot framework. PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules are loaded into PoshBot and instantly become available as bot commands. PoshBot currently supports connecting to Slack to provide you with awesome ChatOps goodness. PoshBot executes functions or cmdlets from PowerShell modules. Use PoshBot to connect to servers and report status, deploy code, execute runbooks, query APIs, etc. If you can write it in PowerShell, PoshBot can execute it.

PoshC2 is a proxy-aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX. Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth. Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security. Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic.