Open Source PowerShell Security Software - Page 2
Sort By:
PowerShell Security Software
View 5811 business solutionsBrowse free open source PowerShell Security Software and projects below. Use the toggles on the left to filter open source PowerShell Security Software by OS, license, language, programming language, and project status.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
1
-
2
Invoke-PSImage
Encodes a PowerShell script in the pixels of a PNG file
Invoke-PSImage is a PowerShell utility that hides, extracts, and optionally executes PowerShell payloads inside image files using simple steganography techniques. It can embed a script or binary blob into an image (commonly PNG or JPEG) and later recover that payload without leaving a separate file on disk, enabling in-memory execution workflows. The tool offers options for compression and encryption so the embedded content is both smaller and protected by a passphrase when required. It includes helpers to encode a payload into an image, decode an embedded payload back to readable form, and run the extracted content directly from memory to avoid touching disk. Designed as a compact, single-file PowerShell script, it relies on .NET imaging APIs to manipulate pixel data or metadata and to store the payload in a way that survives ordinary file transfers. -
3
Invoke-TheHash
PowerShell Pass The Hash Utils
Invoke-TheHash is a PowerShell module providing utilities to perform “Pass-the-Hash” style remote operations over WMI and SMB by supplying NTLM hashes instead of plaintext passwords. The project includes multiple scripts/modules (Invoke-WMIExec, Invoke-SMBExec, Invoke-SMBEnum, Invoke-SMBClient, and a wrapper Invoke-TheHash) so operators can choose enumeration, file access, or command execution modes. It uses .NET’s TcpClient for direct SMB/WMI connections and performs authentication by inserting an NTLM hash into the NTLMv2 protocol flow. The module supports both local accounts and domain accounts (via domain parameter), and it accepts either LM:NTLM or pure NTLM format hashes. For command execution, it can create services on remote hosts (SMBExec style) or use WMI class methods. Since it works over network protocols rather than relying on built-in Windows clients, it can bypass some limitations or restrictions in constrained environments. -
4
MicroBurst
A collection of scripts for assessing Microsoft Azure security
MicroBurst is a PowerShell toolkit from NetSPI focused on assessing Microsoft Azure security by automating discovery, enumeration, and targeted auditing of cloud services and configurations. It bundles many functions to enumerate Azure resources (subscriptions, VMs, storage accounts, container registries, App Services and more), probe common misconfigurations, and harvest sensitive artifacts when available (for example storage blobs, keys, automation account credentials, and other subscription-level secrets). The project exposes both interactive helpers and scripted commands (e.g., Invoke-EnumerateAzureBlobs, Invoke-EnumerateAzureSubDomains, REST-based VM command execution and storage key retrieval routines) so operators can pivot from discovery to validated proof-of-concept actions during authorized penetration tests. -
Earn up to 16% annual interest with Nexo.Put idle assets to work with competitive interest rates, borrow without selling, and trade with precision. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
5
Microsoft Defender for Cloud
Welcome to the Microsoft Defender for Cloud community repository
Microsoft Defender for Cloud (the community repository) is a centralized collection of programmatic automations, policy definitions, remediation scripts, and visualization workbooks designed to help organizations manage and operationalize Microsoft Defender for Cloud at scale. It packages ready-to-use Azure Policy definitions, Logic App templates, PowerShell automation, remediation actions, and custom workbooks so teams can deploy detections, enforce security posture, and automate responses across subscriptions and tenants. The repo includes playbooks and examples for translating recommendations into automated remediation, along with onboarding and deployment artifacts (including Terraform helpers) to simplify large-scale rollout. Content is explicitly presented as community-driven: contributors can submit Logic Apps, policies, and scripts, and the project documents contribution guidelines and CLA requirements for submissions. -
6
PoshC2
C2 framework used to aid red teamers with post-exploitation
PoshC2 is a proxy-aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement. PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python2/Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python2/Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX. Shellcode containing in-build AMSI bypass and ETW patching for a high success rate and stealth. Auto-generated Apache Rewrite rules for use in a C2 proxy, protecting your C2 infrastructure and maintaining good operational security. Fully encrypted communications, protecting the confidentiality and integrity of the C2 traffic. -
7
PowerSharpPack
Offensive CSharp Projects wraped into Powershell for easy usage
PowerSharpPack is a consolidated offensive-security toolkit that wraps many standalone C# projects into an easy-to-use PowerShell loader. The author compiles, gzip-compresses and base64-encodes each C# binary, then dynamically loads the assemblies into the PowerShell process so operators can invoke powerful .NET tools without dropping executables on disk. The bundle exposes a single entry script (PowerSharpPack.ps1) with switches to select which embedded tool to run and an optional -Command argument to pass tool-specific parameters. Included projects cover a broad range of post-exploitation and reconnaissance needs: Kerberos tooling, host survey utilities, credential and browser data extractors, AD enumeration, privilege escalation helpers, persistence frameworks, and file/handle utilities. For convenience the repo also ships per-binary PowerShell loaders when users prefer to avoid loading the entire pack, plus helper binaries used for compression/encoding. -
8
Security Datasets
Re-play Security Events
Security‑Datasets is a community-driven repository maintained by the Open Threat Research Forge (OTRF) that curates publicly available malicious and benign datasets for threat-hunting, machine learning, event analysis, and cybersecurity research. Datasets include Windows events, logs, alerts, and simulated attack data to support detection engineering and academic research. -
9
Sihas
Helps you to ensure your cyber security through cyber hygiene
Deffend.net Sihas aims to help small companies and individuals to avoid cyber security threats through cyber hygiene. It runs on Windows desktop and looks for misconfigurations that may result in cyber security risks. Ensuring cyber hygiene is the first step of preventing cyber security threats. Sihas will help to individuals who lack cyber security knowledge and to companies who can not afford getting cyber security consultancy. -
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
10
TigerSafe
Free open source password manager
TigerSafe is a free open source password manager. It allows to store passwords in a file, without internet, by encrypting them with a single password. The user can then use a different password for every website he wants to use, and only has to remember a single password: the one used to encrypt/decrypt the file storing his passwords. It is highly recommended to do backups of the file storing passwords with TigerSafe, for example copy/paste it in USB flash drives, cloud drives like Google Drive, Dropbox... Indeed, users are solely responsible for their data. TigerSafe also enables you to store the 2-factor authentication mechanism mostly used by modern websites (TOTP 2FA) in a secure way. Since TigerSafe is particularly sensitive, no binary installation file is provided (because it could be infected by a virus, or have a vulnerability in its dependencies such as the JDK implementation used). Instead, installation instructions are provided, and a YouTube video for Windows. -
11
Ultimate AppLocker Bypass List
The most common techniques to bypass AppLocker
UltimateAppLockerByPassList is a community-curated repository that collects known techniques, patterns, and candidate binaries that have been observed or proposed to bypass Microsoft AppLocker and similar executable control policies. The project functions as a living catalog: entries list binaries, script hosts, and patterns that researchers have tested or reported in the wild, along with notes about context, platform constraints, and mitigation ideas. It is aimed primarily at defenders, incident responders, and security researchers who need a consolidated reference to understand common bypass vectors and to validate detection logic. The repository emphasizes defensive use—helping blue teams craft allow-list policies, create detection rules, and test policy hardening in isolated lab environments—rather than offensive exploitation. -
12
WSUS CWE
Get know which WSUS client are not in sync
PowerShell scripts for notification of WSUS client status. Default summary report from WSUS server does not notify about inactual WSUS clients. WSUS CWE collects information about errors and if client is in sync from last month. -
13
WinPwn
Automation for internal Windows Penetrationtest / AD-Security
WinPwn is a PowerShell-based toolkit for automating internal Windows penetration testing and Active Directory reconnaissance. It streamlines many manual steps by integrating reconnaissance modules like Seatbelt, Inveigh, Rubeus, and PrivescCheck. With proxy auto‑detection, endpoint enumeration, and exploitation routines, it's widely used in red team and blue team tool chains. -
14
powercat
Netshell features all in version 2 powershell
PowerCat is a compact PowerShell implementation of netcat-style networking utilities that makes it easy to create TCP/UDP clients and listeners, forward ports, and move data between sockets and files. It provides both interactive shells and single-command execution modes so operators can create bind shells, reverse shells, or simple file upload/download endpoints using only PowerShell. The tool supports encrypted connections (SSL/TLS) and can act as a basic SOCKS proxy or relay, enabling flexible pivot and tunneling workflows. PowerCat is implemented as a single, portable PowerShell script that favors minimal dependencies and is convenient to drop into a target or use from an admin workstation. Because it reimplements low-level socket behavior in managed code it is especially useful in Windows environments where native tools like netcat are unavailable or restricted.
