Open Source PowerShell Software Testing Tools

Commando VM (by Mandiant) is a Windows-based offensive security / red-team distribution built to turn a fresh Windows installation into a fully featured penetration testing environment. It provides an automated installer (PowerShell script) that uses Chocolatey, Boxstarter, and MyGet package feeds to download, install, and configure dozens (100+ / 170+ depending on version) of offensive, fuzzing, enumeration, and exploitation tools. The idea is to spare testers the repetitive work of hand-installing dozens of windows tools, dependencies, and configurations. Commando VM supports customization of its installation profile (you can pick subsets of tools), includes support for WSL/Kali integration, and is intended to be used in a VM to facilitate snapshot recovery and test isolation.

K8tools is a large, curated GitHub repository collecting dozens (hundreds) of security- and exploitation-oriented utilities, proof-of-concepts, and payloads aimed at penetration testing, privilege escalation, and vulnerability exploitation. The project bundles exploits for many well-known CVEs, remote get-shell scripts, local privilege-escalation helpers, credential-harvesting utilities, scanning and brute-force tools, and a variety of platform-specific binaries and archives organized into folders for quick browsing. The README and repository metadata present it as an “all-in-one” toolkit for offensive security tasks, with many archived executables, exploit payloads, and helper scripts (including PowerShell and Python examples) that target services such as WebLogic, Tomcat, Zimbra, Struts2, Zabbix and others. The repo is actively starred and forked by the community, shows a long commit history, and includes many archived artifacts.

The package 'epyunit' provides extensions for PyUnit and PyDev. * Extensions for PyUnit - Unittests for arbitrary executables. * Extensions for PyDev - Automation of search and load of pydevd.py The extensions are applicable from commandline and/or within Eclipse. Online manuals: - https://pythonhosted.org/epyunit/ PyPi repository: - https://pypi.python.org/pypi/epyunit Current application examples are: - bash-core - http://bash-core.sourceforge.net Nickname - Dromi https://en.wikipedia.org/wiki/Dromi

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Import all the scripts in the current PowerShell session (PowerShell v3 onwards). Use the individual scripts with dot sourcing. Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all cases, the function name is same as the script name. Nishang scripts are flagged by many Anti Viruses as malicious. The scrripts on a target are meant to be used in memory which is very easy to do with PowerShell. Two basic methods to execute PowerShell scripts in memory. Use the in-memory dowload and execute: Use below command to execute a PowerShell script from a remote shell, meterpreter native shell, a web shell etc. and the function exported by it.

Testimo is a PowerShell-based test automation framework that simplifies writing, running, and reporting tests for infrastructure and script libraries. It provides constructs to define test cases, assertions, setup/teardown sequences, and grouping so validation logic is clear and maintainable. Designed for operations and platform engineers, Testimo focuses on verifying infrastructure state (configuration settings, service availability, registry keys) rather than purely unit-level code, making it useful for smoke tests, image validations, and deployment gates. Test runs can emit structured reports, integrate with CI systems, and be scheduled as part of regular compliance checks to ensure environments remain in expected states. Because it’s built on PowerShell, Testimo reuses native cmdlets and objects directly in assertions, reducing the impedance mismatch between tests and target systems.