PowerShell-Suite is a curated collection of PowerShell utility scripts and modules created to provide low-level Windows API access, process manipulation, debugging detection, security operations, and post-exploitation techniques directly from PowerShell. The project is licensed under BSD-3-Clause. Among its components, there are scripts like Invoke-Runas (to launch processes under alternate credentials via CreateProcessWithLogonW), Invoke-CreateProcess (to spawn processes with fine control over flags, window state, etc.), Detect-Debug (to detect kernel or user mode debugging environments), Get-Handles (to enumerate handles in a process via NtQuerySystemInformation), Get-TokenPrivs (to inspect privileges on process tokens), Get-Exports (to parse DLL exports without loading DLLs), Masquerade-PEB (to alter the PEB of a process to appear as a different process), and UAC-TokenMagic (a method to bypass UAC via token manipulation).
Features
- A modular loader / framework to enable or disable individual scripts at runtime
- A GUI / web dashboard for launching, managing, and monitoring script modules
- Logging and audit mode that records actions, inputs, and outputs securely
- Versioning and dependency resolution so modules can have compatible API requirements
- Integration with C2 frameworks so these utilities can be called remotely and modularly
- Safe sandbox / simulation mode for testing modules without executing destructive operations
Project Samples
