Skip to content

Commit 23ee6b4

Browse files
samratashoksamratashok
authored
Update README.md
1 parent cda41cb commit 23ee6b4

File tree

1 file changed

+25
-25
lines changed

1 file changed

+25
-25
lines changed

README.md

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
1-
#Nishang
1+
# Nishang
22

3-
###Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.
3+
### Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.
44
By [nikhil_mitt](https://twitter.com/nikhil_mitt)
55

6-
####Usage
6+
#### Usage
77

88
Import all the scripts in the current PowerShell session (PowerShell v3 onwards).
99

@@ -27,7 +27,7 @@ PS C:\nishang> . C:\nishang\Get-WLAN-Keys.ps1
2727

2828
PS C:\nishang> Get-Help Get-WLAN-Keys -Full
2929

30-
####Anti Virus
30+
#### Anti Virus
3131
Nishang scripts are flagged by many Anti Viruses as malicious. The scrripts on a target are meant to be used in memory which is very easy to do with PowerShell. Two basic methods to execute PowerShell scripts in memory:
3232

3333
Method 1. Use the in-memory dowload and execute:
@@ -56,20 +56,20 @@ If the scripts still get detected changing the function and parameter names and
5656

5757
In case Windows 10's AMSI is still blocking script execution, see this blog: http://www.labofapenetrationtester.com/2016/09/amsi.html
5858

59-
####Scripts
59+
#### Scripts
6060
Nishang currently contains the following scripts and payloads.
6161

62-
#####ActiveDirectory
62+
##### ActiveDirectory
6363
[Get-Unconstrained](https://github.com/samratashok/nishang/blob/master/ActiveDirectory/Get-Unconstrained.ps1)
6464

6565
Find computers in active directory which have Kerberos Unconstrained Delegation enabled.
6666

67-
#####Antak - the Webshell
67+
##### Antak - the Webshell
6868
[Antak](https://github.com/samratashok/nishang/tree/master/Antak-WebShell)
6969

7070
Execute PowerShell scripts in memory, run commands, and download and upload files using this webshell.
7171

72-
#####Backdoors
72+
##### Backdoors
7373
[HTTP-Backdoor](https://github.com/samratashok/nishang/blob/master/Backdoors/HTTP-Backdoor.ps1)
7474

7575
A backdoor which can receive instructions from third party websites and execute PowerShell scripts in memory.
@@ -98,12 +98,12 @@ A backdoor which can use alternate data streams and Windows Registry to achieve
9898

9999
A backdoor which uses well known Debugger trick to execute payload with Sticky keys and Utilman (Windows key + U).
100100

101-
#####Bypass
101+
##### Bypass
102102
[Invoke-AmsiBypass](https://github.com/samratashok/nishang/blob/master/Bypass/Invoke-AmsiBypass.ps1)
103103

104104
Implementation of publicly known methods to bypass/avoid AMSI.
105105

106-
#####Client
106+
##### Client
107107
[Out-CHM](https://github.com/samratashok/nishang/blob/master/Client/Out-CHM.ps1)
108108

109109
Create infected CHM files which can execute PowerShell commands and scripts.
@@ -144,7 +144,7 @@ Create SCT files capable of executing PowerShell commands and scripts.
144144

145145
Create a SCF file which can be used for capturing NTLM hash challenges.
146146

147-
#####Escalation
147+
##### Escalation
148148
[Enable-DuplicateToken](https://github.com/samratashok/nishang/blob/master/Escalation/Enable-DuplicateToken.ps1)
149149

150150
When SYSTEM privileges are required.
@@ -157,7 +157,7 @@ Introduce vulnerabilities by removing patches.
157157

158158
Bypass UAC.
159159

160-
#####Execution
160+
##### Execution
161161
[Download-Execute-PS](https://github.com/samratashok/nishang/blob/master/Execution/Download-Execute-PS.ps1)
162162

163163
Download and execute a PowerShell script in memory.
@@ -178,7 +178,7 @@ Execute shellcode in memory using DNS TXT queries.
178178

179179
Execute PowerShell commands and scripts or a reverse PowerShell session using rundll32.exe.
180180

181-
#####Gather
181+
##### Gather
182182
[Check-VM](https://github.com/samratashok/nishang/blob/master/Gather/Check-VM.ps1)
183183

184184
Check for a virtual machine.
@@ -240,12 +240,12 @@ Extract juicy information from target process (like browsers) memory using regex
240240

241241
Exfiltrate information like user credentials, using WLAN SSID.
242242

243-
#####MITM
243+
##### MITM
244244
[Invoke-Interceptor](https://github.com/samratashok/nishang/blob/master/MITM/Invoke-Interceptor.ps1)
245245

246246
A local HTTPS proxy for MITM attacks.
247247

248-
#####Pivot
248+
##### Pivot
249249
[Create-MultipleSessions](https://github.com/samratashok/nishang/blob/master/Pivot/Create-MultipleSessions.ps1)
250250

251251
Check credentials on multiple computers and create PSSessions.
@@ -256,12 +256,12 @@ Copy and execute an executable on multiple machines.
256256
[Invoke-NetworkRelay](https://github.com/samratashok/nishang/blob/master/Pivot/Invoke-NetworkRelay.ps1)
257257
Create network relays between computers.
258258

259-
#####Prasadhak
259+
##### Prasadhak
260260
[Prasadhak](https://github.com/samratashok/nishang/blob/master/Prasadhak/Prasadhak.ps1)
261261

262262
Check running hashes of running process against the VirusTotal database.
263263

264-
#####Scan
264+
##### Scan
265265
[Brute-Force](https://github.com/samratashok/nishang/blob/master/Scan/Brute-Force.ps1)
266266

267267
Brute force FTP, Active Directory, MSSQL, and Sharepoint.
@@ -270,12 +270,12 @@ Brute force FTP, Active Directory, MSSQL, and Sharepoint.
270270

271271
A handy port scanner.
272272

273-
#####Powerpreter
273+
##### Powerpreter
274274
[Powerpreter](https://github.com/samratashok/nishang/tree/master/powerpreter)
275275

276276
All the functionality of nishang in a single script module.
277277

278-
#####Shells
278+
##### Shells
279279
[Invoke-PsGcat](https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PsGcat.ps1)
280280

281281
Send commands and scripts to specifed Gmail account to be executed by Invoke-PsGcatAgent
@@ -329,7 +329,7 @@ An interactive PowerShell reverse shell over HTTP using rundll32.exe.
329329
An interactive PowerShell reverse shell over HTTP using regsvr32.exe.
330330

331331

332-
#####Utility
332+
##### Utility
333333
[Add-Exfiltration](https://github.com/samratashok/nishang/blob/master/Utility/Add-Exfiltration.ps1)
334334

335335
Add data exfiltration capability to Gmail, Pastebin, a web server, and DNS to any script.
@@ -383,20 +383,20 @@ Generate DNS TXT records which could be used with other scripts.
383383
[TexttoExe]
384384

385385

386-
####Updates
386+
#### Updates
387387

388388
Updates about Nishang can be found at my blog http://labofapenetrationtester.com and my Twitter feed @nikhil_mitt.
389389

390-
####Bugs, Feedback and Feature Requests
390+
#### Bugs, Feedback and Feature Requests
391391
Please raise an issue if you encounter a bug or have a feature request. You can email me at nikhil [dot] uitrgpv at gmail.com
392392

393-
#####Mailing List
393+
##### Mailing List
394394
For feedback, discussions, and feature requests, join: http://groups.google.com/group/nishang-users
395395

396-
#####Contributing
396+
##### Contributing
397397
I am always looking for contributors to Nishang. Please submit requests or drop me an email.
398398

399-
#####Blog Posts
399+
##### Blog Posts
400400

401401
Some helpful blog posts to check out for beginners:
402402

0 commit comments

Comments
 (0)