Nishang - Use PowerShell for Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.

It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more.

Nishang means quiver (container for arrows) in Sanskrit. Apt for a collection of payloads and scripts. It is a collection of scripts and post exploitation framework in PowerShell. The aim is to increase the usage of PowerShell in offensive security and penetration test.

Nishang is a result of Author's requirements during real life pen tests. Since it is a post exploitation thingy it is assumed that you have a shell access on the machine or using a HID like Teensy to drop the script on the victim.

Why PowerShell? It is easy to learn and powerful (think of Bash in Unix ported to Windows) and is present on every modern Windows macine. If you use PowerShell "properly", most of the times you would need practically nothing for post exploitation other than powershell.

All payloads and scripts are Get-Help compatible. Use "Get-Help -full" on a PowerShell prompt to get full help details.

Checkout svn repo for latest code

svn checkout http://nishang.googlecode.com/svn/trunk/ nishang

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email