PowerSploit is a post-exploitation framework composed of PowerShell scripts designed to assist penetration testers, red teamers, and ethical hackers during various stages of a security assessment. It’s especially useful after gaining initial access to a target system, helping operators deepen their control, gather intelligence, and maintain persistence.

🧰 What PowerSploit Includes

PowerSploit is divided into eight core modules, each tailored to a specific post-exploitation task:

🔥 Popular PowerSploit Cmdlets

Here are some standout commands from the framework:

• Invoke-WmiCommand
  Executes PowerShell code remotely using WMI, blending in with normal traffic.

• Invoke-ReflectivePEInjection
  Loads a DLL or EXE into memory without touching disk—great for stealth.

• Invoke-Shellcode
  Injects raw shellcode into memory.

• Add-Persistence
  Adds registry keys or scheduled tasks to maintain access.

• Invoke-NinjaCopy
  Copies files from NTFS volumes by reading raw disk structures.

• Invoke-CredentialInjection
  Creates logons with clear-text credentials without triggering suspicious logs.

🧪 How to Use PowerSploit

1. Download the Framework
   Clone it from the PowerSploit GitHub repository (archived but still usable).

2. Import Modules
   Use PowerShell to import specific modules:

   Import-Module .\PowerSploit\Recon\PowerView.ps1
   

3. Execute Scripts
   Run desired cmdlets based on your post-exploitation goals.

⚠️ Ethical Use Reminder

PowerSploit is a powerful tool intended for authorized security testing only. Using it without permission is illegal and unethical.