PersistenceSniper
1.0
This script tries to enumerate all the persistence methods implanted on a compromised machine. New techniques may take some time before they are implemented in this script, so don't assume that because the script didn't find anything the machine is clean.
Installation Options
Owners
Copyright
CC0 1.0 Universal
Package Details
Author(s)
- Federico @last0x00 Lagrasta
Tags
Windows Persistence Detection Blue Team
Functions
Find-AllPersistence New-PersistenceObject Get-RunAndRunOnce Get-ImageFileExecutionOptions Get-NLDPDllOverridePath Get-AeDebug Get-WerFaultHangs Get-CmdAutoRun Get-ExplorerLoad Get-WinlogonUserinit Get-WinlogonShell Get-TerminalProfileStartOnUserLogin Get-AppCertDlls Get-AppPaths Get-ServiceDlls Get-GPExtensionDlls Get-WinlogonMPNotify Get-CHMHelperDll Get-HHCtrlHijacking Get-StartupPrograms Get-UserInitMprScript Get-AutodialDLL Get-LsaExtensions Get-ServerLevelPluginDll Get-LsaPasswordFilter Get-LsaAuthenticationPackages Get-LsaSecurityPackages Get-WinlogonNotificationPackages Get-ExplorerTools Get-DotNetDebugger Get-ErrorHandlerCmd Get-WMIEventsSubscrition
Dependencies
This script has no dependencies.
Release Notes
This is still a beta. Only a subset of all the currently known persistence techniques has been implemented so far.
FileList
- PersistenceSniper.nuspec
- PersistenceSniper.ps1
Version History
Version | Downloads | Last updated |
---|---|---|
1.17.1 | 1,077 | 12/11/2024 |
1.17.0 | 24 | 12/11/2024 |
1.16.3 | 1,606 | 12/3/2024 |
1.16.1 | 23,749 | 6/30/2024 |
1.16.0 | 9,089 | 3/31/2024 |
1.15.1 | 3,987 | 2/15/2024 |
1.15.0 | 3,771 | 1/9/2024 |
1.14.0 | 1,039 | 11/4/2023 |
1.13.0 | 169 | 10/5/2023 |
1.12.1 | 388 | 8/12/2023 |
1.12.0 | 300 | 5/22/2023 |
1.11.0 | 89 | 5/5/2023 |
1.10.1 | 20 | 5/4/2023 |
1.9.3 | 65 | 4/16/2023 |
1.9.2 | 197 | 2/22/2023 |
1.9.1 | 127 | 1/29/2023 |
1.8.0 | 124 | 12/16/2022 |
1.7.1 | 96 | 10/17/2022 |
1.7.0 | 207 | 9/7/2022 |
1.6.0 | 265 | 9/6/2022 |
1.5.0 | 31 | 8/31/2022 |
1.4.0 | 93 | 8/15/2022 |
1.3.2 | 57 | 8/9/2022 |
1.3.1 | 23 | 8/8/2022 |
1.3 | 16 | 8/8/2022 |
1.2 | 15 | 8/8/2022 |
1.0 (current version) | 181 | 8/4/2022 |
0.9 | 25 | 8/3/2022 |