PersistenceSniper

1.8.0

This module tries to enumerate all the persistence methods implanted on a compromised machine. New techniques may take some time before they are implemented in this script, so don't assume that because the script didn't find anything the machine is clean.

Minimum PowerShell version

5.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PersistenceSniper -RequiredVersion 1.8.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PersistenceSniper -Version 1.8.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

last0x00

Copyright

CC0 1.0 Universal

Package Details

Author(s)

Federico @last0x00 Lagrasta

Functions

Find-AllPersistence

Dependencies

This module has no dependencies.

Release Notes

This release introduces detection for persistences implanted through AMSI providers, Powershell profiles, Telemetry commands, Scheduled tasks, RDP WDS startup programs, and Silent exit monitors.

FileList

Version History

Version	Downloads	Last updated
1.16.1	21,582	6/30/2024
1.16.0	9,089	3/31/2024
1.15.1	3,987	2/15/2024
1.15.0	3,771	1/9/2024
1.14.0	1,039	11/4/2023
1.13.0	169	10/5/2023
1.12.1	388	8/12/2023
1.12.0	300	5/22/2023
1.11.0	89	5/5/2023
1.10.1	20	5/4/2023
1.9.3	65	4/16/2023
1.9.2	197	2/22/2023
1.9.1	127	1/29/2023
1.8.0 (current version)	124	12/16/2022
1.7.1	96	10/17/2022
1.7.0	207	9/7/2022
1.6.0	265	9/6/2022
1.5.0	31	8/31/2022
1.4.0	93	8/15/2022
1.3.2	57	8/9/2022
1.3.1	23	8/8/2022
1.3	16	8/8/2022
1.2	15	8/8/2022
1.0	180	8/4/2022
0.9	25	8/3/2022

Show less