# CHANGE LOG FOR REVERSEPOWERSHELL MODULE # ******************************************************************************************************* Module Version 1.3.3 - Updated Links in help information - Modified code to allow for copy and paste into PowerShell window - Added a message on how to resolve an error that prevents Start-Listener from executing - Updated Find-ReverseShell to search EventID 4656. If none are found it searches EventID 5154 - Find-ReverseShell now attempts a WinRM connection on remote machinces. If that fails RPC is used Module Version 1.3.2 - I removed cmdlets that did not come out until PowerShell v5 to make this compatible with PowerShell v3. - Ctrl+C now closes the listening port allowing you to Start-Bind or Start-Listener on the same port after cancelling Module Version 1.3.1 - Help Message was not displaying correctly because of comments between cmdlets. Module Version 1.3.0 - Added -Obfuscate parameter to the Invoke-ReversePowerShell cmdlet. - Modified the Help sections of all cmdlets so PARAMETER shows up in Get-Help results. - Created ParameterSetNames for Invoke-ReversePowerShell cmdlet for the ability to attach to bind shells. - Added ability to use -WhatIf through ShouldProcess on Start-Listener as suggested by PSScriptAnalyzer. - Added ability to use -WhatIf through ShouldProcess on Start-Bind as suggested by PSScriptAnalyzer. - Added -ComputerName parameter so it does something when specified in Find-ReversePowerShell. Module Version 1.2 - Added -ClearHistory parameter to Invoke-ReversePowerShell cmdlet. - Corrected some typos in the Help section. - Added signature to ensure the code has not been manipulated maliciously Module Version 1.1 - Added a visual countdown timer to Invoke-ReversePowerShell cmdlet that counts down until next connection attempt - Added the ability to use Ctrl+C to stop the Start-Listener cmdlet - Added the ability to use Ctrl+C to stop the Start-Bind cmdlet Module Version 1.0 - Added initial creation of the Invoke-ReversePowerShell module to the manifest. - Added initial creation of the Start-Listener cmdlet to the module manifest. - Added initial creation of the Start-Bind cmdlet to the module manifest. #-------------------------------------------------------------------------------------------------------- ========================================================================================================= # PSScriptAnalyzer Comments from Author # ========================================================================================================= 1.) Invoke-Expression can not be helped in this case as we want the person executing this to execute whatever commands they want. ********************************************************************************************************** # PSSCRIPT ANALYZER RESULTS # ********************************************************************************************************** RuleName Severity ScriptName Line Message -------- -------- ---------- ---- ------- PSAvoidUsingInvokeExpression Warning ReversePow 295 Invoke-Expression is used. Please remove Invoke-Expression from script and find other options instead. m1 PSAvoidUsingInvokeExpression Warning ReversePow 523 Invoke-Expression is used. Please remove Invoke-Expression from script and find other options instead. m1 #---------------------------------------------------------------------- # Command for updating Module Manifest # # New-ModuleManifest -Path .\ReversePowerShell.psd1 -Author 'Robert H. Osborne' -CompanyName 'OsbornePro' -Copyright '(c) 2022 Robert H. Osborne. All rights reserved.' -ModuleVersion '1.3.3' -RootModule .\ReversePowerShell.psm1 -Description 'Functions that can be used to gain a bind or reverse shell with PowerShell.' -PowerShellVersion '3.0' -FunctionsToExport 'Start-Bind','Start-Listener','Invoke-ReversePowerShell','Find-ReverseShell' -CmdletsToExport 'Start-Bind','Start-Listener','Invoke-ReversePowerShell','Find-ReverseShell' -ProjectUri '' -LicenseUri '' -IconURI '' -ReleaseNotes '' -PowerShellHostName 'ConsoleHost' -AliasesToExport @() -Tags 'PowerShell','CyberSecurity','InfoSec','PenetrationTesting','PenTesting','Shells','Security' -ProcessorArchitecture 'None' -HelpInfoUri '' |