Guerrilla
2.46.3
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF Guerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Invoke-Lookout Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-GuerrillaMaturity Get-QuickWins Get-ComplianceCrosswalk Test-GuerrillaConditionalAccess Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Export-BloodHoundData Export-GuerrillaJUnit Get-GuerrillaCIGate Show-Guerrilla Get-ZeroTrustScore
Dependencies
This module has no dependencies.
Release Notes
Guerrilla (formerly PSGuerrilla, renamed 2026-07-08). v2.46.3: Verified zero concessions to ScubaGoggles. A setting-level diff of ScubaGoggles' rego surfaced 10 real config gaps the family-level pass missed; all now closed: EMAIL-025 (mail delegation), EMAIL-026 (POP/IMAP), EMAIL-027 (email import), EMAIL-028 (Outlook sync), EMAIL-029 (spam-override lists), DRIVE-014 (Drive SDK), DRIVE-015 (external-file warning), DRIVE-016 (file security update), ADMIN-017 (internal-app trust), ADMIN-018 (data-at-rest region). Guerrilla now reads every config setting ScubaGoggles reads, or covers the same control more thoroughly. 30 fixtures. v2.46.2: Closes the last ScubaGoggles config-coverage concessions — 4 GWS SCuBA controls ScubaGoggles reads from a setting that we did not: COLLAB-017 (CALENDAR.3.1 interop), COLLAB-018 (CALENDAR.4.1 paid appointments), COLLAB-019 (MEET.5.1 auto-recording), GROUP-006 (GROUPS.4.1 hide-from-directory). Cloud Identity Policy reads, weakest-OU-wins, absent = Not Assessed. After this, every GWS SCuBA control ScubaGoggles derives from config is covered; the residual (Chat content-reporting, Meet Gemini, calendar interop-management) is manual/audit-log for BOTH tools, not a concession. 12 fixtures. v2.46.1: Consolidated PSGallery release — carries everything since 2.40.1: SCuBA EXO + CIS reconciliation closes, Entra ID Governance entitlement-management hygiene, Copilot Studio AI-agent governance, and the full Google Workspace SCuBA baseline closes (Gmail, Groups, Chat, Meet) with provable GWS.* crosswalk tagging. Release process now tags + creates a GitHub release on publish (repo/Gallery reconciliation). v2.46.0: Five Google Workspace tail SCuBA controls (Chat/Meet/Groups). COLLAB-013 (GWS.CHAT.2.1) fails on Chat external file sharing (exfil); COLLAB-014 (CHAT.3.1) warns on space history off; COLLAB-015 (MEET.2.1) fails when meeting join is not org-restricted; COLLAB-016 (MEET.5.2) warns on default auto-transcription; GROUP-005 (GROUPS.3.1) warns on broad conversation visibility. All Cloud Identity Policy reads, weakest-OU-wins, absent policy = Not Assessed. Closes the mission-relevant GWS SCuBA remainder; residual no-config-API controls (Gemini-in-Meet, hide-from-directory, content-reporting, calendar interop/payments) are honestly out of automated scope. 15 fixtures. v2.45.0: Google Workspace Groups sharing controls (4 checks) — the one GWS SCuBA baseline area with no coverage. GROUP-001 (GWS.GROUPS.1.1) fails on external group access; GROUP-002 (1.2) on owners adding external members; GROUP-003 (1.3) on groups receiving public mail (inbound phishing vector); GROUP-004 (2.1) warns on group creation not restricted to admins. All read groups_for_business.groups_sharing from the Cloud Identity Policy API; absent policy is Not Assessed. 13 fixtures. v2.44.0: Two Google Workspace Gmail SCuBA controls + baseline crosswalk. EMAIL-023 (GWS.GMAIL.12.1) flags per-user outbound gateways (external SMTP routing = exfil/spoofing path); EMAIL-024 (GWS.GMAIL.16.1) flags a disabled Gmail Security Sandbox, best-effort field so it reports Not Assessed if the setting is not returned. Also tagged EMAIL-015/016/017 with the GWS.GMAIL.5.x/6.x/7.x controls they satisfy (14 controls, previously covered but untagged) so GWS baseline coverage is provable by control ID. 8 fixtures. v2.43.0: Copilot Studio AI-agent governance (new category, 4 checks). Agents front organizational data yet are rarely governed. New AIAgent category collects agents from Dataverse (bots table per Power Platform environment): AIAGENT-001 fails Any/Any-multitenant access; 002 fails anonymous agents, warns as-needed auth; 003 warns dormant published agents; 004 warns authenticated agents not scoped to security groups. Verdict logic is fixture-proven (15 fixtures); the Dataverse collector is contract-tested. Collection requires live validation on a Power Platform tenant; until then agents are Not Assessed, never a fabricated verdict. v2.42.0: Entra ID Governance — entitlement-management hygiene (new category, 5 checks). Access packages are a standing grant rarely reviewed after creation; Guerrilla now inspects assignment policies and catalogs. EIDGOV-001 flags policies granting access without approval; 002 flags missing access reviews; 003 flags perpetual (never-expiring) assignments; 004 fails on external/all-users eligibility without approval; 005 flags externally-visible catalogs. A failed collection is Not Assessed; empty-but-collected means entitlement management is not in use (PASS). Contract-tested endpoints + 18 golden fixtures; sub-field names best-effort pending live validation, absent fields take the safe branch. See CHANGELOG.md for v2.41 and earlier.
FileList
- Guerrilla.nuspec
- Guerrilla.psm1
- Public\Send-SignalPushover.ps1
- Public\Invoke-Infiltration.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Audit\Get-FortificationData.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Console\Write-WiretapReport.ps1
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\GoogleTradecraftChecks.json
- Private\AD\Core\Get-ADCertificateServices.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Guerrilla.psd1
- Public\Get-TrendReport.ps1
- Public\Get-Patrol.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Vault\Test-CredentialConnectivity.ps1
- Private\Console\Write-FieldReport.ps1
- Data\AuditChecks\ADAttackPathChecks.json
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Private\AD\Core\Get-ADUserRightsAssignment.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- Public\Export-BloodHoundData.ps1
- Public\Export-Dashboard.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Vault\Get-SafehouseSecret.ps1
- Private\Console\Write-FortificationReport.ps1
- Data\AuditChecks\GwsServiceChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\Entra\Core\Get-PowerPlatformData.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- Guerrilla.format.ps1xml
- Public\Send-SignalDigest.ps1
- Public\Send-Signal.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Audit\Get-GuerrillaSimulatedFindings.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Vault\Save-SafehouseCredentialSet.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Data\AuditChecks\TierZeroChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\AD\Core\Get-ADFullDomainAcl.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\Entra\Core\Resolve-CAWhatIf.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- LICENSE
- Public\Get-GuerrillaCIGate.ps1
- Public\Export-BudgetJustification.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Vault\Get-SafehouseCredentialView.ps1
- Private\Console\Write-ProgressLine.ps1
- Data\AuditChecks\M365AuditChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\AD\Core\Get-ADPasswordHashQuality.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- CHANGELOG.md
- Public\Invoke-ReconDemo.ps1
- Public\Test-GuerrillaConditionalAccess.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Get-OperationState.ps1
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Data\AuditChecks\M365ExchangeChecks.json
- Data\AuditChecks\IntuneChecks.json
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- AI-USAGE.md
- Public\Get-GuerrillaScore.ps1
- Public\Send-SignalEventLog.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Audit\Invoke-GoogleTradecraftChecks.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- Guerrilla-Sample-Report.html
- Public\Invoke-Watchtower.ps1
- Public\Show-Guerrilla.ps1
- Private\Core\Add-ScanHistoryEntry.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Audit\Get-NotAssessedFinding.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\Console\Write-CampaignReport.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- README.md
- Public\Send-SignalTwilio.ps1
- Public\Get-GuerrillaMaturity.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\Console\Write-OperationHeader.ps1
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Private\AD\Core\Resolve-ADSid.ps1
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\Entra\Checks\Invoke-EntraAIAgentChecks.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- CONTRIBUTING.md
- Public\Send-SignalSendGrid.ps1
- Public\Register-Patrol.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Google\Get-GoogleCloudIdentityPolicies.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Data\Profiles\K12-Baseline.json
- Data\AuditChecks\EidscaChecks.json
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- action.yml
- Public\Export-GuerrillaJUnit.ps1
- Public\Get-Safehouse.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Google\ConvertTo-GeminiDerivedSettings.ps1
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Data\Profiles\Default-Baseline.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- Config\guerrilla-config-schema.json
- Public\Send-SignalMailgun.ps1
- Public\Export-ExecutiveSummary.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Vault\Read-MissionConfig.ps1
- Data\Localization\en-US.json
- Data\AuditChecks\AuthenticationChecks.json
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Config\guerrilla-defaults.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Fortification.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Console\Write-GuerrillaText.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\ADTradecraftChecks.json
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Public\Invoke-Campaign.ps1
- Public\Set-Safehouse.ps1
- Public\Invoke-Surveillance.ps1
- Private\Core\Test-2svDisablement.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\AdminManagementChecks.json
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Public\Export-RemediationScripts.ps1
- Public\Export-ReportPdf.ps1
- Public\Send-SignalTeams.ps1
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Google\Get-GoogleGroupSettings.ps1
- Private\Audit\Invoke-GwsServiceChecks.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Console\Write-SpectreTable.ps1
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\Entra\Core\Test-EntraConnectVersionCurrent.ps1
- Private\Entra\Checks\Invoke-EntraEidscaChecks.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Public\Set-RiskAcceptance.ps1
- Public\Invoke-Lookout.ps1
- Data\SuspiciousCountries.json
- Private\Core\Save-TheaterState.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Data\AuditChecks\EntraAIAgentChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Checks\Invoke-ADAttackPathChecks.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\Entra\Core\Get-EntraGovernanceData.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Public\Get-QuickWins.ps1
- Public\Update-ThreatIntel.ps1
- Data\VpnTorProxies.json
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Gui\Show-AddCredentialDialog.ps1
- Private\Export\Get-GuerrillaReportSectionHtml.ps1
- Private\Console\Write-SpectreProgress.ps1
- Data\AuditChecks\OAuthSecurityChecks.json
- Data\AuditChecks\ADCertificateServicesChecks.json
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Get-DeadDrop.ps1
- Data\ComplianceCrosswalk.json
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Console\Write-InterceptAlert.ps1
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Private\AD\Core\New-LdapConnection.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\Entra\Core\Resolve-EidscaControl.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Public\Send-SignalSyslog.ps1
- Public\Get-ComplianceCrosswalk.ps1
- Data\ThreatActorProfiles.json
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Gui\Show-AddSignalDialog.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Console\Write-SpectrePanel.ps1
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\EntraGovernanceChecks.json
- Private\AD\Core\Get-ADReplicationHealth.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Public\Invoke-Wiretap.ps1
- Public\Export-RemediationPlaybook.ps1
- Data\RemediationCosts.json
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Data\AuditChecks\M365TeamsChecks.json
- Data\AuditChecks\ADNetworkChecks.json
- Private\AD\Core\Get-ADAttackPath.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Public\Invoke-Recon.ps1
- Public\Invoke-Reconnaissance.ps1
- Data\CloudIpRanges.json
- Private\Core\Get-IpGeoData.ps1
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Private\AD\Core\Get-ADTransitiveAttackPath.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\Entra\Checks\Invoke-EntraGovernanceChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Public\Send-SignalWebhook.ps1
- Public\Unregister-Patrol.ps1
- Data\HighRiskOAuthApps.json
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\Entra\Core\Get-IntuneData.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Public\Get-RiskAcceptance.ps1
- Public\Get-ZeroTrustScore.ps1
- Data\KnownAttackerIps.json
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Audit\Resolve-GooglePolicyValue.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Public\Test-Safehouse.ps1
- Public\Send-SignalSlack.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Audit\Compare-FortificationState.ps1
- Private\Export\Get-GuerrillaReportTheme.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Console\Write-SpectreTree.ps1
- Data\AuditChecks\EntraAppChecks.json
- Data\AuditChecks\ADDomainForestChecks.json
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.46.5 | 5 | 7/11/2026 |
| 2.46.4 | 4 | 7/9/2026 |
| 2.46.3 (current version) | 5 | 7/9/2026 |