PSGuerrilla
2.14.1
Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (204 security checks across 15 categories including a Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 h
Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (204 security checks across 15 categories including a Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 hygiene, telemetry posture, and adversary tradecraft indicators), Entra ID / Azure / Intune / M365 infiltration audit (158 checks), and continuous monitoring across all four theaters (Entra ID sign-in risk, AD baseline monitoring, M365 audit log monitoring). Supports alerting via SendGrid, Mailgun, Twilio SMS, Teams, Slack, generic webhooks, PagerDuty, Pushover, Syslog (CEF/LEEF), and Windows Event Log.
Show more
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF PSGuerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Invoke-Lookout Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-QuickWins Get-ComplianceCrosswalk Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Show-Guerrilla
Dependencies
This module has no dependencies.
Release Notes
v2.14.1: Live-validation fixes for the Adversary Tradecraft category. GTRADE-001 (DeleFriend) no longer false-PASSes: there is no GA API to list domain-wide-delegation grants, so an empty result means could-not-enumerate (now WARN with manual-verify guidance), not no-grants (was PASS) - same empty->PASS masking fixed in OAUTH-008. GTRADE-005 no longer over-matches read-only roles: uses the real Google admin privilege vocabulary (USERS_ALL/USERS_CREATE/USERS_RESET_PASSWORD/GROUPS_ALL/DOMAIN_MANAGEMENT/ORGANIZATION_UNITS_*/APP_ADMIN/ROLE_MANAGEMENT/MANAGE_/SECURITY) and excludes _RETRIEVE. GTRADE-006 labels unnamed OAuth apps as unnamed app (client_id). GTRADE-002/003 pending apps.groups.settings delegation (graceful SKIP confirmed). Counts unchanged (GWS 110 / AD 204 / Entra 158). verify-gws-tradecraft.ps1 24/24; test-mode 110 findings, 0 ERROR. v2.14.0: New Google Workspace Adversary Tradecraft category (GoogleTradecraftChecks, 6 checks) - detecting attack preconditions Google does not natively surface. GTRADE-001 Domain-Wide Delegation org-takeover exposure (DeleFriend: flags grants with full mail/drive/admin.directory/cloud-platform impersonation scopes); GTRADE-002 internet-readable groups (whoCanViewGroup=ANYONE_CAN_VIEW); GTRADE-003 open-join/external-member groups; GTRADE-004 super-admin sprawl; GTRADE-005 super-admin-equivalent custom roles; GTRADE-006 persistent/over-scoped OAuth grants (full mail/drive/admin scopes that survive password reset). New Get-GoogleGroupSettings collector (apps.groups.settings scope, already requested; isolated token, -Quick-gated, graceful SKIP). GWS is now 110 checks across 9 categories (472 total). Read-only. Phase-2 (deferred, needs GCP IAM scope): full DeleFriend SA-key confirmation, stale SA keys, open-group->IAM correlation. Test verify-gws-tradecraft.ps1 (23/23); test-mode dispatches 110 findings, 0 ERROR. AD 204 / Entra 158 unchanged. See CHANGELOG.md for v2.13.0 and earlier.
FileList
- PSGuerrilla.nuspec
- LICENSE
- Public\Get-TrendReport.ps1
- Public\Send-Signal.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Audit\Get-FortificationData.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- CHANGELOG.md
- Public\Send-SignalDigest.ps1
- Public\Export-BudgetJustification.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Vault\Test-CredentialConnectivity.ps1
- Private\Console\Write-SpectreTree.ps1
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\ADDomainForestChecks.json
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- PSGuerrilla.format.ps1xml
- Public\Invoke-ReconDemo.ps1
- Public\Send-SignalEventLog.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Vault\Get-SafehouseSecret.ps1
- Private\Console\Write-WiretapReport.ps1
- Data\AuditChecks\EntraAppChecks.json
- Data\AuditChecks\GoogleTradecraftChecks.json
- Private\AD\Core\Get-ADCertificateServices.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- AI-USAGE.md
- Public\Get-GuerrillaScore.ps1
- Public\Show-Guerrilla.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Audit\Get-GuerrillaSimulatedFindings.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Vault\Save-SafehouseCredentialSet.ps1
- Private\Console\Write-FieldReport.ps1
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- README.md
- Public\Invoke-Watchtower.ps1
- Public\Register-Patrol.ps1
- Private\Core\Add-ScanHistoryEntry.ps1
- Private\Core\Get-OperationState.ps1
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Vault\Get-SafehouseCredentialView.ps1
- Private\Console\Write-FortificationReport.ps1
- Data\AuditChecks\ADAttackPathChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- PSGuerrilla.psd1
- Public\Send-SignalTwilio.ps1
- Public\Get-Safehouse.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Data\AuditChecks\TierZeroChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- PSGuerrilla.psm1
- Public\Send-SignalSendGrid.ps1
- Public\Export-ExecutiveSummary.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Audit\Invoke-GoogleTradecraftChecks.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\Console\Write-ProgressLine.ps1
- Data\AuditChecks\M365AuditChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- Public\Send-SignalMailgun.ps1
- Public\Invoke-Fortification.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Data\AuditChecks\M365ExchangeChecks.json
- Data\AuditChecks\IntuneChecks.json
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- Config\guerrilla-config-schema.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Surveillance.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Google\Get-GoogleCloudIdentityPolicies.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- Config\guerrilla-defaults.json
- Public\Set-Safehouse.ps1
- Public\Send-SignalTeams.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Private\Console\Write-CampaignReport.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Public\Invoke-Campaign.ps1
- Public\Export-ReportPdf.ps1
- Data\SuspiciousCountries.json
- Private\Core\Test-2svDisablement.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Private\Console\Write-OperationHeader.ps1
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Private\AD\Core\Resolve-ADSid.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Public\Export-RemediationScripts.ps1
- Public\Invoke-Lookout.ps1
- Data\VpnTorProxies.json
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Vault\Read-MissionConfig.ps1
- Data\Profiles\K12-Baseline.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Public\Set-RiskAcceptance.ps1
- Public\Update-ThreatIntel.ps1
- Data\ComplianceCrosswalk.json
- Private\Core\Save-TheaterState.ps1
- Private\Google\Get-GoogleGroupSettings.ps1
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Console\Write-GuerrillaText.ps1
- Data\Profiles\Default-Baseline.json
- Data\AuditChecks\AuthenticationChecks.json
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Public\Get-QuickWins.ps1
- Public\Get-DeadDrop.ps1
- Data\ThreatActorProfiles.json
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Data\Localization\en-US.json
- Data\AuditChecks\ADTradecraftChecks.json
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Get-ComplianceCrosswalk.ps1
- Data\RemediationCosts.json
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Gui\Show-AddCredentialDialog.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Console\Write-SpectreTable.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\AdminManagementChecks.json
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\AD\Checks\Invoke-ADAttackPathChecks.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Public\Send-SignalSyslog.ps1
- Public\Export-RemediationPlaybook.ps1
- Data\CloudIpRanges.json
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Public\Invoke-Wiretap.ps1
- Public\Invoke-Reconnaissance.ps1
- Data\HighRiskOAuthApps.json
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Console\Write-SpectreProgress.ps1
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Public\Invoke-Recon.ps1
- Public\Unregister-Patrol.ps1
- Data\KnownAttackerIps.json
- Private\Core\Get-IpGeoData.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Console\Write-InterceptAlert.ps1
- Data\AuditChecks\OAuthSecurityChecks.json
- Data\AuditChecks\ADCertificateServicesChecks.json
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Public\Send-SignalWebhook.ps1
- Public\Send-SignalSlack.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Console\Write-SpectrePanel.ps1
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Public\Get-RiskAcceptance.ps1
- Public\Invoke-Infiltration.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\ADNetworkChecks.json
- Private\AD\Core\New-LdapConnection.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Public\Test-Safehouse.ps1
- Public\Get-Patrol.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Audit\Resolve-GooglePolicyValue.ps1
- Private\Export\Get-GuerrillaReportTheme.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Data\AuditChecks\M365TeamsChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Private\AD\Core\Get-ADAttackPath.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Public\Send-SignalPushover.ps1
- Public\Export-Dashboard.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Audit\Compare-FortificationState.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\Entra\Core\Get-IntuneData.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.37.0 | 5 | 6/27/2026 |
| 2.36.0 | 5 | 6/27/2026 |
| 2.35.0 | 6 | 6/26/2026 |
| 2.34.0 | 4 | 6/25/2026 |
| 2.33.0 | 3 | 6/25/2026 |
| 2.32.2 | 4 | 6/25/2026 |
| 2.32.1 | 4 | 6/25/2026 |
| 2.32.0 | 6 | 6/25/2026 |
| 2.31.0 | 7 | 6/24/2026 |
| 2.30.3 | 5 | 6/24/2026 |
| 2.30.2 | 5 | 6/24/2026 |
| 2.30.1 | 6 | 6/24/2026 |
| 2.30.0 | 6 | 6/24/2026 |
| 2.29.1 | 7 | 6/22/2026 |
| 2.29.0 | 4 | 6/22/2026 |
| 2.28.1 | 4 | 6/22/2026 |
| 2.28.0 | 4 | 6/22/2026 |
| 2.27.0 | 5 | 6/22/2026 |
| 2.26.0 | 7 | 6/22/2026 |
| 2.25.0 | 4 | 6/22/2026 |
| 2.24.0 | 8 | 6/22/2026 |
| 2.23.0 | 6 | 6/21/2026 |
| 2.22.0 | 8 | 6/21/2026 |
| 2.21.0 | 7 | 6/21/2026 |
| 2.20.1 | 5 | 6/21/2026 |
| 2.20.0 | 4 | 6/21/2026 |
| 2.19.0 | 6 | 6/21/2026 |
| 2.18.0 | 7 | 6/21/2026 |
| 2.17.0 | 5 | 6/21/2026 |
| 2.16.0 | 5 | 6/21/2026 |
| 2.15.0 | 9 | 6/21/2026 |
| 2.14.1 (current version) | 8 | 6/20/2026 |
| 2.14.0 | 8 | 6/20/2026 |
| 2.13.0 | 7 | 6/20/2026 |
| 2.12.1 | 6 | 6/20/2026 |
| 2.12.0 | 9 | 6/20/2026 |
| 2.11.1 | 6 | 6/20/2026 |
| 2.11.0 | 5 | 6/19/2026 |
| 2.10.8 | 11 | 6/19/2026 |
| 2.10.7 | 16 | 6/19/2026 |
| 2.10.6 | 5 | 6/19/2026 |
| 2.10.5 | 6 | 6/19/2026 |
| 2.10.4 | 14 | 6/18/2026 |
| 2.10.3 | 9 | 6/18/2026 |
| 2.10.2 | 8 | 6/18/2026 |
| 2.10.1 | 7 | 6/18/2026 |
| 2.10.0 | 6 | 6/18/2026 |
| 2.9.4 | 7 | 6/18/2026 |
| 2.9.3 | 7 | 6/18/2026 |
| 2.9.2 | 5 | 6/18/2026 |
| 2.9.1 | 5 | 6/18/2026 |
| 2.9.0 | 9 | 6/17/2026 |
| 2.8.1 | 7 | 6/17/2026 |
| 2.8.0 | 7 | 6/17/2026 |
| 2.7.0 | 11 | 6/17/2026 |
| 2.6.0 | 6 | 6/16/2026 |
| 2.5.2 | 7 | 6/16/2026 |
| 2.5.1 | 6 | 6/16/2026 |
| 2.5.0 | 6 | 6/16/2026 |
| 2.4.4 | 6 | 6/16/2026 |
| 2.4.3 | 6 | 6/16/2026 |
| 2.4.2 | 7 | 6/16/2026 |
| 2.4.1 | 8 | 6/15/2026 |
| 2.4.0 | 9 | 6/11/2026 |
| 2.3.1 | 12 | 5/28/2026 |
| 2.3.0 | 5 | 5/28/2026 |
| 2.2.1 | 12 | 5/15/2026 |
| 2.2.0 | 4 | 5/15/2026 |