PSGuerrilla

2.15.0

PSGuerrilla.psd1

                                @{

    RootModule        = 'PSGuerrilla.psm1'

    ModuleVersion     = '2.15.0'

    GUID              = 'f7a3b2c1-4d5e-6f78-9a0b-1c2d3e4f5a6b'

    Author            = 'Jim Tyler, Microsoft MVP'

    CompanyName       = 'Jim Tyler'

    Copyright         = '(c) 2026 Jim Tyler. All rights reserved.'

    Description       = 'Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (204 security checks across 15 categories including a Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 hygiene, telemetry posture, and adversary tradecraft indicators), Entra ID / Azure / Intune / M365 infiltration audit (158 checks), and continuous monitoring across all four theaters (Entra ID sign-in risk, AD baseline monitoring, M365 audit log monitoring). Supports alerting via SendGrid, Mailgun, Twilio SMS, Teams, Slack, generic webhooks, PagerDuty, Pushover, Syslog (CEF/LEEF), and Windows Event Log.'

    PowerShellVersion = '7.0'

    FunctionsToExport = @(

        'Invoke-Recon'

        'Invoke-Surveillance'

        'Invoke-Watchtower'

        'Invoke-Wiretap'

        'Invoke-Lookout'

        'Get-DeadDrop'

        'Send-Signal'

        'Send-SignalSendGrid'

        'Send-SignalMailgun'

        'Send-SignalTwilio'

        'Send-SignalTeams'

        'Send-SignalSlack'

        'Send-SignalWebhook'

        'Send-SignalPagerDuty'

        'Send-SignalPushover'

        'Send-SignalSyslog'

        'Send-SignalEventLog'

        'Send-SignalDigest'

        'Set-Safehouse'

        'Test-Safehouse'

        'Get-Safehouse'

        'Register-Patrol'

        'Unregister-Patrol'

        'Get-Patrol'

        'Update-ThreatIntel'

        'Invoke-ReconDemo'

        'Invoke-Fortification'

        'Invoke-Reconnaissance'

        'Invoke-Infiltration'

        'Invoke-Campaign'

        'Get-GuerrillaScore'

        'Get-GuerrillaMaturity'

        'Get-QuickWins'

        'Get-ComplianceCrosswalk'

        'Export-BudgetJustification'

        'Export-ExecutiveSummary'

        'Export-TechnicalReport'

        'Export-RemediationPlaybook'

        'Export-RemediationScripts'

        'Set-RiskAcceptance'

        'Get-RiskAcceptance'

        'Get-TrendReport'

        'Export-ReportPdf'

        'Export-Dashboard'

        'Show-Guerrilla'

    )

    CmdletsToExport   = @()

    VariablesToExport  = @()

    AliasesToExport    = @(

        # PSRecon -> PSGuerrilla rename aliases

        'Invoke-GoogleRecon'

        'Get-ReconAlerts'

        'Send-ReconAlert'

        'Send-ReconAlertSendGrid'

        'Send-ReconAlertMailgun'

        'Send-ReconAlertTwilio'

        'Set-ReconConfig'

        'Get-ReconConfig'

        'Register-ReconScheduledTask'

        'Unregister-ReconScheduledTask'

        'Get-ReconScheduledTask'

        # Theater-disambiguating aliases

        'Invoke-WorkspaceRecon'

        'Invoke-ADRecon'

        'Invoke-CloudRecon'

    )

    FormatsToProcess   = @('PSGuerrilla.format.ps1xml')

    PrivateData = @{

        PSData = @{

            Tags       = @('GoogleWorkspace', 'ActiveDirectory', 'EntraID', 'AzureAD', 'Intune', 'M365', 'Security', 'CompromiseAssessment', 'IncidentResponse', 'ThreatDetection', 'ADSecurity', 'CloudSecurity', 'NTLMRelay', 'TierZero', 'GUI', 'WPF', 'PSGuerrilla')

            LicenseUri = 'https://creativecommons.org/licenses/by/4.0/'

            ProjectUri = 'https://guerrilla.army'

            ReleaseNotes = 'v2.15.0: New Get-GuerrillaMaturity cmdlet - a CMMI-style 1-5 security maturity rating from audit findings (AD / Google Workspace / Entra-M365). Worst unmet control anchors the score (one open Critical caps the estate at Level 1 Initial), which is stricter and more board-readable than an averaged 0-100 score. Levels 1 Initial -> 2 Managed -> 3 Defined -> 4 Quantitatively Managed -> 5 Optimized; FAIL caps by severity, any WARN caps at 4, PASS/SKIP/ERROR never cap. Returns overall level+label, per-category levels, the anchor findings holding you at the current level, and the next-level blockers; accepts pipeline input. First half of the executive-grade-artifact push (matches/exceeds PingCastle maturity). Next: report cartography + full-domain transitive attack-path graph with BloodHound export. 45 public functions. Test verify-maturity.ps1 (17/17). Check counts unchanged. v2.14.1: Live-validation fixes for the Adversary Tradecraft category. GTRADE-001 (DeleFriend) no longer false-PASSes: there is no GA API to list domain-wide-delegation grants, so an empty result means could-not-enumerate (now WARN with manual-verify guidance), not no-grants (was PASS) - same empty->PASS masking fixed in OAUTH-008. GTRADE-005 no longer over-matches read-only roles: uses the real Google admin privilege vocabulary (USERS_ALL/USERS_CREATE/USERS_RESET_PASSWORD/GROUPS_ALL/DOMAIN_MANAGEMENT/ORGANIZATION_UNITS_*/APP_ADMIN/ROLE_MANAGEMENT/MANAGE_/SECURITY) and excludes _RETRIEVE. GTRADE-006 labels unnamed OAuth apps as unnamed app (client_id). GTRADE-002/003 pending apps.groups.settings delegation (graceful SKIP confirmed). Counts unchanged (GWS 110 / AD 204 / Entra 158). verify-gws-tradecraft.ps1 24/24; test-mode 110 findings, 0 ERROR. See CHANGELOG.md for v2.14.0 and earlier.'

        }

    }

}