PSGuerrilla
2.18.0
Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (205 security checks across 15 categories including transitive Tier-0 attack-path analysis, NTLM-relay preconditions,
Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (205 security checks across 15 categories including transitive Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 hygiene, telemetry posture, and adversary tradecraft indicators), Entra ID / Azure / Intune / M365 infiltration audit (158 checks), and continuous monitoring across all four theaters (Entra ID sign-in risk, AD baseline monitoring, M365 audit log monitoring). Supports alerting via SendGrid, Mailgun, Twilio SMS, Teams, Slack, generic webhooks, PagerDuty, Pushover, Syslog (CEF/LEEF), and Windows Event Log.
Show more
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF PSGuerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Invoke-Lookout Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-GuerrillaMaturity Get-QuickWins Get-ComplianceCrosswalk Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Export-BloodHoundData Show-Guerrilla
Dependencies
This module has no dependencies.
Release Notes
v2.18.0: New Export-BloodHoundData cmdlet - exports the collected AD graph (privileged-group membership + dangerous ACLs) to a BloodHound CE OpenGraph file. SID-keyed nodes (overlay native SharpHound data) and BloodHound native edge kinds (GenericAll/WriteDacl/WriteOwner/GenericWrite/AllExtendedRights/GetChanges/GetChangesAll/MemberOf) so BloodHound pathfinding works directly. Full graph (no default-principal exclusion) - BloodHound does its own reachability. Invoke-Reconnaissance -BloodHoundPath writes it during a scan. Makes PSGuerrilla a free, agentless BloodHound feeder that does not touch endpoints (unlike SharpHound). Exported coverage tracks ACL collection; the full-domain ACL collector (roadmap) widens it. Read-only. 46 public functions. Test verify-bloodhound-export.ps1 (12/12). Check counts unchanged. PingCastle plan remaining: full-domain ACL collector + cartography. v2.17.0: Transitive attack-path engine (Resolve-AttackPathGraph + Get-ADTransitiveAttackPath): a directed privilege graph with a BFS shortest-path resolver that chains control + group-membership edges of arbitrary length to Tier-0, e.g. HelpDesk -WriteDacl-> CORP-Admins -MemberOf-> Domain Admins. Cycle-safe, depth-bounded, reuses the default-principal exclusion. New check ADPATH-002 Transitive Escalation Chains to Tier-0 (AttackPath category) reports multi-hop chains (single-hop stays ADPATH-001), non-privileged sources first. AD is now 205 checks (473 total). Chain depth is bounded by ACL coverage: todays six-critical-object collection is mostly one-hop so ADPATH-002 is typically clean now; the full-domain ACL collector (live-gated, next) unlocks deep low-priv-to-DA chains. Engine validated for arbitrary depth (verify-transitive-attackpath.ps1 13/13). The leapfrog half of the PingCastle plan; still to come: full-domain ACL collector, BloodHound/AzureHound export, cartography. See CHANGELOG.md for v2.17.0 and earlier.
FileList
- PSGuerrilla.nuspec
- Public\Get-RiskAcceptance.ps1
- Public\Invoke-Infiltration.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Audit\Compare-FortificationState.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Private\AD\Core\Get-ADTransitiveAttackPath.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- LICENSE
- Public\Test-Safehouse.ps1
- Public\Get-Patrol.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Audit\Get-FortificationData.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\Entra\Core\Get-IntuneData.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- CHANGELOG.md
- Public\Send-SignalPushover.ps1
- Public\Export-Dashboard.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Vault\Test-CredentialConnectivity.ps1
- Private\Console\Write-SpectreTree.ps1
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\ADDomainForestChecks.json
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- PSGuerrilla.format.ps1xml
- Public\Get-TrendReport.ps1
- Public\Send-Signal.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Vault\Get-SafehouseSecret.ps1
- Private\Console\Write-WiretapReport.ps1
- Data\AuditChecks\EntraAppChecks.json
- Data\AuditChecks\GoogleTradecraftChecks.json
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- AI-USAGE.md
- Public\Export-BloodHoundData.ps1
- Public\Export-BudgetJustification.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Audit\Get-GuerrillaSimulatedFindings.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Vault\Save-SafehouseCredentialSet.ps1
- Private\Console\Write-FieldReport.ps1
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Private\AD\Core\Get-ADCertificateServices.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- README.md
- Public\Send-SignalDigest.ps1
- Public\Send-SignalEventLog.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Vault\Get-SafehouseCredentialView.ps1
- Private\Console\Write-FortificationReport.ps1
- Data\AuditChecks\ADAttackPathChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- PSGuerrilla-Sample-Report.html
- Public\Invoke-ReconDemo.ps1
- Public\Show-Guerrilla.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Core\Get-OperationState.ps1
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Data\AuditChecks\TierZeroChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- CONTRIBUTING.md
- Public\Get-GuerrillaScore.ps1
- Public\Get-GuerrillaMaturity.ps1
- Private\Core\Add-ScanHistoryEntry.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Audit\Invoke-GoogleTradecraftChecks.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\Console\Write-ProgressLine.ps1
- Data\AuditChecks\M365AuditChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- PSGuerrilla.psd1
- Public\Invoke-Watchtower.ps1
- Public\Register-Patrol.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Data\AuditChecks\M365ExchangeChecks.json
- Data\AuditChecks\IntuneChecks.json
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- Public\Send-SignalTwilio.ps1
- Public\Get-Safehouse.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- PSGuerrilla.psm1
- Public\Send-SignalSendGrid.ps1
- Public\Export-ExecutiveSummary.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Google\Get-GoogleCloudIdentityPolicies.ps1
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Private\Console\Write-CampaignReport.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Public\Send-SignalMailgun.ps1
- Public\Invoke-Fortification.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Private\Console\Write-OperationHeader.ps1
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Private\AD\Core\Resolve-ADSid.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Config\guerrilla-config-schema.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Surveillance.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Vault\Read-MissionConfig.ps1
- Data\Profiles\K12-Baseline.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Config\guerrilla-defaults.json
- Public\Set-Safehouse.ps1
- Public\Send-SignalTeams.ps1
- Private\Core\Test-2svDisablement.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Console\Write-GuerrillaText.ps1
- Data\Profiles\Default-Baseline.json
- Data\AuditChecks\AuthenticationChecks.json
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Public\Invoke-Campaign.ps1
- Public\Export-ReportPdf.ps1
- Data\SuspiciousCountries.json
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Google\Get-GoogleGroupSettings.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Data\Localization\en-US.json
- Data\AuditChecks\ADTradecraftChecks.json
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Public\Export-RemediationScripts.ps1
- Public\Invoke-Lookout.ps1
- Data\VpnTorProxies.json
- Private\Core\Save-TheaterState.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Gui\Show-AddCredentialDialog.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Console\Write-SpectreTable.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\AdminManagementChecks.json
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Public\Set-RiskAcceptance.ps1
- Public\Update-ThreatIntel.ps1
- Data\ComplianceCrosswalk.json
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Checks\Invoke-ADAttackPathChecks.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Public\Get-QuickWins.ps1
- Public\Get-DeadDrop.ps1
- Data\ThreatActorProfiles.json
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Console\Write-SpectreProgress.ps1
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Get-ComplianceCrosswalk.ps1
- Data\RemediationCosts.json
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Console\Write-InterceptAlert.ps1
- Data\AuditChecks\OAuthSecurityChecks.json
- Data\AuditChecks\ADCertificateServicesChecks.json
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Public\Send-SignalSyslog.ps1
- Public\Export-RemediationPlaybook.ps1
- Data\CloudIpRanges.json
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Console\Write-SpectrePanel.ps1
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Public\Invoke-Wiretap.ps1
- Public\Invoke-Reconnaissance.ps1
- Data\HighRiskOAuthApps.json
- Private\Core\Get-IpGeoData.ps1
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\ADNetworkChecks.json
- Private\AD\Core\New-LdapConnection.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Public\Invoke-Recon.ps1
- Public\Unregister-Patrol.ps1
- Data\KnownAttackerIps.json
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Export\Get-GuerrillaReportTheme.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Data\AuditChecks\M365TeamsChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Private\AD\Core\Get-ADAttackPath.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Public\Send-SignalWebhook.ps1
- Public\Send-SignalSlack.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Audit\Resolve-GooglePolicyValue.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.37.0 | 5 | 6/27/2026 |
| 2.36.0 | 5 | 6/27/2026 |
| 2.35.0 | 6 | 6/26/2026 |
| 2.34.0 | 4 | 6/25/2026 |
| 2.33.0 | 3 | 6/25/2026 |
| 2.32.2 | 4 | 6/25/2026 |
| 2.32.1 | 4 | 6/25/2026 |
| 2.32.0 | 6 | 6/25/2026 |
| 2.31.0 | 7 | 6/24/2026 |
| 2.30.3 | 5 | 6/24/2026 |
| 2.30.2 | 5 | 6/24/2026 |
| 2.30.1 | 6 | 6/24/2026 |
| 2.30.0 | 6 | 6/24/2026 |
| 2.29.1 | 7 | 6/22/2026 |
| 2.29.0 | 4 | 6/22/2026 |
| 2.28.1 | 4 | 6/22/2026 |
| 2.28.0 | 4 | 6/22/2026 |
| 2.27.0 | 5 | 6/22/2026 |
| 2.26.0 | 7 | 6/22/2026 |
| 2.25.0 | 4 | 6/22/2026 |
| 2.24.0 | 8 | 6/22/2026 |
| 2.23.0 | 6 | 6/21/2026 |
| 2.22.0 | 8 | 6/21/2026 |
| 2.21.0 | 7 | 6/21/2026 |
| 2.20.1 | 5 | 6/21/2026 |
| 2.20.0 | 4 | 6/21/2026 |
| 2.19.0 | 6 | 6/21/2026 |
| 2.18.0 (current version) | 7 | 6/21/2026 |
| 2.17.0 | 5 | 6/21/2026 |
| 2.16.0 | 5 | 6/21/2026 |
| 2.15.0 | 9 | 6/21/2026 |
| 2.14.1 | 8 | 6/20/2026 |
| 2.14.0 | 8 | 6/20/2026 |
| 2.13.0 | 7 | 6/20/2026 |
| 2.12.1 | 6 | 6/20/2026 |
| 2.12.0 | 9 | 6/20/2026 |
| 2.11.1 | 6 | 6/20/2026 |
| 2.11.0 | 5 | 6/19/2026 |
| 2.10.8 | 11 | 6/19/2026 |
| 2.10.7 | 16 | 6/19/2026 |
| 2.10.6 | 5 | 6/19/2026 |
| 2.10.5 | 6 | 6/19/2026 |
| 2.10.4 | 14 | 6/18/2026 |
| 2.10.3 | 9 | 6/18/2026 |
| 2.10.2 | 8 | 6/18/2026 |
| 2.10.1 | 7 | 6/18/2026 |
| 2.10.0 | 6 | 6/18/2026 |
| 2.9.4 | 7 | 6/18/2026 |
| 2.9.3 | 7 | 6/18/2026 |
| 2.9.2 | 5 | 6/18/2026 |
| 2.9.1 | 5 | 6/18/2026 |
| 2.9.0 | 9 | 6/17/2026 |
| 2.8.1 | 7 | 6/17/2026 |
| 2.8.0 | 7 | 6/17/2026 |
| 2.7.0 | 11 | 6/17/2026 |
| 2.6.0 | 6 | 6/16/2026 |
| 2.5.2 | 7 | 6/16/2026 |
| 2.5.1 | 6 | 6/16/2026 |
| 2.5.0 | 6 | 6/16/2026 |
| 2.4.4 | 6 | 6/16/2026 |
| 2.4.3 | 6 | 6/16/2026 |
| 2.4.2 | 7 | 6/16/2026 |
| 2.4.1 | 8 | 6/15/2026 |
| 2.4.0 | 9 | 6/11/2026 |
| 2.3.1 | 12 | 5/28/2026 |
| 2.3.0 | 5 | 5/28/2026 |
| 2.2.1 | 12 | 5/15/2026 |
| 2.2.0 | 4 | 5/15/2026 |