PSGuerrilla

2.20.1

PSGuerrilla.psd1

                                @{

    RootModule        = 'PSGuerrilla.psm1'

    ModuleVersion     = '2.20.1'

    GUID              = 'f7a3b2c1-4d5e-6f78-9a0b-1c2d3e4f5a6b'

    Author            = 'Jim Tyler, Microsoft MVP'

    CompanyName       = 'Jim Tyler'

    Copyright         = '(c) 2026 Jim Tyler. All rights reserved.'

    Description       = 'Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (205 security checks across 15 categories including transitive Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 hygiene, telemetry posture, and adversary tradecraft indicators), Entra ID / Azure / Intune / M365 infiltration audit (158 checks), and continuous monitoring across all four theaters (Entra ID sign-in risk, AD baseline monitoring, M365 audit log monitoring). Supports alerting via SendGrid, Mailgun, Twilio SMS, Teams, Slack, generic webhooks, PagerDuty, Pushover, Syslog (CEF/LEEF), and Windows Event Log.'

    PowerShellVersion = '7.0'

    FunctionsToExport = @(

        'Invoke-Recon'

        'Invoke-Surveillance'

        'Invoke-Watchtower'

        'Invoke-Wiretap'

        'Invoke-Lookout'

        'Get-DeadDrop'

        'Send-Signal'

        'Send-SignalSendGrid'

        'Send-SignalMailgun'

        'Send-SignalTwilio'

        'Send-SignalTeams'

        'Send-SignalSlack'

        'Send-SignalWebhook'

        'Send-SignalPagerDuty'

        'Send-SignalPushover'

        'Send-SignalSyslog'

        'Send-SignalEventLog'

        'Send-SignalDigest'

        'Set-Safehouse'

        'Test-Safehouse'

        'Get-Safehouse'

        'Register-Patrol'

        'Unregister-Patrol'

        'Get-Patrol'

        'Update-ThreatIntel'

        'Invoke-ReconDemo'

        'Invoke-Fortification'

        'Invoke-Reconnaissance'

        'Invoke-Infiltration'

        'Invoke-Campaign'

        'Get-GuerrillaScore'

        'Get-GuerrillaMaturity'

        'Get-QuickWins'

        'Get-ComplianceCrosswalk'

        'Export-BudgetJustification'

        'Export-ExecutiveSummary'

        'Export-TechnicalReport'

        'Export-RemediationPlaybook'

        'Export-RemediationScripts'

        'Set-RiskAcceptance'

        'Get-RiskAcceptance'

        'Get-TrendReport'

        'Export-ReportPdf'

        'Export-Dashboard'

        'Export-BloodHoundData'

        'Show-Guerrilla'

    )

    CmdletsToExport   = @()

    VariablesToExport  = @()

    AliasesToExport    = @(

        # PSRecon -> PSGuerrilla rename aliases

        'Invoke-GoogleRecon'

        'Get-ReconAlerts'

        'Send-ReconAlert'

        'Send-ReconAlertSendGrid'

        'Send-ReconAlertMailgun'

        'Send-ReconAlertTwilio'

        'Set-ReconConfig'

        'Get-ReconConfig'

        'Register-ReconScheduledTask'

        'Unregister-ReconScheduledTask'

        'Get-ReconScheduledTask'

        # Theater-disambiguating aliases

        'Invoke-WorkspaceRecon'

        'Invoke-ADRecon'

        'Invoke-CloudRecon'

    )

    FormatsToProcess   = @('PSGuerrilla.format.ps1xml')

    PrivateData = @{

        PSData = @{

            Tags       = @('GoogleWorkspace', 'ActiveDirectory', 'EntraID', 'AzureAD', 'Intune', 'M365', 'Security', 'CompromiseAssessment', 'IncidentResponse', 'ThreatDetection', 'ADSecurity', 'CloudSecurity', 'NTLMRelay', 'TierZero', 'GUI', 'WPF', 'PSGuerrilla')

            LicenseUri = 'https://creativecommons.org/licenses/by/4.0/'

            ProjectUri = 'https://guerrilla.army'

            ReleaseNotes = 'v2.20.1: Export-TechnicalReport (the README-linked all-checks report) now also includes the Security Maturity and Attack Paths to Tier-0 sections, so all four report types (Reconnaissance, Fortification, Campaign, Technical) are consistent. Shared section accent colour made theme-portable (--deep-orange) so sections render in the Technical report standalone stylesheet. Sample/showcase reports regenerated: every sample shows maturity; AD/Campaign/Technical show full attack-path chains; AD shows the BloodHound callout. Added a Campaign sample and a sample BloodHound export; Generate-SampleReports.ps1 now also regenerates the README root sample. Report-only: no engine/check/scoring changes. Check counts and 46 public functions unchanged. Test verify-report-sections.ps1 (18/18). PingCastle plan remaining: cartography (visual map). v2.20.0: HTML reports now showcase the marquee capabilities instead of burying them. The AD reconnaissance report (Export-ReconnaissanceReportHtml) gains a Security Maturity (CMMI 1-5) section, an Attack Paths to Tier-0 section that renders the FULL transitive chains (HelpDesk -GenericAll-> CORP-Helpdesk-Admins -MemberOf-> Domain Admins, non-privileged sources first) instead of a buried finding-row preview, and a BloodHound export callout when -BloodHoundPath was used. The GWS report (Export-FortificationReportHtml) gains the Security Maturity section. The unified Campaign report (the one big report) gains Security Maturity + Attack Paths across all theaters. Invoke-Reconnaissance now runs the BloodHound export before report generation so the callout references an existing file. Shared helpers (Get-GuerrillaMaturitySectionHtml/Get-GuerrillaAttackPathSectionHtml) keep all three reports consistent. Report-only: no engine/check/scoring changes. 46 public functions, check counts unchanged. Test verify-report-sections.ps1 (15/15). PingCastle plan remaining: cartography (visual map). See CHANGELOG.md for v2.20.0 and earlier.'

        }

    }

}