PSGuerrilla

2.28.0

PSGuerrilla.psd1

                                @{

    RootModule        = 'PSGuerrilla.psm1'

    ModuleVersion     = '2.28.0'

    GUID              = 'f7a3b2c1-4d5e-6f78-9a0b-1c2d3e4f5a6b'

    Author            = 'Jim Tyler, Microsoft MVP'

    CompanyName       = 'Jim Tyler'

    Copyright         = '(c) 2026 Jim Tyler. All rights reserved.'

    Description       = 'Security assessment, threat detection, and continuous monitoring module for Google Workspace, Active Directory, and Microsoft cloud environments. Includes Google Workspace compromise assessment with 23 detection signals, Active Directory reconnaissance (205 security checks across 15 categories including transitive Tier-0 attack-path analysis, NTLM-relay preconditions, Tier-0 hygiene, telemetry posture, and adversary tradecraft indicators), Entra ID / Azure / Intune / M365 infiltration audit (202 checks, including a full 44-control EIDSCA baseline), and continuous monitoring across all four theaters (Entra ID sign-in risk, AD baseline monitoring, M365 audit log monitoring). Supports alerting via SendGrid, Mailgun, Twilio SMS, Teams, Slack, generic webhooks, PagerDuty, Pushover, Syslog (CEF/LEEF), and Windows Event Log.'

    PowerShellVersion = '7.0'

    FunctionsToExport = @(

        'Invoke-Recon'

        'Invoke-Surveillance'

        'Invoke-Watchtower'

        'Invoke-Wiretap'

        'Invoke-Lookout'

        'Get-DeadDrop'

        'Send-Signal'

        'Send-SignalSendGrid'

        'Send-SignalMailgun'

        'Send-SignalTwilio'

        'Send-SignalTeams'

        'Send-SignalSlack'

        'Send-SignalWebhook'

        'Send-SignalPagerDuty'

        'Send-SignalPushover'

        'Send-SignalSyslog'

        'Send-SignalEventLog'

        'Send-SignalDigest'

        'Set-Safehouse'

        'Test-Safehouse'

        'Get-Safehouse'

        'Register-Patrol'

        'Unregister-Patrol'

        'Get-Patrol'

        'Update-ThreatIntel'

        'Invoke-ReconDemo'

        'Invoke-Fortification'

        'Invoke-Reconnaissance'

        'Invoke-Infiltration'

        'Invoke-Campaign'

        'Get-GuerrillaScore'

        'Get-GuerrillaMaturity'

        'Get-QuickWins'

        'Get-ComplianceCrosswalk'

        'Test-GuerrillaConditionalAccess'

        'Export-BudgetJustification'

        'Export-ExecutiveSummary'

        'Export-TechnicalReport'

        'Export-RemediationPlaybook'

        'Export-RemediationScripts'

        'Set-RiskAcceptance'

        'Get-RiskAcceptance'

        'Get-TrendReport'

        'Export-ReportPdf'

        'Export-Dashboard'

        'Export-BloodHoundData'

        'Export-GuerrillaJUnit'

        'Show-Guerrilla'

    )

    CmdletsToExport   = @()

    VariablesToExport  = @()

    AliasesToExport    = @(

        # PSRecon -> PSGuerrilla rename aliases

        'Invoke-GoogleRecon'

        'Get-ReconAlerts'

        'Send-ReconAlert'

        'Send-ReconAlertSendGrid'

        'Send-ReconAlertMailgun'

        'Send-ReconAlertTwilio'

        'Set-ReconConfig'

        'Get-ReconConfig'

        'Register-ReconScheduledTask'

        'Unregister-ReconScheduledTask'

        'Get-ReconScheduledTask'

        # Theater-disambiguating aliases

        'Invoke-WorkspaceRecon'

        'Invoke-ADRecon'

        'Invoke-CloudRecon'

    )

    FormatsToProcess   = @('PSGuerrilla.format.ps1xml')

    PrivateData = @{

        PSData = @{

            Tags       = @('GoogleWorkspace', 'ActiveDirectory', 'EntraID', 'AzureAD', 'Intune', 'M365', 'Security', 'CompromiseAssessment', 'IncidentResponse', 'ThreatDetection', 'ADSecurity', 'CloudSecurity', 'NTLMRelay', 'TierZero', 'GUI', 'WPF', 'PSGuerrilla')

            LicenseUri = 'https://creativecommons.org/licenses/by/4.0/'

            ProjectUri = 'https://guerrilla.army'

            ReleaseNotes = 'v2.28.0: New interactive findings filter in the Reconnaissance report - a Maester-style live filter bar (status + severity buttons + text search) over both findings tables, matching the Campaign report. New shared helper Get-GuerrillaFindingsFilterHtml; finding rows tagged gg-row/data-status/data-sev/data-text and filtered client-side (auto-opens collapsed categories so matches show, with a no-match notice; print-safe). Completes roadmap M3 (interactive report + Indicators of Exposure). Report-only: no engine/check/scoring changes (517 checks, 48 public functions). Samples regenerated. Test verify-report-sections.ps1 (39/39). Maester roadmap M1 (EIDSCA) + M2 (CA what-if) + M3 (report + IOE + filtering) + M4 (CI/CD) done; remaining M6 EXO/email depth (needs live tenant), M7 governance. Purple Knight fully addressed. v2.27.0: New Indicators of Exposure - a Purple-Knight-style ranked, severity-scored exposure view (Get-GuerrillaIndicatorsOfExposureHtml) added to the Reconnaissance, Google Workspace, Campaign, and Technical reports. Each open FAIL/WARN finding becomes a named indicator with its blast radius (affected-object count), ranked by severity then FAIL-before-WARN then impact, under a Critical/High/Medium/Low summary - the data you already collect, presented the way a CISO (or a Purple Knight user) reads it. Report-only: no engine/check/scoring changes (517 checks, 48 public functions). Samples regenerated (Infiltration/Campaign samples now include the 44 EIDSCA checks). Test verify-report-sections.ps1 (36/36). Maester roadmap M1 (EIDSCA) + M2 (CA what-if) + M4 (CI/CD) + M3 (Indicators of Exposure) done; remaining M3 interactive filtering polish, M6 EXO/email depth. Purple Knight presentation edge closed. See CHANGELOG.md for v2.27.0 and earlier.'

        }

    }

}