PersistenceSniper

1.12.0

This module tries to enumerate all the persistence methods implanted on a compromised machine. New techniques may take some time before they are implemented in this script, so don't assume that because the module didn't find anything the machine is clean.

Minimum PowerShell version

5.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PersistenceSniper -RequiredVersion 1.12.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PersistenceSniper -Version 1.12.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

Commons Clause

Package Details

Author(s)

  • Federico @last0x00 Lagrasta

Tags

Windows Registry Persistence Detection Blue Purple Red Team Incident Response DFIR IR Forensics AMSI Powershell

Functions

Find-AllPersistence

Dependencies

This module has no dependencies.

Release Notes

This release fixes a bug in the OutputCSV parameter, which up to version 1.11.0 would included false positives filtered out by the DiffCSV parameter, as well as implementing support for logging the output of the tool to the Windows Event Log.

FileList

Version History

Version Downloads Last updated
1.17.1 428 12/11/2024
1.17.0 24 12/11/2024
1.16.3 1,606 12/3/2024
1.16.1 23,749 6/30/2024
1.16.0 9,089 3/31/2024
1.15.1 3,987 2/15/2024
1.15.0 3,771 1/9/2024
1.14.0 1,039 11/4/2023
1.13.0 169 10/5/2023
1.12.1 388 8/12/2023
1.12.0 (current version) 300 5/22/2023
1.11.0 89 5/5/2023
1.10.1 20 5/4/2023
1.9.3 65 4/16/2023
1.9.2 197 2/22/2023
1.9.1 127 1/29/2023
1.8.0 124 12/16/2022
1.7.1 96 10/17/2022
1.7.0 207 9/7/2022
1.6.0 265 9/6/2022
1.5.0 31 8/31/2022
1.4.0 93 8/15/2022
1.3.2 57 8/9/2022
1.3.1 23 8/8/2022
1.3 16 8/8/2022
1.2 15 8/8/2022
1.0 181 8/4/2022
0.9 25 8/3/2022
Show less