EN
ENNA

Evil-WinRM

LGPL-3.0

💥 Exploitation · Ruby

Evil-WinRM is a powerful WinRM shell designed for penetration testing and post-exploitation activities. It supports file upload/download, in-memory PowerShell execution, DLL injection, and pass-the-hash authentication. Built in Ruby, this tool provides an effective way to interact with Windows systems remotely, enabling testers to execute commands and scripts without leaving traces on disk, making it a preferred choice for stealthy operations.

5.3kstars
680forks
0issues
Updated 25d ago
View on GitHub

Installation

$ gem install evil-winrm

Tags

winrmpowershellpass-the-hashpost-exploitationdockerevil-winrmhackingkerberospentestpentestingpentesting-windowspsrpremote-managementrubyshellwin-rm

Details

Category
💥 Exploitation
Language
Ruby
License
LGPL-3.0
Platforms
🐧linux🍎macos

Links

GitHub Repository

github.com/Hackplayers/evil-winrm

Releases

github.com/Hackplayers/evil-winrm/releases

Issues

github.com/Hackplayers/evil-winrm/issues

Sponsored

Your ad here

Reach security professionals and developers — ads@en-na.com

More in Exploitation

Metasploit Framework

Ruby

The world's most used penetration testing framework. Exploit development, payload delivery, post-exploitation.

exploitpayloadpost-exploitation

BloodHound

Go

Active Directory attack path mapping. Visualizes privilege escalation paths using graph theory.

active-directorygraphprivilege-escalation

Impacket

Python

Collection of Python classes for working with network protocols. Essential for Windows/AD pentesting.

smbactive-directoryprotocol

CrackMapExec

Python

Swiss army knife for pentesting Active Directory. SMB, LDAP, MSSQL, WinRM enumeration and exploitation.

active-directorysmblateral-movement

Covenant

C#

.NET C2 framework. Collaborative, web-based interface for red team operations and implant management.

c2red-teamdotnet

Sliver

Go

Open-source C2 framework by BishopFox. mTLS, HTTP(S), DNS, WireGuard implants with multi-operator support.

c2red-teammulti-operator