Nishang is a powerful PowerShell framework designed for offensive security, penetration testing, and red teaming. It comprises a collection of scripts and payloads that enable the use of PowerShell during various phases of penetration tests.
Key features include:
- In-Memory Execution: Scripts are designed for in-memory execution, evading traditional AV detection.
- Versatile Payloads: Offers a wide range of payloads, including reverse shells, keyloggers, and credential harvesting tools.
- Active Directory Exploitation: Includes scripts for modifying AD objects and setting DCShadow permissions.
- Client-Side Attacks: Tools for creating infected files (CHM, Word, Excel, HTA) for phishing campaigns.
- Privilege Escalation: Scripts to bypass UAC and escalate privileges to SYSTEM.
- Exfiltration Techniques: Methods for data exfiltration via Gmail, Pastebin, web servers, and DNS.
- Post-Exploitation Modules: Tools for pivoting, network relaying, and gathering sensitive information.
Nishang is a valuable asset for security professionals seeking to leverage PowerShell for red team engagements and comprehensive security assessments.