An open source hunt framework for Microsoft Windows networks. Find out your network's host configuration baseline and what lies outside of it on the fly.
Currently collects 76 forensically relevant data points.
The repo is currently in a weird state. Originally, the intent of the project was to have a single .ps1 to do everything. We are working to move the remote collection into its own module so that the local collect is a much lighter weight script.
- A few of the datapoints being collected are either irrelevant or do not return something of implict value.
- Reworking services to scrape registry instead of get-services/gwmi win32_service/etc.
- Incorporating checks from tools like WinPwn and WinPEAS. (if attackers know where they can privesc, shouldn't you?)
- Parameter Sets:
- LocalCollectAll
- LocalCollectByName
- LocalCollectByCategory
- RemoteCollectAll
- RemoteCollectByName
- RemoteCollectByCategory
- Finally working on getting rid of the menu.
- Using cmdletbinding in next version
