A modern PowerShell toolkit built from real-world testing, focused on recon, access checks, and lateral movement in Windows environments.
PowerOpsToolKit is a personal and evolving collection of modern PowerShell scripts for offensive Windows operations — created to replace outdated and unreliable tools often shared in red team tutorials and blog posts.
Many legacy tools are over 5 years old and incompatible with modern Active Directory environments. This toolkit rewrites and modernizes those techniques for real-world use in:
- Active Directory reconnaissance
- Privilege escalation
- WMI access validation
- Lateral movement
- Internal access enumeration
This project is being built and tested continuously as I explore deeper into offensive PowerShell. Expect active updates, clean code, and real-world applicability.
| Script Name | Description |
|---|---|
Find-WMILocalAdminAccess.ps1 |
Checks if local admin WMI access is available on remote systems. |
| ... | More coming soon! |
⚠️ For authorized internal assessments, red teaming, or educational research only.
- Intended for authorized testing, red teaming, and educational use only.
- Always ensure proper permission before running scripts in production or on external networks.
- Designed for internal assessments, defense simulation, and research.
- Docs Contain how to use scripts
- Scripts contain the actual script to use
This project is licensed under the MIT License. You are free to use, modify, and distribute — just give credit and don't be evil.
Pull requests are welcome!
- Found a better way to do something?
- Have a script you use for AD recon or access testing?
- Want to help organize docs or turn this into a module?
- Open an issue or PR, or check out CONTRIBUTING.md to get started.