Skip to content

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

License

Notifications You must be signed in to change notification settings

svetek/PowerUpSQL

 
 

Repository files navigation

  licence badge wiki Badge stars badge forks badge issues badge

PowerUpSQLLogo

PowerUpSQL includes functions that support SQL Server discovery, weak configuration auditing, privilege escalation on scale, and post exploitation actions such as OS command execution. It is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that can be used by administrators to quickly inventory the SQL Servers in their ADS domain and perform common threat hunting tasks related to SQL Server.

PowerUpSQL Wiki

For setup instructions, cheat Sheets, blogs, function overviews, and usage information check out the wiki: https://github.com/NetSPI/PowerUpSQL/wiki

Author and Contributors

  • Author: Scott Sutherland (@_nullbind) Twitter Follow
  • Major Contributors: Antti Rantasaari, Eric Gruber (@egru), Thomas Elling (@thomaselling)
  • Contributors: Alexander Leary (@0xbadjuju), @leoloobeek, Andrew Luke(@Sw4mpf0x), Mike Manzotti (@mmanzo_), @TVqQAAMA, @cobbr_io, @mariuszbit (mgeeky), @0xe7 (@exploitph), phackt(@phackt_ul), @vsamiamv, and @ktaranov

Issue Reports

I perform QA on functions before we publish them, but it's hard to consider every scenario. So I just wanted to say thanks to those of you that have taken the time to give me a heads up on issues with PowerUpSQL so that we can make it better.

  • Bug Reporters: @ClementNotin, @runvirus, @CaledoniaProject, @christruncer, rvrsh3ll(@424f424f),@mubix (Rob Fuller)

License

  • BSD 3-Clause

About

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 92.2%
  • TSQL 5.0%
  • C# 2.0%
  • C++ 0.8%