Devious-WinRM 1.1.0

A Pentester's Powershell Client.

Devious-WinRM

A Pentester's Powershell Client.

Description / Purpose

This tool allows one to access servers running WinRM or Powershell Remoting, with additional tools for capture the flag / pentesting. I created this project to fix a few grievances I have with existing tools (such as the amazing Evil-WinRM) and to contribute to the open-source hacking community.

Under the hood, Devious-WinRM is not directly based on WinRM. It is instead built on the PowerShell Remoting Protocol, which in turn uses WinRM. PSRP was chosen as it seems to require less user permissions than WinRM, at least in a rudementary Active Directory environment.

Features / Planned

• No-config Kerberos auth
• Make it pretty
• Pass the hash support
• Pass the ticket support
• File upload/download
• Syntax highlighting
• Ctrl+C command interupt
• Remote path completion
• In-Memory .NET loader
• In-Memory Powershell loader
• Certificate auth
• SSL auth
• Logging
• Maybe: Local logon token upgrader via RunasCs

Installation

On Linux, Kerberos needs to be installed: sudo apt install gcc python3-dev libkrb5-dev krb5-pkinit

The recommended installation method is with uv. Check out their docs for how to install it, then run:

uv tool install devious-winrm --prerelease=allow

Alternatively, use pipx or pip:

pipx install devious-winrm

pip install devious-winrm

Credits

• Evil-WinRM - This goes without saying, but Evil-WinRM is an incredible tool. It was the primary inspiration for this project.
• pypsrp - A tremendously well-featured library for Powershell Remote in Python. Super friendly developer as well!
• evil-winrm-py - Aditya and I had the same idea at almost the exact same time. I would be remissed if I didn't mention his project as well.