Home

Welcome to the Powerview.py wiki!

What is Powerview.py?

PowerView.py is a Python implementation of the awesome PowerView.ps1 script. Most of the modules used in PowerView are available here ( some of the flags are changed ). Main goal is to achieve interactive session without having to repeatedly authenticate to ldap.

Interesting features

Embeded user session
Binding with multiple protocols (ldap, ldaps, gc, gc-ssl), trial and error approach. SSL connection is prioritized.
Mini Powerview.py console to make you feel like home when using PowerView.ps1
Auto-completer, so no more remembering commands
Cross-Domain interactions (might or might not work)
Check if current user has Domain Admin or adminCount attribute set to 1
Table format feature mirroring the output style of PowerShell's Format-Table.
Unlock locked ad accounts
Maybe more?

Why not stick with the .ps1 script?

Detections

As most of yall know, PowerView.ps1 is highly likely to get detected by Defender or AV vendors once downloaded onto the PC. An offensive tool to get detected by AV is a red flag during engagement. Maybe some of you thinking, why not just bypass AMSI and import the script undetected? Well, some of the big companies normally have EDR installed on most endpoints and EDRs are normally hook amsi patching and also most likely would get detected during AMSI patching. So, PowerView.py FTW!

Proxy with ease

Running LDAP query tools through proxies (i.e. SOCKS) is quite overwhelming since it requires a lot of stuffs needed to be installed (i.e. Proxyfier). I dont think windows can support proxychains just yet (at least not on top of my head). Since powerview.py is just a python tool, wrapping it with proxychains is definitely possible. Used it most of the time and it worked like a charm!