Skip to content
Audit Powershell and search from known keywords in history #Blueteam
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.


BlueChecker will help you audit PowerShell and check for any suspicious activity.

Simply download the script or run remotely using:

powershell –nop –c “iex(New-Object Net.WebClient).DownloadString(‘’)”

Once ran, BlueChecker will check for:

  • Powershell status
  • Evidence of downgrading
  • Registry and GP set for PowerShell auditing
  • Malicious scripts using keywords
  • Event logs for Module logging and script block logging.

For More Information, visit:

You can’t perform that action at this time.