Skip to content

PowerShell History Enterprise

Injects a command containing fake credentials into the PowerShell history file (PSReadLine history). Attackers who search history for passwords will find the entry and attempt to connect.

Generate from any compatible service row (SSH, FTP, HTTP, HTTPS, SMB, MySQL, PostgreSQL, MSSQL, RDP, Telnet, Rsync).

Installation

After downloading the script, run it with a leading space to avoid recording it in your own history:

powershell
 .\script.ps1

The leading space prevents this command from appearing in the history you are about to plant breadcrumbs in.