PowerShell implementation of Autoruns
A PowerShell module for live incident response that enumerates Windows autorun artifacts to detect persistence mechanisms used by malware and legitimate programs.
What is PowerShell implementation of Autoruns?
AutoRuns is a PowerShell module that enumerates Windows autorun artifacts to help security professionals detect persistence mechanisms during live incident response. It scans various autostart locations like registry keys, scheduled tasks, services, and WMI entries to identify potential malware or legitimate programs that achieve persistence. The module provides features like file hash computation, digital signature verification, and baseline comparison to track changes over time.
Security analysts, incident responders, and forensic investigators who need to analyze Windows systems for persistence mechanisms during live investigations or routine security audits.
Developers choose AutoRuns because it offers a scriptable, PowerShell-native alternative to GUI tools like Sysinternals Autoruns, enabling automation, integration into security workflows, and detailed analysis with features like baseline comparison and user-specific scanning.
Overview
🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
