Powershell
Powershell is a program offering a shell to run commands called cmdlets π¦. It abstracts .NET Common Language Runtime (CLR).
The usual format of a cmdlet is VERB-NOUN such as Get-help to get some help about a cmdlet. Its linux equivalent is man.
PS> Get-Help some_cmdlet_here
PS> Get-Help some_cmdlet_here -Examples
PS> Update-Help # if help was empty, update it first
π Commands, and arguments, are case-insensitive (e.g. a == A)
π You can list every cmdlet with Get-Command (gcm).
π Many cmdlets have an alias for a Linux command. For instance, help for Get-Help. See Get-Alias or refer to Wikipedia comparison.
Powershell cmdlets output an object, unlike other shell languages, which output plaintext. It means that we can access a specific column (property) or call a method on it without having to call a command such as grep/cut/... as we would on Linux. π
PS> Get-Help | Get-Member
Name MemberType Definition
---- ---------- ----------
xxx Method xxxx
[...]
xxx Property xxxx
PS> Get-help | Get-member -MemberType Method
PS> Get-help | Get-member -MemberType Property
π Use TAB to iterate through arguments.
Basic Overview
Execute a script
For a normal .ps1 script, use dot sourcing:
PS> . .\MyScript.ps1
For a PSI module (.psm1), import the module:
PS> Import-Module .\MyModule.psm1
Powershell ISE
The PowerShell ISE (Integrated Scripting Environment) is an editor for writing, testing, and debugging PowerShell scripts.
Execution Policy
Normal users can't execute scripts by default. There are a few configurations that may be selected. They can be easily by-passed by typing the script contents directly into the shell.
-
AllSigned: allow signed scripts to be executed -
Bypass: no restrictions β οΈ and no warnings -
Default: use the default policy (Restricted) -
RemoteSigned: downloaded scripts must be signed to be executed -
Restricted: cannot run scripts, only commands -
Undefined: no policy -
Unrestricted: no restrictions οΈβ οΈ | warning for remote scripts β οΈ
PS> Get-ExecutionPolicy -List
PS> Set-ExecutionPolicy Bypass -Scope Process
PS> Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
Basic commands
Usage π: list files in a directory
Alias π: ls
Example π₯:
PS> Get-ChildItem # current
PS> Get-Childitem "C:/" # give a folder
PS> Get-Childitem -Path "C:/" # same
Only keep files matching a glob-pattern:
PS> Get-ChildItem [...] -Filter "a*"
PS> Get-ChildItem [...] -Include "a*" # ~same
Only show files or folders:
PS> Get-ChildItem [...] -File
PS> Get-ChildItem [...] -Directory
You can list files recursively:
PS> Get-ChildItem [...] -r
PS> Get-ChildItem [...] -Recurse
Usage π: change your working directory
Alias π: cd
Example π₯:
PS> Set-Location # DO NOTHING
PS> Set-Location "C:/" # Go to folder
PS> Set-Location -Path "C:/" # Go to folder
Usage π: get the path to your working directory
Alias π: pwd
Example π₯:
PS> Get-Location
Usage π: reads and outputs the content of a file
Aliases π: cat, gc
Example π₯:
PS> Get-Content file.txt
PS> Get-Content -Path file.txt
Output manipulation
Usage π: create an object; can be used to create an object with fewer properties than another object.
Alias π: N/A
Example π₯:
Only keep the properties "A" and "B" from the previous object output.
PS> [...] | Select-Object -Property A, B
Usage π: only keep objects matching the conditions.
Alias π: N/A
Example π₯:
PS> XXX | Where-Object -Property XXX -eq YYY
Usage π: sort lines based on one or more properties.
Alias π: sort
Example π₯:
PS> [...] | Sort-Object SomeProperty
PS> [...] | Sort-Object SomeProperty,SomeProperty
Text utilities
Usage π: number of words/lines/...
Alias π: <None>
Example π₯:
PS> [...] | Measure-Object
PS> [...] | Measure-Object -Word
PS> [...] | Measure-Object -Line
PS> [...] | Measure-Object -Character
Usage π: only keep lines matching a pattern
Alias π: <None>
Example π₯:
PS> [...] | Select-String "xxx"
PS> [...] | Select-String -Pattern "xxx"
PS> Select-String [...] -Path "xxx"
Network utilities
Usage π: download a file from a URL
Aliases π: wget/curl/iwr
Example π₯:
PS> Invoke-WebRequest URL
PS> Invoke-WebRequest -uri URL
You can save the output somewhere else:
PS> Invoke-WebRequest [...] -o output
PS> Invoke-WebRequest [...] -outfile output
Usage π: list network interfaces. Similar to Linux ip a.
Alias π: <None>
Example π₯:
PS> Get-NetIPAddress
Usage π: list open ports. Similar to Linux netstat.
Alias π: <None>
Example π₯:
PS> Get-NetTCPConnection
Management utilities
The commands are alternatives to the wmic commands:
- Operating System Information
PS> Get-CimInstance -ClassName Win32_OperatingSystem
PS> Get-WmiObject -Class Win32_OperatingSystem
- Installed Programs
PS> Get-WmiObject -Class Win32_Product
- Apps run at startup
PS> Get-CimInstance -ClassName Win32_StartupCommand
- User Information
PS> Get-LocalUser
- List processes/services
PS> Get-WmiObject -Class Win32_Service
PS> Get-WmiObject -Class Win32_Process
PS> Get-Process
- BIOS information
PS> Get-WmiObject -Class Win32_Bios
System utilities
Usage π: test if a given path exists.
Alias π: <None>
Example π₯:
PS> Test-Path "C:/"
PS> Test-Path -Path "C:/"
Usage π: get a file hash
Alias π: <None>
Example π₯:
PS> Get-FileHash file
PS> Get-FileHash [...] -Algorithm xxx
Usage π: list hot fixes
Alias π: <None>
Example π₯:
PS> Get-HotFix
Usage π: you can manipulate services using these.
Example π₯:
PS> Get-Service -name spooler # status
PS> Stop-Service -name spooler # stop
PS> Start-Service -name spooler # start
π» To-do π»
Stuff that I found, but never read/used yet.
PS> Set-WinUserLanguageList -LanguageList fr-FR, en-US -force
PS> $Env:path = "$Env:path;${pwd}\bin"
PS> $variable_name = value
PS> foreach($item in $values){}
PS> iex "$([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('utf16_base64_encoded')))"
-
Format-List: pretty print as list -
pwsh: run powershell on Linux