C. Using Power Response - Asymmetric-InfoSec/Power-Response GitHub Wiki

Start Power-Response

Power-Response comes with pre-built plugins in the plugins directory of the repository (we will continue to add plugins as rapidly as possible), so you should be able to get going pretty quickly. Don't worry too much about any other directories, Power-Response will generate all necessary directories on the fly as needed.

It is recommended that you run Power-Response in a user context that allows you to collect data on all target machines.

Invoke Power-Response by executing .\Power-Response.ps1

You will be dropped into an interactive menu style framework that will guide you through executing plugins to collect data on the target machine(s).

You will be able to navigate through the framework by making selections (pick a number) and that will either navigate to the next directory or will select a plugin for you to start data collection.

Power-Response Help Menu

As you navigate the framework, you may end up having questions about what you can and cannot do. At any given time, invoke the help command and you will be provided with commands that you can execute at your current position in the framework. The available commands will be all, or some, of the following:

Name: Description

back: de-select a script file and move back to menu context
exit: exits Power Response
help: displays the help for all or specified commands
remove: removes all or a specified parameter values
run: runs the selected script with parameters set in environment
set: sets a parameter to a value
show: shows a list of all or specified parameters and values
clear: clears the screen of clutter while running plugins

Data Collection and Plugin Execution with Power-Response

When you enter into a plugin, Power-Response will show you the parameters (both optional and required) that are available for the plugin. The parameters will also show you what parameter type they are (string, string array, integer, etc.) so you can provide the correct value type. To set a value for a parameter, you will use the set command.

Example: set ComputerName test-pc -- will set the ComputerName variable to "test-PC"

After you have set all parameters for the plugin, simply execute the run command and the plugin will run to completion. If there are errors during execution, Power-Response will let you know.

Any output generated will be moved to the Output directory and named based on plugin run and timestamp. By default, Power-Response will provide the plugin output in both XML and CSV format.

Note: As you navigate from plugin to plugin, Power-Response will attempt to maintain parameter values. For instance, if you set ComputerName in one plugin and navigate to another plugin to collect more data, the ComputerName parameter will already be assigned (as long as the parameter types are the same - see the Wiki for more details)

At anytime you can execute the show command to see what is available to you in a menu or plugin.