Why writing such a tool, you might ask. Well, for starters, I tried looking around and I did not find a tool which suited my particular use case, which was looking for known persistence techniques, automatically, across multiple machines, while also being able to quickly and easily parse and compare results. Sure, Sysinternals' Autoruns is an amazing tool and it's definitely worth using, but, given it outputs results in non-standard formats and can't be run remotely unless you do some shenanigans with its command line equivalent, I did not find it a good fit for me. Plus, some of the techniques I implemented so far in PersistenceSniper have not been implemented into Autoruns yet, as far as I know. Anyway, if what you need is an easy to use, GUI based tool with lots of already implemented features, Autoruns is the way to go, otherwise let PersistenceSniper have a shot, it won't miss it 😉

To learn how to use PersistenceSniper properly, head to the Project's Wiki.

The persistence techniques implemented so far are detailed in the Detections Page of PersistenceSniper's Wiki.

Most of this tool is based on the work of other skilled researchers, so it's right to give credit where credit's due. This project wouldn't be around if it weren't for:

• Hexacorn and his never-ending Beyond good ol' Run key series;
• Grzegorz Tworek and his amazing persistence-info.github.io website;
• All the other researchers who disclosed cool and unknown persistence techniques.

Furthermore, these people contributed to the project:

• Riccardo Ancarani
• Cecio
• Vadim
• fkadibs
• suinswofi
• Antonio Blescia

I'd also like to give credits to my fellow mates at @APTortellini for the flood of ideas that helped it grow from a puny text-oriented script to a full-fledged Powershell module.

This project is under the Commons Clause version of the MIT License license. TL;DR: you can copy, modify, distribute and perform the work for whatever reason, excluding commercial purposes, all without asking permission.