WinRM_Brute_Scanner Guide

Blue cyber future technology concept background Premium Vector

WinRM_Brute_Scanner.ps1 allows you to scan and brute force the WinRM service remotely.

I wrote this script to be able to scan for this service on a Windows system. Because this uses PowerShell commands, no AV should interfere, and no additional modules are required.  Once obtained, remote commands can be sent.


WinRM Ports:

  • Port: 5985 (http)
  • Port: 5986 (https)

To find out more about the service:

Importing Module

First you must download and import the module:

Import-Module [Script location]


To scan the device, we can use the function: winrm_scanner

Once ran, you will need to select 1 of 2 options.

  • Option 1: Single IP
  • Option 2: Multiple IPs (IP List)

To generate an IP List, you could use this online tool:

Option 1: Single IP

Simply enter the IP or Hostname

Option 2: IP List

Simply enter the text file location. IPs need to be on separate lines.

Brute Force

To brute force the service, you can use the winrm_brute function.

You will need to supply the following:

  • IP or Hostname
  • Username
  • Wordlist Location

For this to be successful, you will need to meet the following requirements:

  • Be a trusted machine (Get-Item WSMan:\localhost\Client\TrustedHosts)
  • Be on the same domain (depending on restrictions)
  • Be able to reach the remote device (Firewall)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

%d bloggers like this: