Evil-WinRM vs Ruler
GitHub Stats
About Evil-WinRM
Evil-WinRM is a powerful WinRM shell designed for penetration testing and post-exploitation activities. It supports file upload/download, in-memory PowerShell execution, DLL injection, and pass-the-hash authentication. Built in Ruby, this tool provides an effective way to interact with Windows systems remotely, enabling testers to execute commands and scripts without leaving traces on disk, making it a preferred choice for stealthy operations.
About Ruler
Ruler is a tool for interacting with Exchange servers through the MAPI/HTTP or RPC/HTTP protocol. It exploits legitimate Exchange and Outlook features (mail rules, forms, and home pages) to achieve remote code execution on target workstations. When a user opens Outlook, malicious rules trigger command execution, or injected forms/home pages render attacker-controlled content with script execution. Ruler can also enumerate valid credentials via brute-force, perform autodiscover probing, and extract the Global Address List. It demonstrates how Exchange features become attack vectors in enterprise environments.
Platform Support
Tags
Evil-WinRM only
Ruler only