Are you looking for a quick reference guide to PowerShell commands and scripts? Look no further—our PowerShell cheat sheet is here to help you streamline your tasks and boost your productivity. Whether you’re a beginner or an experienced user, this cheat sheet has something for you.
We’ll cover key topics such as objects, regular expressions, operators, and tips and best practices for working with this powerful task automation tool. So, rather than spending more time than you need in the official documentation or in remembering complex commands, keep our Windows PowerShell cheat sheet within reach and get to work.
Download this cheat sheet here. When you’re ready, let’s get started.
What Is PowerShell?
PowerShell is a scripting language and command-line interface (CLI) built on Microsoft’s .NET Framework to automate administrative tasks and manage system configurations, analogous to Bash scripting in Linux. For all the geeks out there, PowerShell is an object-oriented programming (OOP) language.
The PowerShell Integrated Scripting Environment (ISE) is a terminal console for running PowerShell commands known as cmdlets (pronounced “command-let”) and writing/executing PowerShell scripts with the file extension “.ps1”.
PowerShell commands are case-insensitive in its native Windows environment, but that is not true for other operating systems. Read more about PowerShell case sensitivity here.
How to Use PowerShell
PowerShell comes pre-installed on Windows and Azure, but you can install it on certain Linux distributions through their respective package managers and on the latest macOS version via Homebrew, direct download, or binary archives.
How to start a PowerShell instance:
|Windows||Right-click Start > select “Windows PowerShell”|
If you want elevated privileges, select ”Windows PowerShell (Admin)”
Run Command Prompt (click Start > type cmd) > input “PowerShell” and select your preferred option—with or without “(Admin)”
|Linux||Raspberry Pi: In Terminal, type ~/powershell/pwsh > press Enter.|
Other distributions: In Terminal, input pwsh > press Enter.
|macOS||In Terminal, input pwsh > press Enter.|
Useful PowerShell Commands
The table below lists the most important PowerShell commands. Although PowerShell aliases resemble Command Prompt (
cmd.exe) or Bash commands, they’re not functions native to PowerShell but are shortcuts to the corresponding PowerShell commands.
|(None)||Display help information about PowerShell command |
You may replace
|Lists all files and folders in the current working directory|
|Get the current working directory|
|Sets the current working location to a specified location|
|Gets the content of the item at the specified location|
|Copies an item from one location to another|
|Deletes the specified items|
|Moves an item from one location to another|
|Creates a new item|
|Send output to a file.|
When you wish to specify parameters, stick to
|Get content from a web page on the Internet|
|Sends the specified objects to the next command in the pipeline.|
PowerShell is so complex and contains so many commands that you need to understand its syntax to use it well.
Parameters are command arguments that enable developers to build reusable PowerShell scripts. For a command with two parameters (here,
Parameter1 takes a value, but
Parameter2 doesn’t), the syntax is:
Do-Something -Parameter1 value1 -Parameter2
To find all commands with, say, the “
ComputerName” parameter, use:
Get-Help * -Parameter ComputerName
The following are risk mitigation parameters that apply to all PowerShell commands:
|Risk mitigation parameter||Description||Example|
|Prompt whether to take action.||Creating a new item called |
|Displays what a certain command would do.||Removal of an item called |
Here’s more information about common parameters in PowerShell.
PowerShell uses the pipe character “
|” to pass the output of a series of commands to subsequent commands as pipeline input, analogous to scripting in Bash and Splunk. For a sequence containing three commands, the PowerShell pipeline syntax is:
Command1 | Command2 | Command3
Here is an example involving four commands:
Get-Service | Where-Object -Property Status -EQ Running | Select-Object Name, DisplayName, StartType | Sort-Object -Property StartType, Name
In this example,
Get-Service sends a list of all the Windows services to
Where-Object, which filters out the services having
Running as their
Status. The filtered results pass through
Select-Object, which picks out the columns
StartType, and finally,
Sort-Object sorts these columns by
Other examples of pipes:
|Rename the file “|
|Lists the names of all the files in the current working directory, sorted in alphabetical order.|
An object is a data type that consists of object properties and methods, either of which you can reference directly with a period (
.) followed by the property/method name. PowerShell contains .NET Framework objects like other OOP languages such as C#, Java, and Python.
In the example below, we explore a
Fax application .NET Framework object:
Get-Service -Name Fax | Get-Member
Fax has one or more properties. Let’s check out the
Status property. It turns out that it’s not in use:
(Get-Service -Name Fax).Status
One of the methods listed is “
GetType” and we can try it out:
(Get-Service -Name Fax).GetType()
This method shows that the .NET object Fax is a
These are the basic commands for defining and calling PowerShell variables.
|Create a new variable |
|Lists all variables in use beginning with “|
|Delete the variable called “|
|Assign the value “|
|Assign the value 0 to the variables |
|Assign the characters |
|Swap the values of the variables |
|Force the variable |
Important special variables (find more here):
|Path to user’s home directory|
|Boolean value TRUE|
|Boolean value FALSE|
|Process identifier (PID) of the process hosting the current session of PowerShell|
A regular expression (regex) is a character-matching pattern. It can comprise literal characters, operators, and other constructs.
Here are the rules for constructing regexes:
|Allowable characters, e.g., |
|Single vowel character in English|
|1. Use it with square brackets |
2. For matching the beginning of a string
|Single consonant character in English|
|For matching the end of a string|
|Use with square brackets |
|Uppercase alphabetic characters|
|Lowercase alphabetic characters|
|All ASCII-based (hence printable) characters|
|Any character except a newline (|
|Match the regex prefixed to it zero or more times.|
|Match the regex prefixed to it one or more times.|
|Match the regex prefixed to it zero or one time.|
|A regex symbol must match exactly |
|A regex symbol must match at least |
|A regex symbol must match between |
|Escape; interpret the following regex-reserved characters as the corresponding literal characters: |
|Non-decimal digit, such as hexadecimal|
|Alphanumeric character and underscore (“word character”)|
The following syntax is for checking strings (enclosed with quotes such as
"ing") against regexes:
|Check for ||Check for |
Here are examples of strings that match and don’t match the following regular expressions:
|Regex||Strings that ||Strings that do |
PowerShell has many operators. Here we present the most commonly used ones.
In the examples below, the variables
$b hold the values 10 and 20, respectively. The symbol
→ denotes the resulting value, and
⇔ denotes equivalence.
|Addition. Adds values on either side of the operator.|
|Subtraction. Subtracts right-hand operand from the left-hand operand.|
|Multiplication. Multiplies values on either side of the operator.|
|Division. Divides left-hand operand by right-hand operand.|
|Modulus. Divides left-hand operand by right-hand operand and returns the remainder.|
|Operator||Math symbol (not PowerShell)||Description||Example|
|≥||Greater than or equal to|
|≤||Less than or equal to|
|Assign values from the right-side operands to the left-hand operand.||Assign the sum of variables |
|Add the right side operand to the left operand and assign the result to the left-hand operand.|
|Subtract the right side operand from the left operand and assign the result to the left-hand operand.|
|Logical AND. If both operands are true/non-zero, then the condition becomes true.|
|Logical OR. If any of the two operands are true/non-zero, then the condition becomes true.|
|Logical NOT. Negation of a given Boolean expression.|
|Logical exclusive OR. If only one of the two operands is true/non-zero, then the condition becomes true.|
|Send output to the specified file or output device.|
|Append output to the specified file or output device.|
|Redirects the specified stream to the standard output stream.|
By adding a numerical prefix to PowerShell’s redirection operators, the redirection operators enable you to send specific types of command output to various destinations:
|Redirection prefix||Output stream||Example|
|All output||Redirect all streams to |
|Standard output (This is the default stream if you omit the redirection prefix.)||Append standard output to |
|Standard error||Redirect standard error to standard output, which gets sent to a file called |
|Warning messages||Send warning output to |
|Verbose output||Append |
|Debug messages||Send debugging output to standard error:|
|Information (PowerShell 5.0+)||Suppress all informational output: |
Matching and regular expression (regex) operators:
|Replace strings matching a regex pattern||Output |
|Check if a string matches a wildcard pattern (or not)||Output all *.bat files in the current working directory:|
Output all other files:
|Check if a string matches a regex pattern (or not)||The following examples evaluate to TRUE:|
|Check if a collection contains a value (or not)||The following examples evaluate to TRUE:|
|Check if a value is (not) in a collection||The following examples evaluate to TRUE:|
|Grouping; override operator precedence in expressions||Computing this expression gives you the value 4:|
|Get the result of one or more statements||Get today’s date and time:|
|Get the results of one or more statements in the form of arrays||Get only file names in the current working directory:|
|Converts objects to the specific type||Check that there are 31 days between January 20 and February 20, 1988:|
|Run a command/pipeline as a Windows Powershell background job (PowerShell 6.0+)|
A hash table (alternative names: dictionary, associative array) stores data as key-value pairs.
Comments help you organize the components and flow of your PowerShell script.
|Escaped quotation marks|
In the given examples,
$a is a variable defined earlier in the PowerShell instance.
|For-loop.||Print the value of |
|ForEach-Object loop; enumeration over |
The alias for “ForEach” is “
|Display the file size of each file in the current working directory:|
|While-loop.||In each iteration, increment |
|Conditional statement.||Compares the value of |
PowerShell for Administrators
PowerShell is an indispensable tool in the system administrator’s toolkit because it can help them automate mechanical and repetitive file system jobs, such as checking memory usage and creating backups. With task scheduling apps (such as Task Scheduler on Windows), PowerShell can do a lot of heavy lifting.
The following table lists PowerShell commands (change the parameters and values as appropriate) tailored to administrative tasks:
|Set up network drives. |
Specify an unused capital letter (not C:) as the “
|Enable PowerShell remoting on a computer.|
If you want to push software updates across a network, you need to enable PowerShell remoting on each computer in the network.
|Push software updates across a network of three computers |
|Check for software patches/updates|
The first command prompts you for a password by using the
The second command creates a local user account by using the password stored in
|Monitor running processes, refreshing at some given interval and showing CPU usage like Linux |
|Creating a remote backup of the directory |
|Display the running and stopped services of the computer. See a working example in Pipes.|
|List all commands with the suffix “|
|List processes on a local computer:|
|Sleep for ten seconds|
|Start a Windows Powershell background job locally|
|Get the results of the Windows Powershell background job|
|Create a persistent connection to a local or remote computer|
|Get the Windows PowerShell sessions on local and remote computers|
|Enable a previously disabled firewall rule|
|Convert Microsoft .NET Framework objects into HTML web pages|
|Send an HTTP or HTTPS request to a RESTful web service|
PowerShell for Pentesters
With great power comes great responsibility, and responsibilities as great as proper use of PowerShell fall on the system administrator in charge of maintaining a computer network. However, hackers have also used PowerShell to infiltrate computer systems. Therefore any competent penetration tester (pentester) must master PowerShell.
PowerShell Pentesting Toolkit
Here are Windows PowerShell commands (change the parameters and values as appropriate) and links to specialized code to help you do penetration testing using PowerShell:
|In this powerful command, “|
Jeffrey Snover, the creator of PowerShell, says:
Learn more about
|Microsoft’s Antimalware Scan Interface (AMSI) allows antivirus software to monitor and block PowerShell scripts in memory.|
AMSI can recognize scripts meant to bypass AMSI by their hash signatures. So hackers/pentesters wise up.
A typical workaround is obfuscation, such as creating dummy variables to hold values in the script and Base64-encoding these values. Good obfuscation makes it harder for AMSI to recognize a script.
But a tried-and-tested workaround that doesn’t involve obfuscation is splitting it up into separate lines.
Therein lies AMSI’s weakness: it can detect entire scripts but not anticipate whether incremental commands lead to unexpected results.
|Turn off Windows Defender.|
This command also requires obfuscation as AMSI will identify and abort such scripts.
|Import module from a directory path |
|Download execution cradle: a payload PowerShell script |
|Downloading a PowerShell script |
|Download a PowerShell script |
|Allow a PowerShell script |
The next item is an example.
To enumerate is to extract information, including users, groups, resources, and other interesting fields, and display it. Here is a table of essential enumeration commands:
|Get the password policy|
|Get the privileges of the currently logged-in user|
|List all network interfaces, IP, and DNS|
|List all users on the machine|
|Get IP route information from the IP routing table|
|List all PowerShell commands|
You may come across PowerShell modules and scripts such as Active Directory, PowerView, PowerUp, Mimikatz, and Kekeo, all of which pentesters use. We encourage you to learn them independently.
This PowerShell cheat sheet is a brief but handy guide to navigating PowerShell, whether as a beginner or as a seasoned administrator. If you want to learn more about PowerShell, check out our courses on Windows Server and Azure to see it in action, and we’d love to hear what other PowerShell functions you’d like to learn in the comments below.