A small bash utility that scans for occurances of suspicious string signatures within a powershell script. Based on the list used within powershell.exe. String scanning will fail if the string is split or obfuscated meaning scans should be done on an unobfuscated copy for maximum efficiency. Lack of suspicious strings does not mean that there will be no powershell log entries.
bash PSAlert.sh -s Invoke-Mimikatz.ps1Find-SuspiciousString -Path "Invoke-Payload.ps1"