Exactly one year since I pushed the first commit to evil-winrm-py.

It started as a simple idea: the legendary Evil-WinRM (the Ruby tool every pentester loves) was incredibly powerful, but slower command execution and canceling commands felt clunky.

I wanted a version that was faster, more responsive, and handled interrupts gracefully, and since Python is my go-to language, it made sense to rewrite it in Python. So I set out to rewrite it from scratch in Python, leveraging libraries like pypsrp for the heavy lifting of WinRM communication.

Today, evil-winrm-py has grown into a mature, actively used tool with over 340 stars, inclusion in Kali Linux, Parrot OS, BlachArch, and an AUR package, regular releases, and positive feedback from the community. Here’s the story of the past year, what we’ve built, and where we’re headed.

alt text

The Motivation: Why rewrite evil-winrm?

The original Evil-WinRM is fantastic - interactive shell, file transfers, in-memory execution, and great for Active Directory pentesting.

But:

  • Ruby isn’t pre-installed everywhere (especially in minimal environments). Gem dependencies can be painful.
  • Command execution felt sluggish, especially for quick commands or when canceling long-running ones.
  • Interrupting commands with Ctrl+C often left the session in a weird state.
  • File transfers were extremely slow, especially for larger files.
  • And most importantly, remote path completion may be unavailable depending on the Ruby build: ruby itself must be compiled with readline support, otherwise this feature will not work.

I wanted a tool that solved these issues while maintaining all the core features and adding some new ones. Python’s rich ecosystem and my familiarity with it made it the perfect choice.

Key Milestones Over the Past Year

The project now supports:

  • Interactive remote shell with command history, colorized output, and graceful Ctrl+C / Ctrl+D handling.
  • Fast, reliable upload/download with progress bars, speed/ETA, large-file support, and MD5 verification. Speed tests show significant improvements over the original.
  • Tab completion for local/remote paths (including spaces) and PowerShell cmdlets.
  • PowerShell tooling: loadps, runps, in-memory DLL loading (loaddll), EXE execution (runexe), and services listing.
  • Logging/debug mode plus lightweight Python-based usability.

Includes support for:

  • NTLM, Pass-the-Hash, certificate-based auth, and Kerberos (with custom SPN/hostname).
  • SSL/TLS, custom WSMan URIs, and custom User-Agent support.

The tool is part of the standard repositories for Kali Linux, Parrot OS, and BlackArch, and has an AUR package for Arch Linux users. It’s also available on PyPI for easy installation with pip. Thanks to the community for packaging it and making it widely accessible!

Installation couldn’t be simpler:

pip install evil-winrm-py

For Kerberos on Linux:

sudo apt install gcc python3-dev libkrb5-dev krb5-pkinit
pip install evil-winrm-py[kerberos]

(Pro tip: Use pipx or uv for isolated installs to avoid conflicts.)

Looking Ahead: Year Two and Beyond

The project isn’t “done” - it’s actively maintained with 230+ commits and ongoing improvements.

Planned or possible directions:

  • Inline Obfuscation: Adding options to obfuscate PowerShell commands on the fly for stealthier engagements.
  • Interactive Logon Type Execution: Support for running commands in different logon contexts for evasion.

If you’re doing Active Directory assessments, lateral movement, or just need reliable WinRM access, give evil-winrm-py a spin:

evil-winrm-py -i 192.168.1.100 -u Administrator -p P@ssw0rd --ssl

Check the full docs in the repo: Installation and Usage.

Thank You!

To everyone who starred, forked, reported issues, contributed code, packaged it for distros, or just tweeted about it! This project started as a learning exercise and became something genuinely useful thanks to the open-source community.

Special thanks to 0xdf for being one of the first users, helping me debug early issues, and featuring it in his blog.

If you found this tool helpful, star the repo and share your experiences in the comments or on X. Feedback drives the next features!

What’s your favorite feature so far, or what would you like to see added? Let me know below.