PowerShell - Command history and confidential information
To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!
Hello,
Powershell has a history, even several, the commands you run may contain confidential information and remain in that history.
There are 3 histories:
- The Powershell history (in the current Shell Get-History)
- The history of the PSReadLine module (stored in a file by default)
- The Powershell console cache (the command callback with arrows or F8)
Here are some demonstrations and commands for either deleting these histories or removing sensitive information from them.
# Check behaviours.ConvertTo-SecureString 'titi' -AsPlainText -ForceGet-Credential -Credential Guillaume
# Display the history of the current shellGet-History# Note that the history of the current shell retains the following commands
# Display the history of PSReadLineGet-Content (Get-PSReadLineOption).HistorySavePath# The history of PSReadLine deletes the ConvertTo-SecureString command but leaves the identifier
## Delete history# Delete history PowershellClear-History
# Delete console cache history (command callback with arrows or F8)[Microsoft.PowerShell.PSConsoleReadLine]::ClearHistory()# Alt + F7 does the same thing
# Delete the PSReadLine historyRemove-Item -Path (Get-PSReadLineOption).HistorySavePath
# Delete PSReadLine historySet-PSReadlineOption -HistorySaveStyle SaveNothing
## Delete confidential information only# Delete confidential information from history Powershell# Delete part of the history (specify an Array of values to delete the corresponding rows)Clear-History -CommandLine *SecureString*, *credential*
# Clear part of the history PSReadLine (specify values separated by a | to delete the corresponding lines)HistoryPath = (Get-PSReadLineOption).HistorySavePath(Get-Content $HistoryPath ).where({$_ -notmatch 'credential|sensible'}) | Set-Content $HistoryPathComplete your reading with the following articles:
Improving Powershell command-line usability with PSReadLine
Powershell - Playing with command history
Related links
Powershell - Testing network connectivity and port accessibility
Testing network connectivity and port accessibility with PowershellPowershell - Display network connections (equivalent to netstat)
Display network connections (listening ports, active connections...)Powershell - Testing name resolution (equivalent to nslookup)
Powershell commands to test name resolution (equivalent to nslookup)Powershell - View and manage DNS configuration of network interfaces
Powershell commands to display and manage DNS configuration of network interfacesPowershell - Managing IP configuration of network interfaces
Powershell commands to view and modify the IP configuration of network interfacesPowershell - Managing the status and configuration of network interfaces
Powershell commands to view and modify the status and configuration of network interfaces (disable IPv6, enable/disable an interface)
Follow me on
Support me
Last content
Powershell - Testing network connectivity and port accessibility
Powershell - Display network connections (equivalent to netstat)
Powershell - Testing name resolution (equivalent to nslookup)
Powershell - View and manage DNS configuration of network interfaces
Powershell - Managing IP configuration of network interfaces
Powershell - Managing the status and configuration of network interfaces
Powershell and the Left Hand Side
Powershell - Managing disks, partitions and volumes