There may be situations where you do not want to fully experience remote administration via PSRP (PowerShell Remoting Protocol), or if you need to execute some PowerShell scripts from a non-Windows system. You might write code directly based on Ws-man, as I wrote in this article a long time ago. But that's complicated and requires some knowledge of ws-man and soap.
I wrote an HTTP listener using the. Net HttpListener class in the PowerShell script. You can start an instance of a listener very simply (you need to elevate your privileges to listen to the network), now you can execute any PowerShell command, and it can return execution results in multiple formats.
Once you have installed this component (just copy it to the Documents\windowspowershell\modules folder) and import it, you can start an instance by Start-httplistener.
By default I let it listen on port 8888, which integrates Windows authentication, but can still be configured in parameters. Here I opened another PowerShell window and executed the "Get-process PowerShell"
Note that I use –usedefaultcredentials to verify that my current security context is used, otherwise you will be told that Anonymous access is not supported.
By default, I return output in JSON format. Because the resulting JSON object is very large, it will be truncated. The body of the HTTP response is in the content attribute, but it is a byte array. I use UTF8. NET class to decode and display part of the JSON data:
I can use Convertfrom-json to make it more presentable in PowerShell:
Of course, if you are using a different client script such as Python,perl or Ruby, you can invoke the script library to use the JSON version in these languages.
If you're just playing, you can use text formatting to make things easier and easier to read, just like executing the same command line directly in PowerShell:
Other formats to choose from, if you call the HTTP endpoint without any arguments, you will get basic usage feedback: