The recommended way to install ScubaGear is from PSGallery, but it can also be downloaded from GitHub:
- Go to the releases page and find the latest release.
- Under the
Assets
header, clickScubaGear-v1.5.0.zip
to download the zip file. - Extract the zip file into the folder of your choice.
When ScubaGear is installed by downloading from GitHub, it must be imported into every new PowerShell terminal session before it can be executed. To import the module, open a PowerShell 5.1 terminal, navigate to the repository folder, and run this command:
# Import the module into the session
Import-Module .\PowerShell\ScubaGear
Note: Do not add a \ to the end of the
.\PowerShell\ScubaGear
path.
Once ScubaGear has been downloaded and imported, the required dependencies can be installed.
PowerShell has a feature known as an execution policy that can prevent ScubaGear from running when it is downloaded from Github.
"PowerShell's execution policy is a safety feature that controls the conditions under which PowerShell loads configuration files and runs scripts. This feature helps prevent the execution of malicious scripts."
On Windows servers, the default execution policy is RemoteSigned
, which allows ScubaGear to run after the publisher (CISA) is agreed to once. ScubaGear is signed by a commonly-trusted Certificate Authority (CA).
On Windows clients, the default execution policy is Restricted
. This policy can prevent ScubaGear from running because it (correctly) considers parts of ScubaGear to be scripts.
To see the current execution policy, run this cmdlet:
# Get execution policy for current PowerShell session
Get-ExecutionPolicy
More information can be found in Microsoft's documentation.
If the execution policy is not RemoteSigned
, it can be changed for the local computer using this cmdlet:
# Set execution policy to Remote Signed
Set-ExecutionPolicy `
-ExecutionPolicy RemoteSigned `
-Scope LocalMachine
More information can be found in Microsoft's documentation.
Note: If your execution policy is set to
Restricted
and you cannot change it, then you will not be able to run ScubaGear.
Windows clients with an execution policy of Unrestricted
generate a warning about running untrusted scripts when executing ScubaGear, even when the scripts and modules are signed, because the files contain an identifier showing that they were downloaded from the Internet. This identifier, informally referred to as a mark of the web, can be removed by running Unblock-File
on the scripts and modules in the ScubaGear folder.
# Run these commands one at a time in the ScubaGear folder
# to unblock PowerShell files
Get-ChildItem *.ps1 -Recurse | Unblock-File
Get-ChildItem *.psm1 -Recurse | Unblock-File
Get-ChildItem *.psd1 -Recurse | Unblock-File
Warning: Users should use
Unblock-File
carefully and only run it on files they have vetted and deem trustworthy to execute on their system. See Microsoft's documentation on unblocking files for more information.