Consistency improvements in comment-based help

AntivirusBypass/Find-AVSignature.ps1

@@ -1,17 +1,19 @@
-function Find-AVSignature {
+function Find-AVSignature
+{
 <#
 .SYNOPSIS
 
-    Find-AVSignature
-
-    Locates single Byte AV signatures utilizing the same method as DSplit from "class101" on heapoverflow.com
+Locate tiny AV signatures.
 
+PowerSploit Function: Find-AVSignature
 Authors: Chris Campbell (@obscuresec) & Matt Graeber (@mattifestation)
 License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
 .DESCRIPTION
 
-    A script to locate tiny AV signatures.
+Locates single Byte AV signatures utilizing the same method as DSplit from "class101" on heapoverflow.com.
 
 .PARAMETER Startbyte
 
@@ -58,12 +60,25 @@ function Find-AVSignature {
 #>
 
     [CmdletBinding()] Param(
-        [Parameter(Mandatory = $True)] [Int32] $StartByte,
-        [Parameter(Mandatory = $True)] [String] $EndByte,
-        [Parameter(Mandatory = $True)] [Int32] $Interval,
-        [Parameter(Mandatory = $False)] [String] $Path = ($pwd.path),
-        [Parameter(Mandatory = $False)] [String] $OutPath = ($pwd),
-        [Switch] $Force = $False
+        [Parameter(Mandatory = $True)]
+        [Int32]
+        $StartByte,
+
+        [Parameter(Mandatory = $True)]
+        [String]
+        $EndByte,
+
+        [Parameter(Mandatory = $True)]
+        [Int32]
+        $Interval,
+
+        [String]
+        $Path = ($pwd.path),
+
+        [String]
+        $OutPath = ($pwd),
+
+        [Switch] $Force
     )
 
     #test variables

CodeExecution/Invoke-DllInjection.ps1

@@ -5,7 +5,7 @@ function Invoke-DllInjection
 
 Injects a Dll into the process ID of your choosing.
 
-PowerSploit Module - Invoke-DllInjection
+PowerSploit Function: Invoke-DllInjection
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

CodeExecution/Invoke-Shellcode.ps1

@@ -5,7 +5,7 @@ function Invoke-Shellcode
 
 Inject shellcode into the process ID of your choosing or within the context of the running PowerShell process.
 
-PowerSploit Module - Invoke-Shellcode
+PowerSploit Function: Invoke-Shellcode
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

Exfiltration/Get-TimedScreenshot.ps1

@@ -1,25 +1,29 @@
-Function Get-TimedScreenshot {
+function Get-TimedScreenshot
+{
 <#
 .SYNOPSIS
 
-    Get-TimedScreenshot
+Takes screenshots at a regular interval and saves them to disk.
 
+PowerSploit Function: Get-TimedScreenshot
 Author: Chris Campbell (@obscuresec)
 License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
     
 .DESCRIPTION
 
 A function that takes screenshots and saves them to a folder.
 
-.PARAMETER $Path
+.PARAMETER Path
 
 Specifies the folder path.
     
-.PARAMETER $Interval
+.PARAMETER Interval
     
 Specifies the interval in seconds between taking screenshots.
 
-.PARAMETER $EndTime
+.PARAMETER EndTime
 
 Specifies when the script should stop running in the format HH-MM 
 
@@ -30,20 +34,19 @@
 .LINK
 
 http://obscuresecurity.blogspot.com/2013/01/Get-TimedScreenshot.html
-    https://github.com/obscuresec/random/blob/master/Get-TimedScreenshot
-
+https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-TimedScreenshot.ps1
 #>
 
     [CmdletBinding()] Param(
         [Parameter(Mandatory=$True)]             
         [ValidateScript({Test-Path -Path $_ })]
-            [string] $Path, 
+        [String] $Path, 
 
         [Parameter(Mandatory=$True)]             
-            [int32] $Interval,
+        [Int32] $Interval,
 
         [Parameter(Mandatory=$True)]             
-            [string] $EndTime    
+        [String] $EndTime    
     )
 
     #Define helper function that generates and saves screenshot
@@ -66,7 +69,7 @@
             #get the current time and build the filename from it
             $Time = (Get-Date)
             
-                [string] $FileName = "$($Time.Month)"
+            [String] $FileName = "$($Time.Month)"
             $FileName += '-'
             $FileName += "$($Time.Day)" 
             $FileName += '-'
@@ -80,7 +83,7 @@
             $FileName += '.png'
             
             #use join-path to add path to filename
-                [string] $FilePath = (Join-Path $Path $FileName)
+            [String] $FilePath = (Join-Path $Path $FileName)
 
             #run screenshot function
             GenScreenshot
@@ -95,5 +98,4 @@
     }
 
     Catch {Write-Warning "$Error[0].ToString() + $Error[0].InvocationInfo.PositionMessage"}
-
 }

PETools/Get-DllLoadPath.ps1

@@ -1,8 +1,11 @@
-function Get-DllLoadPath {
+function Get-DllLoadPath
+{
 <#
 .SYNOPSIS
 
-PowerSploit Module - Get-DllLoadPath
+Outputs the order of paths in which a dll would be loaded.
+
+PowerSploit Function: Get-DllLoadPath
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None
@@ -38,7 +41,7 @@ C:\Windows\SysWOW64\Comctl32.dll
 
 .OUTPUTS
 
-$null, System.Management.Automation.PathInfo
+System.Management.Automation.PathInfo
 
 .NOTES
 
@@ -51,8 +54,13 @@ http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586%28v=vs.85%29.as
 #>
 
     Param (
-        [Parameter(Position = 0, Mandatory = $True)] [String] $ExecutablePath,
-        [Parameter(Position = 1, Mandatory = $True)] [String] $DllName
+        [Parameter(Position = 0, Mandatory = $True)]
+        [String]
+        $ExecutablePath,
+
+        [Parameter(Position = 1, Mandatory = $True)]
+        [String]
+        $DllName
     )
 
     if (!(Test-Path $ExecutablePath)) {

PETools/Get-PEArchitecture.ps1

@@ -1,8 +1,11 @@
-function Get-PEArchitecture {
+function Get-PEArchitecture
+{
 <#
 .SYNOPSIS
 
-PowerSploit Module - Get-PEArchitecture
+Outputs the architecture for which a binary was compiled.
+
+PowerSploit Function: Get-PEArchitecture
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None
@@ -19,13 +22,11 @@ Path to the executable.
 .EXAMPLE
 
 C:\PS> Get-PEArchitecture C:\Windows\SysWOW64\calc.exe
-
 X86
  
 .EXAMPLE
 
 C:\PS> Get-PEArchitecture C:\Windows\System32\cmd.exe
-
 X64
  
 .LINK

PETools/Get-PEHeader.ps1

@@ -1,8 +1,11 @@
-function Get-PEHeader {
+function Get-PEHeader
+{
 <#
 .SYNOPSIS
 
-PowerSploit Module - Get-PEHeader
+Parses and outputs the PE header of a process in memory or a PE file on disk.
+
+PowerSploit Function: Get-PEHeader
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

Recon/Get-GPPPassword.ps1

@@ -1,31 +1,39 @@
-function Get-GPPPassword {
-
+function Get-GPPPassword
+{
 <#
-.Synopsis
+.SYNOPSIS
 
- Get-GPPPassword retrieves the plaintext password for accounts pushed through Group Policy in groups.xml.
+Retrieves the plaintext password for accounts pushed through Group Policy in groups.xml.
+
+PowerSploit Function: Get-GPPPassword
 Author: Chris Campbell (@obscuresec)
 License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
  
-.Description
+.DESCRIPTION
 
 Get-GPPPassword imports the encoded and encrypted password string from groups.xml and then decodes and decrypts the plaintext password.
 
-.Parameter Path
+.PARAMETER Path
 
 The path to the targeted groups.xml file.
 
-.Example
+.EXAMPLE
 
 Get-GPPPassword -path c:\demo\groups.xml
 
-.Link
+.LINK
 
 http://esec-pentest.sogeti.com/exploiting-windows-2008-group-policy-preferences
 http://www.obscuresecurity.blogspot.com/2012/05/gpp-password-retrieval-with-powershell.html
 #>
 
-Param ( [Parameter(Position = 0, Mandatory = $True)] [String] $Path = "$PWD\groups.xml" )
+    Param (
+        [Parameter(Position = 0, Mandatory = $True)]
+        [String]
+        $Path = "$PWD\groups.xml"
+    )
 
     #Function to pull encrypted password string from groups.xml
     function Parse-cPassword {

Recon/Get-HttpStatus.ps1

@@ -1,47 +1,68 @@
-function Get-HttpStatus {
+function Get-HttpStatus
+{
 <#
 .SYNOPSIS
-PowerSploit Module - Get-HttpStatus
 
 Returns the HTTP Status Codes and full URL for specified paths.
 
+PowerSploit Function: Get-HttpStatus
 Author: Chris Campbell (@obscuresec)
 License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
 .DESCRIPTION
+
 A script to check for the existence of a path or file on a webserver.
 
 .PARAMETER Target
+
 Specifies the remote web host either by IP or hostname.
 
 .PARAMETER Path
+
 Specifies the remost host.
 
 .PARAMETER Port
+
 Specifies the port to connect to.
 
 .PARAMETER UseSSL
+
 Use an SSL connection.
 
 .EXAMPLE
-PS > Get-HttpStatus -Target www.example.com -Path c:\dictionary.txt | Select-Object {where StatusCode -eq 20*}
+
+C:\PS> Get-HttpStatus -Target www.example.com -Path c:\dictionary.txt | Select-Object {where StatusCode -eq 20*}
 
 .EXAMPLE
-PS > Get-HttpStatus -Target www.example.com -Path c:\dictionary.txt -UseSSL
+
+C:\PS> Get-HttpStatus -Target www.example.com -Path c:\dictionary.txt -UseSSL
 
 .NOTES
-HTTP Codes: 100 - Informational * 200 - Success * 300 - Redirection * 400 - Client Error * 500 - Server Error
-Status Codes: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
+
+HTTP Status Codes: 100 - Informational * 200 - Success * 300 - Redirection * 400 - Client Error * 500 - Server Error
     
 .LINK
+
 http://obscuresecurity.blogspot.com
+http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
 #>
 
     [CmdletBinding()] Param(
-        [Parameter(Mandatory = $True)] [String] $Target,
-        [Parameter()] [String] [ValidateNotNullOrEmpty()] $Path = '.\Dictionaries\admin.txt',
-        [Parameter()] [Int] $Port,
-        [Parameter()] [Switch] $UseSSL
+        [Parameter(Mandatory = $True)]
+        [String]
+        $Target,
+
+        [String]
+        [ValidateNotNullOrEmpty()]
+        $Path = '.\Dictionaries\admin.txt',
+
+        [Int]
+        $Port,
+
+        [Switch]
+        $UseSSL
     )
     
     if (Test-Path $Path) {

Recon/Invoke-ReverseDnsLookup.ps1

@@ -1,28 +1,27 @@
 function Invoke-ReverseDnsLookup
 {
-
 <#
-.Synopsis
+.SYNOPSIS
 
- PowerSploit Module - Invoke-ReverseDnsLookup
+Perform a reverse DNS lookup scan on a range of IP addresses.
+
+PowerSploit Function: Invoke-ReverseDnsLookup
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
  
-.Description
+.DESCRIPTION
 
- Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script
- is useful for performing DNS reconnaisance prior to conducting an authorized
- penetration test.
+Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script is useful for performing DNS reconnaisance prior to conducting an authorized penetration test.
  
-.Parameter IPRange
+.PARAMETER IPRange
 
- Specifies the IP address range. The range provided can be in the form of a single
- IP address, a low-high range, or a CIDR range. Comma-delimited ranges may can be
- provided.
+Specifies the IP address range. The range provided can be in the form of a single IP address, a low-high range, or a CIDR range. Comma-delimited ranges may can be provided.
  
-.Example
+.EXAMPLE
 
- PS> Invoke-ReverseDnsLookup 74.125.228.0/29
+C:\PS> Invoke-ReverseDnsLookup 74.125.228.0/29
 
 IP              HostName
 --              --------
@@ -37,9 +36,9 @@ function Invoke-ReverseDnsLookup
 -----------
 Returns the hostnames of the IP addresses specified by the CIDR range.
  
-.Example
+.EXAMPLE
 
- PS> Invoke-ReverseDnsLookup '74.125.228.1,74.125.228.4-74.125.228.6'
+C:\PS> Invoke-ReverseDnsLookup '74.125.228.1,74.125.228.4-74.125.228.6'
  
 IP              HostName
 --              --------
@@ -52,13 +51,16 @@ function Invoke-ReverseDnsLookup
 -----------
 Returns the hostnames of the IP addresses specified by the IP range specified.
   
+.LINK
 
-.Link
-
- My blog: http://www.exploit-monday.com
+http://www.exploit-monday.com
 #>
 
-Param( [Parameter(Position = 0, Mandatory = $True)] [String] $IpRange )
+    Param (
+        [Parameter(Position = 0, Mandatory = $True)]
+        [String]
+        $IpRange
+    )
 
     function Parse-IPList ([String] $IpRange)
     {

ReverseEngineering/Get-ILDisassembly.ps1

@@ -3,7 +3,9 @@ function Get-ILDisassembly
 <#
 .SYNOPSIS
 
-PowerSploit Module - Get-ILDisassembly
+A MSIL (Microsoft Intermediate Language) disassembler.
+
+PowerSploit Function: Get-ILDisassembly
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ReverseEngineering/Get-KernelModuleInfo.ps1

@@ -5,7 +5,7 @@
 
 Returns loaded kernel module information.
 
-PowerSploit Module - Get-KernelModuleInfo
+PowerSploit Function: Get-KernelModuleInfo
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ReverseEngineering/Get-Member.ps1

@@ -5,7 +5,7 @@ function Get-Member
 
 Gets the properties and methods of objects.
 
-PowerSploit Module - Get-Member
+PowerSploit Proxy Function: Get-Member
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause (Except for the help documentation derived from the original Get-Member)
 Required Dependencies: None

ReverseEngineering/Get-MethodAddress.ps1

@@ -5,7 +5,7 @@
 
 Get the unmanaged function address of a .NET method.
 
-PowerSploit Module - Get-MethodAddress
+PowerSploit Function: Get-MethodAddress
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ReverseEngineering/Get-PEB.ps1

@@ -5,7 +5,7 @@
 
 Returns the process environment block (PEB) of a process.
 
-PowerSploit Module - Get-PEB
+PowerSploit Function: Get-PEB
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ReverseEngineering/Get-Strings.ps1

@@ -5,7 +5,7 @@
 
 Gets strings from a file.
 
-PowerSploit Module - Inject-Shellcode
+PowerSploit Function: Get-Strings
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ReverseEngineering/Get-StructFromMemory.ps1

@@ -5,7 +5,7 @@
 
 Marshals data from an unmanaged block of memory in an arbitrary process to a newly allocated managed object of the specified type.
 
-PowerSploit Module - Get-StructFromMemory
+PowerSploit Function: Get-StructFromMemory
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ScriptModification/Out-CompressedDll.ps1

@@ -5,7 +5,7 @@
 
 Compresses, Base-64 encodes, and outputs generated code to load a managed dll in memory.
 
-PowerSploit Module - Out-CompressedDll
+PowerSploit Function: Out-CompressedDll
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ScriptModification/Out-EncodedCommand.ps1

@@ -5,7 +5,7 @@
 
 Compresses, Base-64 encodes, and generates command-line output for a PowerShell payload script.
 
-PowerSploit Module - Out-EncodedCommand
+PowerSploit Function: Out-EncodedCommand
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ScriptModification/Out-EncryptedScript.ps1

@@ -1,11 +1,11 @@
-function Out-EncryptedScript {
-
+function Out-EncryptedScript
+{
 <#
 .SYNOPSIS
 
 Encrypts text files/scripts.
 
-PowerSploit Module - Out-EncryptedScript
+PowerSploit Function: Out-EncryptedScript
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None

ScriptModification/Remove-Comments.ps1

@@ -5,7 +5,7 @@
 
 Strips comments and extra whitespace from a script.
 
-PowerSploit Module - Remove-Comments
+PowerSploit Function: Remove-Comments
 Author: Matthew Graeber (@mattifestation)
 License: BSD 3-Clause
 Required Dependencies: None