For ./Recon/ :

-(More) PSScriptAnalyzering -Tweaking of synopsis blocks in order to support platyPS -Code standardization -Generated docs
2016-12-14 19:23:28 -05:00 · 2016-12-14 19:23:28 -05:00 · ad32d6c75b
parent 59e6f94e76
commit ad32d6c75b
14 changed files with 177 additions and 189 deletions
--- a/Recon/Get-ComputerDetails.ps1
+++ b/Recon/Get-ComputerDetails.ps1
@ -1,11 +1,11 @@
-function Get-ComputerDetails
+function Get-ComputerDetail
 {
 <#
 .SYNOPSIS
 This script is used to get useful information from a computer.
-Function: Get-ComputerDetails
+Function: Get-ComputerDetail  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None  
@ -25,10 +25,10 @@ Switch: Outputs the data as text instead of objects, good if you are using this
 .EXAMPLE
-Get-ComputerDetails
+Get-ComputerDetail
 Gets information about the computer and outputs it as PowerShell objects.
-Get-ComputerDetails -ToString
+Get-ComputerDetail -ToString
 Gets information about the computer and outputs it as raw text.
 .NOTES
@ -42,6 +42,7 @@ Github repo: https://github.com/clymb3r/PowerShell
 #>
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
    Param(
        [Parameter(Position=0)]
        [Switch]
@ -50,14 +51,12 @@ Github repo: https://github.com/clymb3r/PowerShell
    Set-StrictMode -Version 2
    $SecurityLog = Get-EventLog -LogName Security
-    $Filtered4624 = Find-4624Logons $SecurityLog
+    $Filtered4624 = Find-4624Logon $SecurityLog
-    $Filtered4648 = Find-4648Logons $SecurityLog
+    $Filtered4648 = Find-4648Logon $SecurityLog
-    $AppLockerLogs = Find-AppLockerLogs
+    $AppLockerLogs = Find-AppLockerLog
    $PSLogs = Find-PSScriptsInPSAppLog
-    $RdpClientData = Find-RDPClientConnections
+    $RdpClientData = Find-RDPClientConnection
    if ($ToString)
    {
@ -88,7 +87,7 @@ Github repo: https://github.com/clymb3r/PowerShell
 }
-function Find-4648Logons
+function Find-4648Logon
 {
 <#
 .SYNOPSIS
@ -97,7 +96,7 @@ Retrieve the unique 4648 logon events. This will often find cases where a user i
 the account that RDP was launched with and the account name of the account being used to connect to the remote computer. This is useful
 for identifying normal authenticaiton patterns. Other actions that will trigger this include any runas action.
-Function: Find-4648Logons
+Function: Find-4648Logon  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None  
@ -110,7 +109,7 @@ for identifying normal authenticaiton patterns. Other actions that will trigger
 .EXAMPLE
-Find-4648Logons
+Find-4648Logon
 Gets the unique 4648 logon events.
 .NOTES
@ -120,11 +119,12 @@ Gets the unique 4648 logon events.
 Blog: http://clymb3r.wordpress.com/
 Github repo: https://github.com/clymb3r/PowerShell
 #>
    Param(
        $SecurityLog
    )
-    $ExplicitLogons = $SecurityLog | Where {$_.InstanceID -eq 4648}
+    $ExplicitLogons = $SecurityLog | Where-Object {$_.InstanceID -eq 4648}
    $ReturnInfo = @{}
    foreach ($ExplicitLogon in $ExplicitLogons)
@ -216,7 +216,7 @@ Github repo: https://github.com/clymb3r/PowerShell
    return $ReturnInfo
 }
-function Find-4624Logons
+function Find-4624Logon
 {
 <#
 .SYNOPSIS
@ -224,7 +224,7 @@ function Find-4624Logons
 Find all unique 4624 Logon events to the server. This will tell you who is logging in and how. You can use this to figure out what accounts do
 network logons in to the server, what accounts RDP in, what accounts log in locally, etc...
-Function: Find-4624Logons
+Function: Find-4624Logon  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None  
@ -236,7 +236,7 @@ network logons in to the server, what accounts RDP in, what accounts log in loca
 .EXAMPLE
-Find-4624Logons
+Find-4624Logon
 Find unique 4624 logon events.
 .NOTES
@ -250,7 +250,7 @@ Github repo: https://github.com/clymb3r/PowerShell
        $SecurityLog
    )
-    $Logons = $SecurityLog | Where {$_.InstanceID -eq 4624}
+    $Logons = $SecurityLog | Where-Object {$_.InstanceID -eq 4624}
    $ReturnInfo = @{}
    foreach ($Logon in $Logons)
@ -362,14 +362,14 @@ Github repo: https://github.com/clymb3r/PowerShell
 }
-function Find-AppLockerLogs
+function Find-AppLockerLog
 {
 <#
 .SYNOPSIS
 Look through the AppLocker logs to find processes that get run on the server. You can then backdoor these exe's (or figure out what they normally run).
-Function: Find-AppLockerLogs
+Function: Find-AppLockerLog  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None  
@ -380,7 +380,7 @@ Look through the AppLocker logs to find processes that get run on the server. Yo
 .EXAMPLE
-Find-AppLockerLogs
+Find-AppLockerLog
 Find process creations from AppLocker logs.
 .NOTES
@ -390,9 +390,10 @@ Find process creations from AppLocker logs.
 Blog: http://clymb3r.wordpress.com/
 Github repo: https://github.com/clymb3r/PowerShell
 #>
    $ReturnInfo = @{}
-    $AppLockerLogs = Get-WinEvent -LogName "Microsoft-Windows-AppLocker/EXE and DLL" -ErrorAction SilentlyContinue | Where {$_.Id -eq 8002}
+    $AppLockerLogs = Get-WinEvent -LogName "Microsoft-Windows-AppLocker/EXE and DLL" -ErrorAction SilentlyContinue | Where-Object {$_.Id -eq 8002}
    foreach ($Log in $AppLockerLogs)
    {
@ -434,7 +435,7 @@ Function Find-PSScriptsInPSAppLog
 Go through the PowerShell operational log to find scripts that run (by looking for ExecutionPipeline logs eventID 4100 in PowerShell app log).
 You can then backdoor these scripts or do other malicious things.
-Function: Find-AppLockerLogs
+Function: Find-AppLockerLog  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None  
@ -456,12 +457,12 @@ Find unique PowerShell scripts being executed from the PowerShell operational lo
 Blog: http://clymb3r.wordpress.com/
 Github repo: https://github.com/clymb3r/PowerShell
 #>
    $ReturnInfo = @{}
-    $Logs = Get-WinEvent -LogName "Microsoft-Windows-PowerShell/Operational" -ErrorAction SilentlyContinue | Where {$_.Id -eq 4100}
+    $Logs = Get-WinEvent -LogName "Microsoft-Windows-PowerShell/Operational" -ErrorAction SilentlyContinue | Where-Object {$_.Id -eq 4100}
    foreach ($Log in $Logs)
    {
        $ContainsScriptName = $false
        $LogDetails = $Log.Message -split "`r`n"
        $FoundScriptName = $false
@ -506,7 +507,7 @@ Github repo: https://github.com/clymb3r/PowerShell
 }
-Function Find-RDPClientConnections
+Function Find-RDPClientConnection
 {
 <#
 .SYNOPSIS
@ -514,19 +515,18 @@ Function Find-RDPClientConnections
 Search the registry to find saved RDP client connections. This shows you what connections an RDP client has remembered, indicating what servers the user
 usually RDP's to.
-Function: Find-RDPClientConnections
+Function: Find-RDPClientConnection  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None  
 .DESCRIPTION
-Search the registry to find saved RDP client connections. This shows you what connections an RDP client has remembered, indicating what servers the user 
+Search the registry to find saved RDP client connections. This shows you what connections an RDP client has remembered, indicating what servers the user usually RDP's to.
 usually RDP's to.
 .EXAMPLE
-Find-RDPClientConnections
+Find-RDPClientConnection
 Find unique saved RDP client connections.
 .NOTES
--- a/Recon/Get-HttpStatus.ps1
+++ b/Recon/Get-HttpStatus.ps1
@ -70,7 +70,8 @@ http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
        if ($UseSSL -and $Port -eq 0) {
            # Default to 443 if SSL is specified but no port is specified
            $Port = 443
-        } elseif ($Port -eq 0) {
+        }
        elseif ($Port -eq 0) {
            # Default to port 80 if no port is specified
            $Port = 80
        }
@ -81,14 +82,16 @@ http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
        try {
            # Validate that the host is listening before scanning
            $TcpConnection.Connect($Target, $Port)
-        } catch {
+        }
        catch {
            Write-Error "Connection Test Failed - Check Target"
            $Tcpconnection.Close()
            Return
        }
        $Tcpconnection.Close()
-    } else {
+    }
    else {
           Write-Error "Path Test Failed - Check Dictionary Path"
           Return
    }
@ -97,13 +100,15 @@ http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
        $SSL = 's'
        # Ignore invalid SSL certificates
        [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }
-    } else {
+    }
    else {
        $SSL = ''
    }
    if (($Port -eq 80) -or ($Port -eq 443)) {
        $PortNum = ''
-    } else {
+    }
    else {
        $PortNum = ":$Port"
    }
@ -117,12 +122,12 @@ http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
            $WebRequest = [System.Net.WebRequest]::Create($URI)
            $WebResponse = $WebRequest.GetResponse()
            $WebStatus = $WebResponse.StatusCode
            $ResultObject += $ScanObject
            $WebResponse.Close()
-        } catch {
+        }
        catch {
            $WebStatus = $Error[0].Exception.InnerException.Response.StatusCode
-            if ($WebStatus -eq $null) {
+            if (-not $WebStatus) {
                # Not every exception returns a StatusCode.
                # If that is the case, return the Status.
                $WebStatus = $Error[0].Exception.InnerException.Status
@ -135,6 +140,5 @@ http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
        $ScanObject = New-Object -TypeName PSObject -Property $Result
        Write-Output $ScanObject
    }
 }
--- a/Recon/Invoke-Portscan.ps1
+++ b/Recon/Invoke-Portscan.ps1
@ -114,7 +114,7 @@ Force Overwrite if output Files exist. Otherwise it throws exception
 .EXAMPLE
-C:\PS> Invoke-Portscan -Hosts "webstersprodigy.net,google.com,microsoft.com" -TopPorts 50
+Invoke-Portscan -Hosts "webstersprodigy.net,google.com,microsoft.com" -TopPorts 50
 Description
 -----------
@ -122,7 +122,7 @@ Scans the top 50 ports for hosts found for webstersprodigy.net,google.com, and m
 .EXAMPLE
-C:\PS> echo webstersprodigy.net | Invoke-Portscan -oG test.gnmap -f -ports "80,443,8080"
+echo webstersprodigy.net | Invoke-Portscan -oG test.gnmap -f -ports "80,443,8080"
 Description
 -----------
@ -130,7 +130,7 @@ Does a portscan of "webstersprodigy.net", and writes a greppable output file
 .EXAMPLE
-C:\PS> Invoke-Portscan -Hosts 192.168.1.1/24 -T 4 -TopPorts 25 -oA localnet
+Invoke-Portscan -Hosts 192.168.1.1/24 -T 4 -TopPorts 25 -oA localnet
 Description
 -----------
@ -141,7 +141,13 @@ Scans the top 20 ports for hosts found in the 192.168.1.1/24 range, outputs all
 http://webstersprodigy.net
 #>
-    [CmdletBinding()]Param (
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseSingularNouns', '')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseApprovedVerbs', '')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseLiteralInitializerForHashtable', '')]
    [CmdletBinding()]
    Param (
        #Host, Ports
        [Parameter(ParameterSetName="cmdHosts",
@ -748,9 +754,9 @@ http://webstersprodigy.net
            #TODO deal with output
            Write-PortscanOut -comment $startMsg -grepStream $grepStream -xmlStream $xmlStream -readableStream $readableStream
-            #converting back from int array gives some argument error checking
+            # #converting back from int array gives some argument error checking
-            $sPortList = [string]::join(",", $portList)
+            # $sPortList = [string]::join(",", $portList)
-            $sHostPortList = [string]::join(",", $hostPortList)
+            # $sHostPortList = [string]::join(",", $hostPortList)
            ########
            #Port Scan Code - run on a per host basis
@ -840,7 +846,6 @@ http://webstersprodigy.net
                        $sockets[$p] = new-object System.Net.Sockets.TcpClient
                    }
                    $scriptBlockAsString = @"
                        #somewhat of a race condition with the timeout, but I don't think it matters
@ -885,8 +890,7 @@ http://webstersprodigy.net
                    $timeouts[$p].Enabled = $true
                    $myscriptblock = [scriptblock]::Create($scriptBlockAsString)
-                    $x = $sockets[$p].beginConnect($h, $p,(New-ScriptBlockCallback($myscriptblock)) , $null)
+                    $Null = $sockets[$p].beginConnect($h, $p,(New-ScriptBlockCallback($myscriptblock)) , $null)
                }
                function PortScan-Alive
--- a/Recon/Invoke-ReverseDnsLookup.ps1
+++ b/Recon/Invoke-ReverseDnsLookup.ps1
@ -13,7 +13,7 @@ Optional Dependencies: None
 .DESCRIPTION
-Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script is useful for performing DNS reconnaisance prior to conducting an authorized penetration test.
+Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. This script is useful for performing DNS reconnaissance prior to conducting an authorized penetration test.
 .PARAMETER IPRange
@ -21,7 +21,7 @@ Specifies the IP address range. The range provided can be in the form of a singl
 .EXAMPLE
-C:\PS> Invoke-ReverseDnsLookup 74.125.228.0/29
+Invoke-ReverseDnsLookup 74.125.228.0/29
 IP              HostName
 --              --------
@ -38,7 +38,7 @@ Returns the hostnames of the IP addresses specified by the CIDR range.
 .EXAMPLE
-C:\PS> Invoke-ReverseDnsLookup '74.125.228.1,74.125.228.4-74.125.228.6'
+Invoke-ReverseDnsLookup '74.125.228.1,74.125.228.4-74.125.228.6'
 IP              HostName
 --              --------
@ -53,7 +53,7 @@ Returns the hostnames of the IP addresses specified by the IP range specified.
 .EXAMPLE
-PS C:\> Write-Output "74.125.228.1,74.125.228.0/29" | Invoke-ReverseDnsLookup
+Write-Output "74.125.228.1,74.125.228.0/29" | Invoke-ReverseDnsLookup
 IP                                                          HostName
 --                                                          --------
@ -69,13 +69,15 @@ Description
 -----------
 Returns the hostnames of the IP addresses piped from another source.
 .LINK
 http://www.exploit-monday.com
 https://github.com/mattifestation/PowerSploit
 #>
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseApprovedVerbs', '')]
    [CmdletBinding()]
    Param (
        [Parameter(Position = 0, Mandatory = $True,ValueFromPipeline=$True)]
        [String]
@ -139,7 +141,7 @@ https://github.com/mattifestation/PowerSploit
                    }
                    default
                    {
-                        Write-Warning "Inproper input"
+                        Write-Warning "Improper input"
                        return
                    }
                }
@ -159,7 +161,7 @@ https://github.com/mattifestation/PowerSploit
                        $BinaryIP = [Convert]::ToString((IPtoInt $Network),2).PadLeft(32,'0')
                        #Generate lower limit (Excluding network address)
                        $Lower = $BinaryIP.Substring(0, $Mask) + "0" * ((32-$Mask)-1) + "1"
-                        #Generate upperr limit (Excluding broadcast address)
+                        #Generate upper limit (Excluding broadcast address)
                        $Upper = $BinaryIP.Substring(0, $Mask) + "1" * ((32-$Mask)-1) + "0"
                        $LowerInt = [Convert]::ToInt64($Lower, 2)
                        $UpperInt = [Convert]::ToInt64($Upper, 2)
@ -193,12 +195,11 @@ https://github.com/mattifestation/PowerSploit
                    }
                    default
                    {
-                        Write-Warning "An error occured."
+                        Write-Warning "An error occurred."
                        return
                    }
                }
            }
        }
    }
@ -214,7 +215,10 @@ https://github.com/mattifestation/PowerSploit
                }
                New-Object PSObject -Property $Result
-            } catch [System.Net.Sockets.SocketException] {}
+            }
            catch [System.Net.Sockets.SocketException] {
                Write-Verbose "Error: $_"
            }
        }
    }
 }
--- a/Recon/Recon.psd1
+++ b/Recon/Recon.psd1
@ -98,7 +98,7 @@ FunctionsToExport = @(
    'Get-DomainForeignUser',
    'Get-DomainForeignGroupMember',
    'Get-DomainTrustMapping',
-    'Get-ComputerDetails',
+    'Get-ComputerDetail',
    'Get-HttpStatus',
    'Invoke-Portscan',
    'Invoke-ReverseDnsLookup'
--- a/docs/Recon/Get-ComputerDetails.md
+++ b/docs/Recon/Get-ComputerDetails.md
@ -1,9 +1,9 @@
-# Get-ComputerDetails
+# Get-ComputerDetail
 ## SYNOPSIS
 This script is used to get useful information from a computer.
-Function: Get-ComputerDetails
+Function: Get-ComputerDetail  
 Author: Joe Bialek, Twitter: @JosephBialek  
 Required Dependencies: None  
 Optional Dependencies: None
@ -11,7 +11,7 @@ Optional Dependencies: None
 ## SYNTAX
 ```
-Get-ComputerDetails [-ToString]
+Get-ComputerDetail [-ToString]
 ```
 ## DESCRIPTION
@ -27,12 +27,12 @@ Currently, the script gets the following information:
 ### -------------------------- EXAMPLE 1 --------------------------
 ```
-Get-ComputerDetails
+Get-ComputerDetail
 ```
 Gets information about the computer and outputs it as PowerShell objects.
-Get-ComputerDetails -ToString
+Get-ComputerDetail -ToString
 Gets information about the computer and outputs it as raw text.
 ## PARAMETERS
--- a/docs/Recon/Invoke-ReverseDnsLookup.md
+++ b/docs/Recon/Invoke-ReverseDnsLookup.md
@ -17,7 +17,7 @@ Invoke-ReverseDnsLookup [-IpRange] <String>
 ## DESCRIPTION
 Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records.
-This script is useful for performing DNS reconnaisance prior to conducting an authorized penetration test.
+This script is useful for performing DNS reconnaissance prior to conducting an authorized penetration test.
 ## EXAMPLES
--- a/docs/Recon/Set-DomainObject.md
+++ b/docs/Recon/Set-DomainObject.md
@ -12,8 +12,7 @@ Required Dependencies: Get-DomainObject
 ```
 Set-DomainObject [[-Identity] <String[]>] [-Set <Hashtable>] [-XOR <Hashtable>] [-Clear <String[]>]
 [-Domain <String>] [-LDAPFilter <String>] [-SearchBase <String>] [-Server <String>] [-SearchScope <String>]
- [-ResultPageSize <Int32>] [-ServerTimeLimit <Int32>] [-SecurityMasks <String>] [-Tombstone]
+ [-ResultPageSize <Int32>] [-ServerTimeLimit <Int32>] [-Tombstone] [-Credential <PSCredential>]
 [-Credential <PSCredential>]
 ```
 ## DESCRIPTION
@ -281,21 +280,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -SecurityMasks
 {{Fill SecurityMasks Description}}
 ```yaml
 Type: String
 Parameter Sets: (All)
 Aliases: 
 Required: False
 Position: Named
 Default value: None
 Accept pipeline input: False
 Accept wildcard characters: False
 ```
 ### -Tombstone
 Switch.
 Specifies that the searcher should also return deleted/tombstoned objects.
@ -332,14 +316,6 @@ Accept wildcard characters: False
 ## OUTPUTS
 ### PowerView.ADObject
 Custom PSObject with translated AD object property fields, if -PassThru is enabled.
 PowerView.ADObject.Raw
 The raw DirectoryServices.SearchResult object, if -PassThru and -Raw are enabled.
 ## NOTES
 ## RELATED LINKS
--- a/docs/Recon/index.md
+++ b/docs/Recon/index.md
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -81,7 +81,7 @@ pages:
        - Get-DomainForeignUser: 'Recon/Get-DomainForeignUser.md'
        - Get-DomainForeignGroupMember: 'Recon/Get-DomainForeignGroupMember.md'
        - Get-DomainTrustMapping: 'Recon/Get-DomainTrustMapping.md'
-        - Get-ComputerDetails: 'Recon/Get-ComputerDetails.md'
+        - Get-ComputerDetail: 'Recon/Get-ComputerDetail.md'
        - Get-HttpStatus: 'Recon/Get-HttpStatus.md'
        - Invoke-Portscan: 'Recon/Invoke-Portscan.md'
        - Invoke-ReverseDnsLookup: 'Recon/Invoke-ReverseDnsLookup.md'