From f66e219bd633bfcab96b5f34bfcaf86d3984faaf Mon Sep 17 00:00:00 2001 From: Jesse Davis Date: Sat, 9 Jan 2016 17:50:58 -0600 Subject: new Get-Keystrokes --- Tests/Exfiltration.tests.ps1 | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 Tests/Exfiltration.tests.ps1 (limited to 'Tests') diff --git a/Tests/Exfiltration.tests.ps1 b/Tests/Exfiltration.tests.ps1 new file mode 100644 index 0000000..baeebb8 --- /dev/null +++ b/Tests/Exfiltration.tests.ps1 @@ -0,0 +1,55 @@ +Set-StrictMode -Version Latest + +$TestScriptRoot = Split-Path $MyInvocation.MyCommand.Path -Parent +$ModuleRoot = Resolve-Path "$TestScriptRoot\.." +$ModuleManifest = "$ModuleRoot\Exfiltration\Exfiltration.psd1" + +Remove-Module [E]xfiltration +Import-Module $ModuleManifest -Force -ErrorAction Stop + +Describe 'Get-Keystrokes' { + + if (Test-Path "$($env:TEMP)\key.log") { Remove-Item -Force "$($env:TEMP)\key.log" } + $WindowTitle = (Get-Process -Id $PID).MainWindowTitle + + $Shell = New-Object -ComObject wscript.shell + $Shell.AppActivate($WindowTitle) + + $KeyLogger = Get-Keystrokes -Return + Start-Sleep -Seconds 1 + + $Shell.SendKeys('Pester is SUPER l337!') + $KeyLogger.Dispose() + + It 'Should output to file' { Test-Path "$($env:TEMP)\key.log" | Should Be $true } + + $KeyObjects = Get-Content -Path "$($env:TEMP)\key.log" | ConvertFrom-Csv + + It 'Should log all keystrokes' { + $Keys = $KeyObjects | % { $_.TypedKey } + $String = -join $Keys + $String | Should Be 'Pester< >is< >SUPER< >l337!' + } + + It 'Should get foreground window title' { + $KeyObjects[0].WindowTitle | Should Be $WindowTitle + } + + It 'Should log time of key press' { + $KeyTime = [DateTime]::Parse($KeyObjects[0].Time) + $KeyTime.GetType().Name | Should Be 'DateTime' + } + + It 'Should stop logging Pester is SUPER l337!after timeout' { + + $Timeout = 0.05 + $KeyLogger = Get-Keystrokes -Timeout $Timeout -Return + + Start-Sleep -Seconds 4 + + $KeyLogger.Runspace.RunspaceAvailability | Should Be 'Available' + $KeyLogger.Dispose() + } + + Remove-Item -Force "$($env:TEMP)\key.log" +} \ No newline at end of file -- cgit v1.2.3 From ef887af9d6b58e7114332a989b15ba4c306ccd83 Mon Sep 17 00:00:00 2001 From: Jesse Davis Date: Sat, 9 Jan 2016 17:55:47 -0600 Subject: Update Exfiltration.tests.ps1 --- Tests/Exfiltration.tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Tests') diff --git a/Tests/Exfiltration.tests.ps1 b/Tests/Exfiltration.tests.ps1 index baeebb8..30e2f53 100644 --- a/Tests/Exfiltration.tests.ps1 +++ b/Tests/Exfiltration.tests.ps1 @@ -40,7 +40,7 @@ Describe 'Get-Keystrokes' { $KeyTime.GetType().Name | Should Be 'DateTime' } - It 'Should stop logging Pester is SUPER l337!after timeout' { + It 'Should stop logging after timeout' { $Timeout = 0.05 $KeyLogger = Get-Keystrokes -Timeout $Timeout -Return @@ -52,4 +52,4 @@ Describe 'Get-Keystrokes' { } Remove-Item -Force "$($env:TEMP)\key.log" -} \ No newline at end of file +} -- cgit v1.2.3 From 759bd481ae57e450fd6fb371690014e67411ac98 Mon Sep 17 00:00:00 2001 From: Jesse Davis Date: Wed, 13 Jan 2016 21:02:50 -0600 Subject: Fixed Pester/PassThru --- Exfiltration/Get-Keystrokes.ps1 | 8 ++++++-- Tests/Exfiltration.tests.ps1 | 10 +++++----- 2 files changed, 11 insertions(+), 7 deletions(-) (limited to 'Tests') diff --git a/Exfiltration/Get-Keystrokes.ps1 b/Exfiltration/Get-Keystrokes.ps1 index d78f9c2..3a7d1dc 100644 --- a/Exfiltration/Get-Keystrokes.ps1 +++ b/Exfiltration/Get-Keystrokes.ps1 @@ -19,6 +19,10 @@ function Get-Keystrokes { Specifies the interval in minutes to capture keystrokes. By default, keystrokes are captured indefinitely. +.PARAMETER PassThru + + Returns the keylogger's PowerShell object, so that it may manipulated (disposed) by the user; primarily for testing purposes. + .EXAMPLE Get-Keystrokes -LogPath C:\key.log @@ -43,7 +47,7 @@ function Get-Keystrokes { [Double]$Timeout, [Parameter()] - [Switch]$Return + [Switch]$PassThru ) $LogPath = Join-Path (Resolve-Path (Split-Path -Parent $LogPath)) (Split-Path -Leaf $LogPath) @@ -368,5 +372,5 @@ function Get-Keystrokes { # Start KeyLogger [void]$PowerShell.BeginInvoke() - if ($Return.IsPresent) { return $PowerShell } + if ($PassThru.IsPresent) { return $PowerShell } } \ No newline at end of file diff --git a/Tests/Exfiltration.tests.ps1 b/Tests/Exfiltration.tests.ps1 index baeebb8..064ebfe 100644 --- a/Tests/Exfiltration.tests.ps1 +++ b/Tests/Exfiltration.tests.ps1 @@ -15,10 +15,10 @@ Describe 'Get-Keystrokes' { $Shell = New-Object -ComObject wscript.shell $Shell.AppActivate($WindowTitle) - $KeyLogger = Get-Keystrokes -Return + $KeyLogger = Get-Keystrokes -PassThru Start-Sleep -Seconds 1 - $Shell.SendKeys('Pester is SUPER l337!') + $Shell.SendKeys("Pester`b`b`b`b`b`b") $KeyLogger.Dispose() It 'Should output to file' { Test-Path "$($env:TEMP)\key.log" | Should Be $true } @@ -28,7 +28,7 @@ Describe 'Get-Keystrokes' { It 'Should log all keystrokes' { $Keys = $KeyObjects | % { $_.TypedKey } $String = -join $Keys - $String | Should Be 'Pester< >is< >SUPER< >l337!' + $String | Should Match 'Pester' } It 'Should get foreground window title' { @@ -40,10 +40,10 @@ Describe 'Get-Keystrokes' { $KeyTime.GetType().Name | Should Be 'DateTime' } - It 'Should stop logging Pester is SUPER l337!after timeout' { + It 'Should stop logging after timeout' { $Timeout = 0.05 - $KeyLogger = Get-Keystrokes -Timeout $Timeout -Return + $KeyLogger = Get-Keystrokes -Timeout $Timeout -PassThru Start-Sleep -Seconds 4 -- cgit v1.2.3 From 75548931ba09dc0fe759a4863a67c83f18b7b855 Mon Sep 17 00:00:00 2001 From: Jesse Davis Date: Wed, 13 Jan 2016 22:30:38 -0600 Subject: Fixed Pester/PassThru --- Tests/Exfiltration.tests.ps1 | 2 -- 1 file changed, 2 deletions(-) (limited to 'Tests') diff --git a/Tests/Exfiltration.tests.ps1 b/Tests/Exfiltration.tests.ps1 index e4f60d5..43383d1 100644 --- a/Tests/Exfiltration.tests.ps1 +++ b/Tests/Exfiltration.tests.ps1 @@ -22,8 +22,6 @@ Describe 'Get-Keystrokes' { $KeyLogger.Dispose() It 'Should output to file' { Test-Path "$($env:TEMP)\key.log" | Should Be $true } - - $KeyObjects = Get-Content -Path "$($env:TEMP)\key.log" | ConvertFrom-Csv It 'Should log keystrokes' { $FileLength = (Get-Item "$($env:TEMP)\key.log").Length -- cgit v1.2.3 From 9cc65e4a856a062d1f6d63d5412d7f0cd801877d Mon Sep 17 00:00:00 2001 From: Jesse Davis Date: Wed, 13 Jan 2016 22:32:44 -0600 Subject: Fixed Pester/PassThru --- Tests/Exfiltration.tests.ps1 | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Tests') diff --git a/Tests/Exfiltration.tests.ps1 b/Tests/Exfiltration.tests.ps1 index 43383d1..e4f60d5 100644 --- a/Tests/Exfiltration.tests.ps1 +++ b/Tests/Exfiltration.tests.ps1 @@ -22,6 +22,8 @@ Describe 'Get-Keystrokes' { $KeyLogger.Dispose() It 'Should output to file' { Test-Path "$($env:TEMP)\key.log" | Should Be $true } + + $KeyObjects = Get-Content -Path "$($env:TEMP)\key.log" | ConvertFrom-Csv It 'Should log keystrokes' { $FileLength = (Get-Item "$($env:TEMP)\key.log").Length -- cgit v1.2.3