From ad32d6c75b4e70a6b2e1b56a683a6ba71f1c0683 Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Wed, 14 Dec 2016 19:23:28 -0500 Subject: For ./Recon/ : -(More) PSScriptAnalyzering -Tweaking of synopsis blocks in order to support platyPS -Code standardization -Generated docs --- docs/Recon/Export-PowerViewCSV.md | 2 +- docs/Recon/Get-ComputerDetail.md | 68 +++++++++++++++++++++++++++++++++++ docs/Recon/Get-ComputerDetails.md | 68 ----------------------------------- docs/Recon/Get-HttpStatus.md | 8 ++--- docs/Recon/Invoke-Portscan.md | 8 ++--- docs/Recon/Invoke-ReverseDnsLookup.md | 14 ++++---- docs/Recon/Set-DomainObject.md | 26 +------------- docs/Recon/index.md | 0 8 files changed, 85 insertions(+), 109 deletions(-) create mode 100755 docs/Recon/Get-ComputerDetail.md delete mode 100755 docs/Recon/Get-ComputerDetails.md mode change 100644 => 100755 docs/Recon/index.md (limited to 'docs/Recon') diff --git a/docs/Recon/Export-PowerViewCSV.md b/docs/Recon/Export-PowerViewCSV.md index 1597249..d2d2a89 100755 --- a/docs/Recon/Export-PowerViewCSV.md +++ b/docs/Recon/Export-PowerViewCSV.md @@ -1,7 +1,7 @@ # Export-PowerViewCSV ## SYNOPSIS -Converts objects into a series of comma-separated (CSV) strings and saves the +Converts objects into a series of comma-separated (CSV) strings and saves the strings in a CSV file in a thread-safe manner. Author: Will Schroeder (@harmj0y) diff --git a/docs/Recon/Get-ComputerDetail.md b/docs/Recon/Get-ComputerDetail.md new file mode 100755 index 0000000..15a3feb --- /dev/null +++ b/docs/Recon/Get-ComputerDetail.md @@ -0,0 +1,68 @@ +# Get-ComputerDetail + +## SYNOPSIS +This script is used to get useful information from a computer. + +Function: Get-ComputerDetail +Author: Joe Bialek, Twitter: @JosephBialek +Required Dependencies: None +Optional Dependencies: None + +## SYNTAX + +``` +Get-ComputerDetail [-ToString] +``` + +## DESCRIPTION +This script is used to get useful information from a computer. +Currently, the script gets the following information: +-Explicit Credential Logons (Event ID 4648) +-Logon events (Event ID 4624) +-AppLocker logs to find what processes are created +-PowerShell logs to find PowerShell scripts which have been executed +-RDP Client Saved Servers, which indicates what servers the user typically RDP's in to + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +Get-ComputerDetail +``` + +Gets information about the computer and outputs it as PowerShell objects. + +Get-ComputerDetail -ToString +Gets information about the computer and outputs it as raw text. + +## PARAMETERS + +### -ToString +Switch: Outputs the data as text instead of objects, good if you are using this script through a backdoor. + +```yaml +Type: SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: 1 +Default value: False +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +## NOTES +This script is useful for fingerprinting a server to see who connects to this server (from where), and where users on this server connect to. +You can also use it to find Powershell scripts and executables which are typically run, and then use this to backdoor those files. + +## RELATED LINKS + +[Blog: http://clymb3r.wordpress.com/ +Github repo: https://github.com/clymb3r/PowerShell](Blog: http://clymb3r.wordpress.com/ +Github repo: https://github.com/clymb3r/PowerShell) + diff --git a/docs/Recon/Get-ComputerDetails.md b/docs/Recon/Get-ComputerDetails.md deleted file mode 100755 index 6bc3e91..0000000 --- a/docs/Recon/Get-ComputerDetails.md +++ /dev/null @@ -1,68 +0,0 @@ -# Get-ComputerDetails - -## SYNOPSIS -This script is used to get useful information from a computer. - -Function: Get-ComputerDetails -Author: Joe Bialek, Twitter: @JosephBialek -Required Dependencies: None -Optional Dependencies: None - -## SYNTAX - -``` -Get-ComputerDetails [-ToString] -``` - -## DESCRIPTION -This script is used to get useful information from a computer. -Currently, the script gets the following information: --Explicit Credential Logons (Event ID 4648) --Logon events (Event ID 4624) --AppLocker logs to find what processes are created --PowerShell logs to find PowerShell scripts which have been executed --RDP Client Saved Servers, which indicates what servers the user typically RDP's in to - -## EXAMPLES - -### -------------------------- EXAMPLE 1 -------------------------- -``` -Get-ComputerDetails -``` - -Gets information about the computer and outputs it as PowerShell objects. - -Get-ComputerDetails -ToString -Gets information about the computer and outputs it as raw text. - -## PARAMETERS - -### -ToString -Switch: Outputs the data as text instead of objects, good if you are using this script through a backdoor. - -```yaml -Type: SwitchParameter -Parameter Sets: (All) -Aliases: - -Required: False -Position: 1 -Default value: False -Accept pipeline input: False -Accept wildcard characters: False -``` - -## INPUTS - -## OUTPUTS - -## NOTES -This script is useful for fingerprinting a server to see who connects to this server (from where), and where users on this server connect to. -You can also use it to find Powershell scripts and executables which are typically run, and then use this to backdoor those files. - -## RELATED LINKS - -[Blog: http://clymb3r.wordpress.com/ -Github repo: https://github.com/clymb3r/PowerShell](Blog: http://clymb3r.wordpress.com/ -Github repo: https://github.com/clymb3r/PowerShell) - diff --git a/docs/Recon/Get-HttpStatus.md b/docs/Recon/Get-HttpStatus.md index a8a7dbb..4311983 100755 --- a/docs/Recon/Get-HttpStatus.md +++ b/docs/Recon/Get-HttpStatus.md @@ -3,10 +3,10 @@ ## SYNOPSIS Returns the HTTP Status Codes and full URL for specified paths. -PowerSploit Function: Get-HttpStatus -Author: Chris Campbell (@obscuresec) -License: BSD 3-Clause -Required Dependencies: None +PowerSploit Function: Get-HttpStatus +Author: Chris Campbell (@obscuresec) +License: BSD 3-Clause +Required Dependencies: None Optional Dependencies: None ## SYNTAX diff --git a/docs/Recon/Invoke-Portscan.md b/docs/Recon/Invoke-Portscan.md index 49d9e32..8e1ef27 100755 --- a/docs/Recon/Invoke-Portscan.md +++ b/docs/Recon/Invoke-Portscan.md @@ -3,10 +3,10 @@ ## SYNOPSIS Simple portscan module -PowerSploit Function: Invoke-Portscan -Author: Rich Lundeen (http://webstersProdigy.net) -License: BSD 3-Clause -Required Dependencies: None +PowerSploit Function: Invoke-Portscan +Author: Rich Lundeen (http://webstersProdigy.net) +License: BSD 3-Clause +Required Dependencies: None Optional Dependencies: None ## SYNTAX diff --git a/docs/Recon/Invoke-ReverseDnsLookup.md b/docs/Recon/Invoke-ReverseDnsLookup.md index 348ad91..2c74e3c 100755 --- a/docs/Recon/Invoke-ReverseDnsLookup.md +++ b/docs/Recon/Invoke-ReverseDnsLookup.md @@ -3,10 +3,10 @@ ## SYNOPSIS Perform a reverse DNS lookup scan on a range of IP addresses. -PowerSploit Function: Invoke-ReverseDnsLookup -Author: Matthew Graeber (@mattifestation) -License: BSD 3-Clause -Required Dependencies: None +PowerSploit Function: Invoke-ReverseDnsLookup +Author: Matthew Graeber (@mattifestation) +License: BSD 3-Clause +Required Dependencies: None Optional Dependencies: None ## SYNTAX @@ -17,7 +17,7 @@ Invoke-ReverseDnsLookup [-IpRange] ## DESCRIPTION Invoke-ReverseDnsLookup scans an IP address range for DNS PTR records. -This script is useful for performing DNS reconnaisance prior to conducting an authorized penetration test. +This script is useful for performing DNS reconnaissance prior to conducting an authorized penetration test. ## EXAMPLES @@ -34,7 +34,7 @@ IP HostName 74.125.228.4 iad23s05-in-f4.1e100.net 74.125.228.5 iad23s05-in-f5.1e100.net 74.125.228.6 iad23s05-in-f6.1e100.net - + Description ----------- Returns the hostnames of the IP addresses specified by the CIDR range. @@ -50,7 +50,7 @@ IP HostName 74.125.228.4 iad23s05-in-f4.1e100.net 74.125.228.5 iad23s05-in-f5.1e100.net 74.125.228.6 iad23s05-in-f6.1e100.net - + Description ----------- Returns the hostnames of the IP addresses specified by the IP range specified. diff --git a/docs/Recon/Set-DomainObject.md b/docs/Recon/Set-DomainObject.md index 482d86d..8cb283b 100755 --- a/docs/Recon/Set-DomainObject.md +++ b/docs/Recon/Set-DomainObject.md @@ -12,8 +12,7 @@ Required Dependencies: Get-DomainObject ``` Set-DomainObject [[-Identity] ] [-Set ] [-XOR ] [-Clear ] [-Domain ] [-LDAPFilter ] [-SearchBase ] [-Server ] [-SearchScope ] - [-ResultPageSize ] [-ServerTimeLimit ] [-SecurityMasks ] [-Tombstone] - [-Credential ] + [-ResultPageSize ] [-ServerTimeLimit ] [-Tombstone] [-Credential ] ``` ## DESCRIPTION @@ -281,21 +280,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -SecurityMasks -{{Fill SecurityMasks Description}} - -```yaml -Type: String -Parameter Sets: (All) -Aliases: - -Required: False -Position: Named -Default value: None -Accept pipeline input: False -Accept wildcard characters: False -``` - ### -Tombstone Switch. Specifies that the searcher should also return deleted/tombstoned objects. @@ -332,14 +316,6 @@ Accept wildcard characters: False ## OUTPUTS -### PowerView.ADObject - -Custom PSObject with translated AD object property fields, if -PassThru is enabled. - -PowerView.ADObject.Raw - -The raw DirectoryServices.SearchResult object, if -PassThru and -Raw are enabled. - ## NOTES ## RELATED LINKS diff --git a/docs/Recon/index.md b/docs/Recon/index.md old mode 100644 new mode 100755 -- cgit v1.2.3