Daniel Ferreira daniel0x00
daniel0x00
/ ConvertTo-DotNotation.ps1
Last active
July 27, 2021 14:56
PowerShell function that converts a PowerShell Object into a DotNotation object
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ConvertTo-DotNotation { | |
| # PowerShell cmdlet that converts a PowerShell/JSON object into a dot.notation array. | |
| # For Splunk use cases, this cmdlet enables data to be TERM() and PREFIX() ready. | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # Source: https://gist.github.com/daniel0x00/15f8871f2c0aca803e7f60ae0a1f42c1 | |
| # Note: any improvement opportunity to make this function "a 1-liner" producing same results is very welcomed. | |
| # TODO: Support for Dictionary object. |
daniel0x00
/ ConvertFrom-XLSB.ps1
Created
March 17, 2021 10:00
PowerShell function to convert Excel .xlsb files to .csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # Convert .xlsb to .csv - PowerShell function. | |
| ## | |
| ## USAGE: | |
| # Open Windows PowerShell, change your paths on below one liner and paste it in Windows PowerShell: | |
| # Set-ExecutionPolicy Bypass -Scope Process -Force; $username = $env:username; . "C:\Users\$username\Documents\ConvertFrom-XLSB.ps1"; Get-ChildItem "C:\Users\$username\Desktop\*xlsb' | Sort-Object LastWriteTime -Descending | Select-Object -First 1 -ExpandProperty Fullname | ConvertFrom-XLSB -OutputPath 'C:\Users\$username\Desktop\' | |
| ## | |
| function ConvertFrom-XLSB { | |
| param( |
daniel0x00
/ ConvertTo-SplunkHEC.serverless.ps1
Last active
July 28, 2021 07:19
PowerShell Azure Function that takes an array object as input and outputs a JSON array with multiple chunks of Splunk-HEC compliant objects.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| param($Request, $TriggerMetadata) | |
| ### | |
| # PowerShell serverless Function that receives a HTTP POST payload and converts it to a Splunk HEC grouped payload, optionally adding selected DotNotation properties. | |
| ### | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # Source: https://gist.github.com/daniel0x00/47523a08bdd658528e4639a3da838e7e | |
| ### |
daniel0x00
/ ConvertTo-Merged.ps1
Last active
December 27, 2020 09:26
PowerShell Azure Function that takes an array with desired objects as child arrays as an input and outputs a single array object with child items only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using namespace System.Net | |
| # Input bindings are passed in via param block. | |
| param($Request, $TriggerMetadata) | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # Expected input POST Body schema: | |
| # { |
daniel0x00
/ Optimize-IP.ps1
Created
June 11, 2020 13:24
PowerShell function that Enriches an IP/Domain with DNS resolution, ICMP, nmap, HTTP metadata and Certificate information
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Optimize-IP { | |
| # Enriches an IP/Domain | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # Dependencies: | |
| # PoshNmap by @JustinGrote (Invoke-Nmap), ConvertTo-ScanResult by @daniel0x00, Get-RemoteSSLCertificate by @daniel0x00 | |
| <# | |
| .SYNOPSIS |
daniel0x00
/ ConvertTo-ScanResult.ps1
Created
April 27, 2020 16:01
Converts PowerShell PoshNmap JSON output into a pipeline-enabled one with some other improvements
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ConvertTo-ScanResult { | |
| # Parse an output of PoshNmap by @JustinGrote | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| <# | |
| .SYNOPSIS | |
| Parse and improve the JSON output of PoshNmap. | |
| .EXAMPLE |
daniel0x00
/ ConvertTo-SplunkHEC.ps1
Last active
July 27, 2021 14:58
Converts a PowerShell array object to a Splunk HTTP Event Collector (HEC) valid grouped payload.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ConvertTo-SplunkHEC { | |
| # PowerShell cmdlet that receives an array and converts it to a Splunk HEC grouped payload. | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # Source: https://gist.github.com/daniel0x00/3b5107b206efc7418a3fbaa1f387fc44 | |
| <# | |
| .SYNOPSIS | |
| Receives an array and outputs a Splunk HTTP Event Collector (HEC) valid grouped payload. |
daniel0x00
/ Process-AsyncRequest.ps1
Last active
December 27, 2020 09:35
Process async requests: receives a command-line payload to execute and when it finishes, sends a HTTP callback.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Process-AsyncRequest { | |
| # Receives a command-line payload to execute and when it finishes, sends a HTTP callback. | |
| # Use-case: use with Azure Functions with connection to a Hybrid Connection. By installing this function on a server using HCM, | |
| # we can pass code to the machines and get back JSON data at bulk. | |
| # Callback-URL can be a URL generated by Azure Logic Apps 'HTTP + Webhook' action. | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| <# |
daniel0x00
/ ConvertTo-DotNotation.ps1
Last active
December 26, 2020 12:19
Converts a JSON object into a dot.notation array
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function ConvertTo-DotNotation { | |
| # Converts a JSON object into a dot.notation array | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # TODO: Support for Dictionary object. | |
| # In the meantime, Dictionaries must be casted into PSCustomObject like this: [PSCustomObject][Hashtable]$object | |
| <# | |
| .SYNOPSIS |
daniel0x00
/ PowerViewLight.ps1
Last active
June 4, 2021 08:15
PowerView 3 'light' version, just few commands to avoid AV detection.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Author: Will Schroeder (@harmj0y) | |
| # License: BSD 3-Clause | |
| # Web: http://www.harmj0y.net/blog/ | |
| # | |
| # Original project: https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon | |
| function Get-NetLocalGroupMember { | |
| <# |
NewerOlder