klezVirus/Invoke-USBDevSearch.ps1

## Invoke-USBDevSearch.ps1
function Invoke-USBDevSearch(){

	<#
    .SYNOPSIS
        Easy script that searches through connected USB devices filtering via a text string or guid.
	# Import
        ipmo .\Invoke-USBDevSearch.ps1
        # Run
        Invoke-USBDevSearch [-Search|-Guid] <search-term>
    .EXAMPLE
        # Search using full-text search
        Invoke-USBDevSearch -Search "ASIX"
        # Search using GUID search (ClassGUID)
        Invoke-USBDevSearch -GUID "{aaaaaaaa-bbbb-cccc-ffff-012345678910}"
    #>

    [CmdletBinding()]
    param
    (
	[Parameter(Mandatory=$False)]
	[string]$Search,
	[Parameter(Mandatory=$False)]
	[string]$Guid
    )


	function FullTextSearch(){
		return (($args[0].DeviceDesc -match $args[1]) -Or ($args[0].FriendlyName -match $args[1]) -Or ($args[0].Service -match $args[1]))
	}

	function GuidSearch(){
		$Device = $args[0]
		[Guid]$g = $args[1]

		return ($Device.ClassGUID -eq $Guid.toString())
	}

	if (((-Not $Search) -Or ($Search -match "^\s*$")) -And ((-Not $Guid) -Or ($Guid -match "^\s*$"))){

		Write-Host "[-] No search term was provided"
		return
	}

	if ($Search -And $Search -NotMatch "^\s*$" -And $Guid -And $Guid -NotMatch "^\s*$"){
		Write-Host "[!] WARN: Both Guid and Search detected, Guid will be ignored"
	}

	Get-ChildItem "HKLM:\sYSTEM\CurrentControlSet\Enum\USB" | ForEach-Object {
		$keyname =(Split-Path $_.Name -leaf);
		$key = (Get-ChildItem "HKLM:\sYSTEM\CurrentControlSet\Enum\USB\$keyname");
		$subkeyname =(Split-Path $key -leaf);
		try{
			$k= (Get-ItemProperty "HKLM:\sYSTEM\CurrentControlSet\Enum\USB\$keyname\$subkeyname" -ErrorAction 'silentlycontinue') ;
			$k
		}
		catch {}
		} | Where-Object {
			if($Search -And $Search -NotMatch "^\s*$"){
				FullTextSearch $_ $Search
			} elseif($Guid -And $Guid -NotMatch "^\s*$"){
				GuidSearch $_ $Guid
			}
		} -ErrorAction 'silentlycontinue'
	}
	function Invoke-USBDevSearch(){

	<#
	.SYNOPSIS
	Easy script that searches through connected USB devices filtering via a text string or guid.
	# Import
	ipmo .\Invoke-USBDevSearch.ps1
	# Run
	Invoke-USBDevSearch [-Search\|-Guid] <search-term>
	.EXAMPLE
	# Search using full-text search
	Invoke-USBDevSearch -Search "ASIX"
	# Search using GUID search (ClassGUID)
	Invoke-USBDevSearch -GUID "{aaaaaaaa-bbbb-cccc-ffff-012345678910}"
	#>

	[CmdletBinding()]
	param
	(
	[Parameter(Mandatory=$False)]
	[string]$Search,
	[Parameter(Mandatory=$False)]
	[string]$Guid
	)


	function FullTextSearch(){
	return (($args[0].DeviceDesc -match $args[1]) -Or ($args[0].FriendlyName -match $args[1]) -Or ($args[0].Service -match $args[1]))
	}

	function GuidSearch(){
	$Device = $args[0]
	[Guid]$g = $args[1]

	return ($Device.ClassGUID -eq $Guid.toString())
	}

	if (((-Not $Search) -Or ($Search -match "^\s$")) -And ((-Not $Guid) -Or ($Guid -match "^\s$"))){

	Write-Host "[-] No search term was provided"
	return
	}

	if ($Search -And $Search -NotMatch "^\s$" -And $Guid -And $Guid -NotMatch "^\s$"){
	Write-Host "[!] WARN: Both Guid and Search detected, Guid will be ignored"
	}

	Get-ChildItem "HKLM:\sYSTEM\CurrentControlSet\Enum\USB" \| ForEach-Object {
	$keyname =(Split-Path $_.Name -leaf);
	$key = (Get-ChildItem "HKLM:\sYSTEM\CurrentControlSet\Enum\USB\$keyname");
	$subkeyname =(Split-Path $key -leaf);
	try{
	$k= (Get-ItemProperty "HKLM:\sYSTEM\CurrentControlSet\Enum\USB\$keyname\$subkeyname" -ErrorAction 'silentlycontinue') ;
	$k
	}
	catch {}
	} \| Where-Object {
	if($Search -And $Search -NotMatch "^\s*$"){
	FullTextSearch $_ $Search
	} elseif($Guid -And $Guid -NotMatch "^\s*$"){
	GuidSearch $_ $Guid
	}
	} -ErrorAction 'silentlycontinue'
	}