Created
January 8, 2023 22:44
-
-
Save mthcht/ccf297c9580d7c8971359baae45973d2 to your computer and use it in GitHub Desktop.
Search for given keywords in every file in the given directory (equivalent of a grep -rnw "mystring" .)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| T1552.001 - Unsecured Credentials: Credentials In Files | |
| T1083 - File and Directory Discovery | |
| Script from https://github.com/mthcht/Purpleteam/blob/main/Simulation/Windows/System/search_for_credentials_in_files.ps1 | |
| Simple script to search for strings inside files in a given directory (equivalent to a grep -rnw "mystring" .) | |
| Example usage: | |
| search for 'password=' in every files in the current directory and save the result in results.txt in the same directory | |
| - powershell.exe -ep Bypass -File .\search_for_credentials_in_files.ps1 -search 'password=' -path . -out ./results.txt | |
| Ask for user input and print results in the console | |
| - powershell.exe -ep Bypass -File .\search_for_credentials_in_files.ps1 | |
| search for 'your password' in every files in the parent directory and print results in the console | |
| - powershell.exe -ep Bypass -File .\search_for_credentials_in_files.ps1 -search 'your password' -path ../ | |
| #> | |
| param( | |
| [Parameter(Mandatory=$false)] | |
| [string]$search, | |
| [Parameter(Mandatory=$false)] | |
| [string]$path, | |
| [Parameter(Mandatory=$false)] | |
| [string]$out | |
| ) | |
| if(!$search){ | |
| $search = Read-Host -Prompt "Enter the search string" | |
| $path = Read-Host -Prompt "Enter the path" | |
| } | |
| $files = Get-ChildItem $path -Recurse -Include *.txt,*.doc,*.docx,*.xlsx,*.csv,*.ppt,*.pptx,*.pdf,*.rtf,*.log,*.xml,*.xls,*.html,*.htm,*.md,*.ini,*.bat,*.ps1,*.py,*.cmd,*.json,*.msg,*.sh | |
| if($out){ | |
| $files | ForEach-Object { | |
| $filePath = $_.FullName | |
| (Select-String -Path $filePath -Pattern $search).LineNumber | Where-Object { | |
| -not [string]::IsNullOrEmpty($(Get-Content $filePath | Select-String -Pattern $search -Context 0,1)) | |
| } | ForEach-Object { | |
| $content = "`n`nFound in $filePath -- Line Number: $_ -- Content:`n $(Get-Content $filePath | Select-String -Pattern $search -Context 0,1)" | |
| Add-Content -Path $out -Value $content | |
| } | |
| } | |
| } | |
| else{ | |
| Write-Host "No output file path specified. Results are printed in the console." | |
| $files | ForEach-Object { | |
| $filePath = $_.FullName | |
| (Select-String -Path $filePath -Pattern $search).LineNumber | Where-Object { | |
| -not [string]::IsNullOrEmpty($(Get-Content $filePath | Select-String -Pattern $search -Context 0,1)) | |
| } | ForEach-Object { | |
| Write-Host "`n`nFound in $filePath -- Line Number: $_ -- Content:`n $(Get-Content $filePath | Select-String -Pattern $search -Context 0,1)" | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment