The Pigstye

Tom Willett's Playground

Here you will find my collected notes, code and musings.

• Home
• Computer Forensics >>
• Notes
• PowerShell Scripts
• Remediation
• Documentation
• SysAdmin
• Code

Various PowerShell Scripts

I have created PowerShell scripts for everything starting with my career in IT. Many of these scripts are no longer relevant but the ones of value I am dumping here. Hopefully they will help someone.

Most are nothing special but perhaps they can demonstrate a technique you can use. That is how I use most of these. Most were written for a specific task.

Incident Response and Computer Forensics Scripts

All of these scripts can be found at https://github.com/pigstye/PowerShell-Scripts/tree/main/IR-Computer-Forensic-Scripts.

Linux

• convert-bashhistory.ps1 If dates are turned on in the bash history file this will convert them to normal date/times.
• get-linuxlogs.ps1 Convert Linux logs to a PowerShell object enabling export to csv.
• get-utmp.ps1 Parse btmp, utmp, and wtmp files converting them to csv a PowerShell object.
• list-timezones.ps1 List the official time zone names required by get-utmp.ps1.

Windows

• Convert-IIStoCSV.ps1 Convert IIS logs to CSV files.
• get-etllog.ps1 Convert etl Logs to a PowerShell object enabling export to csv.
• get-eventlogs.ps1 Convert event logs (evt and evtx) to a PowerShell object enabling export to csv.
• get-Teamslog.ps1 The Microsft Teams log contains fragments of Teams chat that can be recovered.
• parse-emailheaders.ps1 Parse email headers and return as PowerShell project.
• DecodeGzip.ps1 Decode Base65 and Gzipped code.
• gather-logs.ps1 Gather System, Security and Application logs from a remote computer and create a zip containing them named after the computer.
• get-DHCPLogs.ps1 Retrieves DHCP logs from a MS DHCP server and converts to a PS object.
• get-dnsDebugLog.ps1 Retrieves DNS Debug Logs from a MS DNS server and converts to PS object.
• Get-DOLog.ps1 Get Delivery Optimization logs and convert to object.
• Get-ScheduledTask.ps1 Get XML scheduled task convert to object.
• parse-jobfile.ps1 Parse old style job file from Windows XP and Server 2003 at c:\windows\tasks.
• parse-prefetch.ps1 Parse a prefetch file.
• parse-shortcut.ps1 Parse Windows shortcut file.

Penetration Testing

• decode-BigIPCookie.ps1 Convert BigIP Cookie returns IP and port.
• decodeURI.ps1Decodes common uri escape characters and sqli constructs from a uri.
• escape-string.ps1Escape common characters in a uri string.
• unescape-string.ps1Removes all character escaping in a uri string.
• get-git.ps1 Retrieve files from an exposed .git directory
• get-cert.ps1 Get certificate information for a website.
• get-imapSecurity.ps1 Use OpenSSL to evaluate security of an IMAP server.
• host-header-poison.ps1 Check a host to see if it's vulnerable to host header poisoning.

General

• get-ccns.ps1 Extracts CCN from a file verifies the LUN. If it is valid retrieves the associated bank information and returns a PS Object.
• get-ipgeo.ps1 Get IPGeo information for an IP address from ip-api.com and return in a PowerShell object.
• get-shodan.ps1 Get Shodan information for a host returning information in a PowerShell object.
• Convert-archivetozip.ps1 Convert all archive files in current directory to zips.
• convert-b64ToPng.ps1 Convert a base64 encoded png to a png.
• convet-time.ps1 Convert from one timezone to another.
• disable-usbwriteprotect.ps1 Disable USB Write protect.
• enable-usbwriteprotect.ps1 Enable USB Write protect.
• get-ip.ps1 Simple script to extract IP addresses from a text file.

This Website made with hand crafted html and css.

Everything here is released under the No License.