-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathpOSINT.psm1
82 lines (71 loc) · 3.09 KB
/
pOSINT.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Module manifest for module 'pOSINT'
# Generated by: ecstatic-nobel
# Generated on: 3/7/19
# dot-source all function files
Get-ChildItem -Path $PSScriptRoot\*.ps1 | Foreach-Object{ . $_.FullName }
# Export all commands
Export-ModuleMember -Function @(Get-Command -Module $ExecutionContext.SessionState.Module)
# Module functions
function Reset-SslDefaults {
[Net.ServicePointManager]::SecurityProtocol = $CurrentSecurityProtocol
}
function Format-Response {
if ($ReponseType -eq 'CSV') {
$Response |
ConvertFrom-Csv
} elseif ($ReponseType -eq 'JSON') {
$Response |
ConvertFrom-Json -AsHashTable |
ConvertTo-Json |
ConvertFrom-Json
} elseif ($ReponseType -eq 'OBJ') {
$Response |
Select-Object -ExpandProperty Results
} else {
$Response
}
}
function Search-Api {
$BaseCommand = "Invoke-RestMethod {0} -Method $Method -TimeoutSec $Timeout -Uri '$Uri' -UserAgent '$UserAgent'"
# Initial Response
$Response = $(iex -Command $("$BaseCommand" -f $ExtraRequestParams))
# Combined responses from other PulseDive endpoints
if ($Uri -match '.*pulsedive.*' -and $Uri -notmatch '.*sanitize=true') {
if ($Endpoint -eq 'indicator') {
$Iid = $Response.iid
$Linked = "@{iid='$Iid';get='links';pretty=1;key='$ApiKey'}"
$Properties = "@{iid='$Iid';get='properties';pretty=1;key='$ApiKey'}"
$Response = [pscustomobject]@{
Value=$Response
Linked=$(iex -Command $("$BaseCommand" -f "-Body $Linked"))
Properties=$(iex -Command $("$BaseCommand" -f "-Body $Properties"))
}
} elseif ($Endpoint -eq 'threat') {
$Tid = $Response.tid
$Summary = "@{tid='$Tid';get='links';summary=1;splitrisk=1;pretty=1;key='$ApiKey'}"
$Linked = "@{tid='$Tid';get='links';pretty=1;key='$ApiKey'}"
$Response = [pscustomobject]@{
Value=$Response
Summary=$(iex -Command $("$BaseCommand" -f "-Body $Summary")) -split '\n' | ? {$_ -notlike '*"":*'} | ConvertFrom-Json
Linked=$(iex -Command $("$BaseCommand" -f "-Body $Linked"))
}
} elseif ($Endpoint -eq 'feed') {
$Fid = ($Response -split '\n' | ? {$_ -notlike '*"":*'} | ConvertFrom-Json).fid
$Linked = "@{fid='$Fid';get='links';pretty=1;key='$ApiKey'}"
$Response = [pscustomobject]@{
Name=$Response -split '\n' | ? {$_ -notlike '*"":*'} | ConvertFrom-Json
Linked=$(iex -Command $("$BaseCommand" -f "-Body $Linked"))
}
}
}
Format-Response
}
Function Set-ModuleDefaults {
$global:Method = 'GET'
$global:Timeout = 30
$global:UserAgent = [Microsoft.PowerShell.Commands.PSUserAgent]::Firefox
}
Function Set-SslDefaults {
$global:CurrentSecurityProtocol = [Net.ServicePointManager]::SecurityProtocol
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12
}