diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml new file mode 100644 index 0000000..89fc654 --- /dev/null +++ b/.github/workflows/powershell.yml @@ -0,0 +1,49 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# +# https://github.com/microsoft/action-psscriptanalyzer +# For more information on PSScriptAnalyzer in general, see +# https://github.com/PowerShell/PSScriptAnalyzer + +name: PSScriptAnalyzer + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '28 20 * * 0' + +permissions: + contents: read + +jobs: + build: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: PSScriptAnalyzer + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run PSScriptAnalyzer + uses: microsoft/psscriptanalyzer-action@6b2948b1944407914a58661c49941824d149734f + with: + # Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options. + # The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules. + path: .\ + recurse: true + # Include your own basic security rules. Removing this option will run all the rules + includeRule: '"PSAvoidGlobalAliases", "PSAvoidUsingConvertToSecureStringWithPlainText"' + output: results.sarif + + # Upload the SARIF file generated in the previous step + - name: Upload SARIF results file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif diff --git a/README.md b/README.md index b4b9739..47e8ee1 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,9 @@ These can be used for threat hunting, but I mostly use these during external pen I would definitely recommend the resolvers over a traditional nslookup when working with indicators, since these tools all resolve by proxy through another host and not your own box. At most, I would use them to find any initial indicators (i.e: Quad9 blocked ___ hostname), and then move the work over to a CTI platform for OSINT like [AlienVault OTX](https://otx.alienvault.com/). -I will continue to update the repository with more tools as time goes on. Most of my time with new tools is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. I would also like to make setup scripts for Windows & popular Linux distros respectively to quickly set the script folders to PATH/environment variables. In the mean time, I recommend manually adding the 'Resolvers' and 'Validators' folder to your PATH for quick use. This is what I personally do. +I will continue to update the repository with more tools as time goes on. Most of my time with new additions is spent performing internal QA to ensure they are easy to read from the IDE and provide a good experience during input handling. :) + +Plans include setup scripts for Windows & popular Linux distros to quickly set the script folders to PATH/environment variables. In the mean time, I recommend manually adding the 'Resolvers' and 'Validators' folder to your PATH for quick use. This is what I personally do. ## Quick Reference - Command Syntax @@ -41,3 +43,10 @@ Sometimes, the domain may block the internetDB from indexing the address. In the **cfWhoami** - Check your external IP address, user-agent, and detected location using CloudFlare's public trace services. **mvWhoami** - An external check to validate connections to Mullvad VPN. This uses their public "Am I Mullvad?" service and a good second-opinion scan after your local command line if youre doing things like split tunneling or using proxies. + +![cfUagTest](https://github.com/user-attachments/assets/a82682b3-b0b1-4feb-83e7-01daaeaeaa82) +**cfUagTest** - Cloudflare User-Agent Test. Test a user-agent on Cloudflare Trace to see how it looks on the other end. Verify discrepencies against parsers, etc. + +## Support +- If you find use from this, consider supporting my work on [Ko-fi](https://ko-fi.com/weekndr_sec). +- As of this release, I'm currently consulting full-time and get paid by the project, not by my time.