Created
June 11, 2020 13:24
-
-
Save daniel0x00/6b5b2a02b9fa875cb84d299ea970e403 to your computer and use it in GitHub Desktop.
PowerShell function that Enriches an IP/Domain with DNS resolution, ICMP, nmap, HTTP metadata and Certificate information
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Optimize-IP { | |
| # Enriches an IP/Domain | |
| # Author: Daniel Ferreira (@daniel0x00) | |
| # License: BSD 3-Clause | |
| # Dependencies: | |
| # PoshNmap by @JustinGrote (Invoke-Nmap), ConvertTo-ScanResult by @daniel0x00, Get-RemoteSSLCertificate by @daniel0x00 | |
| <# | |
| .SYNOPSIS | |
| Enriches an IP/Domain with DNS entries, ICMP resolution, nmap, HTTP web request and certificate grabbing: | |
| .EXAMPLE | |
| PS C:\> Optimize-IP -IPAddress microsoft.com | |
| ipaddress : microsoft.com | |
| dns : {@{Name=microsoft.com; Type=A; NameHost=; IPAddress=40.112.72.205}, @{Name=microsoft.com; Type=A; NameHost=; IPAddress=40.113.200.201}, @{Name=microsoft.com; Type=A; NameHost=; | |
| IPAddress=40.76.4.15}, @{Name=microsoft.com; Type=A; NameHost=; IPAddress=13.77.161.179}…} | |
| icmp : @{address=; status=TimedOut} | |
| nmap : @{starttime=1591817858; endtime=1591817861; status=; address=; hostnames=; ports=; times=; scan=; summary=} | |
| web : {@{port=80; uri=http://microsoft.com:80; http=; certificate=}, @{port=443; uri=https://microsoft.com:443; http=; certificate=}} | |
| .EXAMPLE | |
| PS C:\> ,('wikipedia.com','nokia.com') | Optimize-IP | |
| .EXAMPLE | |
| PS C:\> ,('github.com','208.70.188.57') | Optimize-IP | |
| .PARAMETER IPAddress | |
| String[]. IP Address to perform the analysis against. | |
| #> | |
| [CmdletBinding()] | |
| [OutputType([PSCustomObject])] | |
| param( | |
| [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true)] | |
| [string[]] $IPAddress, | |
| [Parameter(Position = 1, Mandatory = $false, ValueFromPipeline = $false)] | |
| [string] $DNSServer = '1.1.1.1', | |
| [Parameter(Position = 2, Mandatory = $false, ValueFromPipeline = $false)] | |
| [switch] $SkipNmapScan, | |
| [Parameter(Position = 3, Mandatory = $false, ValueFromPipeline = $false)] | |
| [switch] $SkipWebRequest, | |
| [Parameter(Position = 4, Mandatory = $false, ValueFromPipeline = $false)] | |
| [switch] $SkipCertificate, | |
| [Parameter(Position = 5, Mandatory = $false, ValueFromPipeline = $false)] | |
| [string] $NmapArgument = '-Pn -sS -T4 -n --top-ports=50', | |
| [Parameter(Position = 6, Mandatory = $false, ValueFromPipeline = $false)] | |
| [string[]] $WebRequestPorts = @(80, 8080, 443, 8443), | |
| [Parameter(Position = 7, Mandatory = $false, ValueFromPipeline = $false)] | |
| [string] $ScannerLocation = 'internet' | |
| ) | |
| ## For each IP: | |
| $IPAddress | ForEach-Object { | |
| $IP = $_ | |
| ## Initial data: | |
| # DNS, ICMP and IP formatting: | |
| $OutputObject = $IP | Select-Object ` | |
| @{n = 'ipaddress'; e = {$_}}, ` | |
| @{n = 'dns'; e = {Resolve-DnsName -Name $_ -DnsOnly -ErrorAction SilentlyContinue -Server $DNSServer | Select-Object Name, Type, NameHost, IPAddress}}, ` | |
| @{n = 'icmp'; e = {Test-Connection -Ping $_ -Count 1 -TimeoutSeconds 1 -BufferSize 1 -ErrorAction SilentlyContinue | Select-Object @{n = 'address'; e = {$_.address.IPAddressToString}}, @{n = 'status'; e = {$_.status}}}} | |
| # Nmap port scan: | |
| if (-not($SkipNmapScan)) { | |
| # Port scan: | |
| $OutputObject = $OutputObject | Select-Object *, @{n = 'nmap'; e = {Invoke-Nmap $_.ipaddress -ArgumentList $NmapArgument -OutFormat JSON | ConvertFrom-Json | ConvertTo-ScanResult -ScannerLocation $ScannerLocation}} | |
| $WebRequests = @() | |
| if (($null -ne $OutputObject.nmap.ports.port) -and (($OutputObject.nmap.ports.port).Count -gt 0)) { | |
| # Port iteration: | |
| $OutputObject.nmap.ports.port | ForEach-Object { | |
| $Port = $_.portid | |
| $Uri = [string]::concat(($Port -match 443)?'https://':'http://', $IP, ':', $Port) | |
| # Web requests: | |
| if (-not($SkipWebRequest)) { | |
| if ($WebRequestPorts.Contains($Port)) { | |
| # Execute web request: | |
| $Http = $null | |
| $Robots = $null | |
| try { | |
| $Http = Invoke-WebRequest -Uri $Uri -SkipCertificateCheck -SkipHttpErrorCheck -SkipHeaderValidation -Method Get | Select-Object StatusCode, Headers, InputFields | |
| $RobotsRequest = Invoke-WebRequest -Uri ([string]::concat($Uri, '/robots.txt')) -SkipCertificateCheck -SkipHttpErrorCheck -SkipHeaderValidation -Method Get | |
| if ($null -ne $RobotsRequest -and $null -ne $RobotsRequest.StatusCode -and $RobotsRequest.StatusCode -eq 200) { $Robots = ($RobotsRequest).Content } | |
| } | |
| catch { $Http = $_.Exception.Message } | |
| # Execute certificate grabbing: | |
| $Certificate = $null | |
| try { $Certificate = Get-RemoteSSLCertificate -IPAddress $IP -Port $Port | Select-Object Subject, Issuer, Thumbprint } | |
| catch { $Certificate = $_.Exception.Message } | |
| # Add object to array: | |
| $WebRequests += [PSCustomObject]@{ | |
| port = $Port | |
| uri = $Uri | |
| http = $Http | |
| certificate = $Certificate | |
| robots = $Robots | |
| } | |
| } | |
| } | |
| } | |
| } | |
| # Add 'web' object to output: | |
| $OutputObject = $OutputObject | Select-Object *, @{n = 'web'; e = {$WebRequests}} | |
| } | |
| ## Output: | |
| $OutputObject | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment