PowerParse
所属分类:Windows编程
开发工具:PowerShell
文件大小:0KB
下载次数:0
上传日期:2023-12-18 14:57:06
上 传 者:
sh-1993
说明: PowerShell PE分析器
(PowerShell PE Parser)
文件列表:
APIs/
Parsers/
VirusTotal/
LICENSE
PowerParse.psd1
PowerParse.psm1
# PowerParse v0.01
PowerShell PE Parser designed to help and aid reverse engineers. Module allows initial triage of a PE by supporting modules that do the following:
* Obtain basic information about a PE.
* Identify if the PE in question has multiple embedded PEs within it. If there is, an option to export each PE is available.
* Ability to ship up a VT search.
* Ability to identify if certain behaviors (TTPs) are performed within the PE.
# Usage
To use this module, type: `Import-Module PowerParse.psd1`.
The following functions are supported:
* `Get-PEInfo` - Obtains information about a PE (type, architectrue, etc), checks to see if multiple PEs are embedded within the binary. Has switches `-Export` to export embedded PEs, `GetVTScore` to get the score of the PE, and `GetTTPs` to run analysis on what behaviors the PE executes.
* `Get-MZHeaders` - Identifies how many PEs are embedded within 1 file.
* `Get-PESize` - Obtains the size of a PE file.
* `Export-PE` - Helper function to export PEs. Used within Get-PEInfo.
* `Get-VTScore` - Obtains the positive results of a PE based off a file's hash. Future versions will allow for more dynamic queries. Need to supply VTAPI for query to work.
* `Get-TTPs` - -Uses string matching to identify if certain behaviors are being performed within a PE.
# Acknowledgements
* Matt Graeber - PowerShell Arsenal was a huge inspiration for this module. Also thank you to Matt for reviewing this module and giving suggestions which will be added to future versions.
* Matt Hand - Talking to me about this module and giving me ideas to implement.
近期下载者:
相关文件:
收藏者: