-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathInvoke-MetaBlue.ps1
72 lines (57 loc) · 1.81 KB
/
Invoke-MetaBlue.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
function Invoke-MetaBlue {
<#
.SYNOPSIS
MetaBlue is a mass survey tool that facilitates the rapid collection
of curated data points from Microsoft Windows hosts.
.DESCRIPTION
There are many PowerShell data collection scripts out there for blue
teams but MetaBlue is the only one that does it at scale and very quickly.
MetaBlue opens a PSSession on every specified host and runs its queries as
background jobs which are reaped with PowerShell's powerful event engine.
.PARAMETER ComputerName
.EXAMPLE
.EXAMPLE
.INPUTS
.OUTPUTS
An ungodly amount of CSVs in your specified directory.
.NOTES
Author: 0xshaft03
#>
[CmdletBinding(DefaultParameterSetName = 'LocalCollect')]
param(
[Parameter(ParameterSetName = 'RemoteCollect')]
[Parameter(ParameterSetName = 'LocalCollect')]
[ValidateSet('Light', 'Medium', 'Heavy', 'Dreadnought', 'Custom')]
[string]$CollecterSize = 'Light',
[Parameter(ParameterSetName = 'RemoteCollect')]
[Parameter(ParameterSetName = 'Enumeration')]
[switch]$Enumerate,
[Parameter(ParameterSetName = 'Enumeration')]
[ValidateNotNullOrEmpty()]
[string]$Subnet,
[Parameter(ParameterSetName = 'RemoteCollect')]
[ValidateNotNullOrEmpty()]
[ValidateSet('ActiveDirectoryComputers', 'TextFile', 'CSVFile')]
[string]$ComputerSet,
[Parameter(Mandatory)]
[string]$OutFolder
)
BEGIN {
if($Null == $ComputerSet){
}
if($LightCollecter){
}
elseif($MediumCollecter){
}
elseif($HeavyCollecter){
}
elseif($DreadnoughtCollecter){
}
}
PROCESS {
Write-Host "[+] Collecting from $Computername"
Write-Verbose "its super neat"
}
END {
}
}