Search for interesting data within network shares or drives.
Interesting-Data searches for credentials, passwords, or other secret information on a network share or drive.
- Download the repository.
git clone https://github.com/ajread4/Interesting-Data.git
- Move the entire folder into one of your PowerShell module directories.
- Import the module
Import-Module Interesting-Data
- Run the Module based on Usage
Usage can be found within the .EXAMPLE section of the module and below.
-
Find all files with extension .txt,.md,.doc,.xlsx,.csv,.pptx,.sh,.config,.json,.yaml, or .ssh on \\172.20.20.12\test that contain a long list of default matching strings.
Interesting-Data -Share 172.20.20.12 -Drives test -Content $True
-
Find all files with the .txt extension located in the share drive at 172.20.20.12 (\\172.20.20.12\share).
Interesting-Data -Share 172.20.20.12 -Drives share -Extensions *.txt -Names $True
-
Find all files with the .txt extension located in the share drive at 172.20.20.12 (\\172.20.20.12\share) and returns matches with the word "creds" or "passwords."
Interesting-Data -Share 172.20.20.12 -Drives share -Extensions *.txt -Content $True -Patterns 'creds|passwords'
-
Find all files with extension '.csv' and contain the pattern "password" on a remote share \\10.11.23.13\Fileshare that requires credentials. Prior to running, you must set Credentials
Interesting-Data -Share 10.11.23.13 -Content $True -Credential $Cred -Drives "Fileshare" -Extensions *.csv -Patterns "password"
-
Output to a file called results.txt all files with extension '.csv' and contain the pattern "password" on a remote share "\\10.10.3.16\Documents Repository" that requires credentials. Prior to running, you must set Credentials
Interesting-Data -Share 10.10.3.16 -Content $True -Credential $Cred -Drives "Documents Repository" -Extensions *.csv -Patterns "password" -OutFile results.txt
-
Output to a file called results.txt all filenames with extension '.csv' on a remote share \\10.10.3.16\Documents that requires credentials. Prior to running, you must set Credentials
Interesting-Data -Share 10.10.3.16 -Names $True -Drives Documents -Extensions *.csv -OutFile results.txt
The PowerShell module utilizes PSCredential. To connect to shares that require credentials, you must:
$Password = ConvertTo-SecureString 'SecretPassword' -AsPlainText -Force$Cred = New-Object System.Management.Automation.PSCredential('DOMAIN\ajread', $Password)
All code was written by me, AJ Read.