#$ErrorActionPreference= 'silentlycontinue'
$k = Get-Content "H:\PowershellPlayground\IPAbuseLookup\IPs.txt"
foreach($i in $k)
{
$original = $i
$reversed = $i -replace '^(\d+)\.(\d+)\.(\d+)\.(\d+)$','$4.$3.$2.$1.abuse-contacts.abusix.org'
try
{
Resolve-DnsName -Type TXT $reversed -DnsOnly -ErrorAction Stop | select @{l='IP';e={$original}}, @{l='AbuseEmail';e={$_.Strings}}, @{l='Status';e={"SUCCESS"}}
} Catch{
[pscustomobject]@{
IP = $original
AbuseEmail = ''
Status = "ERROR"
}
}
}
Friday, July 6, 2018
Tuesday, July 3, 2018
Powershell to download emotet word docs
#$ErrorActionPreference= 'silentlycontinue'
foreach($url in Get-Content .\urls.txt) {
$uri = $null
$lastfolder = ""
$StringBuilder = $null
$StringBuilder2 = $null
$lastfoldermd5 = ""
$lastfolderdoublemd5 = ""
$statsurl = ""
$domain = ""
$savelocation = ""
$hash = ""
$size = 0
$ip = ""
$reversed = ""
$nslookup = ""
$abuseemail = ""
$stats = ""
$alive = ""
$response = ""
$index = 0
$uri = [System.Uri]$url
$lastfolder = $uri.Segments[$uri.Segments.Length-1]
$lastfolder = $lastfolder -replace "/", ""
$StringBuilder = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create("MD5").ComputeHash([System.Text.Encoding]::UTF8.GetBytes($lastfolder))|%{ [Void]$StringBuilder.Append($_.ToString("x2")) }
$lastfoldermd5 = $StringBuilder.ToString()
$StringBuilder2 = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create("MD5").ComputeHash([System.Text.Encoding]::UTF8.GetBytes($lastfoldermd5))|%{ [Void]$StringBuilder2.Append($_.ToString("x2")) }
$lastfolderdoublemd5 = $StringBuilder2.ToString()
$statsurl = $url + "." + $lastfolderdoublemd5
$domain = $uri.Host
$savelocation = "c:\users\win732\desktop\docs\" + $domain + ".doc"
(New-Object System.Net.WebClient).DownloadFile($url, $savelocation)
$hash = (get-filehash $savelocation -algorithm md5).hash
$size = (Get-Item $savelocation).length
if($size -gt 5000) { $alive = "UP" } else {$alive = "DOWN"}
$ip = [System.Net.Dns]::GetHostAddresses($domain).IPAddressToString
$reversed = $ip -replace '^(\d+)\.(\d+)\.(\d+)\.(\d+)$','$4.$3.$2.$1.abuse-contacts.abusix.org'
$nslookup = &nslookup.exe -q=TXT $reversed
$abuseemail = [regex]::matches($nslookup,'(?<=\").+?(?=\")').value
if($abuseemail -eq "") { $abuseemail = "NONE" }
$stats = "NONE"
if($alive -eq "UP"){
$response = (Invoke-Webrequest $statsurl).RawContent
$index = $response.IndexOf("UN:")
if($index -gt 0){ $stats = $response.Substring($index) }
}
write-host $alive","$size","$url","$hash","$ip","$abuseemail","$stats
}
foreach($url in Get-Content .\urls.txt) {
$uri = $null
$lastfolder = ""
$StringBuilder = $null
$StringBuilder2 = $null
$lastfoldermd5 = ""
$lastfolderdoublemd5 = ""
$statsurl = ""
$domain = ""
$savelocation = ""
$hash = ""
$size = 0
$ip = ""
$reversed = ""
$nslookup = ""
$abuseemail = ""
$stats = ""
$alive = ""
$response = ""
$index = 0
$uri = [System.Uri]$url
$lastfolder = $uri.Segments[$uri.Segments.Length-1]
$lastfolder = $lastfolder -replace "/", ""
$StringBuilder = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create("MD5").ComputeHash([System.Text.Encoding]::UTF8.GetBytes($lastfolder))|%{ [Void]$StringBuilder.Append($_.ToString("x2")) }
$lastfoldermd5 = $StringBuilder.ToString()
$StringBuilder2 = New-Object System.Text.StringBuilder
[System.Security.Cryptography.HashAlgorithm]::Create("MD5").ComputeHash([System.Text.Encoding]::UTF8.GetBytes($lastfoldermd5))|%{ [Void]$StringBuilder2.Append($_.ToString("x2")) }
$lastfolderdoublemd5 = $StringBuilder2.ToString()
$statsurl = $url + "." + $lastfolderdoublemd5
$domain = $uri.Host
$savelocation = "c:\users\win732\desktop\docs\" + $domain + ".doc"
(New-Object System.Net.WebClient).DownloadFile($url, $savelocation)
$hash = (get-filehash $savelocation -algorithm md5).hash
$size = (Get-Item $savelocation).length
if($size -gt 5000) { $alive = "UP" } else {$alive = "DOWN"}
$ip = [System.Net.Dns]::GetHostAddresses($domain).IPAddressToString
$reversed = $ip -replace '^(\d+)\.(\d+)\.(\d+)\.(\d+)$','$4.$3.$2.$1.abuse-contacts.abusix.org'
$nslookup = &nslookup.exe -q=TXT $reversed
$abuseemail = [regex]::matches($nslookup,'(?<=\").+?(?=\")').value
if($abuseemail -eq "") { $abuseemail = "NONE" }
$stats = "NONE"
if($alive -eq "UP"){
$response = (Invoke-Webrequest $statsurl).RawContent
$index = $response.IndexOf("UN:")
if($index -gt 0){ $stats = $response.Substring($index) }
}
write-host $alive","$size","$url","$hash","$ip","$abuseemail","$stats
}
Subscribe to:
Posts (Atom)