PSHunt is divided into several modules, functions, and folders. The below gives an outline of the grouping of these functions and upcoming posts will describe how how to use them with examples and screenshots.
Discovery functions and cmdlets are used to identify hosts on the network and build a target list that can be ingested by the scanners and survey deployment cmdlets.
Scans are modular queries that take in a remote ComputerName argument and output a Powershell object. The utility
Invoke-HuntScan is used to initiate the selected scan against your target list.
Surveys are scripts that are deployed to remote hosts to collect comprehensive information from the host. Running locally allows the scripts to dig deeper into the operating system than what remote WMI or registry queries normally allow.
Utility functions provide the base functionality for deployment and execution of surveys and scans.
There are two types of analysis functions:
Survey Analysis functions provide the framework for analysing and displaying survey and scan results.
File Analysis File Analysis functions are a set of utilities to analyze files and malware.
Libraries are 3rd party tools that have been incorporated to enable additional analysis or are other projects (i.e. Posh-VirusTotal) that are utilized by the framework.
Reputation lists include hashes from the NIST NSRL Database, baselined virtual machines provided by Infocyte, and also is updated with any VirusTotal submission made using PSHunt's
Get-VTReport. These lists are loaded into a global memory variable by
Initialize-HuntReputation and is compared against by