lolbins

0.0.2

lolbins.psm1

                                # This function loads the JSON data from a file

function Get-LOLBASData {

    param (

        [string]$Path

    )

    $json = Get-Content -Path $Path -Raw | ConvertFrom-Json

    return $json

}

# This function retrieves detailed information about a specific LOLBIN

function Get-LOLBINDetails {

    param (

        [Parameter(Mandatory=$true)]

        [string]$LOLBINName,

        [Parameter(ValueFromPipeline=$true)]

        $LOLBASData = $LOLBASData

    )

    $LOLBIN = $LOLBASData | Where-Object { $_.Name -eq $LOLBINName }

    return $LOLBIN

}

function Get-CommandsByProperty {

    param (

        [Parameter(Mandatory=$true)]

        [string]$PropertyName,

        [Parameter(Mandatory=$true)]

        [string]$PropertyValue,

        [Parameter(ValueFromPipeline=$true)]

        $LOLBASData

    )

    $filteredCommands = @()

    foreach ($entry in $LOLBASData) {

        # Filter commands by any property

        $commands = $entry.Commands | Where-Object { $_.$PropertyName -eq $PropertyValue }

        if ($commands) {

            foreach ($command in $commands) {

                # Construct a custom object for better readability

                $obj = [PSCustomObject]@{

                    Name            = $entry.Name

                    Command         = $command.Command

                    Description     = $command.Description

                    Usecase         = $command.Usecase

                    Category        = $command.Category

                    Privileges      = $command.Privileges

                    MitreID         = $command.MitreID

                    OperatingSystem = $command.OperatingSystem

                }

                $filteredCommands += $obj

            }

        }

    }

    return $filteredCommands

}

function Get-LOLBINFilePaths {

    param (

        [Parameter(ValueFromPipeline=$true)]

        $LOLBASData

    )

    $filePathCollection = @()

    foreach ($entry in $LOLBASData) {

        # Check if Full_Path property exists and is not empty

        if ($entry.Full_Path) {

            foreach ($path in $entry.Full_Path) {

                # Construct a custom object for better readability

                $obj = [PSCustomObject]@{

                    Name       = $entry.Name

                    FullPath   = $path.Path

                }

                $filePathCollection += $obj

            }

        }

    }

    return $filePathCollection

}

function Verify-LOLBINFilePaths {

    param (

        [Parameter(ValueFromPipeline=$true)]

        $LOLBINFilePaths

    )

    $existingPaths = @()

    foreach ($item in $LOLBINFilePaths) {

        if (Test-Path -Path $item.FullPath) {

            # If the path exists, add it to the collection

            $existingPaths += $item

        }

    }

    return $existingPaths

}

$path = "$PsScriptRoot\lolbas.json"

function lolbinMain{

    # Load LOLBAS data

    $LOLBASData = Get-LOLBASData -Path $path

    # Get all file paths for LOLBINs

    $LOLBINFilePaths = Get-LOLBINFilePaths -LOLBASData $LOLBASData

    # Verify which paths exist and store them in a new object

    $ExistingLOLBINPaths = Verify-LOLBINFilePaths -LOLBINFilePaths $LOLBINFilePaths

    Return $LOLBASData,$ExistingLOLBINPaths

}

$LOLBASData,$ExistingLOLBINPaths = lolbinMain