lolbins.psm1

# This function loads the JSON data from a file
function Import-LOLBASData {
    param (
        [string]$Path
    )
    $json = Get-Content -Path $Path -Raw | ConvertFrom-Json
    return $json
}

# This function retrieves detailed information about a specific LOLBIN
function Get-LOLBINDetail {
    param (
        [Parameter(Mandatory=$true)]
        [string]$LOLBINName,
        [Parameter(ValueFromPipeline=$true)]
        $LOLBASData = $LOLBASData
    )
    $LOLBIN = $LOLBASData | Where-Object { $_.Name -eq $LOLBINName }
    return $LOLBIN
}

function Find-LOLBINCommandsByProperty {
    param (
        [Parameter(Mandatory=$true)]
        [string]$PropertyName,
        [Parameter(Mandatory=$true)]
        [string]$PropertyValue,
        [Parameter(ValueFromPipeline=$true)]
        $LOLBASData
    )
    
    $filteredCommands = @()
    foreach ($entry in $LOLBASData) {
        # Filter commands by any property
        $commands = $entry.Commands | Where-Object { $_.$PropertyName -eq $PropertyValue }
        if ($commands) {
            foreach ($command in $commands) {
                # Construct a custom object for better readability
                $obj = [PSCustomObject]@{
                    Name            = $entry.Name
                    Command         = $command.Command
                    Description     = $command.Description
                    Usecase         = $command.Usecase
                    Category        = $command.Category
                    Privileges      = $command.Privileges
                    MitreID         = $command.MitreID
                    OperatingSystem = $command.OperatingSystem
                }
                $filteredCommands += $obj
            }
        }
    }
    
    return $filteredCommands
}

function Get-LOLBINFilePaths {
    param (
        [Parameter(ValueFromPipeline=$true)]
        $LOLBASData
    )
    
    $filePathCollection = @()
    foreach ($entry in $LOLBASData) {
        # Check if Full_Path property exists and is not empty
        if ($entry.Full_Path) {
            foreach ($path in $entry.Full_Path) {
                # Construct a custom object for better readability
                $obj = [PSCustomObject]@{
                    Name       = $entry.Name
                    FullPath   = $path.Path
                }
                $filePathCollection += $obj
            }
        }
    }
    
    return $filePathCollection
}

function Test-LOLBINFilePathExistence {
    param (
        [Parameter(ValueFromPipeline=$true)]
        $LOLBINFilePaths
    )
    
    $existingPaths = @()
    foreach ($item in $LOLBINFilePaths) {
        if (Test-Path -Path $item.FullPath) {
            # If the path exists, add it to the collection
            $existingPaths += $item
        }
    }
    
    return $existingPaths
}

$path = "$PsScriptRoot\lolbas.json"

function Invoke-LOLBINAnalysis {
    # Load LOLBAS data
    $LOLBASData = Import-LOLBASData -Path $path

    # Get all file paths for LOLBINs
    $LOLBINFilePaths = Get-LOLBINFilePaths -LOLBASData $LOLBASData

    # Verify which paths exist and store them in a new object
    $ExistingLOLBINPaths = Test-LOLBINFilePathExistence -LOLBINFilePaths $LOLBINFilePaths

    Return $LOLBASData, $ExistingLOLBINPaths
}

$LOLBASData, $ExistingLOLBINPaths = Invoke-LOLBINAnalysis