API tools faq
paste
Advertisement
DePhoegon

AltDataStreamSniffer

DePhoegon
Apr 2nd, 2024 (edited)
630
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 2.39 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. # .\file_name.ps1 -excludeZone 1 15 'c'
  2. # 0 for false, 1 for True - Alot of downloaded files have it.
  3. # using '' to pass the drive letter alone
  4. param (
  5.     [bool]$excludeZone = $false,
  6.     [int]$fbfeq = [int]$args[1],
  7.     [string]$base = [string]$args[2]
  8. )
  9.  
  10. # Specify the drive or directory to search
  11. $drive = $base+":\\"
  12. $outputFile = "D:\\ADS_Report.txt"
  13. $errorFile = "D:\\ADS_Errors.txt"
  14. $counter = 0
  15.  
  16. # Initialize a queue with the base directory
  17. # Manually force to work from the starting point & work backwards, not building the directory list first, saving time.
  18. $queue = New-Object System.Collections.Queue
  19. $queue.Enqueue($drive)
  20.  
  21. while ($queue.Count -gt 0) {
  22.     # Dequeue current directory
  23.     $directory = $queue.Dequeue()
  24.  
  25.     try {
  26.         $items = Get-ChildItem -Path $directory -File -ErrorAction Stop
  27.  
  28.         foreach ($item in $items) {
  29.             $counter++
  30.             if ($counter % $fbfeq -eq 0) { Write-Output ("Processed {0} files..." -f $counter) }
  31.  
  32.             # Check if the item has an alternative data stream
  33.             $streams = Get-Item -Path $item.FullName -Stream * -ErrorAction Stop
  34.             # Excludes expected & default streams
  35.             $streamsWithoutZoneIdentifier = $streams | Where-Object { $_.Stream -ne ':' -and $_.Stream -ne ':$DATA' }
  36.             # Excludes Zone.Idenifier, if argument was true.
  37.             if ($excludeZone) { $streamsWithoutZoneIdentifier = $streamsWithoutZoneIdentifier | Where-Object { $_.Stream -ne 'Zone.Identifier' } }
  38.            
  39.  
  40.             # 0 is used, as the stream count has the ones excluded from the count already removed from this one.
  41.             if ($streamsWithoutZoneIdentifier.Count -gt 0) {
  42.                 # Outputs All streams for the file, using the non filtered stream
  43.                 $streams | ForEach-Object { Add-Content -Path $outputFile -Value ("{0} - {1}" -f $item.FullName, $_.Stream) }
  44.             }
  45.         }
  46.  
  47.         # Get all subdirectories in the current directory (non-recursively)
  48.         $subdirectories = Get-ChildItem -Path $directory -Directory -ErrorAction Stop
  49.  
  50.         # Enqueue the subdirectories
  51.         foreach ($subdirectory in $subdirectories) { $queue.Enqueue($subdirectory.FullName) }
  52.     }
  53.     catch {
  54.         # Write the error to the error file
  55.         Add-Content -Path $errorFile -Value ("Error processing '{0}': {1}" -f $directory, $_.Exception.Message)
  56.     }
  57. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!