-
Notifications
You must be signed in to change notification settings - Fork 7
/
tentools.psm1
83 lines (69 loc) · 4.42 KB
/
tentools.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
$script:ModuleRoot = $PSScriptRoot
function Import-ModuleFile {
[CmdletBinding()]
Param (
[string]
$Path
)
if ($doDotSource) { . $Path }
else { $ExecutionContext.InvokeCommand.InvokeScript($false, ([scriptblock]::Create([io.file]::ReadAllText($Path))), $null, $null) }
}
# Detect whether at some level dotsourcing was enforced
if ($acas_dotsourcemodule) { $script:doDotSource }
# Import all internal functions
foreach ($function in (Get-ChildItem "$ModuleRoot\private\" -Filter "*.ps1" -Recurse -ErrorAction Ignore)) {
. Import-ModuleFile -Path $function.FullName
}
# Import all public functions
foreach ($function in (Get-ChildItem "$ModuleRoot\public" -Filter "*.ps1" -Recurse -ErrorAction Ignore)) {
. Import-ModuleFile -Path $function.FullName
}
if ( -not (Test-Path variable:Script:NessusConn )) {
$script:NessusConn = New-Object System.Collections.ArrayList
}
# Variables
$script:permidenum = @{
16 = 'Read-Only'
32 = 'Regular'
64 = 'Administrator'
128 = 'Sysadmin'
}
$script:permenum = @{
'Read-Only' = 16
'Regular' = 32
'Administrator' = 64
'Sysadmin' = 128
}
$script:severity = @{
0 = 'Info'
1 = 'Low'
2 = 'Medium'
3 = 'High'
4 = 'Critical'
}
# to help switch between Nessus and tenable.sc
$script:replace = @{
users = 'user'
folders = 'folder'
groups = 'group'
scans = 'scan'
}
$script:querytool = @{
Alert = "alertName", "createdEndTime", "createdStartTime", "createdTimeFrame", "description", "didTriggerLastEvaluation", "lastEvaluatedEndTime", "lastEvaluatedStartTime", "lastEvaluatedTimeFrame", "lastTriggeredEndTime", "lastTriggeredStartTime", "lastTriggeredTimeFrame", "modifiedEndTime", "modifiedStartTime", "modifiedTimeFrame"
Lce = "listdata", "sumasset", "sumclassa", "sumclassb", "sumclassc", "sumdate", "sumevent", "sumevent2", "sumip", "sumport", "sumprotocol", "sumsensor", "sumtime", "sumtype", "sumuser", "syslog", "timedist"
Mobile = "listvuln", "sumdeviceid", "summdmuser", "summodel", "sumoscpe", "sumpluginid", "vulndetails"
Ticket = "listtickets", "sumassignee", "sumclassification", "sumcreator", "sumstatus"
User = "listusers", "sumgroup", "sumrole"
Vulnerability = "iplist", "listmailclients", "listos", "listservices", "listsoftware", "listsshservers", "listvuln", "listwebclients", "listwebservers", "sumasset", "sumcce", "sumclassa", "sumclassb", "sumclassc", "sumcve", "sumdnsname", "sumfamily", "sumiavm", "sumid", "sumip", "summsbulletin", "sumport", "sumprotocol", "sumremediation", "sumseverity", "sumuserresponsibility", "vulndetails", "vulnipdetail", "vulnipsummary"
}
$script:origin = New-Object -Type DateTime -ArgumentList 1970, 1, 1, 0, 0, 0, 0
$PSDefaultParameterValues['*:UseBasicParsing'] = $true
$PSDefaultParameterValues['*:TimeoutSec'] = 300
Register-ArgumentCompleter -ParameterName Tool -CommandName New-TNQuery -ScriptBlock {
param($Command, $Parameter, $WordToComplete, $CommandAst, $FakeBoundParams)
$list = "alertName", "createdEndTime", "createdStartTime", "createdTimeFrame", "description", "didTriggerLastEvaluation", "lastEvaluatedEndTime", "lastEvaluatedStartTime", "lastEvaluatedTimeFrame", "lastTriggeredEndTime", "lastTriggeredStartTime", "lastTriggeredTimeFrame", "modifiedEndTime", "modifiedStartTime", "modifiedTimeFrame", "listdata", "sumasset", "sumclassa", "sumclassb", "sumclassc", "sumdate", "sumevent", "sumevent2", "sumip", "sumport", "sumprotocol", "sumsensor", "sumtime", "sumtype", "sumuser", "syslog", "timedist", "listvuln", "sumdeviceid", "summdmuser", "summodel", "sumoscpe", "sumpluginid", "vulndetails", "listtickets", "sumassignee", "sumclassification", "sumcreator", "sumstatus", "listusers", "sumgroup", "sumrole", "iplist", "listmailclients", "listos", "listservices", "listsoftware", "listsshservers", "listvuln", "listwebclients", "listwebservers", "sumasset", "sumcce", "sumclassa", "sumclassb", "sumclassc", "sumcve", "sumdnsname", "sumfamily", "sumiavm", "sumid", "sumip", "summsbulletin", "sumport", "sumprotocol", "sumremediation", "sumseverity", "sumuserresponsibility", "vulndetails", "vulnipdetail", "vulnipsummary"
$list | Where-Object { $PSItem -like "$WordToComplete*" } | Select-Object -Unique | Sort-Object | ForEach-Object {
[System.Management.Automation.CompletionResult]::new($PSItem, $PSItem, "ParameterName", $PSItem)
}
}
# | Where-Object $PSItem -like "$WordToComplete*"