| external help file | Module Name | online version | schema |
|---|---|---|---|
PowerSponse-help.xml |
PowerSponse |
2.0.0 |
Find files on remote host based on simple wildcards or with regex. Use the command against one or multiple hosts.
Find-File [[-ComputerName] <String[]>] [[-ComputerList] <String>] [[-Method] <String>]
[[-Session] <PSSession[]>] [[-Credential] <PSCredential>] [[-Path] <String>] [-Recurse] [[-Regex] <String>]
[-WhatIf] [-Confirm] [<CommonParameters>]
Find files on remote host based on simple wildcards or with regex. Use the command against one or multiple hosts.
PS C:\> Find-File -ComputerName host1 -Path C:\users\*\*.exeSearch for .exe files within the users profile folder.
PS C:\> $ret = find-file -Path C:\Users\username\appdata\ -Regex "\d{6}.exe" -Recurse
PS C:\> $ret
PS C:\> $ret | select -ExpandProperty reasonSearch for files with given regex in all AppData subfolders on localhost.
PS C:\> Find-File -Path C:\Users\*\ -Recurse -Regex "\\(.*)\\(\1)\.exe" | select -ExpandProperty reasonSearch for files with given regex using backreference (name of exe is the same as the parent folder) in all user folders on localhost. Emotet names its binaries like the folder namne in AppData. However, there are many legitimate tools with this... so that's not an unique indicator.
List of target computers in a text file
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseTarget computer
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseCredentials used on remote host
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseCurrently not used. Only WinRM is implemented.
Type: String
Parameter Sets: (All)
Aliases:
Accepted values: WinRM
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSearch path for files.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseRecursive search
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseRegex pattern for file path
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePowerShell session
Type: PSSession[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).