external help file | Module Name | online version | schema |
---|---|---|---|
PowerSponse-help.xml |
PowerSponse |
2.0.0 |
Find files on remote host based on simple wildcards or with regex. Use the command against one or multiple hosts.
Find-File [[-ComputerName] <String[]>] [[-ComputerList] <String>] [[-Method] <String>]
[[-Session] <PSSession[]>] [[-Credential] <PSCredential>] [[-Path] <String>] [-Recurse] [[-Regex] <String>]
[-WhatIf] [-Confirm] [<CommonParameters>]
Find files on remote host based on simple wildcards or with regex. Use the command against one or multiple hosts.
PS C:\> Find-File -ComputerName host1 -Path C:\users\*\*.exe
Search for .exe files within the users profile folder.
PS C:\> $ret = find-file -Path C:\Users\username\appdata\ -Regex "\d{6}.exe" -Recurse
PS C:\> $ret
PS C:\> $ret | select -ExpandProperty reason
Search for files with given regex in all AppData subfolders on localhost.
PS C:\> Find-File -Path C:\Users\*\ -Recurse -Regex "\\(.*)\\(\1)\.exe" | select -ExpandProperty reason
Search for files with given regex using backreference (name of exe is the same as the parent folder) in all user folders on localhost. Emotet names its binaries like the folder namne in AppData. However, there are many legitimate tools with this... so that's not an unique indicator.
List of target computers in a text file
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Target computer
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Credentials used on remote host
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Currently not used. Only WinRM is implemented.
Type: String
Parameter Sets: (All)
Aliases:
Accepted values: WinRM
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Search path for files.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Recursive search
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Regex pattern for file path
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
PowerShell session
Type: PSSession[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).