E. Power Response Framework Functions - Asymmetric-InfoSec/Power-Response GitHub Wiki

The following framework level functions are available for use in all plugins:

Writing errors, warnings, and messages

Write-PRHost

Description: Performs a Write-Host to console and logs message

Parameters:

  • [String]$Message -> The string that will be used in Write-Message and the log entry

Write-PRWarning

Description: Performs a Write-Warning and logs warning message

Parameters:

  • [String]$Message -> The string that will be used in Write-Message and the log entry

Write-PRError

Description: Performs a Write-Error and logs error message

Parameters:

  • [String]$Message -> The string that will be used in Write-Message and the log entry

Invoking Plugins within Plugins (Plugin-Ception)

Invoke-PRPlugin

Description: Invokes a plugin within another plugin

Parameters:

[Parameter(Mandatory=$true,ParameterSetName='Path')]

  • [String]$Path -> The path to the plugin that you will invoke

[Parameter(Mandatory=$true,ParameterSetName='Name')]

  • [String]$Name -> The name of the plugin that you will invoke

Both Parameter Sets

  • [Alias('ScopeName')] [String]$HuntName -> Allows an invoked plugin's output to be stored in a directory specified in this parameter versus the default ComputerName directory

Native Remote File Copy (Handles Locked Files)

Copy-PRItem

Description: A copy function used for copying files from remote machines

Parameters:

  • [String[]]$Path -> The target files that will be copied by the function
  • [String]$Destination -> The destination for where files from $Path will be copied to

Writing output files

Out-PRFile

Description: Captures output sent to the console and organizes it based on the output types selected in Power-Response

Parameters:

  • [PSObject]$InputObject -> Retrieved from pipeline, this is the data that is stored in the output file
  • [String]$ComputerName -> The name of the computer that the data is coming from
  • [String]$Plugin -> The name of the plugin that the data is being collected from
  • [String[]]$OutputType -> The output type as specified in Power-Response
  • [String]$Directory -> The directory that is used to derive the full path of the output
  • [String]$Append -> String to append to the end of the output file name

Getting Power-Response Specific Paths

Get-PRPath

Description: Allows plugins to reference Power-Response specific paths in plugins without explicit path definitions

Parameters:

[Parameter(ParameterSetName='Bin')]

  • [Switch]$Bin -> References the Power-Response Bin directory

[Parameter(ParameterSetName='Logs')]

  • [Switch]$Logs -> References the Power-Response Logs directory

[Parameter(ParameterSetName='Output')]

  • [Switch]$Output -> References the Power-Response Output directory

[Parameter(ParameterSetName='Plugins')]

  • [Switch]$Plugins -> References the Power-Response Plugin directory

[Parameter(ParameterSetName='Output-Specific',Mandatory=$true)]

  • [String]$ComputerName -> References a specific ComputerName subdirectory in the Output directory (Has aliases of HuntName and ScopeName)
  • [String]$Plugin -> References the default plugin output path for a specific plugin
  • [String]$Directory -> Allows a user to specify an explicit directory in the output path