Infector-API/Infector-API.psm1 at main · lpowell/Infector-API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
<#
Infector API Module

This module is a PowerShell wrapper for the Infector API.

Connect-InfectorAPI must be called at the beginning of a session. See Infector API documentation for more information on sessions.

This module expects that you are capturing output into a variable. For example, some cmdlets output JSON arrays that will need to be manually expanded.

Sample Usage:

    PS> $result = Send-InfectorAPI nmap 8.8.8.8
    PS> $result | Format-List *


Each endpoint has an associated PoSh cmdlet. Most cmdlets take 2 arguments. A resource to interact with and a content variable to send to the API.
I'd like to change this at some point and group cmdlets by resource instead of endpoint. For now, the system works though.

#>

# This function will hit the auth login endpoint and store the API key and expire time in a JSON file.
# At some point, I might update this to make it store the values in the registry.
function Connect-InfectorAPI {
    <#
    .SYNOPSIS
    Infector API Authentication

    .DESCRIPTION
    This module is used to authenticate with the Infector API. It Generates an API key that is stored in the API local database. This key is then used throughout the session to authenticate to resources. A key is only generated when a valid account is logged on.

    .PARAMETER username
    The username to log in with.

    .EXAMPLE
    Connect-InfectorAPI -username contoso

    .EXAMPLE
    Connect-InfectorAPI contoso

    .EXAMPLE
    Connect-InfectorAPI

    #>
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $username = ""
    )

    if($username -eq ""){
        $username = Read-Host "Enter your username"
    }
    $Password = Read-Host -AsSecureString "Password for user ($username)"

    $body = @{
        "username"=$username;
        "password"=$(ConvertFrom-SecureString -AsPlainText $Password)
    }

    try{

        $response = Invoke-RestMethod -Uri "http://<server>/auth/login" -Body ($body | ConvertTo-Json) -ContentType "application/json" -Method POST

        # Write-Host "Using API Key $($response.api_key)"

        $content = $response | ConvertTo-Json

        try {
            [System.IO.File]::WriteAllLines($env:APPDATA+"\Infector API\current_key.json",$content)
        }catch [System.IO.DirectoryNotFoundException]{
            New-Item -ItemType Directory -Path $env:APPDATA"\Infector API"
            [System.IO.File]::WriteAllLines($env:APPDATA+"\Infector API\current_key.json",$content)
        }catch{
            Write-Host "Something went wrong when saving the API key"
            Write-Host -ForegroundColor Red "$($_.exception)"
        }

    }catch {
        return "Something went wrong. Does the user exist?"
    }

    return "Successfully connected! Session keys expire at $((Get-Date).AddSeconds(1800))"

}


# This function is used to get the current API key and test that it is still valid.
# Sometimes doesn't work /shrug
function Read-InfectorKey {
    $json = Get-Content $env:APPDATA"\Infector API\current_key.json" -raw | ConvertFrom-Json

    [datetime]$origin = '1970-01-01 00:00:00'
    $origin = $origin.AddSeconds($json.expire_time)

    if(([datetime]::Now) -gt ($origin)){
        return "API Key needs to be refreshed. Sign back in with Connect-InfectorAPI."
    }else{
        return $json.api_key
    }

}

# This function hits scanner resources and parses them accordingly.
function Send-InfectorAPI {
        <#
    .SYNOPSIS
    Infector API Scanner functions

    .DESCRIPTION
    This module is used to send data to the Infector API for further scanning. See the InfectorAPI documentation for more information.

    .PARAMETER resource
    The resource to scan.
    Currently:
        - nmap
        - shodan
        - virustotal

    .PARAMETER content
    The item to scan (IP, Hash, Domain)

    .EXAMPLE
    Send-InfectorAPI -resource virustotal -content 8.8.8.8

    .EXAMPLE
    Send-InfectorAPI virustotal 8.8.8.8

    .EXAMPLE
    Send-InfectorAPI

    #>
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $resource,
        [Parameter(ValueFromPipeline=$true)]
        [string]
        $content
    )

    if(!$resource){
        $resource = Read-Host "Enter the resource"
        $content = Read-Host "Enter the content"
    }
    # Get API key
    $key = Read-InfectorKey

    $body = @{
        "api_key"=$key;
        "content"=$content
    } | ConvertTo-Json

    try{
        $response = Invoke-RestMethod "http://<server>/scanner/$resource" -body $body -ContentType "application/json" | Select-Object -ExpandProperty response
    }catch {
        if($_.Exception.Response.StatusCode.value__  -eq 401){
            return "You need to refresh your API key. Please use Connect-InfectorAPI."
        }
    }

    try {
        $response = $response | ConvertFrom-Json
    }
    catch {
        $response = $response.replace("/n","`n")
    }

    $response
}

# This function hits convert resources and outputs the decoded values.
function Convert-InfectorAPI {
    <#
    .SYNOPSIS
    Infector API Conversion functions

    .DESCRIPTION
    This module is used to send data to the Infector API for conversion. See the InfectorAPI documentation for more information.

    .PARAMETER resource
    The resource to scan.
    Currently:
        - base64

    .PARAMETER content
    The string to convert.

    .EXAMPLE
    Convert-InfectorAPI -resource base64 -content string

    .EXAMPLE
    Convert-InfectorAPI base64 string


    #>
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $resource,
        [Parameter(ValueFromPipeline=$true)]
        [string]
        $content
    )
    if(!$resource){
        return "$(Get-Help Convert-InfectorAPI)"
    }
    # Get API key
    $key = Read-InfectorKey

    $body = @{
        "api_key"=$key;
        "content"=$content
    } | ConvertTo-Json

    try{
        $response = Invoke-RestMethod "http://<server>/convert/$resource" -body $body -ContentType "application/json" | Select-Object -ExpandProperty response
    }catch {
        if($_.Exception.Response.StatusCode.value__  -eq 401){
            return "You need to refresh your API key. Please use Connect-InfectorAPI."
        }
    }

    Write-Host $response

}

# This function interfaces with operational resources and displays them in the browser. Kind of neat.
function Get-InfectorAPI {
            <#
    .SYNOPSIS
    Infector API Operational functions

    .DESCRIPTION
    This module is used to get operational information on the Infector API. See the Infector API documentation for more information.

    .PARAMETER resource
    The resource to get.
    Currently:
        - list
        - expire-time

    .EXAMPLE
    Get-InfectorAPI -resource list

    .EXAMPLE
    Get-InfectorAPI list

    #>
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $resource
    )
    if(!$resource){
        return "$(Get-Help Get-InfectorAPI)"
    }
    # Get API key
    $key = Read-InfectorKey

    $body = @{
        "api_key"=$key;
    } | ConvertTo-Json

    try{
        $response = Invoke-RestMethod "http://<server>/operational/$resource" -body $body -ContentType "application/json" | Select-Object -ExpandProperty response
    }catch {
        if($_.Exception.Response.StatusCode.value__  -eq 401){
            return "You need to refresh your API key. Please use Connect-InfectorAPI."
        }
        Write-Host "HTTP Error $($_.Exception.Response.StatusCode.value__)"
    }

    if($response.contains("html")){
        Set-MarkdownOption -Theme Dark
        $response | Show-Markdown -UseBrowser
    }else{
        $Time = (Get-Date -UnixTimeSeconds $response) - (Get-Date)
        if($Time.minutes -ge 0){
            Write-Host "Key expires in $($time.Minutes) minutes!"
        }else{
            Write-Host "Key expired! Use Connect-InfectorAPI to refresh. "
        }
    }

}

# This function interfaces with the testing endpoint.
function Test-InfectorAPI {
        <#
    .SYNOPSIS
    Infector API testing functions

    .DESCRIPTION
    This module is used to test the API connection. See the InfectorAPI documentation for more information.

    .PARAMETER resource
    The resource to scan.
    Currently:
        - hello_world

    .EXAMPLE
    Test-InfectorAPI -resource hello_world

    .EXAMPLE
    Test-InfectorAPI hello_world

    #>
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $resource
    )

    # Get API key
    $key = Read-InfectorKey

    $body = @{
        "api_key"=$key;
    } | ConvertTo-Json

    try{
        $response = Invoke-RestMethod "http://<server>/testing/$resource" -body $body -ContentType "application/json" | Select-Object -ExpandProperty response
    }catch {
        if($_.Exception.Response.StatusCode.value__  -eq 401){
            return "You need to refresh your API key. Please use Connect-InfectorAPI."
        }
    }

    $response
}

function Invoke-InfectorAPI {
<#
    .SYNOPSIS
    Infector API testing functions

    .DESCRIPTION
    This module is used to test the API connection. See the InfectorAPI documentation for more information.

    .PARAMETER resource
    The resource to scan.
    Currently:
        - hello_world

    .EXAMPLE
    Test-InfectorAPI -resource hello_world

    .EXAMPLE
    Test-InfectorAPI hello_world

#>
    [CmdletBinding()]
    param (
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $resource,
        [Parameter(ValueFromPipeline=$true)]
        [String]
        $content
    )
    if(!$resource){
        return (Get-Help Invoke-InfectorAPI)
    }

    # Get API key
    $key = Read-InfectorKey

    $body = @{
        "api_key"=$key;
        "content"=$content
    } | ConvertTo-Json

    try{
        $response = Invoke-RestMethod "http://<server>/endpoint/$resource" -body $body -ContentType "application/json" | Select-Object -ExpandProperty response
    }catch {
        if($_.Exception.Response.StatusCode.value__  -eq 401){
            return "You need to refresh your API key. Please use Connect-InfectorAPI."
        }
    }
    $response

}
Export-ModuleMember -function Connect-InfectorAPI, Send-InfectorAPI, Convert-InfectorAPI, Get-InfectorAPI, Test-InfectorAPI, Invoke-InfectorAPI