From 16543b558dd62fa37d35f734f560f2842c03bf84 Mon Sep 17 00:00:00 2001
From: Scott Sutherland <nullbind@users.noreply.github.com>
Date: Sat, 1 Jun 2024 13:39:59 -0500
Subject: [PATCH] Update PowerHuntShares.psm1

Added folder group counts (directory list hashes)  to the "Top Share Names" summary dashboard to better understand the distribution of unique folder lists.
---
 PowerHuntShares.psm1 | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/PowerHuntShares.psm1 b/PowerHuntShares.psm1
index 7af708e..686972b 100644
--- a/PowerHuntShares.psm1
+++ b/PowerHuntShares.psm1
@@ -4,7 +4,7 @@
 #--------------------------------------
 # Author: Scott Sutherland, 2024 NetSPI
 # License: 3-clause BSD
-# Version: v1.36
+# Version: v1.37
 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. 
 function Invoke-HuntSMBShares
 {    
@@ -37,7 +37,7 @@ function Invoke-HuntSMBShares
               o Enumerate SMB shares                                        
               o Enumerate SMB share permissions                             
               o Identify shares with potentially excessive privileges      
-              o Identify shares that provide reads & write access           
+              o Identify shares that provide read or write access           
               o Identify shares thare are high risk                         
               o Identify common share owners, names, & directory listings   
               o Generate last written & last accessed timelines             
@@ -224,7 +224,7 @@ function Invoke-HuntSMBShares
         Write-Output "  o Enumerate SMB shares                                        "
         Write-Output "  o Enumerate SMB share permissions                             "
         Write-Output "  o Identify shares with potentially excessive privielges       "
-        Write-Output "  o Identify shares that provide reads & write access           "                     
+        Write-Output "  o Identify shares that provide read or write access           "                     
         Write-Output "  o Identify shares thare are high risk                         "
         Write-Output "  o Identify common share owners, names, & directory listings   "
         Write-Output "  o Generate last written & last accessed timelines             "
@@ -1607,7 +1607,8 @@ function Invoke-HuntSMBShares
             $ComputerBar = $ShareNameBars.ComputerBar
             $ShareBar = $ShareNameBars.ShareBar
             $AclBar = $ShareNameBars.AclBar
-            $ShareFolderGroupList = $ExcessiveSharePrivs|where sharename -like "$ShareName" | select filelistgroup -Unique | select filelistgroup -ExpandProperty filelistgroup
+            #$ShareFolderGroupList = $ExcessiveSharePrivs | where sharename -like "$ShareName" | select filelistgroup -Unique | select filelistgroup -ExpandProperty filelistgroup
+            $ShareFolderGroupList  = $ExcessiveSharePrivs | where sharename -EQ "$ShareName"   | Group-Object FileListGroup   | sort count -Descending | select count, name | foreach { $fdcount = $_.count; $fdname = $_.name;Write-Output "$fdcount $fdname<Br>"}
             $ThisRow = @" 
 	          <tr>
 	          <td>