From 3d9c87d5db8a6ee2fe60b3768c06b3ca2d8e0e01 Mon Sep 17 00:00:00 2001
From: Scott Sutherland <nullbind@users.noreply.github.com>
Date: Tue, 5 Nov 2024 17:20:52 -0600
Subject: [PATCH] Update PowerHuntShares.psm1

Added llm application guesses to share name page.
---
 PowerHuntShares.psm1 | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/PowerHuntShares.psm1 b/PowerHuntShares.psm1
index c1a6602..e6ec252 100644
--- a/PowerHuntShares.psm1
+++ b/PowerHuntShares.psm1
@@ -4,7 +4,7 @@
 #--------------------------------------
 # Author: Scott Sutherland, 2024 NetSPI
 # License: 3-clause BSD
-# Version: v1.189
+# Version: v1.190
 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. 
 function Invoke-HuntSMBShares
 {    
@@ -3741,8 +3741,22 @@ function Invoke-HuntSMBShares
             $ShareNameBars = Get-GroupNameNoBar -DataTable $ExcessiveSharePrivs -Name $ShareName -AllComputerCount $ComputerCount -AllShareCount $AllSMBSharesCount -AllAclCount $ShareACLsCount
             $ComputerBar = $ShareNameBars.ComputerBar
             $ShareBar    = $ShareNameBars.ShareBar
-            $AclBar      = $ShareNameBars.AclBar            
+            $AclBar      = $ShareNameBars.AclBar  
             
+            # Get app description from llm results  
+            if($ApiKey -and $Endpoint){  
+
+                # Get lmm fingerprint matches for sharename
+                $SnLLmMatchesRaw = $ExcessiveSharePrivsFinal |
+                Where-Object { $_.ShareName -eq "$ShareName" -and $_.ShareGuessApp -notlike "" } |
+                Select-Object ShareGuessApp -ExpandProperty ShareGuessApp -Unique
+
+                # Join the results into a comma-separated list
+                $SnLLmMatchesList = $SnLLmMatchesRaw -join ', '
+            }else{
+                $SnLLmMatchesList= "LLM lookup was not run."
+            }
+
             # Share Description
             $ShareDescriptionSample = $ExcessiveSharePrivs | where sharename -EQ "$ShareName" | where ShareDescription  -NE "" | select ShareDescription -first 1 -expandproperty ShareDescription | foreach {"<strong>Sample Description</strong><br> $_ <br><br> "}
 
@@ -4684,7 +4698,10 @@ function Invoke-HuntSMBShares
                       $ShareDescriptionSample  
                       <strong>Share Context Guess</strong><br>
                       $ShareNameListValue  
-                      <br><br>                                                            
+                      <br><br>    
+                      <strong>LLM Application Guess</strong><br>
+                      $SnLLmMatchesList  
+                      <br><br>                                                                                   
                       <a style="font-size: 10px; cursor: default;" onClick="applyFadedClassAndUpdate(cy, '$ShareName');radiobtn = document.getElementById('ShareGraph');radiobtn.checked = true;updateLabelColors('tabs', 'btnShareGraph');">View in ShareGraph</a><br>
                       <br><strong>Affected Assets</strong><br>
                       <table class="subtable">