Update Analyze-HuntSMBShares.ps1

Bug fix.
2025-05-04 19:28:42 +02:00 · 2024-09-17 12:35:38 -05:00 · 2024-09-17 12:35:38 -05:00 · cbca2188e7
commit cbca2188e7
parent 71aa800567
1 changed files with 5 additions and 5 deletions
--- a/Scripts/Analyze-HuntSMBShares.ps1
+++ b/Scripts/Analyze-HuntSMBShares.ps1
@ -5,7 +5,7 @@
 #--------------------------------------
 # Author: Scott Sutherland, 2024 NetSPI
 # License: 3-clause BSD
-# Version: v1.90
+# Version: v1.91
 # References: This script includes custom code and code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell. 
 function Analyze-HuntSMBShares
 {    
@ -3374,11 +3374,11 @@ function Analyze-HuntSMBShares
 		        $ShareNameCategoryName = $_

 		        # Get list of that sharename and category
-                $ShareNameCategoryFilesBase = $InterestingFilesAllObjects | Where ShareName -eq "$ShareName" |  where Category -eq "$ShareNameCategoryName" | select FileName
-		        $ShareNameCategoryFiles = $InterestingFilesAllObjects | Where ShareName -eq "$ShareName" |  where Category -eq "$ShareNameCategoryName" | select FileName | ForEach-Object { $ASDF = $_.FileName; "$ASDF<br>" }  | out-string
+                $ShareNameCategoryFilesBase = $InterestingFilesAllObjects | Where ShareName -eq "$ShareName" |  where Category -eq "$ShareNameCategoryName" | where FileName -notlike "" | select FileName -Unique
+		        $ShareNameCategoryFiles = $InterestingFilesAllObjects | Where ShareName -eq "$ShareName" |  where Category -eq "$ShareNameCategoryName" | select FileName -Unique | ForEach-Object { $ASDF = $_.FileName; "$ASDF<br>" }  | out-string

 		        # Get category count
-		        $ShareNameCategoryFilesCount =  $ShareNameCategoryFilesBase | measure | select count -expandproperty count 
+		        $ShareNameCategoryFilesCount =  $ShareNameCategoryFilesBase | where FileName -notlike "" | select FileName -Unique | measure | select count -expandproperty count 

 		        # Generate HTML with Category
                if($ShareNameCategoryFilesCount -ne 0){
@ -3394,7 +3394,7 @@ function Analyze-HuntSMBShares
 	        }

            # Get total for interesting files for target share name
-	        $ShareNameInterestingFilesCount = $InterestingFilesAllObjects | Where ShareName -eq "$ShareName" | measure | select count -expandproperty count 
+	        $ShareNameInterestingFilesCount = $InterestingFilesAllObjects | Where ShareName -eq "$ShareName" | select filename -Unique | measure | select count -expandproperty count 
            if($ShareNameInterestingFilesCount -gt 0){
                $ShareRowCountInteresting = "Yes"
            }else{