jblu/globalscape
1
0
Fork 0
mirror of https://github.com/jonbranan/globalscape.git synced 2024-10-19 21:47:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
master
globalscape/powershell/stake_out.ps1

102 lines
3.6 KiB
PowerShell
Raw Permalink Normal View History

adding all the existing scripts
2022-04-27 14:05:07 -05:00
<#
.SYNOPSIS
Data collection using tools such Procmon, Procdump and Wireshark
.DESCRIPTION
This script enables an admnistrator to collect data on their server at times when they are unable to observe the issue live.
.DISCLAIMER
This script is provided without warranty. Globalscape/Helpsystems does not assume any liability for unintended functionality as a result of this script.
.VERSION
1.0
1.1 Added wireshark portable and set procmon to close itself. Also removed /nofilter in procmon.
.AUTHOR
Jonathan Branan jbranan@globalscape.com jonathan.branan@helpsystems.com
#>
#------------------------------------------------------------
# Main Variables
#------------------------------------------------------------
$working_drive = 'c:'
$working_directory = 'C:\Users\jbranan\Desktop\scripts\stake_out'
$total_time = 20
#------------------------------------------------------------
# Procmon related variables
#------------------------------------------------------------
$procmon_filename = 'log.pml'
#------------------------------------------------------------
# Wireshark related variables
#------------------------------------------------------------
$wireshark_filename = 'capture.pcapng'
$wireshark_drive = 'c:'
$wireshark_location = 'C:\Users\jbranan\Desktop\scripts\stake_out\WiresharkPortable'
$wireshark_filter = 'host 192.168.102.10'
$total_wireshark_time = $total_time + 15
#------------------------------------------------------------
# Procdump related variables
#------------------------------------------------------------
$take_service_dumps = $false
$take_gui_dumps = $false
$number_of_dumps = 3
$total_procdump_time = 60
$total_procdump_time_close = $total_procdump_time + 15
#------------------------------------------------------------
# Procmon blocks
#------------------------------------------------------------
Start-Job -Name procmon -ScriptBlock {
$using:working_drive
cd $using:working_directory"\procmon"
./procmon.exe /accepteula /Quiet /BackingFile $using:working_directory"\dumps\"$using:procmon_filename /Minimized /Runtime $using:total_time
}
#Start-Job -Name kill-procmon -ScriptBlock {
#sleep -Seconds $using:total_time
#
#taskkill /IM "Procmon64.exe" /F
#Stop-Job -Name procmon
#exit
#}
#------------------------------------------------------------
# Wireshark blocks
#------------------------------------------------------------
Start-Job -Name wireshark -ScriptBlock {
$using:wireshark_drive
cd $using:wireshark_location
./WiresharkPortable -k -i Ethernet0 -f "$using:wireshark_filter" -a duration:$using:total_time -w $using:working_directory"\dumps\"$using:wireshark_filename
}
Start-Job -Name kill-wireshark -ScriptBlock {
sleep -Seconds $using:total_wireshark_time
taskkill /IM "Wireshark.exe" /F
Stop-Job -Name wireshark
exit
}
#------------------------------------------------------------
# Procdump blocks
#------------------------------------------------------------
#
if ($take_service_dumps) {
Start-Job -Name procdump_EFT_service -ScriptBlock {
$using:working_drive
cd $using:working_directory"\procdump"
./procdump.exe -n $using:number_of_dumps -s $using:total_procdump_time -ma cftpstes.exe $using:working_directory"\dumps" -accepteula
timeout /T $using:total_procdump_time_close
exit
}
}
if ($take_gui_dumps) {
Start-Job -Name procdump_gui_service -ScriptBlock {
$using:working_drive
cd $using:working_directory"\procdump"
./procdump.exe -n $using:number_of_dumps -s $using:total_procdump_time -ma cftpsai.exe $using:working_directory"\dumps" -accepteula
timeout /T $using:total_procdump_time_close
exit
}
}
Reference in New Issue Copy Permalink