-
Notifications
You must be signed in to change notification settings - Fork 161
Pillage Modules
This module uses the Graph search API to search for specific terms in emails and allows the user to download them including attachments.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
SearchTerm - The term you want to search for in the mailbox
MessageCount - The amount of messages returned in the search results (default = 25)
OutFile - File to output a list of emails to
PageResults - Enables paging to page through results
Invoke-SearchMailbox -Tokens $tokens -SearchTerm "password" -MessageCount 40This module uses the Graph search API to search for specific terms in all SharePoint and OneDrive drives available to the logged in user. It prompts the user which files they want to download.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
SearchTerm - The term you want to search for. This accepts KQL queries so you can use terms like "filetype", "content", and more.
ResultCount - The amount of files returned in the search results (default = 25)
PageResults - Using paging it will return all possible results for a search term
Invoke-SearchSharePointAndOneDrive -Tokens $tokens -SearchTerm 'password AND filetype:xlsx'This module uses the Substrate search API to search for specific terms in Teams channels visible to the logged in user.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
SearchTerm - The term you want to search for in Teams messages
ResultSize - The amount of messages returned in the search results (default = 50)
OutFile - File to output the results of the search to
Invoke-SearchTeams -Tokens $tokens -SearchTerm "password" -ResultSize 100This module will query user attributes from the directory and search through them for a specific term.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
SearchTerm - The term you want to search across user attributes
Invoke-SearchUserAttributes -Tokens $tokens -SearchTerm "password"This module will pull the latest emails from the inbox of a particular user. NOTE: This is the module you want to use if you are reading mail from a shared mailbox.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
userid - Email address of the mailbox you want to read
TotalMessages - Default is 25, Max is 1000
OutFile - File to output the results to
Get-Inbox -Tokens $tokens -userid deckard@tyrellcorporation.io -TotalMessages 50 -OutFile emails.csvThis module downloads full Teams chat conversations. It will prompt to either download all conversations for a particular user or if you want to download individual conversations using a chat ID. This modules requires that you have a token scoped to Chat.ReadBasic, Chat.Read, or Chat.ReadWrite.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
Get-TeamsChat -Tokens $tokens If you want to download individual files from SharePoint and OneDrive you can use the DriveID & ItemID output with the Invoke-SearchSharePointAndOneDrive module.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
DriveItemIDs - A combined value of the drive ID and item ID separated by a colon like this: "b!wDDN4DNGFFufSAEEN8TO3FEfeD9gdE3fm2O_-kGSapywefT_je-ghthhilmtycsZ\:01AVEVEP23EJ43DPEVEGEF7IZ6YEFEF222"
Filename - The filename you want to download the file to
Invoke-DriveFileDownload -Tokens $tokens -FileName "Passwords.docx" -DriveItemIDs "b!wDDN4DNGFFufSAEEN8TO3FEfeD9gdE3fm2O_-kGSapywefT_je-ghthhilmtycsZ\:01AVEVEP23EJ43DPEVEGEF7IZ6YEFEF222"