# PowerHuntShares.psm1
[PowerHuntShares](https://github.com/NetSPI/PowerHuntShares) "is PowerShell tool designed to help cybersecurity teams and penetration testers better identify, understand, attack, and remediate SMB shares in the Active Directory environments they protect. Every hacker has a story about abusing SMB shares, but it’s an attack surface that cybersecurity teams still struggle to defend. This project aims to provide an open proof-of-concept tool for creating a comprehensive share inventory, leveraging statistics, charts, graphs, and language models to contextualize shares, summarize relationships, assess risks, and prioritize remediation."

## Disable antivirus

```
Set-MpPreference -DisableRealtimeMonitoring $true
```
Note: this doesn't seem to work in Windows 11, even after disabling tamper protection. So you might just want to disable active protection in the GUI.

## Import the PHS module

```
Import-Module .\PowerHuntShares.psm1
```

## Run the collection and save to a folder called `dump`
```
Invoke-HuntSMBShares -runspacetimeout 10 -Threads 100 -OutputDirectory dump
```

## Parsing just hostnames from the "pingable" CSV export file
```
awk -F',' '{gsub(/"/, "", $1); print $1}' inputfile.txt | sort
```