OffsetInspect.psd1
|
@{ RootModule = 'OffsetInspect.psm1' ModuleVersion = '3.0.0' GUID = '2d9f6f83-2c4f-4a6e-8a53-1cf9a5fbc2f6' Author = 'Jared Perry (Velkris)' CompanyName = 'DreadHost Research' Copyright = '(c) 2025-2026 Jared Perry (Velkris). MIT License.' Description = 'A bounded-memory PowerShell toolkit for byte-offset inspection, source context, binary comparison, and defensive AMSI/Microsoft Defender detection-boundary analysis.' PowerShellVersion = '5.1' CompatiblePSEditions = @('Desktop', 'Core') FormatsToProcess = @('OffsetInspect.Format.ps1xml') FileList = @( 'OffsetInspect.psd1', 'OffsetInspect.psm1', 'OffsetInspect.Format.ps1xml', 'LICENSE', 'Private/Core.Entropy.ps1', 'Private/Core.EntropyAccelerator.ps1', 'Private/Core.Hash.ps1', 'Private/Core.IO.ps1', 'Private/Core.Inspection.ps1', 'Private/Core.Output.ps1', 'Private/Core.PE.ps1', 'Private/Core.String.ps1', 'Private/Threat.Amsi.ps1', 'Private/Threat.Batch.ps1', 'Private/Threat.ClamAV.ps1', 'Private/Threat.Defender.ps1', 'Private/Threat.Region.ps1', 'Private/Threat.Search.ps1', 'Private/Threat.Text.ps1', 'Private/Threat.Yara.ps1', 'Public/Invoke-OffsetInspect.ps1', 'Public/Invoke-OffsetThreatScan.ps1', 'Public/Invoke-OffsetThreatScanBatch.ps1', 'Public/Invoke-OffsetThreatScanRegion.ps1', 'Public/Invoke-OffsetYaraScan.ps1', 'Public/Invoke-OffsetClamScan.ps1', 'Public/Export-OffsetThreatReport.ps1', 'Public/Compare-OffsetThreatResult.ps1', 'Public/Get-OffsetEntropy.ps1', 'Public/Get-OffsetIOC.ps1', 'Public/Get-OffsetString.ps1', 'Public/Get-OffsetPEInfo.ps1' ) FunctionsToExport = @( 'Invoke-OffsetInspect', 'Invoke-OffsetThreatScan', 'Invoke-OffsetThreatScanBatch', 'Invoke-OffsetThreatScanRegion', 'Invoke-OffsetYaraScan', 'Invoke-OffsetClamScan', 'Export-OffsetThreatReport', 'Compare-OffsetThreatResult', 'Get-OffsetEntropy', 'Get-OffsetIOC', 'Get-OffsetString', 'Get-OffsetPEInfo' ) CmdletsToExport = @() VariablesToExport = @() AliasesToExport = @() PrivateData = @{ PSData = @{ Tags = @( 'PowerShell', 'Security', 'DetectionEngineering', 'MalwareAnalysis', 'ReverseEngineering', 'Forensics', 'Hex', 'AMSI', 'MicrosoftDefender', 'OffsetAnalysis' ) LicenseUri = 'https://github.com/warpedatom/OffsetInspect/blob/main/LICENSE' ProjectUri = 'https://github.com/warpedatom/OffsetInspect' ReleaseNotes = @' OffsetInspect 3.0.0 - Major-version bump for a large, all-additive capability expansion; existing 2.x commands, parameters, and output-schema field meanings are unchanged. - Adds a per-probe audit trail: Invoke-OffsetThreatScan results expose ProbeLog (Sequence, PrefixLength, Status, ProviderResult, SignatureName, Cacheable, ElapsedMs, TimestampUtc), streamed live to -Verbose, surfaced as ProbeCount in CSV, and exportable with -ProbeLogPath. - Adds red-team analysis commands: Export-OffsetThreatReport (Markdown/HTML engagement reports), Invoke-OffsetThreatScanBatch (corpus scanning with a detection matrix), Compare-OffsetThreatResult (detection diff/regression), and Invoke-OffsetThreatScanRegion (multi-region discovery via in-memory AMSI, no disk writes). - Adds docs/PROVIDER-INTERFACE.md, property/fuzz tests, and an opt-in code-coverage switch. - Switches the boundary-search memoisation cache to a thread-safe ConcurrentDictionary; probing itself remains sequential. No changes to AMSI/Defender provider behaviour, boundary semantics, or existing output-schema field meanings. OffsetInspect 2.0.0 - Rebuilt as a self-contained PowerShell Gallery module. - Opens each unique file once and gathers requested line context in one bounded-memory streaming pass. - Adds accurate UTF-8/UTF-16 byte-to-character mapping and implemented context lines. - Adds stable object, JSON, CSV, and CSV-file output modes. - Adds Invoke-OffsetThreatScan with independently implemented AMSI and Microsoft Defender providers. - Adds repeatability checks, provider-error handling, temporary-file cleanup, and boundary confidence. - Adds isolated package tests, PSScriptAnalyzer, cross-platform PowerShell 7 CI, and Windows PowerShell 5.1 CI. '@ } } } |