PowerShell find files by extension on multiple servers and export

Question

PowerShell find files by extension on multiple servers and export

Lingareddy Chandrakanth Reddy 1

I wrote a script to find the particular file on windows servers based on Disks and exported that list to a .txt file for each server and drive.

I want to run the script for multiple servers and export all the list details in one CSV or excel file with the server name and the file location path as output.

My script is working as expected but it is giving the output for each server with drive name as a separated file and the output contains only the path, but i need to get the output in one single CSV file for all the servers with the entire file location path as well.

#Clearing the Host file
Clear-Host

#Get all the list of Servers
$Machines = get-content "C:\Scripts\Servers.txt"

#Get all the list of Disks to search
$Disks = get-content "C:\Scripts\Disks.txt"

#Lopping through specified servers
foreach ($Machine in $Machines) 
{
#Lopping through each Disks
    foreach ($Disk in $Disks) 
    {
        if (Test-Path \\$Machine\$Disk$) 
        {
            Write-Host Checking $Machine Disk $Disk -BackgroundColor DarkRed
            Get-ChildItem -Path \\$Machine\$Disk$\ -Filter log4j.jar -Recurse -Name -Force | Out-File "C:\Scripts\Output\$Machine $Disk.txt"
        }
    }
}

3 answers

Your answer

Answer 1

Michael Taylor 60,161

That's because you are calling Get-ChildItem in a foreach loop. And for each run you're placing it into a file based upon the machine/disk name for that iteration. If you want to put that into a single file then you need to use a single filename. Of course you could always merge the files later but I assume you want to skip that step.

It is unclear to me whether you want a single file for each server or a single file overall. I'm going to assume a single file per server otherwise you have no easy way to know what server a set of files came from.

Get-ChildItem ... | Out-File "C:\scripts\output\$Machine.txt -Append

This runs each command but stores it into a single file based upon the matchine name. The append option has the output appended to the existing file so each time through the loop it just keeps adding the content. Of course if the file exists before the run then it'll append anyway. You likely don't want that so either ensure the file doesn't exist before you start running your foreach loop or add a datetime to the filename before you run it.

Lingareddy Chandrakanth Reddy 1 Reputation point

2021-12-14T15:20:00.457+00:00

Will that single file have the server name as well with the path or only the path, I want a single file for overall servers with the out contains the machine and the path location
Michael Taylor 60,161 Reputation points

2021-12-14T16:30:08.083+00:00

The path? You said you wanted a single file per folder so the code I posted would generate a file for each machine. Within that file would be the path to each file that was returned by Get-ChildItem. Are you having an issue getting the "full path" in the rows of the file? If so then please post a sample of what you're seeing.
Lingareddy Chandrakanth Reddy 1 Reputation point

2021-12-14T16:33:12.8+00:00

My script is working as expected but it is giving the out for each server with drive name as a separated file and the output contains only the path, but i need to get the output in one single csv file for all the servers with the entire file location path as well
Michael Taylor 60,161 Reputation points

2021-12-14T16:41:58.52+00:00
My script generated a separate file for each server. Did you try this script and it worked?

If you want a single file for all servers then you have no choice but to use a fixed name. It doesn't make sense to base the filename on a server as ALL server entries are going into that file.

Now you don't have the server/disk information in the file so you probably want to add that as well as delimiters.

$filename = "<somepath>\servers.txt" foreach ($Machine in $Machines) { Add-Content -Path $filename -Value "Machine: $Machine" foreach ($Disk in $Disks) { Add-Content -Path $filename -Value "Disk: $Disk" Get-ChildItem ... | Out-File $filename -Append } }
Lingareddy Chandrakanth Reddy 1 Reputation point

2021-12-14T17:21:32.713+00:00

@Michael Taylor I am getting the output as attached from image1, but I can get output as image 2
Michael Taylor 60,161 Reputation points

2021-12-14T19:05:43.39+00:00

So you want a CSV with the columns. In that case the Select-Object code that Rich posted should format the data that way,

Answer 2

Rich Matheisen 47,901

See if this works for you:

#Clearing the Host file
Clear-Host

#Get all the list of Servers
$Machines = Get-Content "C:\Scripts\Servers.txt"

#Get all the list of Disks to search
$Disks = Get-Content "C:\Scripts\Disks.txt"

#Looping through specified servers
foreach ($Machine in $Machines) {
    #Looping through each Disk
    foreach ($Disk in $Disks) {
        if (Test-Path \\$Machine\$Disk$) {
            Write-Host Checking $Machine Disk $Disk -BackgroundColor DarkRed
            Get-ChildItem -Path \\$Machine\$Disk$\ -Filter log4j.jar -Recurse -Force | 
                Select-Object @{n=Machine;e={$Machine}},@{n=Share;e={$Disk}}, FullName
        }
    }
} Export-Csv C:Scripts\Output\SharesByMachine.csv -NoTypeInformation

Lingareddy Chandrakanth Reddy 1 Reputation point

2021-12-14T16:09:17.75+00:00

it is saying like Select-Object : The Share key is not valid

while exporting it is asking for Input Object
Lingareddy Chandrakanth Reddy 1 Reputation point

2021-12-14T16:42:23.51+00:00

The output it is not giving the file path just showing the server name and the drive
Rich Matheisen 47,901 Reputation points

2021-12-14T18:43:19.777+00:00
Sorry. That was a "brain cramp" kind of mistake. The Select-Object should look like this:

Select-Object @{n=Machine;e={$Machine}},@{n=Share;e={$Disk}}, FullName

Answer 3

Hi @Lingareddy Chandrakanth Reddy ,

If your goal is to find all Log4J vulnerabilities, it is not sufficient to simply search for files with the name of Log4j, this is described well in the Reddit post below:

This will not catch all scenarios, such as when log4j is bundled inside of a JAR, therefore you should not be using this to find it. You need to find all .JAR files and look for the existence of the JndiLookup class. This check of yours would not have caught the base minecraft.jar file containing the original vector used to identify this vulnerability because the class was packaged inside of the file.

This will find every existence under the given drive.

gci 'C:\' -rec -force -include *.jar -ea 0 | `  
foreach {select-string "JndiLookup.class" $_} | `  
select -exp Path

Source:
https://www.reddit.com/r/sysadmin/comments/rgektp/simple_log4j_search_cdir_log4j_as

This is also mentioned in the following tweet:
https://twitter.com/CyberRaiju/status/1469505677580124160

You can the modify the script to run on all drives which are found under the host, and also modify to run on multiple servers.

----------

If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

Best regards,
Leon

Share via

PowerShell find files by extension on multiple servers and export

3 answers

Your answer