search

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
MIT License
818 stars 194 forks source link

Problem: Invoke-AtomicTest [test] -ShowDetailsBrief only returning the Path info #47

Closed martialhax closed 3 years ago

martialhax commented 3 years ago

Newly installed today per the instructions for Mac that are pertinent. Installed the Execution Framework and then the Atomics folder and all are present and installed fine. Also added the automatic import to my pwsh profile. When I run "Invoke-AtomicTest T1003 -ShowDetailsBrief

" I only get back this "PathToAtomicsFolder = /Users/user/AtomicRedTeam/atomics" ...which is the correct path but I should be getting the test details etc.

If I run just "Invoke-AtomicTest" I do get the expected prompt however?

Running on a Mac PB Mojave 10.14.6 with PowerShell Core 7.0.3 (pwsh) installed and working.

Screens attached. Thank you.

Screen Shot 2020-11-19 at 8 56 47 PM
clr2of8 commented 3 years ago

Hello @martialhax, thank you for the info and I agree this is confusing. The reason this is happening is that there are no atomic tests applicable to macOS under the T1003 technique and the execution framework only shows the details for test applicable to the targeted OS. I'll try to add a feature to the execution framework to warn when this happens so it is more obvious.

martialhax commented 3 years ago

Thanks Carrie...my bad...I was following the post install instructions too closely :-) I see now doing "Invoke-AtomicTest All -ShowDetailsBrief" Thank you.