Merge branch 'v2.1'

README.md

@@ -51,6 +51,7 @@ Search-AlienVault -Endpoint IPv4 -Section general -Query 187.233.152.78 | Format
 Search-Censys -Uid <UID> -Secret <SECRET> -Endpoint search -Index certificates -Query pandorasong.com | Format-List
 Search-Crtsh -Query jotugaedorm.com -Wildcard | Format-List
 Search-Cymon -Endpoint ip -Query 195.123.237.120 | Format-List
+Search-EmailRep -Query bill@microsoft.com | Format-List
 Search-GreyNoise -Endpoint list | Format-List
 Search-GreyNoise -Endpoint tag -Query ADB_WORM | Format-List
 Search-GreyNoise -Endpoint ip -Query 123.193.145.85 | Format-List

Search-Crtsh.ps1

@@ -38,7 +38,7 @@ function Search-Crtsh {
             $Query = "%25.$Query"
         }
 
-        $Uri = "https://crt.sh/`?q=$Query&output=json"
+        $Uri = "https://crt.sh/`?q=$Query&output=json".ToLower()
     }
     Process {Search-Api}
     End {Reset-SslDefaults; Write-Verbose "Complete"}

Search-EmailRep.ps1

@@ -0,0 +1,38 @@
+<#
+    .SYNOPSIS
+    Gather Open-Source Intelligence using PowerShell.
+                 
+    .DESCRIPTION
+    Gather Open-Source Intelligence from EmailRep.io using PowerShell.
+
+    .EXAMPLE
+    Search-EmailRep -Query bill@microsoft.com | Format-List
+
+    email      : bill@microsoft.com
+    reputation : high
+    suspicious : False
+    references : 79
+    details    : @{blacklisted=False; malicious_activity=False; malicious_activity_recent=False; credentials_leaked=True; credentials_leaked_recent=False; data_breach=True; first_seen=07/01/2008; last_seen=05/24/2019; domain_exists=True; 
+                 domain_reputation=high; new_domain=False; days_since_domain_creation=10362; suspicious_tld=False; spam=False; free_provider=False; disposable=False; deliverable=True; accept_all=True; valid_mx=True; spoofable=False; spf_strict=True; 
+                 dmarc_enforced=True; profiles=System.Object[]}
+    
+    .LINK
+    https://github.com/ecstatic-nobel/pOSINT/
+#>
+function Search-EmailRep {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory=$true)]
+        [string]$Query
+    )
+
+    Begin {
+        Set-SslDefaults
+        Set-ModuleDefaults
+
+        $UserAgent = "Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.15063; en-US) PowerShell/6.0.0"
+        $Uri = "emailrep.io/$Query".ToLower()
+    }
+    Process {Search-Api}
+    End {Reset-SslDefaults; Write-Verbose "Complete"}
+}

Search-Urlscan.ps1

@@ -30,7 +30,7 @@ function Search-Urlscan {
         Set-ModuleDefaults
 
         $ReponseType = "OBJ"
-        $Uri = "https://urlscan.io/api/v1/search/`?q=$Query&size=10000"
+        $Uri = "https://urlscan.io/api/v1/search/`?q=$Query&size=10000".ToLower()
     }
     Process {Search-Api}
     End {Reset-SslDefaults; Write-Verbose "Complete"}

pOSINT.psd1

@@ -83,7 +83,7 @@
     ModuleList = @()
 
     # List of all files packaged with this module
-    FileList = @('pOSINT.psd1','pOSINT.psm1','Search-AlienVault.ps1','Search-Crtsh.ps1','Search-GreyNoise.ps1','Search-PhishingKitTracker.ps1','Search-PulseDive.ps1','Search-ThreatMiner.ps1','Search-Urlscan.ps1','Search-Censys.ps1','Search-Cymon.ps1','Search-HybridAnalysis.ps1','Search-ThreatCrowd.ps1','Search-Urlhaus.ps1','Search-VirusTotal.ps1')
+    FileList = @('pOSINT.psd1','pOSINT.psm1','Search-AlienVault.ps1','Search-Crtsh.ps1','Search-EmailRep.ps1','Search-GreyNoise.ps1','Search-PhishingKitTracker.ps1','Search-PulseDive.ps1','Search-ThreatMiner.ps1','Search-Urlscan.ps1','Search-Censys.ps1','Search-Cymon.ps1','Search-HybridAnalysis.ps1','Search-ThreatCrowd.ps1','Search-Urlhaus.ps1','Search-VirusTotal.ps1')
 
     # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
     PrivateData = @{