Enhanced comments for deeper understanding and minor refactoring of u…

…ser output. GeoIP Location working well.
T0pCyber · Jan 19, 2025 · 599f733 · 599f733
1 parent 54cd832
commit 599f733
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 9 deletions.
diff --git a/Hawk/functions/User/Get-HawkUserAuthHistory.ps1 b/Hawk/functions/User/Get-HawkUserAuthHistory.ps1
@@ -13,6 +13,8 @@
     Single UPN of a user, comma seperated list of UPNs, or array of objects that contain UPNs.
 .PARAMETER ResolveIPLocations
     Resolved IP Locations
+
+    If this option is specified, it will attempt to resolve IP locations (GeoIP) using ipstack.com API (API Key Required)
 .OUTPUTS
 
     File: Converted_Authentication_Logs.csv
@@ -100,13 +102,13 @@
             }
 
 
-            # Add IP Geo Location information to the data
+            # Add Geo IP location information to the data
             if ($PSBoundParameters.ContainsKey('ResolveIPLocations')) {
                 Out-LogFile "Resolving IP Locations" -Action
                 # Setup our counter
                 $i = 0
 
-                # Loop thru each connection and get the location
+                # Loop thru each connection and get the Geo IP location
                 while ($i -lt $ExpandedUserLogonLogs.Count) {
 
                     if ([bool]($i % 25)) { }

diff --git a/Hawk/functions/User/Start-HawkUserInvestigation.ps1 b/Hawk/functions/User/Start-HawkUserInvestigation.ps1
@@ -132,11 +132,13 @@
 			}
 
 			try {
+				# Call Initialize-HawkGlobalObject in case of non-interactive mode
 				if ($PSBoundParameters.ContainsKey('EnableGeoIPLocation')) {
 					Initialize-HawkGlobalObject -StartDate $StartDate -EndDate $EndDate `
 						-DaysToLookBack $DaysToLookBack -FilePath $FilePath `
 						-SkipUpdate:$SkipUpdate -NonInteractive:$NonInteractive -EnableGeoIPLocation:$EnableGeoIPLocation
-				} else {	
+				} else {
+					# Call Initialize-HawkGlobalObject in case of interactive mode for EnableGeoIPLocation	
 					Initialize-HawkGlobalObject -StartDate $StartDate -EndDate $EndDate `
 						-DaysToLookBack $DaysToLookBack -FilePath $FilePath `
 						-SkipUpdate:$SkipUpdate -NonInteractive:$NonInteractive
@@ -201,6 +203,9 @@
 
 				if ($PSCmdlet.ShouldProcess("Running Get-HawkUserAuthHistory for $User")) {
 					Out-LogFile "Running Get-HawkUserAuthHistory" -Action
+					# Two different use cases (interactive and non-interactive) have to be considered here
+					# $Hawk.EnableGeoIPLocation is to account for interactive mode
+					# $PSBoundParameters.ContainsKey('EnableGeoIPLocation') is to account for non-interactive mode
 					if ($Hawk.EnableGeoIPLocation -or $PSBoundParameters.ContainsKey('EnableGeoIPLocation')) {
 						Out-LogFile "Calling Get-HawkUserAuthHistory WITH ResolveIPLocations enabled." -Information
 						Get-HawkUserAuthHistory -User $User -ResolveIPLocations

diff --git a/Hawk/internal/functions/Clear-HawkEnvironment.ps1 b/Hawk/internal/functions/Clear-HawkEnvironment.ps1
@@ -33,7 +33,7 @@ Function Clear-HawkEnvironment {
             }
         }
 
-        # Clear the error variable
+        # Clear error variables
         $Error.Clear()
 
         Write-Verbose "Hawk environment cleanup completed successfully"

diff --git a/Hawk/internal/functions/Get-IPGeolocation.ps1 b/Hawk/internal/functions/Get-IPGeolocation.ps1
@@ -32,10 +32,10 @@ Function Get-IPGeolocation {
             # if there is no value of access_key then we need to get it from the user
             if ([string]::IsNullOrEmpty($HawkAppData.access_key)) {
 
-                Out-LogFile "IpStack.com now requires an API access key to gather GeoIP information from their API.`nPlease get a Free access key from https://ipstack.com/ and provide it below." -Information
+                Out-LogFile "IpStack.com now requires an API access key to gather GeoIP information from their API." -Information
+                Out-LogFile "Please get a Free access key from https://ipstack.com/ and provide it below." -Information
 
-                Out-LogFile "`nIP Stack API Key Configuration" -Action
-                Out-LogFile "Get your free API key at: https://ipstack.com/`n" -Action
+                Out-LogFile "Get your free API key at: https://ipstack.com/" -Information
 
                 # get the access key from the user
                 Out-LogFile "Provide your IP Stack API key: " -isPrompt -NoNewLine
@@ -47,7 +47,7 @@ Function Get-IPGeolocation {
                     throw "API key cannot be empty or whitespace."
                 }
 
-                # If testing is requested, validate the key
+                # Geo IP location is requested, validate the key first (using Google DNS).
                 if ($AccessKey) {
                     Out-LogFile "Testing API key against Google DNS..." -Action 
                     $testUrl = "http://api.ipstack.com/8.8.8.8?access_key=$AccessKey"
@@ -60,7 +60,7 @@ Function Get-IPGeolocation {
                         }
                         Out-LogFile "API key validated successfully!" -Information
 
-                        # Save to disk
+                        # Save to disk (C:\Users\%USERPROFILE%\AppData\Local\Hawk\Hawk.json)
                         Out-HawkAppData
                     }
                     catch {
@@ -74,6 +74,7 @@ Function Get-IPGeolocation {
                 Add-HawkAppData -name access_key -Value $AccessKey
             }
             else {
+                # API Key is already exists from the appdata file (Hawk\Hawk.json)
                 $AccessKey = $HawkAppData.access_key
             }
         }