diff --git a/windows/Get-HotspotConnections.ps1 b/windows/Get-HotspotConnections.ps1 index f9b1676..69b2dc2 100644 --- a/windows/Get-HotspotConnections.ps1 +++ b/windows/Get-HotspotConnections.ps1 @@ -1,6 +1,12 @@ # Get-HotspotConnections.ps1 # Collects Windows Mobile Hotspot connection artifacts +param( + [switch]$Clear, # Clear all (event logs + ARP cache) + [switch]$ClearHotspot, # Clear hotspot connection event logs only + [switch]$ClearArp # Clear ARP cache only +) + # Check for admin privileges $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) @@ -10,6 +16,49 @@ if (-not $isAdmin) { exit 1 } +# Handle clear parameters +if ($Clear -or $ClearHotspot -or $ClearArp) { + if ($Clear -or $ClearHotspot) { + Write-Host "Clearing hotspot connection logs..." -ForegroundColor Yellow + try { + wevtutil cl "Microsoft-Windows-WLAN-AutoConfig/Operational" + Write-Host "WLAN-AutoConfig event log cleared successfully" -ForegroundColor Green + } catch { + Write-Host "Error clearing WLAN-AutoConfig log: $_" -ForegroundColor Red + } + } + + if ($Clear -or $ClearArp) { + Write-Host "Clearing ARP cache..." -ForegroundColor Yellow + try { + arp -d * 2>$null + Write-Host "ARP cache cleared successfully" -ForegroundColor Green + } catch { + Write-Host "Error clearing ARP cache: $_" -ForegroundColor Red + } + } + + Write-Host "`n--- Other logs you may want to clear manually ---" -ForegroundColor Magenta + Write-Host "WARNING: These commands have broader impact" -ForegroundColor Red + Write-Host "" + Write-Host "Clear Security log (clears ALL security events):" -ForegroundColor Yellow + Write-Host " wevtutil cl Security" -ForegroundColor Gray + Write-Host "" + Write-Host "Clear hosted network registry settings:" -ForegroundColor Yellow + Write-Host " Remove-Item 'HKLM:\SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters\HostedNetworkSettings' -Force" -ForegroundColor Gray + Write-Host "" + Write-Host "Clear WLAN diagnostic log:" -ForegroundColor Yellow + Write-Host " wevtutil cl `"Microsoft-Windows-WLAN-AutoConfig/Diagnostic`"" -ForegroundColor Gray + Write-Host "" + Write-Host "Clear Network Profile log:" -ForegroundColor Yellow + Write-Host " wevtutil cl `"Microsoft-Windows-NetworkProfile/Operational`"" -ForegroundColor Gray + Write-Host "" + Write-Host "Clear Wi-Fi Direct log (used by mobile hotspot):" -ForegroundColor Yellow + Write-Host " wevtutil cl `"Microsoft-Windows-WiFiDirect-Services-API/Operational`"" -ForegroundColor Gray + + exit 0 +} + Write-Host "=== Windows Mobile Hotspot Connection History ===" -ForegroundColor Cyan Write-Host "Note: Windows does not maintain persistent logs of past hotspot clients" Write-Host "Only event logs and currently connected devices can be retrieved`n"