From 66426ff8bc2429de37719a25d6d5d10fc50b3671 Mon Sep 17 00:00:00 2001 From: Mark <148797232+MarkCyber@users.noreply.github.com> Date: Sat, 25 May 2024 11:50:02 -0400 Subject: [PATCH] Delete VulnerabilityScanner.txt --- VulnerabilityScanner.txt | 629 --------------------------------------- 1 file changed, 629 deletions(-) delete mode 100644 VulnerabilityScanner.txt diff --git a/VulnerabilityScanner.txt b/VulnerabilityScanner.txt deleted file mode 100644 index 42a5776..0000000 --- a/VulnerabilityScanner.txt +++ /dev/null @@ -1,629 +0,0 @@ -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%% -REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -DELAY 1000 -REM Open Start Menu -CONTROL ESCAPE -DELAY 2000 -STRING powershell -REM Navigate to the context menu to run PowerShell as an administrator -DELAY 500 -RIGHTARROW -DELAY 100 -DOWNARROW -DELAY 100 -ENTER -DELAY 3000 -ALT Y -DELAY 5000 -REM Set PowerShell Execution Policy to Bypass -DELAY 1000 -STRING set-executionpolicy bypass -scope process -force -DELAY 200 -ENTER -DELAY 200 -REM Create the PowerShell script in memory and execute it -DELAY 200 -STRING $usbName = "MYUSB" -DELAY 200 -ENTER -DELAY 200 -STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter -DELAY 200 -ENTER -DELAY 200 -STRING if ($usbDrive) { -DELAY 200 -ENTER -DELAY 200 -STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName -DELAY 200 -ENTER -DELAY 200 -STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner -DELAY 200 -ENTER -DELAY 200 -STRING New-Item -ItemType Directory -Path $directoryPath -DELAY 200 -ENTER -DELAY 200 -STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt" -DELAY 200 -ENTER -DELAY 200 -STRING "" > $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING function check-passwordpolicy { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING net accounts -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking password policy: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function audit-services { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-service | select-object name, displayname, status, starttype -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error auditing services: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-networksettings { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-netipconfiguration -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking network settings: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-softwarevulnerabilities { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking software vulnerabilities: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-cve { -DELAY 200 -ENTER -DELAY 200 -STRING param ( -DELAY 200 -ENTER -DELAY 200 -STRING [string]$productname, -DELAY 200 -ENTER -DELAY 200 -STRING [string]$version -DELAY 200 -ENTER -DELAY 200 -STRING ) -DELAY 200 -ENTER -DELAY 200 -STRING $initialDelay = 2 -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" -DELAY 200 -ENTER -DELAY 200 -STRING start-sleep -seconds $initialDelay -DELAY 200 -ENTER -DELAY 200 -STRING $response = invoke-restmethod -uri $uri -method get -DELAY 200 -ENTER -DELAY 200 -STRING if ($response.totalresults -gt 0) { -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($cve in $response.result.cve_items) { -DELAY 200 -ENTER -DELAY 200 -STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } else { -DELAY 200 -ENTER -DELAY 200 -STRING "no cves found for $productname $version" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking CVEs: $_" -DELAY 200 -ENTER -DELAY 200 -STRING if ($_.Exception -match '403') { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..." -DELAY 200 -ENTER -DELAY 200 -STRING start-sleep -seconds 60 -DELAY 200 -ENTER -DELAY 200 -STRING $retryResponse = invoke-restmethod -uri $uri -method get -DELAY 200 -ENTER -DELAY 200 -STRING if ($retryResponse.totalresults -gt 0) { -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($cve in $retryResponse.result.cve_items) { -DELAY 200 -ENTER -DELAY 200 -STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } else { -DELAY 200 -ENTER -DELAY 200 -STRING "no cves found for $productname $version" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function analyze-logs { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-eventlog -logname system -newest 100 -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error analyzing logs: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-openports { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING netstat -an -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking open ports: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-missingupdates { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Checking Windows Update logs..." -DELAY 200 -ENTER -DELAY 200 -STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log" -DELAY 200 -ENTER -DELAY 200 -STRING Get-WindowsUpdateLog -LogPath $updateLogPath -DELAY 200 -ENTER -DELAY 200 -STRING write-output "WindowsUpdate.log written to $updateLogPath" -DELAY 200 -ENTER -DELAY 200 -STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error getting Windows Update log: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-firewallstatus { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING netsh advfirewall show allprofiles -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking firewall status: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-smbv1status { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-windowsoptionalfeature -online -featurename smb1protocol -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking SMBv1 status: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING function check-antivirusstatus { -DELAY 200 -ENTER -DELAY 200 -STRING try { -DELAY 200 -ENTER -DELAY 200 -STRING get-mpcomputerstatus -DELAY 200 -ENTER -DELAY 200 -STRING } catch { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error checking antivirus status: $_" -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING check-passwordpolicy >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING audit-services >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-networksettings >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-softwarevulnerabilities >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING analyze-logs >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-openports >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-missingupdates >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-firewallstatus >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-smbv1status >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING check-antivirusstatus >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -REM Dynamically identify critical software from running processes and scheduled tasks -STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique -DELAY 200 -ENTER -DELAY 200 -STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique -DELAY 200 -ENTER -DELAY 200 -REM Combine running software and scheduled tasks -STRING $softwareList = @() -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($process in $runningSoftware) { -DELAY 200 -ENTER -DELAY 200 -STRING $softwareList += $process.Name -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING foreach ($task in $scheduledTasks) { -DELAY 200 -ENTER -DELAY 200 -STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun) -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -REM Remove duplicates and empty entries -STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" } -DELAY 200 -ENTER -DELAY 200 -REM Check CVEs for identified software -STRING foreach ($software in $softwareList) { -DELAY 200 -ENTER -DELAY 200 -STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion -DELAY 200 -ENTER -DELAY 200 -STRING if ($version) { -DELAY 200 -ENTER -DELAY 200 -STRING check-cve -productname $software -version $version >> $resultsFilePath -DELAY 200 -ENTER -DELAY 200 -STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10) -DELAY 200 -ENTER -DELAY 200 -STRING start-sleep -seconds $initialDelay -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Results saved to USB drive." -DELAY 200 -ENTER -DELAY 200 -STRING } else { -DELAY 200 -ENTER -DELAY 200 -STRING write-output "Error: USB drive MYUSB not found." -DELAY 200 -ENTER -DELAY 200 -STRING } -DELAY 200 -ENTER -DELAY 200 -STRING invoke-command -scriptblock $script -DELAY 200 -ENTER -DELAY 20000