mirror of
https://github.com/UberGuidoZ/Flipper.git
synced 2024-12-22 14:30:21 +00:00
631 lines
12 KiB
Plaintext
631 lines
12 KiB
Plaintext
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
DELAY 1000
|
|
REM Open Start Menu
|
|
CONTROL ESCAPE
|
|
DELAY 2000
|
|
STRING powershell
|
|
REM Navigate to the context menu to run PowerShell as an administrator
|
|
DELAY 500
|
|
RIGHTARROW
|
|
DELAY 100
|
|
DOWNARROW
|
|
DELAY 100
|
|
ENTER
|
|
DELAY 3000
|
|
ALT Y
|
|
DELAY 5000
|
|
REM Set PowerShell Execution Policy to Bypass
|
|
DELAY 1000
|
|
STRING set-executionpolicy bypass -scope process -force
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
REM Create the PowerShell script in memory and execute it
|
|
DELAY 200
|
|
STRING $usbName = "MYUSB"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING if ($usbDrive) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING New-Item -ItemType Directory -Path $directoryPath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING "" > $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-passwordpolicy {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING net accounts
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking password policy: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function audit-services {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING get-service | select-object name, displayname, status, starttype
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error auditing services: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-networksettings {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING get-netipconfiguration
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking network settings: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-softwarevulnerabilities {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking software vulnerabilities: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-cve {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING param (
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING [string]$productname,
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING [string]$version
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING )
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $initialDelay = 2
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING start-sleep -seconds $initialDelay
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $response = invoke-restmethod -uri $uri -method get
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING if ($response.totalresults -gt 0) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING foreach ($cve in $response.result.cve_items) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } else {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING "no cves found for $productname $version"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking CVEs: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING if ($_.Exception -match '403') {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..."
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING start-sleep -seconds 60
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $retryResponse = invoke-restmethod -uri $uri -method get
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING if ($retryResponse.totalresults -gt 0) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING foreach ($cve in $retryResponse.result.cve_items) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } else {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING "no cves found for $productname $version"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function analyze-logs {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING get-eventlog -logname system -newest 100
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error analyzing logs: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-openports {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING netstat -an
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking open ports: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-missingupdates {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Checking Windows Update logs..."
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING Get-WindowsUpdateLog -LogPath $updateLogPath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "WindowsUpdate.log written to $updateLogPath"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error getting Windows Update log: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-firewallstatus {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING netsh advfirewall show allprofiles
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking firewall status: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-smbv1status {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING get-windowsoptionalfeature -online -featurename smb1protocol
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking SMBv1 status: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING function check-antivirusstatus {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING try {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING get-mpcomputerstatus
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } catch {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error checking antivirus status: $_"
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-passwordpolicy >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING audit-services >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-networksettings >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-softwarevulnerabilities >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING analyze-logs >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-openports >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-missingupdates >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-firewallstatus >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-smbv1status >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-antivirusstatus >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
REM Dynamically identify critical software from running processes and scheduled tasks
|
|
STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
REM Combine running software and scheduled tasks
|
|
STRING $softwareList = @()
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING foreach ($process in $runningSoftware) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $softwareList += $process.Name
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING foreach ($task in $scheduledTasks) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun)
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
REM Remove duplicates and empty entries
|
|
STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
REM Check CVEs for identified software
|
|
STRING foreach ($software in $softwareList) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING if ($version) {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING check-cve -productname $software -version $version >> $resultsFilePath
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10)
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING start-sleep -seconds $initialDelay
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Results saved to USB drive."
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING } else {
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING write-output "Error: USB drive MYUSB not found."
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING }
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 200
|
|
STRING invoke-command -scriptblock $script
|
|
DELAY 200
|
|
ENTER
|
|
DELAY 20000
|
|
REM check out github.com/markcyber for more badusb/pen testing scripts and tools
|