Scripts to automate some part of Security/Vulnerability Assessment
Scripts written to aid automated scanning during whitebox security/vuln assessments
Invoke-WinEnum - Check Windows host security
(ACL's for System, Local Administrators, and TrustedInstaller is being ignored)
Invoke-LinuxSSH - Run Bash scripts on multiple hosts simultaneously with Posh-SSH
Invoke-WindowsWMI - Run PowerShell on multiple hosts simultaneously with WMI
Invoke-WindowsPS - Run PowerShell on multiple hosts simultaneously with PSRemote
Invoke-WindowsSMB - Run PowerShell on multiple hosts with WMI and output over SMB
Invoke-Grouper2 - GPO Audit
Invoke-PingCastle - Runs multiple pingcastle modules
Invoke-DomainEnum - Runs multiple checks on the domain
Get-BlueKeepStatus - PingCastle Bluekeep script
Get-SpoolStatus - PingCastle Print Spooler status script
Get-RemoteCertificates - Download all CA and Root Certificates from a remote host using OpenRemoteBaseKey
Get-DomainCertificates - Download all published CA, Root and CRL certificates
Get-DomainExchangeVersion - Get exchange version from ADSI and check if vuln to privexchange
Get-DefaultPassword - Search for default passwords for a specific vendor/product
Get-WeakPasswords - Find weak passwords from secretsdump output & hashcat potfile and imports it to bloodhound
New-SYSVOLZip - Zip Sysvol for Grouper2
ConvertFrom-CisHtml - Convert CIS html report to docx
Gather Active Directory statistics from BloodHound data
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-compliance-toolkit-10
https://github.com/CISOfy/lynis
https://github.com/DenizParlak/Zeus
https://www.pingcastle.com/download/
https://github.com/BloodHoundAD/BloodHound/
https://github.com/dev-sec/windows-baseline
https://github.com/MichaelGrafnetter/DSInternals
https://github.com/nsacyber/Windows-Secure-Host-Baseline/tree/master/Windows/Compliance
https://github.com/nsacyber/Windows-Secure-Host-Baseline/tree/master/Windows%20Firewall/Compliance
Thanks to
Harmj0y
lkys37en
A-mIn3