client-checker's Introduction

Overview

This is a PowerShell script to automate client pentests / checkups - at least to a certain extend.
You can use it together with my PwnDoc vulns to further get rid of unneccessary work -> https://github.com/LuemmelSec/PwnDoc-Vulns

How

If possible run as Admin, otherwise some checks might / will fail.

. .\Client-Checker.ps1

import-module .\Client-Checker.ps1

iex(new-object net.webclient).downloadstring("https://raw.githubusercontent.com/LuemmelSec/Client-Checker/main/Client-Checker.ps1")

then just

Client-Checker

What does it do

You should run it as admin, as certain stuff can only be queried with elevated rights.
It is used to check a client for common misconfigurations. The list currently includes:

Default Domain Password Policy
LSA Protection Settings
WDAC Usage
AppLocker Usage
Credential Guard Settings
Co-installer Settings
DMA Protection Settings
BitLocker Settings
Secure Boot Settings
System PATH ACL checks
Unquoted Service Path checks
Always Install Elevated checks
UAC checks
Guest Account checks
System Tool access as low priv user checks
WSUS Settings
PowerShell Settings
IPv6 Settings
NetBIOS / LLMNR Settings
SMB Server Settings
Firewall Settings
AV Settings
Proxy Settings
Windows Updates
3rd Party Installations
RDP Settings
WinRM Settings
PrintNightmare checks
Recall checks

The looks

You will have a detailed section which gets generated on the fly with a category, what the script found as well as links to resources for more detail, abuse paths and remmediations.

At the very end you will get a tabular overview that will help you to quickly get an overview of all checks done.

client-checker's People

Contributors

Stargazers

Watchers

client-checker's Issues

better check local guest account

Command Get-CimInstance -ClassName Win32_UserAccount get local accounts and domain accounts!
Better command is Get-LocalUser
We need to change the logic a bit:

# Guest Account check
    Write-host ""
    Write-host "############################################"
    Write-host "# Now checking if Guest Account is enabled #"
    Write-host "############################################"
    Write-host "References: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status" -ForegroundColor DarkGray
    Write-host ""
    # Get local user accounts
$guestAccount = Get-LocalUser | Where-Object {
    $_.SID -match "-501" # The local Guest Account always has RID 501
}
# Check if the Guest account exists
    if ($guestAccount) {
        # Check if the Guest account is enabled
        if ($guestAccount.Enabled -eq $true) {
            Write-Host "Guest account enabled" -ForegroundColor Red
            $guestacc = 2
        } else {
            Write-Host "Guest account disabled" -ForegroundColor Green
            $guestacc = 0
        }
    } else {
        Write-Host "Guest account not found" -ForegroundColor Yellow
        $guestacc = 3
    }

Recommend Projects

luemmelsec / client-checker Goto Github PK

client-checker's Introduction

Overview

How

What does it do

The looks

client-checker's People

Contributors

Stargazers

Watchers

Forkers

client-checker's Issues

better check local guest account

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent