-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenumScan.psm1
More file actions
198 lines (173 loc) · 8.19 KB
/
enumScan.psm1
File metadata and controls
198 lines (173 loc) · 8.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
New-Module -Name AutoScript -ScriptBlock {
function enumerateTarget{
systemRecon
netRecon
findRecursive
userEnum
envCreds
checkFilePerms
}
function systemRecon {
#Función que trata de reconocer la máquina para que el usuario pueda saber en que entorno se encuentra
try {
$networkInfo = Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress } | Select-Object IPAddress, MacAddress, Description, DNSServerSearchOrder, DHCPServer, DefaultIPGateway, DNSDomain
$ip = $networkInfo | Select-Object -Expand IPAddress -First 3 | Where-Object { $_ -like '*.*.*.*' } | ForEach-Object ( $_.IPAddress) {
ForEach-Object { [IPAddress]$_ } | Where-Object { $_.AddressFamily -eq 'Internetwork' } | ForEach-Object { $_.IPAddressToString } } | Out-String
$mac = $networkInfo | Select-Object -Expand MacAddress -First 3 | Out-String
$netAdapter = $networkInfo | Select-Object -Expand Description -First 3 | Out-String
$dnsDomain = $networkInfo | Select-Object -Expand DNSDomain -First 2 | Out-String
$osVersion = (Get-CimInstance -ClassName Win32_OperatingSystem).Caption
$userDomain = $env:USERDOMAIN
$connections = net use
$netInfo = -join ("`nIP:", $ip, "`nNet adapter: ", $netAdapter, "`nDNS domain:", $dnsDomain, "`nUser domain: ", $userDomain)
$sysInfo = -join ("`nOS version:", $osVersion, "`nMAC address:", $mac)
Write-Host "`n[*]Network info . . ." -ForegroundColor Yellow
Write-Host $netInfo -ForegroundColor Green
Write-Host $sysInfo -ForegroundColor Green
Write-Host $connections -ForegroundColor Green
Write-Host (Get-DnsClientServerAddress -AddressFamily IPv4 | Format-Table | Out-String) -ForegroundColor Green
Start-Sleep -Seconds 3
}
catch {
Write-Error "Recon didn't work"
}
}
function netRecon {
Write-Host "`n[*]Searching for nearly devices ARP scan incoming . . .`n" -ForegroundColor Yellow
try {
$nearlyDevices = Get-NetNeighbor -state "Stale" | Format-Table IPAddress, LinkLayerAddress, State | Out-String
if ($nearlyDevices) {
Write-Host $nearlyDevices -ForegroundColor Green
}
else {
Write-Host "No hosts up" -ForegroundColor Red
}
Start-Sleep 5
Write-Host "`n[*]Searching for listening ports . . ." -ForegroundColor Yellow
$Connections = netstat -ano
$listeningConnections = $Connections | findstr.exe "LISTENING" | Out-String
$establishedConnections = $Connections | findstr.exe "ESTABLISHED" | Out-String
if ($listeningConnections) {
Write-Host $listeningConnections -ForegroundColor Green
}
else {
Write-Host "No listening ports available" -ForegroundColor Red
}
Write-Host "`n[*]Searching for established connections . . ." -ForegroundColor Yellow
if ($establishedConnections) {
Write-Host $establishedConnections -ForegroundColor Green
}
else {
Write-Host "No established ports available" -ForegroundColor Red
}
Start-Sleep -Seconds 3
}
catch {
Write-Error "Bad Net status"
}
}
function findRecursive {
function searchFile {
param (
[Parameter(Mandatory)][string]$file
)
try {
$file = -join ("C:\", $file)
Get-ChildItem -Path $file -ErrorAction Stop | Out-Null
Write-Host (-join $file, " found") -ForegroundColor Green
}
catch {
Write-Host ( -join ($file, " file not found")) -ForegroundColor Red
}
}
$files = @(
"Windows\repair\sam",
"Windows\System32\config\RegBack\SAM",
"Windows\repair\system",
"Windows\repair\software",
"Windows\repair\security",
"Windows\debug\NetSetup.log",
"Windows\iis5.log",
"Windows\iis6.log",
"Windows\iis7.log",
"Windows\system32\logfiles\httperr\httperr1.log",
"Windows\Panther\Unattended.xml",
"Windows\system32\config\AppEvent.Evt",
"Windows\system32\config\SecEvent.Evt",
"Windows\system32\config\default.sav",
"Windows\system32\config\security.sav",
"Windows\system32\config\software.sav",
"Windows\system32\config\system.sav",
"Windows\system32\inetsrv\config\applicationHost.config",
"Windows\system32\win.ini",
"Windows\System32\drivers\etc\hosts"
)
Write-Host " `n[*]Searching for sensitive files . . . `n" -ForeGroundColor Yellow
foreach ($file in $files) {
searchFile -file $file
}
Start-Sleep -Seconds 3
}
function envCreds {
Write-Host "`n[*]Searching for creds on env variables . . ." -ForegroundColor Yellow
Write-Host (Get-ChildItem Env: | Format-Table Key, Value | Out-String) -ForegroundColor Green
}
function userEnum {
Write-Host "`n[*]Enumerating users and groups . . ." -ForegroundColor Yellow
try {
$localUserTable = Get-CimInstance -ClassName win32_useraccount -Filter "LocalAccount=True" | Select-Object name, sid | Out-String
if ($localUserTable) {
Write-Host ( -join "Local users:`n", $localUserTable) -ForegroundColor Green
}
else {
Write-Host "No local accounts where found" -ForegroundColor Red
}
}
catch {
Write-Host "Error while enumerating local users" -ForegroundColor Red
}
try {
$domainUserTable = Get-CimInstance -ClassName win32_useraccount -Filter "LocalAccount=False" | Select-Object name, sid | Out-String
if ($domainUserTable) {
Write-Host ( -join "Domain users:`n", $domainUserTable) -ForegroundColor Green
}
else {
Write-Host "No domain accounts where found" -ForegroundColor Red
}
}
catch {
Write-Host "Error while enumerating domain users" -ForegroundColor Red
}
try {
$localGroups = Get-LocalGroup | Format-Table Name | Out-String
if ($localGroups) {
Write-Host ( -join "Local groups:`n", $localGroups) -ForegroundColor Green
}
else {
Write-Host "No groups were found" -ForegroundColor Red
}
}
catch {
Write-Host "Error while enumerating enabled users" -ForegroundColor Red
}
Start-Sleep -Seconds 3
}
function checkFilePerms {
Write-Host "`n[*]Looking for perms on files . . ." -ForegroundColor Yellow
try {
$path = Read-Host "Enter the path to check perms press enter to check actual path"
if ($path) {
$filePerms = (get-acl $path -ErrorAction Stop).access | Select-Object @{Label = "User/Group"; Expression = { $_.IdentityReference } }, @{Label = "Perms"; Expression = { $_.FileSystemRights } }, @{Label = "Access"; Expression = { $_.AccessControlType } } | Format-Table -auto | Out-String
Write-Host $filePerms -ForegroundColor Green
}
else {
$filePerms = (get-acl $PSScriptRoot -ErrorAction Stop).access | Select-Object @{Label = "User/Group"; Expression = { $_.IdentityReference } }, @{Label = "Perms"; Expression = { $_.FileSystemRights } }, @{Label = "Access"; Expression = { $_.AccessControlType } } | Format-Table -auto | Out-String
Write-Host $filePerms -ForegroundColor Green
}
}
catch {
Write-Host "Error while enumerating perms on files" -ForegroundColor Red
}
}
}
Export-ModuleMember -Function enumerateTarget