-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathAgent-less Windows System Vulnerability and Network Scanner.bat
More file actions
174 lines (136 loc) · 6.06 KB
/
Agent-less Windows System Vulnerability and Network Scanner.bat
File metadata and controls
174 lines (136 loc) · 6.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
@echo off
setlocal enabledelayedexpansion
:: Create output directory
set "output_dir=%~dp0_output"
if not exist "%output_dir%" mkdir "%output_dir%"
:: System Information
echo Collecting System Information...
systeminfo > "%output_dir%\system_info.txt"
:: DotNet versions
echo Collecting DotNet versions...
reg query "HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP" /s | findstr /i /c:"Version" > "%output_dir%\dotnet_versions.txt"
:: AMSI Providers
echo Collecting AMSI Providers...
reg query "HKLM\SOFTWARE\Microsoft\AMSI\Providers" /s > "%output_dir%\amsi_providers.txt"
:: Registered Antivirus
echo Collecting Registered Antivirus...
wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /value > "%output_dir%\registered_antivirus.txt"
:: Audit Policy Settings
echo Collecting Audit Policy Settings...
auditpol /get /category:* > "%output_dir%\audit_policy_settings.txt"
:: Auto Run Executables
echo Collecting Auto Run Executables...
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s > "%output_dir%\auto_run_executables.txt"
:: Firewall Rules
echo Collecting Firewall Rules...
netsh advfirewall firewall show rule name=all > "%output_dir%\firewall_rules.txt"
:: Windows Defender Settings
echo Collecting Windows Defender Settings...
md "%output_dir%\Windows Defender"
attrib "%output_dir%\Windows Defender" +h
cd "%output_dir%\Windows Defender"
md "Exclusions"
attrib "Exclusions" +h
cd "Exclusions"
md "Path"
md "Process"
md "File"
cd ..
cd ..
cd ..
reg export "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" "%output_dir%\Windows Defender\Windows Defender.reg" /y
:: Personal Certificates
echo Collecting Personal Certificates...
dir /s /b "%USERPROFILE%\*.pfx" > "%output_dir%\personal_certificates.txt"
:: Environment Information
echo Collecting Environment Information...
set > "%output_dir%\environment_variables.txt"
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s > "%output_dir%\environment_variables_registry.txt"
:: User Folders
echo Collecting User Folders...
dir /s /b "%USERPROFILE%\Downloads" > "%output_dir%\user_folders_downloads.txt"
dir /s /b "%USERPROFILE%\Documents" > "%output_dir%\user_folders_documents.txt"
dir /s /b "%USERPROFILE%\Desktop" > "%output_dir%\user_folders_desktop.txt"
:: File Information
echo Collecting File Information...
for /r "%SystemDrive%" %%i in (*.*) do (
echo %%~fi >> "%output_dir%\file_information.txt"
echo %%~fi >> "%output_dir%\file_information_versions.txt"
echo %%~fi >> "%output_dir%\file_information_amsi.txt"
"%SystemRoot%\System32\sigcheck.exe" -a -q -d -c -r %%~fi >> "%output_dir%\file_information_versions.txt"
"%SystemRoot%\System32\sigcheck.exe" -a -q -d -c -y -r %%~fi >> "%output_dir%\file_information_amsi.txt"
)
:: Installed Hotfixes
echo Collecting Installed Hotfixes...
wmic qfe list > "%output_dir%\installed_hotfixes.txt"
:: Installed Products
echo Collecting Installed Products...
wmic product get name,version,vendor > "%output_dir%\installed_products.txt"
:: Local Group Policy Settings
echo Collecting Local Group Policy Settings...
gpresult /h "%output_dir%\local_group_policy_settings.html"
:: Local Groups
echo Collecting Local Groups...
net localgroup > "%output_dir%\local_groups.txt"
:: Local Users
echo Collecting Local Users...
net user > "%output_dir%\local_users.txt"
:: Updates (via WMI)
echo Collecting Installed Updates...
wmic qfe list > "%output_dir%\installed_updates.txt"
:: NTLM Authentication Settings
echo Collecting NTLM Authentication Settings...
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v "LmCompatibilityLevel" > "%output_dir%\ntlm_authentication_settings.txt"
:: RDP Connections
echo Collecting RDP Connections...
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /s > "%output_dir%\rdp_connections.txt"
:: Remote Desktop Settings
echo Collecting Remote Desktop Settings...
reg export "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" "%output_dir%\remote_desktop_settings.reg" /y
:: Secure Boot Configuration
echo Collecting Secure Boot Configuration...
bcdedit > "%output_dir%\secure_boot_configuration.txt"
:: Sysmon Configuration
echo Collecting Sysmon Configuration...
reg export "HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog" "%output_dir%\sysmon_configuration.reg" /y
:: UAC System Policies
echo Collecting UAC System Policies...
reg export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" "%output_dir%\uac_system_policies.reg" /y
:: Windows Defender Exclusions
echo Collecting Windows Defender Exclusions...
reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions" /s > "%output_dir%\windows_defender_exclusions.txt"
:: PowerShell Console History
echo Collecting PowerShell Console History...
powershell -Command "Get-Content (Get-PSReadlineOption).HistorySavePath" > "%output_dir%\powershell_console_history.txt"
:: Network Information
echo Collecting Network Information...
:: ARP Table
echo Collecting ARP Table...
arp -a > "%output_dir%\arp_table.txt"
:: DNS Cache
echo Collecting DNS Cache...
ipconfig /displaydns > "%output_dir%\dns_cache.txt"
:: Network Profiles
echo Collecting Network Profiles...
netsh wlan show profiles > "%output_dir%\network_profiles.txt"
:: Network Shares
echo Collecting Network Shares...
net share > "%output_dir%\network_shares.txt"
:: TCP/UDP Connections
echo Collecting TCP/UDP Connections...
netstat -ano > "%output_dir%\tcp_udp_connections.txt"
:: RPC Endpoints
echo Collecting RPC Endpoints...
sc query rpcendpoint > "%output_dir%\rpc_endpoints.txt"
:: Open Ports
echo Collecting Open Ports...
netstat -ano | findstr /i "LISTENING" > "%output_dir%\open_ports.txt"
:: Network Diagram
echo Generating Network Diagram...
:: Use a tool like Wireshark or NetworkMiner to capture and analyze network traffic
:: and generate a diagram based on the captured traffic
:: Generate Report
echo Generating Report...
:: Use a tool like PDFCreator or similar to generate a PDF report from the collected data
:: and include the report in the output directory
echo Done. Please check the "%output_dir%" directory for the collected information.