-
Notifications
You must be signed in to change notification settings - Fork 0
/
SystemRecon.ps1
181 lines (129 loc) · 7.07 KB
/
SystemRecon.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#Author: @browninfosecguy
#Requires -RunAsAdministrator
<#
TODO1: (DONE)Need lot of cleanup for running processes and installed sodtware onthe system.
TODO2: (DONE)Add more scirpt to fetch starup processes during bootup
TODO3: (DONE) Need to add fucntionality to spit output in clean format maybe in HTML files and then zip them to a folder (Research more on Compress-Archive)
TODO4: Need to add Remoting fucntionality to the script to gather data from systems in the network
#>
#CSS File for HTML files
$cssTable="h1, h5, th { text-align: center; }
table { margin: auto; font-family: Segoe UI; box-shadow: 10px 10px 5px #888; border: thin ridge grey; }
th { background: #0046c3; color: #fff; max-width: 400px; padding: 5px 10px; }
td { font-size: 11px; padding: 5px 20px; color: #000; }
tr { background: #b8d1f3; }
tr:nth-child(even) { background: #dae5f4; }
tr:nth-child(odd) { background: #b8d1f3; }"
$cssTable | Out-File "C:\table.css"
function format{
Write-Output "*************************************************************" | Out-File -Append C:\$computerName`_SystemInfo.txt
}
function testInternet{
Param(
[int]$code = 0
)
try{
#Invoke-WebRequest "https://google.ca" | Select-Object Statuscode
$code=(Invoke-WebRequest "https://google.ca" -timeoutsec 30).statuscode
Write-Output $code
}
catch{
Write-Output $code
}
}
function checkProcessVendor{
$recognizedVendor = "Microsoft Corporation","Google Inc.","Oracle Corporation"
$company = Get-Process | Select-Object Name, Company, Path
$company | ForEach-Object{if(!$recognizedVendor.contains($_.Company)){Write-output $_.Name,$_.path}}
}
#Fetch Computer Name
$computerName = (Get-WmiObject -class Win32_computerSystem).Name.ToString()
#Create the System Info File
Write-Output "*************************************************************" | Out-File C:\$computerName`_SystemInfo.txt
Write-Output "Name of the System" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-WmiObject -class Win32_computerSystem | Select-Object Name | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Fetch Date and Time
Write-Output "Date and Time Zone" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-Date | Out-File -Append C:\$computerName`_SystemInfo.txt
Get-TimeZone | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get Network Adapter Information
Write-Output "IP Configuration" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-NetIPConfiguration | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get System Information
Write-Output "System Information" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-ComputerInfo | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get a list of Running Processes
Write-Output "Processes Running on the System" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-Process | Select-Object Name,Path,ProductVersion,Description, Company | ConvertTo-Html -CssUri table.css| Out-File C:\$computerName`_SystemInfo_RunningProcesses.html
format
#Get a list of Services
Write-Output "List of Services on the System (Running and Stopped)" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-Service | Select-Object DisplayName,Status | Sort-Object Status -Descending | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get a list of Patches Applied
Write-Output "List of Patches Applied to the Server" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-hotFix | Sort-Object InstalledOn| Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get List of Installed Programs
Write-Output "List of Installed Software" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get-WmiObject -class win32_Product | Out-File -Append C:\$computerName_SystemInfo.txt
Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate|ConvertTo-Html -CssUri table.css | Out-File C:\$computerName`_SystemInfo_InstalledPrograms32Bit.html
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate |ConvertTo-Html -CssUri table.css| Out-File C:\$computerName`_SystemInfo_InstalledPrograms64Bit.html
#Get-CimInstance -class Win32_Product| Select-Object Name,Vendor,Version | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get NTP server setting
Write-Output "NTP Settings" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-ItemProperty -path Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters|Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get Run Key Value from Registry
Write-Output "Run Key" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-ItemProperty -Path Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Test for Internet Connectivity
Write-Output "Testing for External Internet Connectivity" | Out-File -Append C:\$computerName`_SystemInfo.txt
format
$return = testInternet
if ($return -eq 200)
{
Write-Output "The host was able to reach Google.ca Successfully" | Out-File -Append C:\$computerName`_SystemInfo.txt
}
else
{
Write-Output "The host failed to reach Google.ca" | Out-File -Append C:\$computerName`_SystemInfo.txt
}
format
#Get a List of Ports Listening
Write-Output "List of Open Ports on the System"|Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-NetTCPConnection -State Listen | Select-Object LocalAddress,LocalPort,State | Sort-Object LocalPort -Descending | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Check for Unknown Processes Running on System
Write-Output "List of Unknown Processes Running on the Sytem" | Out-File -Append C:\$computerName`_SystemInfo.txt
checkProcessVendor | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get a list of Local Accounts
Write-Output "List of Local Account on System"|Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-LocalUser| Select-Object Name,Enabled,PasswordExpires,PasswordLastSet,PasswordRequired,AccountExpires | Out-File -Append C:\$computerName`_SystemInfo.txt
format
#Get a list of Startup Programs
Write-Output "List of Startup Programs"|Out-File -Append C:\$computerName`_SystemInfo.txt
format
Get-CimInstance -class Win32_StartupCommand | Out-File -Append C:\$computerName`_SystemInfo.txt
#Compress Everything and put files in a ZIP Folder and remove the files created on C:\.
Compress-Archive -LiteralPath C:\table.css,C:\$computerName`_SystemInfo.txt,C:\$computerName`_SystemInfo_RunningProcesses.html,C:\$computerName`_SystemInfo_InstalledPrograms32Bit.html,C:\$computerName`_SystemInfo_InstalledPrograms64Bit.html -DestinationPath C:\$computerName`_SystemInfo.zip -Force
Remove-Item -LiteralPath C:\table.css,C:\$computerName`_SystemInfo.txt,C:\$computerName`_SystemInfo_RunningProcesses.html,C:\$computerName`_SystemInfo_InstalledPrograms32Bit.html,C:\$computerName`_SystemInfo_InstalledPrograms64Bit.html