REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%% REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%% REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%% REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%% REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%% REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%% REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% DELAY 1000 REM Open Start Menu CONTROL ESCAPE DELAY 2000 STRING powershell REM Navigate to the context menu to run PowerShell as an administrator DELAY 500 RIGHTARROW DELAY 100 DOWNARROW DELAY 100 ENTER DELAY 3000 ALT Y DELAY 5000 REM Set PowerShell Execution Policy to Bypass DELAY 1000 STRING set-executionpolicy bypass -scope process -force DELAY 200 ENTER DELAY 200 REM Create the PowerShell script in memory and execute it DELAY 200 STRING $usbName = "MYUSB" DELAY 200 ENTER DELAY 200 STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter DELAY 200 ENTER DELAY 200 STRING if ($usbDrive) { DELAY 200 ENTER DELAY 200 STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName DELAY 200 ENTER DELAY 200 STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner DELAY 200 ENTER DELAY 200 STRING New-Item -ItemType Directory -Path $directoryPath DELAY 200 ENTER DELAY 200 STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt" DELAY 200 ENTER DELAY 200 STRING "" > $resultsFilePath DELAY 200 ENTER DELAY 200 STRING function check-passwordpolicy { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING net accounts DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking password policy: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function audit-services { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING get-service | select-object name, displayname, status, starttype DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error auditing services: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-networksettings { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING get-netipconfiguration DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking network settings: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-softwarevulnerabilities { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking software vulnerabilities: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-cve { DELAY 200 ENTER DELAY 200 STRING param ( DELAY 200 ENTER DELAY 200 STRING [string]$productname, DELAY 200 ENTER DELAY 200 STRING [string]$version DELAY 200 ENTER DELAY 200 STRING ) DELAY 200 ENTER DELAY 200 STRING $initialDelay = 2 DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version" DELAY 200 ENTER DELAY 200 STRING start-sleep -seconds $initialDelay DELAY 200 ENTER DELAY 200 STRING $response = invoke-restmethod -uri $uri -method get DELAY 200 ENTER DELAY 200 STRING if ($response.totalresults -gt 0) { DELAY 200 ENTER DELAY 200 STRING foreach ($cve in $response.result.cve_items) { DELAY 200 ENTER DELAY 200 STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } else { DELAY 200 ENTER DELAY 200 STRING "no cves found for $productname $version" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking CVEs: $_" DELAY 200 ENTER DELAY 200 STRING if ($_.Exception -match '403') { DELAY 200 ENTER DELAY 200 STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..." DELAY 200 ENTER DELAY 200 STRING start-sleep -seconds 60 DELAY 200 ENTER DELAY 200 STRING $retryResponse = invoke-restmethod -uri $uri -method get DELAY 200 ENTER DELAY 200 STRING if ($retryResponse.totalresults -gt 0) { DELAY 200 ENTER DELAY 200 STRING foreach ($cve in $retryResponse.result.cve_items) { DELAY 200 ENTER DELAY 200 STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } else { DELAY 200 ENTER DELAY 200 STRING "no cves found for $productname $version" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function analyze-logs { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING get-eventlog -logname system -newest 100 DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error analyzing logs: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-openports { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING netstat -an DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking open ports: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-missingupdates { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING write-output "Checking Windows Update logs..." DELAY 200 ENTER DELAY 200 STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log" DELAY 200 ENTER DELAY 200 STRING Get-WindowsUpdateLog -LogPath $updateLogPath DELAY 200 ENTER DELAY 200 STRING write-output "WindowsUpdate.log written to $updateLogPath" DELAY 200 ENTER DELAY 200 STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error getting Windows Update log: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-firewallstatus { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING netsh advfirewall show allprofiles DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking firewall status: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-smbv1status { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING get-windowsoptionalfeature -online -featurename smb1protocol DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking SMBv1 status: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING function check-antivirusstatus { DELAY 200 ENTER DELAY 200 STRING try { DELAY 200 ENTER DELAY 200 STRING get-mpcomputerstatus DELAY 200 ENTER DELAY 200 STRING } catch { DELAY 200 ENTER DELAY 200 STRING write-output "Error checking antivirus status: $_" DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING check-passwordpolicy >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING audit-services >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-networksettings >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-softwarevulnerabilities >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING analyze-logs >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-openports >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-missingupdates >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-firewallstatus >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-smbv1status >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING check-antivirusstatus >> $resultsFilePath DELAY 200 ENTER DELAY 200 REM Dynamically identify critical software from running processes and scheduled tasks STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique DELAY 200 ENTER DELAY 200 STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique DELAY 200 ENTER DELAY 200 REM Combine running software and scheduled tasks STRING $softwareList = @() DELAY 200 ENTER DELAY 200 STRING foreach ($process in $runningSoftware) { DELAY 200 ENTER DELAY 200 STRING $softwareList += $process.Name DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING foreach ($task in $scheduledTasks) { DELAY 200 ENTER DELAY 200 STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun) DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 REM Remove duplicates and empty entries STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" } DELAY 200 ENTER DELAY 200 REM Check CVEs for identified software STRING foreach ($software in $softwareList) { DELAY 200 ENTER DELAY 200 STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion DELAY 200 ENTER DELAY 200 STRING if ($version) { DELAY 200 ENTER DELAY 200 STRING check-cve -productname $software -version $version >> $resultsFilePath DELAY 200 ENTER DELAY 200 STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10) DELAY 200 ENTER DELAY 200 STRING start-sleep -seconds $initialDelay DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING write-output "Results saved to USB drive." DELAY 200 ENTER DELAY 200 STRING } else { DELAY 200 ENTER DELAY 200 STRING write-output "Error: USB drive MYUSB not found." DELAY 200 ENTER DELAY 200 STRING } DELAY 200 ENTER DELAY 200 STRING invoke-command -scriptblock $script DELAY 200 ENTER DELAY 20000 REM check out github.com/markcyber for more badusb/pen testing scripts and tools