aaron/flipper-zero-stuff
aaron/flipper-zero-stuff
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
flipper-zero-stuff/badusb/BadUSB-MarkCyber/HackStuff/VulnerabilityScanner.txt
aaron ab68519384 commit muder
2024-08-14 08:38:30 -07:00

631 lines
12 KiB
Plaintext
Raw Permalink Blame History

REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script was created by github.com/MarkCyber %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This script acts as a plug-in vulnerability scanner. Only use with permission %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This will require a secondary USB named as "MYUSB" to save all information onto %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% This will find information on the following and save results in a results.txt file %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Info on: password policy, audit services, network settings, softwares and versions, CVEs %%%%%%%%%%%%%%
REM %%%%%%%%%%%%% Info on: open ports, firewall status, antivirus status, smbv1 status, missing updates & more %%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
REM %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
DELAY 1000
REM Open Start Menu
CONTROL ESCAPE
DELAY 2000
STRING powershell
REM Navigate to the context menu to run PowerShell as an administrator
DELAY 500
RIGHTARROW
DELAY 100
DOWNARROW
DELAY 100
ENTER
DELAY 3000
ALT Y
DELAY 5000
REM Set PowerShell Execution Policy to Bypass
DELAY 1000
STRING set-executionpolicy bypass -scope process -force
DELAY 200
ENTER
DELAY 200
REM Create the PowerShell script in memory and execute it
DELAY 200
STRING $usbName = "MYUSB"
DELAY 200
ENTER
DELAY 200
STRING $usbDrive = Get-WmiObject Win32_Volume | Where-Object { $_.Label -eq $usbName } | Select-Object -ExpandProperty DriveLetter
DELAY 200
ENTER
DELAY 200
STRING if ($usbDrive) {
DELAY 200
ENTER
DELAY 200
STRING $owner = (Get-WmiObject Win32_ComputerSystem).UserName
DELAY 200
ENTER
DELAY 200
STRING $directoryPath = Join-Path -Path $usbDrive -ChildPath $owner
DELAY 200
ENTER
DELAY 200
STRING New-Item -ItemType Directory -Path $directoryPath
DELAY 200
ENTER
DELAY 200
STRING $resultsFilePath = Join-Path -Path $directoryPath -ChildPath "results.txt"
DELAY 200
ENTER
DELAY 200
STRING "" > $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING function check-passwordpolicy {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING net accounts
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking password policy: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function audit-services {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-service | select-object name, displayname, status, starttype
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error auditing services: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-networksettings {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-netipconfiguration
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking network settings: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-softwarevulnerabilities {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-itemproperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | select-object displayname, displayversion, publisher
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking software vulnerabilities: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-cve {
DELAY 200
ENTER
DELAY 200
STRING param (
DELAY 200
ENTER
DELAY 200
STRING [string]$productname,
DELAY 200
ENTER
DELAY 200
STRING [string]$version
DELAY 200
ENTER
DELAY 200
STRING )
DELAY 200
ENTER
DELAY 200
STRING $initialDelay = 2
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING $uri = "https://services.nvd.nist.gov/rest/json/cves/1.0?keyword=$productname+$version"
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING $response = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($response.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $response.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking CVEs: $_"
DELAY 200
ENTER
DELAY 200
STRING if ($_.Exception -match '403') {
DELAY 200
ENTER
DELAY 200
STRING write-output "403 Forbidden error encountered. Retrying in 60 seconds..."
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds 60
DELAY 200
ENTER
DELAY 200
STRING $retryResponse = invoke-restmethod -uri $uri -method get
DELAY 200
ENTER
DELAY 200
STRING if ($retryResponse.totalresults -gt 0) {
DELAY 200
ENTER
DELAY 200
STRING foreach ($cve in $retryResponse.result.cve_items) {
DELAY 200
ENTER
DELAY 200
STRING "$($cve.cve.cve_data_meta.id) - $($cve.cve.description.description_data[0].value)"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING "no cves found for $productname $version"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function analyze-logs {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-eventlog -logname system -newest 100
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error analyzing logs: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-openports {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netstat -an
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking open ports: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-missingupdates {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING write-output "Checking Windows Update logs..."
DELAY 200
ENTER
DELAY 200
STRING $updateLogPath = Join-Path -Path $directoryPath -ChildPath "WindowsUpdate.log"
DELAY 200
ENTER
DELAY 200
STRING Get-WindowsUpdateLog -LogPath $updateLogPath
DELAY 200
ENTER
DELAY 200
STRING write-output "WindowsUpdate.log written to $updateLogPath"
DELAY 200
ENTER
DELAY 200
STRING Remove-Item -Path "C:\Users\$env:USERNAME\AppData\Local\Temp\WindowsUpdateLog\*" -Recurse -Force
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error getting Windows Update log: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-firewallstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING netsh advfirewall show allprofiles
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking firewall status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-smbv1status {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-windowsoptionalfeature -online -featurename smb1protocol
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking SMBv1 status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING function check-antivirusstatus {
DELAY 200
ENTER
DELAY 200
STRING try {
DELAY 200
ENTER
DELAY 200
STRING get-mpcomputerstatus
DELAY 200
ENTER
DELAY 200
STRING } catch {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error checking antivirus status: $_"
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING check-passwordpolicy >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING audit-services >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-networksettings >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-softwarevulnerabilities >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING analyze-logs >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-openports >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-missingupdates >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-firewallstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-smbv1status >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING check-antivirusstatus >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
REM Dynamically identify critical software from running processes and scheduled tasks
STRING $runningSoftware = Get-Process | Select-Object Name | Sort-Object Name -Unique
DELAY 200
ENTER
DELAY 200
STRING $scheduledTasks = schtasks /query /fo CSV | ConvertFrom-Csv | Select-Object TaskName, TaskToRun | Sort-Object TaskToRun -Unique
DELAY 200
ENTER
DELAY 200
REM Combine running software and scheduled tasks
STRING $softwareList = @()
DELAY 200
ENTER
DELAY 200
STRING foreach ($process in $runningSoftware) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += $process.Name
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING foreach ($task in $scheduledTasks) {
DELAY 200
ENTER
DELAY 200
STRING $softwareList += [System.IO.Path]::GetFileNameWithoutExtension($task.TaskToRun)
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
REM Remove duplicates and empty entries
STRING $softwareList = $softwareList | Sort-Object -Unique | Where-Object { $_ -ne "" }
DELAY 200
ENTER
DELAY 200
REM Check CVEs for identified software
STRING foreach ($software in $softwareList) {
DELAY 200
ENTER
DELAY 200
STRING $version = (Get-ItemProperty hklm:\software\wow6432node\microsoft\windows\currentversion\uninstall\* | Where-Object { $_.DisplayName -eq $software }).DisplayVersion
DELAY 200
ENTER
DELAY 200
STRING if ($version) {
DELAY 200
ENTER
DELAY 200
STRING check-cve -productname $software -version $version >> $resultsFilePath
DELAY 200
ENTER
DELAY 200
STRING $initialDelay += (Get-Random -Minimum 5 -Maximum 10)
DELAY 200
ENTER
DELAY 200
STRING start-sleep -seconds $initialDelay
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING write-output "Results saved to USB drive."
DELAY 200
ENTER
DELAY 200
STRING } else {
DELAY 200
ENTER
DELAY 200
STRING write-output "Error: USB drive MYUSB not found."
DELAY 200
ENTER
DELAY 200
STRING }
DELAY 200
ENTER
DELAY 200
STRING invoke-command -scriptblock $script
DELAY 200
ENTER
DELAY 20000
REM check out github.com/markcyber for more badusb/pen testing scripts and tools
Reference in a new issue View git blame Copy permalink