Tips-Of-Mine/Harden-Sysvol
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Harden-Sysvol/README.md
Dakhama mehdi 266765f1bd
Update README.md
2024-11-08 13:56:17 +01:00

75 lines
6.7 KiB
Markdown
Raw Blame History

# HardenSysvol: Scan Sysvol Vulnerabilities in Active Directory
![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)
![PowerShell](https://img.shields.io/badge/PowerShell-5.1.0%2B-blue.svg)
![Status: In Progress](https://img.shields.io/badge/Status-In%20Progress-orange)
![PowerShell Gallery](https://img.shields.io/powershellgallery/dt/Hardensysvol?color=orange&label=Download%20Powershell%20Gallery)
![PowerShell Gallery Version](https://img.shields.io/powershellgallery/v/Hardensysvol)
Support this project ❤️ [PayPal](https://www.paypal.com/paypalme/mdunca13)
## 🚧 Project Status: In Progress
## Description
*Hardensysvol* is a PowerShell module designed to enhance Active Directory (AD) security by analyzing and detecting threats within the Sysvol folder. It scans for sensitive keywords, identifies suspicious files, and generates a detailed HTML report for easier filtering.
Easy to use, with only two commands to install and run scans supporting over 50 extensions, binary checks for more than 40 types, and more.
Hardensysvol can be used for AD audits or pentesting, complementing existing solutions such as PingCastle, PurpleKnight, and GPOZaurr.
<a href="https://dakhama-mehdi.github.io/Harden-Sysvol/Exemples_HTML/hardensysvol.html#Tab-zqtd4y6c" target="_blank">View Example HTML Page</a>
## Key Features of Hardensysvol
| **Feature** | **Description** | **Supported File Types** |
|-------------------------------------|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
| **Binary Comparison** | Analyzes and compares well-known binaries with the ability to extend to additional signatures to detect suspicious files. | All binary types (EXE, DLL, MSI, etc.) with customizable signature extension. |
| **Keyword Search** | Searches for sensitive keywords such as passwords and usernames across a wide variety of files. | Pdf, docx, xlsx, doc, xls, pptx, ods, odt, odp, bat, reg, ps1, vbs, py, xml, and other scripts. |
| **Certificate Verification** | Verifies certificates protected by password or containing exportable private keys. | PFX, CER, DER, PEM, P7B certificates. |
| **Steganography** | Analyzes images to detect hidden files by searching for file signatures like EXE, ZIP, etc. | Images (JPEG, PNG, BMP, GIF, etc.) and hidden files (EXE, MSI, ZIP, RAR, 7z). |
| **File Signature Verification** | Verifies file signatures for security compliance, including detection of password-protected ZIP files. | MSI, EXE, DLL, JAR, MSU, CAB, and ZIP (password-protected). |
## Requirements
- **PowerShell**: 5.1 or higher.
- **Permissions**: The tool can be run by any standard account on the domain.
- **Compatibility**: Works with Windows Server environments and Windows 10/11
## Installation from Powershell Gallery
Run the following command in PowerShell:
```powershell
Install-Module -Name HardenSysvol -Scope CurrentUser -Force
````
### To launch the scan
```powershell
Invoke-HardenSysvol
````
### Frequently Used Example
```powershell
Invoke-HardenSysvol -Addpattern admin -Addextension adml,admx,adm
Invoke-HardenSysvol -Allextensions
````
### Parameters
| Parameter | Explanation | Example |
|----------------|-----------------------------------------------------------------------------------------------------------|-------------------------------------------------|
| Addpattern | Adds custom keywords to search for that are not present by default. | `-Addpattern admins,@mydomain,hack` |
| Removepattern | Removes a keyword from the default search list. | `-Removepattern ipv4,sha1,password` |
| Addextension | Adds an additional file extension to include in the search. | `-Addextension adml,admx,adm` |
| Ignoreextension| Excludes a default extension from the search. | `-Ignoreextension pdf,bat,ps1` |
| Allextensions | Scans all file types without any exceptions. | `-Allextensions` |
| DnsDomain | Targets a specific child domain or Domain Controller (DC). | `-Dnsdomain dc-2` or `-Dnsdomain domain.local` |
| Custompatterns | Allows the use of a custom pattern file, as long as it follows the original .xml format. | `-Custompatterns C:\temp\custom.xml` |
The following file types, extensions, and patterns are checked by default for integrity and sensitive information:
| Category | Details |
|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| **Magic Numbers** | `doc`, `xls`, `msi`, `ppt`, `vsd`, `docx`, `xlsx`, `pptx`, `odp`, `ods`, `jar`, `odt`, `zip`, `ott`, `vsdx`, `exe`, `dll`, `rar`, `zip`, `7z`, `png`, `pdf`, `jpg`, `jpeg`, `gif`, `tif`, `ico`, `class`, `msu`, `cab`, `bmp`, `p7b`, `p7c`, `cer`, `pfx`, `der`, `pem`, `otf`, `webp`, `mp3`, `gz`, `tar`, `jp2`, `rtf`,`db`,`kdbx` |
| **Default Extensions** | `bat`, `bmp`, `cab`, `class`, `csproj`, `config`, `csv`, `cer`, `der`, `doc`, `docx`, `dll`, `exe`, `gif`, `gz`, `html`, `ico`, `ini`, `jar`, `jpg`, `jpeg`, `jp2`, `msi`, `msu`, `mp3`, `odp`, `ods`, `odt`, `otf`, `ott`, `p7b`, `p7c`, `pdf`, `pfx`, `png`, `pol`, `pptx`, `ppt`, `py`, `ps1`, `psm1`, `rar`, `rdp`, `reg`, `rtf`, `tar`, `tif`, `txt`, `vbs`, `xls`, `xlsx`, `xml`, `vbsx`, `webp`, `zip`, `7z`,`kdb` ,`db` |
| **Default Pattern Check** | `accesskey`, `auth`, `credentials`, `cred`, `identifiant`, `mdp`, `mdpass`, `motdepasse`, `private-key`, `pwd`, `secret`, `ssh-key`, `token`, `login`, `apikey`, `password`, `securestring`, `md5`,`SHA-1`, `SHA-256`, `SHA-512`, `net user`,`ipv4` |
Reference in New Issue View Git Blame Copy Permalink