Tips-Of-Mine/Harden-Sysvol
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dakhama mehdi 319c79293a
Update README.md
2024-11-10 00:24:58 +01:00
.github
Update FUNDING.yml
2024-11-08 19:48:27 +01:00
Exemples_HTML
Add files via upload
2024-10-30 00:47:58 +01:00
Pictures
Add files via upload
2024-10-29 23:59:26 +01:00
LICENSE
Initial commit
2024-05-14 15:22:35 +02:00
README.md
Update README.md
2024-11-10 00:24:58 +01:00

README.md

HardenSysvol: Scan Sysvol Vulnerabilities in Active Directory

License: MIT PowerShell Status: In Progress PowerShell Gallery PowerShell Gallery Version

Support this project ❤️ PayPal

🚧 Project Status: In Progress

Description

Hardensysvol is a PowerShell module designed to enhance Active Directory (AD) security by analyzing and detecting threats within the Sysvol folder. It scans for sensitive keywords, identifies suspicious files, and generates a detailed HTML report for easier filtering.

Easy to use, with only two commands to install and run scans supporting over 50 extensions, binary checks for more than 40 types, and more.

Hardensysvol can be used for AD audits or pentesting, complementing existing solutions such as PingCastle, PurpleKnight, and GPOZaurr.

View Example HTML Page

Key Features of Hardensysvol

Feature Description Supported File Types
Binary Comparison Analyzes and compares well-known binaries with the ability to extend to additional signatures to detect suspicious files. All binary types (EXE, DLL, MSI, etc.) with customizable signature extension.
Keyword Search Searches for sensitive keywords such as passwords and usernames across a wide variety of files. Pdf, docx, xlsx, doc, xls, pptx, ods, odt, odp, bat, reg, ps1, vbs, py, xml, and other scripts.
Certificate Verification Verifies certificates protected by password or containing exportable private keys. PFX, CER, DER, PEM, P7B certificates.
Steganography Analyzes images to detect hidden files by searching for file signatures like EXE, ZIP, etc. Images (JPEG, PNG, BMP, GIF, etc.) and hidden files (EXE, MSI, ZIP, RAR, 7z).
File Signature Verification Verifies file signatures for security compliance, including detection of password-protected ZIP files. MSI, EXE, DLL, JAR, MSU, CAB, and ZIP (password-protected).

Requirements

  • PowerShell: 5.1 or higher.
  • Permissions: The tool can be run by any standard account on the domain.
  • Compatibility: Works with Windows Server environments and Windows 10/11

Installation from Powershell Gallery

Run the following command in PowerShell:

Install-Module -Name HardenSysvol -Scope CurrentUser -Force

To launch the scan

Invoke-HardenSysvol

Frequently Used Example

Invoke-HardenSysvol -Addpattern admin -Addextension adml,admx,adm
Invoke-HardenSysvol -Allextensions

Parameters

Parameter Explanation Example
Addpattern Adds custom keywords to search for that are not present by default. -Addpattern admins,@mydomain,hack
Removepattern Removes a keyword from the default search list. -Removepattern ipv4,sha1,password
Addextension Adds an additional file extension to include in the search. -Addextension adml,admx,adm
Ignoreextension Excludes a default extension from the search. -Ignoreextension pdf,bat,ps1
Allextensions Scans all file types without any exceptions. -Allextensions
DnsDomain Targets a specific child domain or Domain Controller (DC). -Dnsdomain dc-2 or -Dnsdomain domain.local
Custompatterns Allows the use of a custom pattern file, as long as it follows the original .xml format. -Custompatterns C:\temp\custom.xml

The following file types, extensions, and patterns are checked by default for integrity and sensitive information:

Category Details
Default Extensions bat, bmp, cab, class, csproj, config, csv, cer, der, doc, docx, dll, exe, gif, gz, html, ico, ini, jar, jpg, jpeg, jp2, msi, msu, mp3, odp, ods, odt, otf, ott, p7b, p7c, pdf, pfx, png, pol, pptx, ppt, py, ps1, psm1, rar, rdp, reg, rtf, tar, tif, txt, vbs, xls, xlsx, xml, vbsx, webp, zip, 7z,kdb ,db
Default Pattern Check accesskey, auth, credentials, cred, identifiant, mdp, mdpass, motdepasse, private-key, pwd, secret, ssh-key, token, login, apikey, password, securestring, md5,SHA-1, SHA-256, SHA-512, net user,ipv4
Magic Numbers "doc", "xls", "msi", "ppt", "vsd", "db", "msg", "xla", "apr", "dot", "suo","epub", "docx", "xlsx", "pptx", "odp", "ods", "jar","odt", "zip", "ott","vsdx", "xps", "kmz", "kwd", "oxps", "sxc", "sxd", "sxi", "sxw", "xpi","msix", "exe", "bin", "dll", "IDX_DLL", "sys", "tlb", "ocx", "olb", "odf","rll", "rar", "7z", "png", "pdf", "jpg", "jpeg", "gif", "tif", "ico","class", "msu", "cab", "bmp", "p7b", "p7c", "p7s", "cer", "pfx", "der","pem", "otf", "webp", "avi", "wav", "tar", "jp2", "kdb", "kdbx", "rtf","mpg", "mpeg", "mp4", "ogg", "flac", "mkv", "webm", "vmdk", "pst", "mdb","eps", "sln", "123", "ttf", "tgz", "gz", "hqx", "mxf", "oga", "ogv", "ogx","p10", "ai", "fdf", "msf", "fm", "tpl", "wk4", "wk3", "wk1", "nsf", "ntf","org", "lwp", "sam", "mif", "asf", "wma", "wmv", "chm", "wks", "qxd", "mmf","cap", "dmp", "wpd", "xar", "spf", "dtd", "amr","au", "m4a", "koz", "mp3","fits", "tiff", "psd", "dwg", "hdr", "wmf", "eml", "vcf", "dms", "3g2", "3gp", "m4v", "mov", "cpt", "vcd", "csh", "rpm", "swf", "sit", "xz", "mid", "midi", "aiff", "ram", "rm", "ra", "pgm", "sqlite", "rgb"
Description
No description provided
Readme 4 MiB
Languages
PowerShell 100%