From c3947196d026bedc4983ce138ca325be52acfefe Mon Sep 17 00:00:00 2001 From: Scott Sutherland Date: Tue, 5 Apr 2022 20:39:34 -0500 Subject: [PATCH] Create README.md --- README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..9cf1b65 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +# PowerHuntShares +PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers. +It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights to help naturally group related share to help stream line remediation efforts at scale. + +It supports functionality to: +* Authenticate using the current user context, a credential, or clear text user/password. +* Discover accessible systems associated with an Active Directory domain automatically. It will also filter Active Directory computers based on available open ports. +* Target a single computer, list of computers, or discovered Active Directory computers (default). +* Collect SMB share ACL information from target computers using PowerShell. +* Analyze collected Share ACL data. +* Report summary reports and excessive privilege details in HTML and CSV file formats. + +Excessive SMB share ACLs are a systemic problem that all organizations struggle with and almost none have solved. The goal of this project is to provide a proof concept that will work towards better inferences that can help the blue team prioritize the remeidation of potentially a hundred thousand or more excessive Share ACLS. + +Author
+Scott Sutherland (@_nullbind)
+ +License
+BSD 3-Clause + +Primary Todo +-- +**Fixes** +* TBD + +**Features** +*TBD + + + + + + + + + + +