Tips-Of-Mine/Powershell
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "cybersecurity/Network Reputation Service"

Browse Source
This commit is contained in:
Hubert Cornet
2025-09-04 13:26:42 +02:00
parent dbce1cb2a3
commit ed4c37af89
7 changed files with 2065 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

295
cybersecurity/Network Reputation Service/readme-en.md Normal file
View File

@@ -0,0 +1,295 @@
# 🛡️ Firewall Audit - Network Reputation Service
![Version](https://img.shields.io/badge/version-1.3-blue.svg)
![PowerShell](https://img.shields.io/badge/PowerShell-5.1+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
A professional PowerShell audit tool to evaluate your firewall's filtering effectiveness by testing categorized URLs based on their network reputation.
## 📋 Table of Contents
- [Overview](#-overview)
- [Features](#-features)
- [Prerequisites](#-prerequisites)
- [Installation](#-installation)
- [Usage](#-usage)
- [Configuration](#-configuration)
- [Generated Report](#-generated-report)
- [Data Structure](#-data-structure)
- [Scoring System](#-scoring-system)
- [Troubleshooting](#-troubleshooting)
- [Contributing](#-contributing)
- [License](#-license)
## 🎯 Overview
This PowerShell script tests your firewall's effectiveness by verifying that malicious URLs are correctly blocked while legitimate sites remain accessible. It generates a professional HTML report with scoring, statistics, and recommendations.
**Author:** Hubert Cornet
**Version:** 1.3
**Date:** September 3, 2025
## ✨ Features
- 🔍 **Automated testing** of hundreds of categorized URLs
- 📊 **Smart scoring** with grades from A+ to F
- 📱 **Responsive HTML report** with interactive interface
- 🔧 **Proxy support** with authentication
-**Real-time progress bars**
- 🎨 **Color-coded visualizations** of results
- 💾 **JSON export** of raw data
- 🌐 **Multi-method detection** of blocks
## 📋 Prerequisites
### System Requirements
- Windows 10/11 or Windows Server 2016+
- PowerShell 5.1 or higher
- Active Internet connection
- Write permissions in the script directory
### PowerShell Modules (installed automatically)
- `PSWriteHTML`
- `PSWriteColor`
### Required Files
- `file-nrs.json` - Categorized URLs database
## 🚀 Installation
1. **Download the script** to a dedicated folder
2. **Download the JSON file** from:
```
https://gitea.tips-of-mine.com/Tips-Of-Mine/Powershell/src/branch/main/cybersecurity/Network%20Reputation%20Service/file-nrs.json
```
3. **Place both files** in the same directory
## 💻 Usage
### Basic Usage
```powershell
.\AuditFirewall.ps1
```
### With Proxy
```powershell
.\AuditFirewall.ps1 -ProxyUrl "http://proxy.company.com:8080"
```
### With Proxy Authentication
```powershell
.\AuditFirewall.ps1 -ProxyUrl "http://proxy.company.com:8080" -ProxyUseAuthentication
```
### With Custom Timeout
```powershell
.\AuditFirewall.ps1 -TimeoutSeconds 15
```
## ⚙️ Configuration
### Available Parameters
| Parameter | Type | Description | Default |
|-----------|------|-------------|---------|
| `ProxyUrl` | String | Network proxy URL | None |
| `ProxyUseAuthentication` | Switch | Enable proxy auth | False |
| `TimeoutSeconds` | Integer | Timeout per URL | 10 |
### Customizing Block Keywords
Modify the `$BlockKeywords` variable in the script:
```powershell
$BlockKeywords = @("site blocked", "access denied", "web filtering", "Access Denied", "Site Blocked")
```
## 📊 Generated Report
The script automatically generates:
### 📁 Output File Structure
```
Reports/
└── [Date and Time]/
├── Audit_Firewall_Report.html # Main report
└── Results.json # Raw data
```
### 🎨 HTML Report Content
- **Executive Summary**: Global score and key statistics
- **Score Table**: Performance by category
- **Interactive Details**: Individual tests by URL
- **Grading Scale**: Scoring system explanation
## 📁 Data Structure
### `file-nrs.json` Format
```json
{
"categorie": [
{
"id": "malware",
"nom": "Malware",
"description": "Sites distributing malicious software",
"urls": [
{
"url": "http://example-malware.com",
"reputation": "malicious",
"expected_action": "block"
},
{
"url": "https://legitimate-site.com",
"reputation": "safe",
"expected_action": "allow"
}
]
}
]
}
```
### Expected Actions
- `"block"`: URL should be blocked by firewall
- `"allow"`: URL should remain accessible
## 📈 Scoring System
### Grading Scale
| Grade | Score | Interpretation |
|-------|--------|---------------|
| **A+** | 95-100% | 🟢 Excellent / Perfect |
| **A** | 90-95% | 🟢 Very good filtering level |
| **B+** | 85-90% | 🟡 Very good |
| **B** | 80-85% | 🟡 Good, some adjustments needed |
| **C+** | 75-80% | 🟠 Fairly good |
| **C** | 70-75% | 🟠 Average, significant gaps |
| **D+** | 65-70% | 🔴 Acceptable |
| **D** | 60-65% | 🔴 Weak, ineffective filtering |
| **E+** | 55-60% | 🔴 Very weak |
| **E** | 50-55% | 🔴 Insufficient |
| **F+** | 45-50% | ⚫ Critical |
| **F** | 0-45% | ⚫ Immediate action required |
### Calculation Method
```
Score = (Correctly filtered URLs / Total tested URLs) × 100
```
## 🔍 Detection Methods
### How the script detects blocks:
1. **Content Analysis**: Search for block page keywords
2. **Network Timeouts**: Requests that expire (probable firewall block)
3. **Connection Errors**: Unable to reach the server
4. **HTTP Status Codes**: Analysis of server responses
### Simulated HTTP Headers:
The script simulates a modern browser to avoid detection:
```
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...
Accept: text/html,application/xhtml+xml,application/xml...
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7
```
## 🔧 Troubleshooting
### Common Issues
#### ❌ "File 'file-nrs.json' does not exist!"
**Solution:** Download the JSON file from the provided link and place it in the same folder as the script.
#### ❌ "Cannot install module X"
**Solution:** Run PowerShell as administrator or use:
```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
```
#### ❌ Frequent Timeouts
**Solutions:**
- Increase `-TimeoutSeconds` value
- Check your network connection
- Configure proxy settings correctly
#### ❌ False Positives/Negatives
**Solutions:**
- Update block keywords
- Verify firewall configuration
- Adapt JSON file to your environment
## 🏢 Recommended Use Cases
### 📅 Periodic Usage
- **Monthly audit** of firewall effectiveness
- **Validation** after rule updates
- **Benchmarking** between security solutions
### 👥 Management Reporting
- **Dashboards** for IT management
- **Measurable security KPIs**
- **Investment justification** for security
### 🔧 Configuration Testing
- **Validation** after network changes
- **Regression testing** of firewall rules
- **Security compliance audit**
## ⚠️ Technical Limitations
### Points of Attention:
- **Sequential Testing**: No parallelization (can be slow)
- **Basic Detection**: Relies on predefined keywords
- **False Positives**: Legitimate sites temporarily inaccessible
- **Security**: Script actually contacts tested URLs
### Best Practices:
1. 🕐 Run during off-peak hours
2. 📊 Analyze results in context
3. 🔄 Keep JSON file updated
4. 📈 Track score evolution over time
## 🤝 Contributing
### To Contribute:
1. Fork the project
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Open a Pull Request
### Improvement Ideas:
- [ ] Test parallelization for better performance
- [ ] More sophisticated block page detection
- [ ] External reputation database support
- [ ] Graphical interface for configuration
- [ ] Threat intelligence API integration
## 🎯 Roadmap
### Version 1.4 (planned)
- [ ] Parallel testing for improved performance
- [ ] Custom SSL certificate support
- [ ] Email notifications for results
### Version 2.0 (future)
- [ ] Web interface for configuration
- [ ] SIEM solution integration
- [ ] REST API for automation
## 📞 Support
For help or to report issues:
- 📧 Contact the author: Hubert Cornet
- 🐛 Open an issue on the project repository
- 📚 Consult the technical documentation
## 📄 License
This project is under MIT license. See the `LICENSE` file for more details.
---
**⭐ If this script was useful to you, feel free to give it a star!**
---
*Last updated: September 3, 2025*