Tips-Of-Mine/Powershell
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Powershell/cybersecurity/Network Reputation Service/readme-en.md

8.0 KiB
Raw Permalink Blame History

🛡️ Firewall Audit - Network Reputation Service

Version PowerShell License

A professional PowerShell audit tool to evaluate your firewall's filtering effectiveness by testing categorized URLs based on their network reputation.

📋 Table of Contents

🎯 Overview

This PowerShell script tests your firewall's effectiveness by verifying that malicious URLs are correctly blocked while legitimate sites remain accessible. It generates a professional HTML report with scoring, statistics, and recommendations.

Author: Hubert Cornet
Version: 1.3
Date: September 3, 2025

Features

  • 🔍 Automated testing of hundreds of categorized URLs
  • 📊 Smart scoring with grades from A+ to F
  • 📱 Responsive HTML report with interactive interface
  • 🔧 Proxy support with authentication
  • Real-time progress bars
  • 🎨 Color-coded visualizations of results
  • 💾 JSON export of raw data
  • 🌐 Multi-method detection of blocks

📋 Prerequisites

System Requirements

  • Windows 10/11 or Windows Server 2016+
  • PowerShell 5.1 or higher
  • Active Internet connection
  • Write permissions in the script directory

PowerShell Modules (installed automatically)

  • PSWriteHTML
  • PSWriteColor

Required Files

  • file-nrs.json - Categorized URLs database

🚀 Installation

  1. Download the script to a dedicated folder
  2. Download the JSON file from: 
    https://gitea.tips-of-mine.com/Tips-Of-Mine/Powershell/src/branch/main/cybersecurity/Network%20Reputation%20Service/file-nrs.json
  3. Place both files in the same directory

💻 Usage

Basic Usage

.\AuditFirewall.ps1

With Proxy

.\AuditFirewall.ps1 -ProxyUrl "http://proxy.company.com:8080"

With Proxy Authentication

.\AuditFirewall.ps1 -ProxyUrl "http://proxy.company.com:8080" -ProxyUseAuthentication

With Custom Timeout

.\AuditFirewall.ps1 -TimeoutSeconds 15

⚙️ Configuration

Available Parameters

Parameter Type Description Default
ProxyUrl String Network proxy URL None
ProxyUseAuthentication Switch Enable proxy auth False
TimeoutSeconds Integer Timeout per URL 10

Customizing Block Keywords

Modify the $BlockKeywords variable in the script:

$BlockKeywords = @("site blocked", "access denied", "web filtering", "Access Denied", "Site Blocked")

📊 Generated Report

The script automatically generates:

📁 Output File Structure

Reports/
└── [Date and Time]/
    ├── Audit_Firewall_Report.html    # Main report
    └── Results.json                   # Raw data

🎨 HTML Report Content

  • Executive Summary: Global score and key statistics
  • Score Table: Performance by category
  • Interactive Details: Individual tests by URL
  • Grading Scale: Scoring system explanation

📁 Data Structure

file-nrs.json Format

{
  "categorie": [
    {
      "id": "malware",
      "nom": "Malware",
      "description": "Sites distributing malicious software",
      "urls": [
        {
          "url": "http://example-malware.com",
          "reputation": "malicious",
          "expected_action": "block"
        },
        {
          "url": "https://legitimate-site.com",
          "reputation": "safe",
          "expected_action": "allow"
        }
      ]
    }
  ]
}

Expected Actions

  • "block": URL should be blocked by firewall
  • "allow": URL should remain accessible

📈 Scoring System

Grading Scale

Grade Score Interpretation
A+ 95-100% 🟢 Excellent / Perfect
A 90-95% 🟢 Very good filtering level
B+ 85-90% 🟡 Very good
B 80-85% 🟡 Good, some adjustments needed
C+ 75-80% 🟠 Fairly good
C 70-75% 🟠 Average, significant gaps
D+ 65-70% 🔴 Acceptable
D 60-65% 🔴 Weak, ineffective filtering
E+ 55-60% 🔴 Very weak
E 50-55% 🔴 Insufficient
F+ 45-50% Critical
F 0-45% Immediate action required

Calculation Method

Score = (Correctly filtered URLs / Total tested URLs) × 100

🔍 Detection Methods

How the script detects blocks:

  1. Content Analysis: Search for block page keywords
  2. Network Timeouts: Requests that expire (probable firewall block)
  3. Connection Errors: Unable to reach the server
  4. HTTP Status Codes: Analysis of server responses

Simulated HTTP Headers:

The script simulates a modern browser to avoid detection:

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...
Accept: text/html,application/xhtml+xml,application/xml...
Accept-Language: fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7

🔧 Troubleshooting

Common Issues

"File 'file-nrs.json' does not exist!"

Solution: Download the JSON file from the provided link and place it in the same folder as the script.

"Cannot install module X"

Solution: Run PowerShell as administrator or use:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

Frequent Timeouts

Solutions:

  • Increase -TimeoutSeconds value
  • Check your network connection
  • Configure proxy settings correctly

False Positives/Negatives

Solutions:

  • Update block keywords
  • Verify firewall configuration
  • Adapt JSON file to your environment

🏢 Recommended Use Cases

📅 Periodic Usage

  • Monthly audit of firewall effectiveness
  • Validation after rule updates
  • Benchmarking between security solutions

👥 Management Reporting

  • Dashboards for IT management
  • Measurable security KPIs
  • Investment justification for security

🔧 Configuration Testing

  • Validation after network changes
  • Regression testing of firewall rules
  • Security compliance audit

⚠️ Technical Limitations

Points of Attention:

  • Sequential Testing: No parallelization (can be slow)
  • Basic Detection: Relies on predefined keywords
  • False Positives: Legitimate sites temporarily inaccessible
  • Security: Script actually contacts tested URLs

Best Practices:

  1. 🕐 Run during off-peak hours
  2. 📊 Analyze results in context
  3. 🔄 Keep JSON file updated
  4. 📈 Track score evolution over time

🤝 Contributing

To Contribute:

  1. Fork the project
  2. Create your feature branch
  3. Commit your changes
  4. Push to the branch
  5. Open a Pull Request

Improvement Ideas:

  • Test parallelization for better performance
  • More sophisticated block page detection
  • External reputation database support
  • Graphical interface for configuration
  • Threat intelligence API integration

🎯 Roadmap

Version 1.4 (planned)

  • Parallel testing for improved performance
  • Custom SSL certificate support
  • Email notifications for results

Version 2.0 (future)

  • Web interface for configuration
  • SIEM solution integration
  • REST API for automation

📞 Support

For help or to report issues:

  • 📧 Contact the author: Hubert Cornet
  • 🐛 Open an issue on the project repository
  • 📚 Consult the technical documentation

📄 License

This project is under MIT license. See the LICENSE file for more details.

If this script was useful to you, feel free to give it a star!

Last updated: September 3, 2025