A quick script to check for vulnerable drivers. Compares drivers on system with list from loldrivers.io

check_vulnerabledrivers.ps1

# Simple script to check drivers in C:\windows\system32\drivers against the loldrivers list
# Author: Oddvar Moe - @oddvar.moe

$drivers = get-childitem -Path c:\windows\system32\drivers
$web_client = new-object system.net.webclient
$loldrivers = $web_client.DownloadString(" https://www.loldrivers.io/api/drivers.json") | ConvertFrom-Json

Write-output("Checking {0} drivers in C:\windows\system32\drivers against loldrivers.io json file" -f $drivers.Count)
foreach ($lol in $loldrivers.KnownVulnerableSamples)
{
    # Check for matching driver name
    if($drivers.Name -contains $lol.Filename)
    {
        #CHECK HASH
        $Hash = Get-FileHash -Path "c:\windows\system32\drivers\$($lol.Filename)"
        if($lol.Sha256 -eq $Hash.Hash)
        {
            write-output("The drivername {0} is vulnerable with a matching SHA256 hash of {1}" -f $lol.Filename, $lol.SHA256)
        }
    }
}

ConvertFrom-Json : Cannot convert the JSON string because a dictionary that was converted from the string contains the 
duplicated keys 'init' and 'INIT'.
At line:6 char:91
+ ... ing(" https://www.loldrivers.io/api/drivers.json") | ConvertFrom-Json
+                                                          ~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [ConvertFrom-Json], InvalidOperationException
    + FullyQualifiedErrorId : DuplicateKeysInJsonString,Microsoft.PowerShell.Commands.ConvertFromJsonCommand

just edit line

$loldrivers = $web_client.DownloadString(" https://www.loldrivers.io/api/drivers.json") | ConvertFrom-Json

with

$loldrivers = $web_client.DownloadString("https://www.loldrivers.io/api/drivers.json") | ConvertFrom-Json

a mi me funciono asi.

$drivers = Get-ChildItem -Path C:\windows\system32\drivers
$web_client = New-Object System.Net.WebClient
$jsonString = $web_client.DownloadString("https://www.loldrivers.io/api/drivers.json")
$jsonString = $jsonString -replace '"INIT"','"init"'
$loldrivers = $jsonString | ConvertFrom-Json

Write-Host ("Checking {0} drivers in C:\windows\system32\drivers against loldrivers.io json file" -f $drivers.Count) -ForegroundColor yellow

foreach ($lol in $loldrivers.KnownVulnerableSamples)
{
if ($drivers.Name -contains $lol.Filename)
{
# CHECK HASH
$Hash = Get-FileHash -Path "C:\windows\system32\drivers$($lol.Filename)"
if ($lol.Sha256 -eq $Hash.Hash)
{
Write-Host ("The drivername {0} is vulnerable with a matching SHA256 hash of {1}" -f $lol.Filename, $lol.SHA256) -ForegroundColor Red
}
}
}