Daniel dstreefkerk

## Get-ProwlerJSONFindingsCSV.ps1
# Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
# Note: will also run fine if there's just a single JSON file in the output folder
# https://github.com/prowler-cloud/prowler/
#
# Hard-coded to grab FAILures only, not PASSes
#
# Make sure that only relevant findings files are being merged to CSV. i.e. remove old output files from previous runs

# Path to the default Prowler output folder
$prowlerReportsFolder = Join-Path -Path $env:USERPROFILE -ChildPath "output"

## templates.yaml
#Showing the state of a temperature in a template card:
{{ states('sensor.your_temperature_sensor') }}

#Change the colour of the light depending on status:
{% if is_state('light.your_light', 'on') %}
  orange
{% endif %}

#Welcome template:
#Updated to greet the user by first name only

## ConditionalAccess-PolicyNames_and_IDs.txt
SigninLogs
| mv-expand ConditionalAccessPolicies
| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id)
| distinct ID,DisplayName
| order by DisplayName asc

## ConditionalAccess-SignIns-ReportOnly.txt
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
SigninLogs
| mvexpand ConditionalAccessPolicies
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]

## Copy-Shrug.ps1
function Copy-Shrug {
    "¯\_(ツ)_/¯" | Set-Clipboard
    Write-Output "Shrug copied to clipboard"
}

New-Alias -name 'cps' -Value Copy-Shrug

## Get-MachineAccountQuotaUsers.ps1
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created

foreach ($machine in $machineAccountQuotaComputers) {
    $creator = $null
    try {
        $creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
    }
    catch {
        $creator = $machine.'ms-DS-CreatorSID'
    }

## CSVGridView.bat
@echo off

IF "%~1"=="" GOTO NOFILE
set CSVPATH=%~1

ECHO Loading CSV %CSVPATH%
powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH | Out-GridView -Wait -Title $env:CSVPATH};exit"
GOTO END

:NOFILE

## dfstargets.ps1
Get-DfsnFolder -Path \\internal.contoso.com\dfsroot\* | Get-DfsnFolderTarget | ? {$_.State -eq "Online"} | Group-Object -Property Path | ForEach-Object {$_.group[0]}

## Get-AussieGovDomains.ps1
<#
.DESCRIPTION
	Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/
#>


# https://data.gov.au/dataset/ds-dga-4d5301b2-bc64-4774-b437-56a408836e57/details
$dataUri = 'https://data.gov.au/data/api/3/action/datastore_search?resource_id=507f8129-b84c-4215-ae7d-5aca364e4a0e&limit=2000'

# Basic function to strip the URL down to the bare FQDN

## Invoke-QuerySpfViaCloudflareDoh.ps1

# Retrieve SPF records for a domain via Cloudflare DoH
$domain = 'example.com'
$result = Invoke-RestMethod -Uri "https://cloudflare-dns.com/dns-query?name=$domain&type=TXT" -Headers @{'accept'='application/dns-json'}

if ($result -ne $null) {
    if ($result.answer -ne $null) {
        $result.answer | Select-Object -ExpandProperty data |  Where-Object {$_ -like '*v=spf1*'}
    }
}
	# Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
	# Note: will also run fine if there's just a single JSON file in the output folder
	# https://github.com/prowler-cloud/prowler/
	#
	# Hard-coded to grab FAILures only, not PASSes
	#
	# Make sure that only relevant findings files are being merged to CSV. i.e. remove old output files from previous runs

	# Path to the default Prowler output folder
	$prowlerReportsFolder = Join-Path -Path $env:USERPROFILE -ChildPath "output"
	#Showing the state of a temperature in a template card:
	{{ states('sensor.your_temperature_sensor') }}

	#Change the colour of the light depending on status:
	{% if is_state('light.your_light', 'on') %}
	orange
	{% endif %}

	#Welcome template:
	#Updated to greet the user by first name only
	SigninLogs
	\| mv-expand ConditionalAccessPolicies
	\| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(ConditionalAccessPolicies.id)
	\| distinct ID,DisplayName
	\| order by DisplayName asc
	// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
	SigninLogs
	\| mvexpand ConditionalAccessPolicies
	\| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
	\| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]
	function Copy-Shrug {
	"¯\_(ツ)_/¯" \| Set-Clipboard
	Write-Output "Shrug copied to clipboard"
	}

	New-Alias -name 'cps' -Value Copy-Shrug
	$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created

	foreach ($machine in $machineAccountQuotaComputers) {
	$creator = $null
	try {
	$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
	}
	catch {
	$creator = $machine.'ms-DS-CreatorSID'
	}
	@echo off

	IF "%~1"=="" GOTO NOFILE
	set CSVPATH=%~1

	ECHO Loading CSV %CSVPATH%
	powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH \| Out-GridView -Wait -Title $env:CSVPATH};exit"
	GOTO END

	:NOFILE
	<#
	.DESCRIPTION
	Retrieve a list of Australian government (.gov.au) domains from the CKAN Data API at https://data.gov.au/
	#>


	# https://data.gov.au/dataset/ds-dga-4d5301b2-bc64-4774-b437-56a408836e57/details
	$dataUri = 'https://data.gov.au/data/api/3/action/datastore_search?resource_id=507f8129-b84c-4215-ae7d-5aca364e4a0e&limit=2000'

	# Basic function to strip the URL down to the bare FQDN

	# Retrieve SPF records for a domain via Cloudflare DoH
	$domain = 'example.com'
	$result = Invoke-RestMethod -Uri "https://cloudflare-dns.com/dns-query?name=$domain&type=TXT" -Headers @{'accept'='application/dns-json'}

	if ($result -ne $null) {
	if ($result.answer -ne $null) {
	$result.answer \| Select-Object -ExpandProperty data \| Where-Object {$_ -like 'v=spf1'}
	}
	}