Skip to content

Instantly share code, notes, and snippets.


Daniel dstreefkerk

  • Sydney, Australia
View GitHub Profile
dstreefkerk / Get-ProwlerJSONFindingsCSV.ps1
Created May 24, 2023 10:39
Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
View Get-ProwlerJSONFindingsCSV.ps1
# Script to compile all of the findings in JSON format from multiple Prowler runs and export to a usable CSV
# Note: will also run fine if there's just a single JSON file in the output folder
# Hard-coded to grab FAILures only, not PASSes
# Make sure that only relevant findings files are being merged to CSV. i.e. remove old output files from previous runs
# Path to the default Prowler output folder
$prowlerReportsFolder = Join-Path -Path $env:USERPROFILE -ChildPath "output"
dstreefkerk / templates.yaml
Last active July 14, 2022 08:56 — forked from EverythingSmartHome/templates.yaml
Home Assistant Mushroom card templates
View templates.yaml
#Showing the state of a temperature in a template card:
{{ states('sensor.your_temperature_sensor') }}
#Change the colour of the light depending on status:
{% if is_state('light.your_light', 'on') %}
{% endif %}
#Welcome template:
#Updated to greet the user by first name only
dstreefkerk / ConditionalAccess-PolicyNames_and_IDs.txt
Created October 6, 2020 23:32
KQL Query to retrieve from Log Analytics a list of Conditional Access policy names and IDs
View ConditionalAccess-PolicyNames_and_IDs.txt
| mv-expand ConditionalAccessPolicies
| project DisplayName = tostring(ConditionalAccessPolicies.displayName),ID = tostring(
| distinct ID,DisplayName
| order by DisplayName asc
dstreefkerk / ConditionalAccess-SignIns-ReportOnly.txt
Last active January 11, 2023 02:00
KQL Query to retrieve all Azure AD sign-ins that failed a Conditional Access policy in Report-Only mode
View ConditionalAccess-SignIns-ReportOnly.txt
// Get Sign-in logs for any Report-Only Conditional Access policies where the result = ReportOnlyFailure
| mvexpand ConditionalAccessPolicies
| where ConditionalAccessPolicies["result"] == "reportOnlyFailure"
| project TimeGenerated, Identity, UserPrincipalName, AzureADApplication = AppDisplayName, ClientApplication = ClientAppUsed, ClientBrowser = DeviceDetail.browser, ClientOperatingSystem = DeviceDetail.operatingSystem, ClientIPAddress = IPAddress , ClientUserAgent = UserAgent , ConditionalAccessPolicyName = ConditionalAccessPolicies["displayName"], ConditionalAccessPolicyID = ConditionalAccessPolicies["id"]
dstreefkerk / Copy-Shrug.ps1
Created February 14, 2020 00:49
Put this into your PowerShell profile file for an offline version of
View Copy-Shrug.ps1
function Copy-Shrug {
"¯\_(ツ)_/¯" | Set-Clipboard
Write-Output "Shrug copied to clipboard"
New-Alias -name 'cps' -Value Copy-Shrug
dstreefkerk / Get-MachineAccountQuotaUsers.ps1
Created January 29, 2020 04:38
Gets a list of AD computers that were created by regular users exercising their default right to create up to 10 computer accounts in an AD domain
View Get-MachineAccountQuotaUsers.ps1
$machineAccountQuotaComputers = Get-ADComputer -filter {ms-DS-CreatorSID -ne "$null"} -Properties ms-DS-CreatorSID,Created
foreach ($machine in $machineAccountQuotaComputers) {
$creator = $null
try {
$creator = [System.Security.Principal.SecurityIdentifier]::new($machine.'ms-DS-CreatorSID').Translate([System.Security.Principal.NTAccount]).Value
catch {
$creator = $machine.'ms-DS-CreatorSID'
dstreefkerk / CSVGridView.bat
Created November 8, 2019 06:19
Batch file that enables a CSV to be dragged/dropped and then opened in a PowerShell GridView. Requires the PowerShell ISE to be instaled.
View CSVGridView.bat
@echo off
IF "%~1"=="" GOTO NOFILE
set CSVPATH=%~1
powershell.exe -NoProfile -NoExit -NoLogo -Command "if ((Test-Path $env:CSVPATH -PathType Leaf) -and ($env:CSVPATH -like '*.csv')) {Import-Csv -Path $env:CSVPATH | Out-GridView -Wait -Title $env:CSVPATH};exit"
dstreefkerk / dfstargets.ps1
Last active March 19, 2021 01:55
Get a list of active DFS folder targets under a specific DFS root
View dfstargets.ps1
Get-DfsnFolder -Path \\\dfsroot\* | Get-DfsnFolderTarget | ? {$_.State -eq "Online"} | Group-Object -Property Path | ForEach-Object {$[0]}
dstreefkerk / Get-AussieGovDomains.ps1
Created July 9, 2019 23:11
Retrieve a list of Australian government ( domains from the CKAN Data API at
View Get-AussieGovDomains.ps1
Retrieve a list of Australian government ( domains from the CKAN Data API at
$dataUri = ''
# Basic function to strip the URL down to the bare FQDN
View Invoke-QuerySpfViaCloudflareDoh.ps1
# Retrieve SPF records for a domain via Cloudflare DoH
$domain = ''
$result = Invoke-RestMethod -Uri "$domain&type=TXT" -Headers @{'accept'='application/dns-json'}
if ($result -ne $null) {
if ($result.answer -ne $null) {
$result.answer | Select-Object -ExpandProperty data | Where-Object {$_ -like '*v=spf1*'}