Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
<#
.Synopsis
Scans a host or network for the MS17-010 vulnerability and output results as a
table that you can pipe to other PowerShell functions such as Invoke-Command or
Export-CSV.
.DESCRIPTION
This script will use a custom NMap NSE script to scan a destination host on
port 445 for the MS17-010 vulnerability. If the host is not online or is blocking
SMB, this script will report no vulnerabilities.
Requirements:
You must have the latest version of Nmap installed with the MS17-010 NSE
script in the scripts folder. Both can be downloaded below:
NSE: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse
NMap: https://nmap.org/download.html
.EXAMPLE
Get-MS17010 10.1.1.1
System Vulnerable
------ ----------
10.1.1.1 VULNERABLE
.EXAMPLE
Get-MS17010 10.1.1.0/24
System Vulnerable
------ ----------
10.1.1.1 VULNERABLE
10.1.1.2 VULNERABLE
10.1.1.3 VULNERABLE
#>
[CmdletBinding()]
[Alias()]
Param
(
# Destionation host or network
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$Destination
)
Begin{
$ErrorActionPreference='Stop'
# Check to see if NMap is installed before continuing
try {
nmap --help | out-null
} catch {
Write-Error "Nmap not installed, see Get-Help for more details"
}
# Check to see if NMap is an updated version before continuing
if(!(((nmap --version | sls "Nmap version") -split " ") -match "^[0-9]+.[0-9]+$") -ge "7.40"){
Write-Error "Nmap needs to be upgraded to 7.40 or above, see Get-Help for more details"
}
# Check to see if NSE script is in correct location
if((Test-Path -PathType Leaf -Path "C:\Program Files (x86)\Nmap\scripts\smb-vuln-ms17-010.nse") -eq $false){
Write-Error "Nmap NSE script needs to be downloaded, see Get-Help for more details"
}
}
Process{
$var = nmap -d -sC -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010.nse $Destination
$i=0
$indexed=@()
foreach($line in ($var -split "`r`n")){
if($line -match "Nmap scan report for|State:"){
if($line -match "Nmap scan report for") {
$i++
}
$indexed += "$i-$line`r"
}
}
# Create a table object
$table = New-Object system.Data.DataTable "Results"
# Create table
$cols = @("System","Vulnerable")
# Schema (columns)
foreach ($col in $cols) {
$table.Columns.Add($col) | Out-Null
}
if(($indexed.count -gt 1) -and ($indexed -match "VULNERABLE")){
for ($i = 1; $i -lt $indexed.Length; $i++){
if($indexed[$i] -match "State:"){
$row = $table.NewRow()
$row.System = "$($indexed[$i-1] -replace '^[0-9]+-Nmap scan report for ', '')"
$row.Vulnerable = "$($indexed[$i] -replace '[0-9]+-\| State: ','')"
$table.Rows.Add($row)
}
}
} else {
Write-Host -ForegroundColor DarkGreen "No vulnerabilities found on this host or network."
}
}
End{
# return the table of results from the function
$table
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment