| <# | |
| .Synopsis | |
| Scans a host or network for the MS17-010 vulnerability and output results as a | |
| table that you can pipe to other PowerShell functions such as Invoke-Command or | |
| Export-CSV. | |
| .DESCRIPTION | |
| This script will use a custom NMap NSE script to scan a destination host on | |
| port 445 for the MS17-010 vulnerability. If the host is not online or is blocking | |
| SMB, this script will report no vulnerabilities. | |
| Requirements: | |
| You must have the latest version of Nmap installed with the MS17-010 NSE | |
| script in the scripts folder. Both can be downloaded below: | |
| NSE: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse | |
| NMap: https://nmap.org/download.html | |
| .EXAMPLE | |
| Get-MS17010 10.1.1.1 | |
| System Vulnerable | |
| ------ ---------- | |
| 10.1.1.1 VULNERABLE | |
| .EXAMPLE | |
| Get-MS17010 10.1.1.0/24 | |
| System Vulnerable | |
| ------ ---------- | |
| 10.1.1.1 VULNERABLE | |
| 10.1.1.2 VULNERABLE | |
| 10.1.1.3 VULNERABLE | |
| #> | |
| [CmdletBinding()] | |
| [Alias()] | |
| Param | |
| ( | |
| # Destionation host or network | |
| [Parameter(Mandatory=$true, | |
| ValueFromPipelineByPropertyName=$true, | |
| Position=0)] | |
| $Destination | |
| ) | |
| Begin{ | |
| $ErrorActionPreference='Stop' | |
| # Check to see if NMap is installed before continuing | |
| try { | |
| nmap --help | out-null | |
| } catch { | |
| Write-Error "Nmap not installed, see Get-Help for more details" | |
| } | |
| # Check to see if NMap is an updated version before continuing | |
| if(!(((nmap --version | sls "Nmap version") -split " ") -match "^[0-9]+.[0-9]+$") -ge "7.40"){ | |
| Write-Error "Nmap needs to be upgraded to 7.40 or above, see Get-Help for more details" | |
| } | |
| # Check to see if NSE script is in correct location | |
| if((Test-Path -PathType Leaf -Path "C:\Program Files (x86)\Nmap\scripts\smb-vuln-ms17-010.nse") -eq $false){ | |
| Write-Error "Nmap NSE script needs to be downloaded, see Get-Help for more details" | |
| } | |
| } | |
| Process{ | |
| $var = nmap -d -sC -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010.nse $Destination | |
| $i=0 | |
| $indexed=@() | |
| foreach($line in ($var -split "`r`n")){ | |
| if($line -match "Nmap scan report for|State:"){ | |
| if($line -match "Nmap scan report for") { | |
| $i++ | |
| } | |
| $indexed += "$i-$line`r" | |
| } | |
| } | |
| # Create a table object | |
| $table = New-Object system.Data.DataTable "Results" | |
| # Create table | |
| $cols = @("System","Vulnerable") | |
| # Schema (columns) | |
| foreach ($col in $cols) { | |
| $table.Columns.Add($col) | Out-Null | |
| } | |
| if(($indexed.count -gt 1) -and ($indexed -match "VULNERABLE")){ | |
| for ($i = 1; $i -lt $indexed.Length; $i++){ | |
| if($indexed[$i] -match "State:"){ | |
| $row = $table.NewRow() | |
| $row.System = "$($indexed[$i-1] -replace '^[0-9]+-Nmap scan report for ', '')" | |
| $row.Vulnerable = "$($indexed[$i] -replace '[0-9]+-\| State: ','')" | |
| $table.Rows.Add($row) | |
| } | |
| } | |
| } else { | |
| Write-Host -ForegroundColor DarkGreen "No vulnerabilities found on this host or network." | |
| } | |
| } | |
| End{ | |
| # return the table of results from the function | |
| $table | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment