Last active
December 22, 2023 05:50
-
-
Save iwikmai/65b8a5b882e782d78fc5f466dfd2cde4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Scans a host or network for the MS17-010 vulnerability and output results as a | |
| table that you can pipe to other PowerShell functions such as Invoke-Command or | |
| Export-CSV. | |
| .DESCRIPTION | |
| This script will use a custom NMap NSE script to scan a destination host on | |
| port 445 for the MS17-010 vulnerability. If the host is not online or is blocking | |
| SMB, this script will report no vulnerabilities. | |
| Requirements: | |
| You must have the latest version of Nmap installed with the MS17-010 NSE | |
| script in the scripts folder. Both can be downloaded below: | |
| NSE: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse | |
| NMap: https://nmap.org/download.html | |
| .EXAMPLE | |
| Get-MS17010 10.1.1.1 | |
| System Vulnerable | |
| ------ ---------- | |
| 10.1.1.1 VULNERABLE | |
| .EXAMPLE | |
| Get-MS17010 10.1.1.0/24 | |
| System Vulnerable | |
| ------ ---------- | |
| 10.1.1.1 VULNERABLE | |
| 10.1.1.2 VULNERABLE | |
| 10.1.1.3 VULNERABLE | |
| #> | |
| [CmdletBinding()] | |
| [Alias()] | |
| Param | |
| ( | |
| # Destionation host or network | |
| [Parameter(Mandatory=$true, | |
| ValueFromPipelineByPropertyName=$true, | |
| Position=0)] | |
| $Destination | |
| ) | |
| Begin{ | |
| $ErrorActionPreference='Stop' | |
| # Check to see if NMap is installed before continuing | |
| try { | |
| nmap --help | out-null | |
| } catch { | |
| Write-Error "Nmap not installed, see Get-Help for more details" | |
| } | |
| # Check to see if NMap is an updated version before continuing | |
| if(!(((nmap --version | sls "Nmap version") -split " ") -match "^[0-9]+.[0-9]+$") -ge "7.40"){ | |
| Write-Error "Nmap needs to be upgraded to 7.40 or above, see Get-Help for more details" | |
| } | |
| # Check to see if NSE script is in correct location | |
| if((Test-Path -PathType Leaf -Path "C:\Program Files (x86)\Nmap\scripts\smb-vuln-ms17-010.nse") -eq $false){ | |
| Write-Error "Nmap NSE script needs to be downloaded, see Get-Help for more details" | |
| } | |
| } | |
| Process{ | |
| $var = nmap -d -sC -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010.nse $Destination | |
| $i=0 | |
| $indexed=@() | |
| foreach($line in ($var -split "`r`n")){ | |
| if($line -match "Nmap scan report for|State:"){ | |
| if($line -match "Nmap scan report for") { | |
| $i++ | |
| } | |
| $indexed += "$i-$line`r" | |
| } | |
| } | |
| # Create a table object | |
| $table = New-Object system.Data.DataTable "Results" | |
| # Create table | |
| $cols = @("System","Vulnerable") | |
| # Schema (columns) | |
| foreach ($col in $cols) { | |
| $table.Columns.Add($col) | Out-Null | |
| } | |
| if(($indexed.count -gt 1) -and ($indexed -match "VULNERABLE")){ | |
| for ($i = 1; $i -lt $indexed.Length; $i++){ | |
| if($indexed[$i] -match "State:"){ | |
| $row = $table.NewRow() | |
| $row.System = "$($indexed[$i-1] -replace '^[0-9]+-Nmap scan report for ', '')" | |
| $row.Vulnerable = "$($indexed[$i] -replace '[0-9]+-\| State: ','')" | |
| $table.Rows.Add($row) | |
| } | |
| } | |
| } else { | |
| Write-Host -ForegroundColor DarkGreen "No vulnerabilities found on this host or network." | |
| } | |
| } | |
| End{ | |
| # return the table of results from the function | |
| $table | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment