Learn Windows PowerShell in a Month of Lunches - Don Jones
Best Practices for Script Design - Don Jones
PowerShell Toolmaking (1 of 3) - Don Jones
Jason Adsit jasonadsit
jasonadsit
/ GetAllUserDefaultBrowsers.ps1
Created
November 22, 2022 17:44
GetAllUserDefaultBrowsers.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS -ErrorAction SilentlyContinue 2>&1>$null | |
| Resolve-Path -Path HKU:\*\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice | ForEach-Object { | |
| $TheComputerName = $env:COMPUTERNAME | |
| $TheUserSID = $_.Path.Split('\')[1] | |
| $TheUserDefaultBrowser = $_ | Get-ItemPropertyValue -Name ProgId | |
| [pscustomobject][ordered]@{ | |
| ComputerName = $TheComputerName | |
| UserSID = $TheUserSID | |
| DefaultBrowser = $TheUserDefaultBrowser | |
| } |
These examples assume you're using my Get-TenablePluginOutput PowerShell function. You can load it from the web here:
$Content = Invoke-WebRequest -Uri https://gist.githubusercontent.com/jasonadsit/db19229634c788276419c5a4134a1b7e/raw/Get-TenablePluginOutput.ps1 | Select-Object -ExpandProperty Content
. ([scriptblock]::Create($Content))Also assumes you've already set your working directory to one with some .nessus files in it. ;-)
jasonadsit
/ enumerate-files-from-tenable-plugin-output.md
Last active
March 1, 2022 17:16
Enumerate Files from Tenable Plugin Output
These examples assume you're using my Get-TenablePluginOutput PowerShell function. You can load it from the web here:
$Content = Invoke-WebRequest -Uri https://gist.githubusercontent.com/jasonadsit/db19229634c788276419c5a4134a1b7e/raw/Get-TenablePluginOutput.ps1 | Select-Object -ExpandProperty Content
. ([scriptblock]::Create($Content))Also assumes you've already set your working directory to one with some .nessus files in it. ;-)
jasonadsit
/ cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.json
Created
June 22, 2021 21:01
cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [{"RecommendationNumber":"18.9.102.1.2","CISv7SubControl":"2.4"},{"RecommendationNumber":"18.9.16.4","CISv7SubControl":"2.6"},{"RecommendationNumber":"18.9.102.1.1","CISv7SubControl":"2.6"},{"RecommendationNumber":"18.8.22.1.2","CISv7SubControl":"2.7"},{"RecommendationNumber":"18.9.45.14","CISv7SubControl":"2.7"},{"RecommendationNumber":"18.8.4.1","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.17.1","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.2","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.3","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.4","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.5","CISv7SubControl":"3.4"},{"RecommendationNumber":"18.9.102.1.3","CISv7SubControl":"3.4"},{"RecommendationNumber":"2.2.21","CISv7SubControl":"4.1"},{"RecommendationNumber":"2.2.22","CISv7SubControl":"4.1"},{"RecommendationNumber":"2.2.6","CISv7SubControl":"4.3"},{"RecommendationNumber":"18.3.1","CISv7SubControl":"4.3"},{"RecommendationNumber":"18.5.11.4","CISv7Sub |
jasonadsit
/ cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.csv
Created
June 22, 2021 20:46
cis-Win10-L1-benchmark-20h2-mapped-to-CSCv7.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RecommendationNumber | CISv7SubControl | |
|---|---|---|
| 18.9.102.1.2 | 2.4 | |
| 18.9.16.4 | 2.6 | |
| 18.9.102.1.1 | 2.6 | |
| 18.8.22.1.2 | 2.7 | |
| 18.9.45.14 | 2.7 | |
| 18.8.4.1 | 3.4 | |
| 18.9.17.1 | 3.4 | |
| 18.9.102.2 | 3.4 | |
| 18.9.102.3 | 3.4 |
jasonadsit
/ log-forwarding-with-etw.ps1
Created
June 9, 2021 14:21
— forked from ajpc500/log-forwarding-with-etw.ps1
Quick-and-dirty PowerShell script to install Sysmon (SwiftOnSecurity config), SilkService and Winlogbeat, and forward logs to HELK based on IP set in environment variable "HELK_IP" (see Line 233).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| $wc = New-Object System.Net.WebClient | |
| if (!(Test-Path "C:\Tools")) { | |
| New-Item -Path "C:\" -Name "Tools" -ItemType "directory" | |
| } | |
| # SYSMON | |
| # Download Sysmon | |
| $SysmonDirectory = "C:\Tools\Sysmon\" |
jasonadsit
/ TenablePluginTextParsing.ps1
Last active
February 23, 2022 16:22
TenablePluginTextParsing.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Get-TenablePluginOutput -PluginID $PluginID | ForEach-Object { | |
| $IpAddress = $_.IpAddress | |
| $NetBiosName = $_.NetBiosName | |
| $_.PluginOutput -split "`n`n" | Where-Object { $_ -cmatch '<Block matching regex>' } | ForEach-Object { | |
| $Lines = $_ -split "`n" | ForEach-Object { $_.Trim() } | |
| $EachOne = @{} | |
| $Lines | ForEach-Object { | |
| $Key = ($_ -split '\s:\s')[0].Trim() | |
| $Value = ($_ -split '\s:\s')[-1].Trim() | |
| $EachOne.Add($Key,$Value) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ApiId = '<API ID>' | |
| $Secret = '<API SECRET>' | |
| $AsciiBytes = [System.Text.Encoding]::ASCII.GetBytes("$ApiId`:$Secret") | |
| $Base64String = [convert]::ToBase64String($AsciiBytes) | |
| $Authorization = "Basic $Base64String" | |
| $Header = @{Authorization = $Authorization} | |
| $Query = 'autonomous_system.asn: 1798 OR 443.https.tls.certificate.parsed.names: (oregon.gov OR state.or.us)' | |
| $Body = @" | |
| { | |
| "query":"$Query", |
jasonadsit
/ DomainEnumeration.bat
Created
March 31, 2021 13:57
— forked from KyleHanslovan/DomainEnumeration.bat
Post-exploitation host/domain survey using native Windows commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| whoami & hostname & ipconfig /all & net user /domain 2>&1 & net group /domain 2>&1 & net group "domain admins" /domain 2>&1 & net group "Exchange Trusted Subsystem" /domain 2>&1 & net accounts /domain 2>&1 & net user 2>&1 & net localgroup administrators 2>&1 & netstat -an 2>&1 & tasklist 2>&1 & sc query 2>&1 & systeminfo 2>&1 & reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>&1 |
NewerOlder