Last active
September 28, 2017 16:03
-
-
Save jschlackman/bcc41951b84317c46782639b54f4c94f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Name: Get-VulnerablePasswords.ps1 | |
# Author: James Schlackman | |
# Last Modified: Sep 28 2017 | |
# | |
# Checks a CSV of breached email addresses (e.g. from https://haveibeenpwned.com/) and checks if there | |
# is an enabled user in AD with a matching email address and password that is older than the reported date | |
# of the breach. | |
# | |
Import-Module ActiveDirectory | |
$breachDate = (Get-Date 2016-12-16) | |
$checkOU = "OU=People,DC=contoso,DC=com" | |
# Load a CSV of breached email addresses | |
$breached = Import-Csv -Path .\Breach.csv | Select Email | |
$vulnerable = @() | |
# Check AD for matching accounts | |
$breached | ForEach-Object { | |
$mail = $_.Email | |
$check = (Get-ADUser -SearchBase $checkOU -SearchScope SubTree -Filter {(mail -eq $mail) -and (Enabled -eq $true) -and (passwordLastSet -gt 0)} -Properties passwordLastSet,mail) | |
If ([boolean]$check) { | |
# Found an enabled account, now check when the password was last set | |
If ($check.PasswordLastSet -lt $breachdate) { | |
# Report vulnerable account and add to the list | |
Write-Host "$mail" -NoNewline -ForegroundColor Yellow | |
Write-Host ' may be vulnerable.' | |
$vulnerable += $check | |
} | |
} | |
} | |
# Summary report and export results | |
Write-Host | |
Write-Host 'Accounts vulnerable: ' -NoNewline | |
Write-Host $vulnerable.Count -ForegroundColor Red | |
$vulnerable | Export-Csv -Path ("Vulnerable Passwords " + (Get-Date).ToString("yyMMdd") + ".csv") -NoTypeInformation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment