Skip to content

Instantly share code, notes, and snippets.

@rileyz

rileyz/Find-Vulnerability.ps1

Created October 30, 2017 09:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rileyz/3ab1fbae2242bc8837ce521d039aac0a to your computer and use it in GitHub Desktop.
Save rileyz/3ab1fbae2242bc8837ce521d039aac0a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Find-Vulnerability.ps1
<#
.SYNOPSIS
Scans for vulnerabilities via a predefined TXT/CSV, extracts MSI's and App-V if necessary.
.DESCRIPTION
Code Snippet Credits
* #https://stackoverflow.com/questions/35789888/powershell-exclude-folders-in-get-childitem
 
Version History
1.0 30/10/2017
Initial release.
 
Copyright & Intellectual Property
Feel to copy, modify and redistribute, but please pay credit where it is due.
Feed back is welcome, please contact me on LinkedIn.
.LINK
Author:.......http://www.linkedin.com/in/rileylim
Source Code:..https://gist.github.com/rileyz/3ab1fbae2242bc8837ce521d039aac0a
#>
 
 
 
# Setting up housekeeping #########################################################################
$ScriptPath = Split-Path -Parent $MyInvocation.MyCommand.Definition
$VulnerabilityCheckListFile = 'Vulnerabilities.txt'
$WorkingFolderToIgnore = '_VulnerabilityScanTemp'
#<<< End of Setting up housekeeping >>>
 
 
# Function List ###################################################################################
Function VulnerabilityScan {
Param ([Parameter(Mandatory=$true)]$ScanTarget,
[Parameter(Mandatory=$true)]$ScanPath,
[Parameter(Mandatory=$true)]$VulnerabilityCheckList)
$Vulnerabilities = Import-Csv $ScriptPath\$VulnerabilityCheckList
$FoundVulnerabilities = @()
$Files = (Get-ChildItem $ScanPath -Recurse).fullname
$Files | foreach {#Processing a file.
$File = $_
Write-Debug "Working on `$File: $File"
$Vulnerabilities | foreach {#Checking that file aganst each vulnerability.
$Vulnerability = $_
Write-Debug "Checking for `$Vulnerability: $Vulnerability"
If ($File -like "*$($Vulnerability.File)*")
{Write-Verbose " Suspect vulnerable file: '$File'"
$PSObject = New-Object -TypeName PSObject
Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Scan Target' -Value $ScanTarget
Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Vulnerability Vector' -Value $Vulnerability.Vector
Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Suspect File' -Value $File
#Checking that file vulnerability aganst version information.
$File = Get-ChildItem $File
If (($File.VersionInfo.FileVersion -ge $Vulnerability.VersionLow) -and ($FileObject.VersionInfo.FileVersion -le $Vulnerability.VersionHigh))
{Write-Verbose ' File version is vulnerable.'
Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Suspect File Version' -Value $File.VersionInfo.FileVersion
Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Vulnerable Version' -Value 'Yes'}
Else{Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Suspect File Version' -Value $File.VersionInfo.FileVersion
Add-Member -InputObject $PSObject -MemberType 'NoteProperty' -Name 'Vulnerable Version' -Value 'No'}
$FoundVulnerabilities += $PSObject}}}
Return $FoundVulnerabilities}
#<<< End Of Function List >>>
 
# Start of script work ############################################################################
$DebugPreference = 'SilentlyContinue' #SilentlyContinue|Continue
$VerbosePreference = 'SilentlyContinue' #SilentlyContinue|Continue
Set-Location $ScriptPath
If (Test-Path "$ScriptPath\$WorkingFolderToIgnore")
{Write-Warning "Flushing working folder '$WorkingFolderToIgnore'"
Remove-Item "$ScriptPath\$WorkingFolderToIgnore" -Recurse -Force}
$ExposedFiles = $null
$DirectoryContent = Get-Childitem $ScriptPath | where {"$WorkingFolderToIgnore" -notcontains $_}
$DirectoryContent | foreach {#Processing a folder.
If ($_.PSIsContainer -eq $true)
{Write-Verbose "Working on folder: '$($_.Name)'"
$ExposedFiles += VulnerabilityScan -ScanTarget $_.Name -ScanPath $_.FullName -VulnerabilityCheckList $VulnerabilityCheckListFile}
#Processing a Windows Installer.
If ($_.Extension -eq '.msi')
{Write-Verbose "Working on file: '$($_.Name)'"
$Installer = "$ScriptPath\$($_.Name)"
$TempFolder = "$ScriptPath\$WorkingFolderToIgnore\$($_.Name)"
$null = New-Item -ItemType Directory -Force -Path $TempFolder
$MSIExtractResult = (Start-Process msiexec.exe -ArgumentList "/a `"$Installer`" TARGETDIR=`"$TempFolder`" /qb" -Wait -PassThru).ExitCode
Write-Verbose " Extraction Result: $MSIExtractResult."
If ($MSIExtractResult -ne 0) {Write-Warning " Extraction Result: $MSIExtractResult."
Write-Warning ' File path could be to long for extraction, try rename MSI to shorter file name.'}
$ExposedFiles += VulnerabilityScan -ScanTarget $_.Name -ScanPath $TempFolder -VulnerabilityCheckList $VulnerabilityCheckListFile}
#Processing a App-V.
If ($_.Extension -eq '.appv')
{Write-Verbose "Working on file: '$($_.Name)'"
$AppV = "$ScriptPath\$($_.Name)"
$TempFolder = "$ScriptPath\$WorkingFolderToIgnore\$($_.Name)"
$null = New-Item -ItemType Directory -Force -Path $TempFolder
$Shell = New-Object -ComObject shell.application
Copy-Item -Path $AppV -Destination "$ScriptPath\$WorkingFolderToIgnore\$((Get-ChildItem $AppV).BaseName + '.zip')"
$Zip = $Shell.NameSpace("$ScriptPath\$WorkingFolderToIgnore\$((Get-ChildItem $AppV).BaseName + '.zip')")
Foreach ($Item in $Zip.items()){$Shell.Namespace("$TempFolder").copyhere($Item)}
$ExposedFiles += VulnerabilityScan -ScanTarget $_.Name -ScanPath $TempFolder -VulnerabilityCheckList $VulnerabilityCheckListFile}}
$ExposedFiles | Format-Table
#<<< End of script work >>>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment