Enumerate_Windows_Harberts.ps1
|
<#PSScriptInfo .VERSION 1.1 .GUID 98a46b96-7add-425b-9d75-64d5262cf515 .AUTHOR matthewmn .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION Used to pull baseline from Windows OS and compare to Baseline from previous capture #> Param() function Show-Menu { param ( [string]$Title = 'Enumerate Local Windows' ) Clear-Host Write-Host "================ Enumerate Windows Local ================" Write-Host "1: Press '1' to pull First baseline Enumeration" Write-Host "2: Press '2' to pull Second Enumeration" Write-Host "3: Press '3' to compare Enumeration Pulls" Write-Host "4: Press '4' Export Enumeration to C Drive" Write-Host "Q: Press 'Q' to quit." } do { Show-Menu $input = Read-Host "Please make a selection" switch ($input) { '1' { Clear-Host 'Press Any Key to continue' $date = ((Get-Date -Format u).Replace(":","_")).Replace(" ","-") $spacer = "_______________________________________" $ahostname = "HostName" $alocalgroups = "Local Groups" $alocalusers = "Local Users" $aloggedonuser = "Logged On Users" $aprocesses = "Processes" $aservices = "Services" $anetworkinfo = "Network Information" $atcpconnection = "TCP Connections" $asysteminfo = "System Info" $asharedrives = "Drive Information" $apnpdevices = "PNP Devices" $asharedresources = "Shared Resources" $ascheduledtasks = "Scheduled Tasks" $hostname = $env:COMPUTERNAME $localgroups = Get-LocalGroup $users = Get-LocalUser $loggedonuser = Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object PrimaryOwnerName, Domain $proccesses = Get-Process | Format-Table -Property Name, Id, Path $services = Get-Service | Format-Table -Property Status, DisplayName,RequiredServices $networkip = Get-NetIPConfiguration | Select-Object InterfaceAlias, IPv4Address, IPv4DefaultGateway, DNSServer $networkMAC = Get-NetAdapter $tcpconnection = Get-NetTCPConnection -State Listen $systeminfo = Get-CimInstance Win32_OperatingSystem | Select-Object Caption, InstallDate, ServicePackMajorVersion, OSArchitecture, BootDevice, BuildNumber, CSName | Format-List $sharedrives = Get-PSDrive -PSProvider Filesystem $pnpdevices = Get-PnpDevice -Class Keyboard, SoftwareDevice, DiskDrive, MEDIA, SoftwareDevice, SCSIAdapter, USB $sharedresources = Get-CimInstance -ClassName Win32_Share $scheduledtasks = Get-ScheduledTask | Format-List -Property State, Description, TaskName $first = @( $date $spacer $ahostname $hostname $spacer $alocalgroups $localgroups $spacer $alocalusers $users $spacer $aloggedonuser $loggedonuser $spacer $aprocesses $proccesses $spacer $aservices $services $spacer $anetworkinfo $networkip $networkMAC $spacer $atcpconnection $tcpconnection $spacer $asysteminfo $systeminfo $spacer $asharedrives $sharedrives $spacer $apnpdevices $pnpdevices $spacer $asharedresources $sharedresources $spacer $ascheduledtasks $scheduledtasks ) } '2' { Clear-Host 'Press Any Key to continue' $date = ((Get-Date -Format u).Replace(":","_")).Replace(" ","-") $spacer = "_______________________________________" $ahostname = "HostName" $alocalgroups = "Local Groups" $alocalusers = "Local Users" $aloggedonuser = "Logged On Users" $aprocesses = "Processes" $aservices = "Services" $anetworkinfo = "Network Information" $atcpconnection = "TCP Connections" $asysteminfo = "System Info" $asharedrives = "Drive Information" $apnpdevices = "PNP Devices" $asharedresources = "Shared Resources" $ascheduledtasks = "Scheduled Tasks" $hostname = $env:COMPUTERNAME $localgroups = Get-LocalGroup $users = Get-LocalUser $loggedonuser = Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object PrimaryOwnerName, Domain $proccesses = Get-Process | Format-Table -Property Name, Id, Path $services = Get-Service | Format-Table -Property Status, DisplayName,RequiredServices $networkip = Get-NetIPConfiguration | Select-Object InterfaceAlias, IPv4Address, IPv4DefaultGateway, DNSServer $networkMAC = Get-NetAdapter $tcpconnection = Get-NetTCPConnection -State Listen $systeminfo = Get-CimInstance Win32_OperatingSystem | Select-Object Caption, InstallDate, ServicePackMajorVersion, OSArchitecture, BootDevice, BuildNumber, CSName | Format-List $sharedrives = Get-PSDrive -PSProvider Filesystem $pnpdevices = Get-PnpDevice -Class Keyboard, SoftwareDevice, DiskDrive, MEDIA, SoftwareDevice, SCSIAdapter, USB $sharedresources = Get-CimInstance -ClassName Win32_Share $scheduledtasks = Get-ScheduledTask | Format-List -Property State, Description, TaskName $second = @( $date $spacer $ahostname $hostname $spacer $alocalgroups $localgroups $spacer $alocalusers $users $spacer $aloggedonuser $loggedonuser $spacer $aprocesses $proccesses $spacer $aservices $services $spacer $anetworkinfo $networkip $networkMAC $spacer $atcpconnection $tcpconnection $spacer $asysteminfo $systeminfo $spacer $asharedrives $sharedrives $spacer $apnpdevices $pnpdevices $spacer $asharedresources $sharedresources $spacer $ascheduledtasks $scheduledtasks ) } '3' { Clear-Host 'Press Any Key to continue' Compare-Object -ReferenceObject $first -DifferenceObject $second } '4' { $path = 'C:\Enumerations\' + $date + '.txt' if(Test-Path -Path C:\Enumerations){$first | Out-File -FilePath $path} else { mkdir C:\Enumerations $first | Out-File -FilePath $path } } 'q' { return } } pause } until ($input -eq 'q') |