WindowsAttackSurfaceAnalyzer

0.4.0-rc1

Comprehensive Windows security posture analysis and attack surface assessment tool. Covers 23 security categories including hardware security (TPM/VBS/Secure Boot), BitLocker, Microsoft Defender ASR rules, exploit protection, privacy settings, network security, remote access, WSL, PowerShell security, authentication policy, scheduled tasks, and Windows 11-specific fea
Comprehensive Windows security posture analysis and attack surface assessment tool. Covers 23 security categories including hardware security (TPM/VBS/Secure Boot), BitLocker, Microsoft Defender ASR rules, exploit protection, privacy settings, network security, remote access, WSL, PowerShell security, authentication policy, scheduled tasks, and Windows 11-specific features. Generates HTML, JSON, and CSV reports. Designed for home users, IT professionals, and security researchers. Works on Windows 10 and all versions of Windows 11.
Show more

Minimum PowerShell version

5.1

This is a prerelease version of WindowsAttackSurfaceAnalyzer.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name WindowsAttackSurfaceAnalyzer -AllowPrerelease

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name WindowsAttackSurfaceAnalyzer -Prerelease

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2025-2026 Igor Dunaev / NubleX. All rights reserved.

Package Details

Author(s)

  • Igor Dunaev

Tags

Security Windows Windows10 Windows11 AttackSurface Hardening Assessment Defender BitLocker TPM VBS ASR PowerShell Audit Compliance CyberSecurity BlueTeam DFIR

Functions

Invoke-WindowsAttackSurfaceAnalyzer

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

v0.4.0 (Release Candidate)
- Expanded to 23 security categories
- Added per-rule ASR breakdown with friendly names
- Added ASLR, SEHOP, CFG, Heap protection via Get-ProcessMitigation
- Added Privacy Settings: diagnostic data, advertising ID, camera/mic/location permissions
- Added Network Security: IPv6, DNS-over-HTTPS, Wi-Fi authentication type, Bluetooth, VPN
- Added Remote Access: RDP NLA, RDP port, Remote Assistance, WinRM
- Added WSL Security: version, installed distros, network mode
- Added Application Security: Edge SmartScreen, Enhanced Security Mode, browser/Adobe/Java versions
- Added Authentication Policy: autologon, cached credentials, lockout threshold, password policy
- Added System Hardening: driver signing, vulnerable drivers, hosts file tampering, password history
- Added Scheduled Tasks: non-Microsoft tasks, SYSTEM-running tasks, suspicious paths
- Added JSON export (-ExportJson), CSV export (-ExportCsv)
- GitHub Actions CI workflow included
- Graceful degradation on all new checks for Windows 10 and non-admin sessions

v0.3.0
- Extended Defender analysis: Application Guard, scan age, sample submission
- Exploit protection baseline checks

v0.2.0
- Hardware security: TPM, Secure Boot, VBS, HVCI, Credential Guard, Kernel DMA
- BitLocker per-drive with protector type
- Windows 11 features: Smart App Control, Windows Hello, Windows Recall
- PowerShell security: execution policy, script block logging, module logging, language mode
- Live progress bar and risk score
- Run-Analysis.bat launcher with auto-elevation

v0.1.0
- Initial release: 8 core categories (network, services, firewall, shares, features, startup, users, system)

FileList

Version History

Version Downloads Last updated
0.4.0-rc1 (current version) 2 2/19/2026