Merge pull request PoshSec#9 from PoshSec/development

Merge Request from Development for December
rjcassara- · Dec 20, 2013 · 72311a6 · 72311a6
2 parents c8b7144 + f9a3a0d
commit 72311a6
Show file tree

Hide file tree

Showing 31 changed files with 4,467 additions and 498 deletions.
diff --git a/Binary/poshsecframework.zip b/Binary/poshsecframework.zip
diff --git a/Scripts and Modules/Modules/PoshSecFramework/Network-Baseline/Get-SecOpenPorts.ps1 b/Scripts and Modules/Modules/PoshSecFramework/Network-Baseline/Get-SecOpenPorts.ps1
@@ -13,7 +13,7 @@
     $netstat = netstat -ano
   }
   else {
-    $netstat = $(Execute-RemoteWmiProcess $computer "netstat -ano").Details
+    $netstat = $(Invoke-RemoteWmiProcess $computer "netstat -ano").Details
     $remote = $true
   }
 

diff --git a/Scripts and Modules/Modules/PoshSecFramework/PoshSecFramework.psm1 b/Scripts and Modules/Modules/PoshSecFramework/PoshSecFramework.psm1
@@ -1,9 +1,12 @@
-Get-ChildItem $PSScriptRoot | ? { $_.PSIsContainer -and $_.Name -ne "PoshSec.PowerShell.Commands" -and $_.Name -ne "PoshSec.PowerShell.Commands 3.5" } | % { Import-Module $_.FullName }
+Get-ChildItem $PSScriptRoot | ? {$_.PSIsContainer -and $_.Name -ne "PoshSec.PowerShell.Commands" -and $_.Name -ne "PoshSec.PowerShell.Commands 3.5" } | % {
+    Import-Module $_.FullName -ErrorAction SilentlyContinue
+}
+
 if ($PSVersionTable.PSVersion.Major -gt 2) {
-    Import-Module $PSScriptRoot\PoshSec.PowerShell.Commands\PoshSec.PowerShell.Commands.dll
+    Import-Module $PSScriptRoot\PoshSec.PowerShell.Commands\PoshSec.PowerShell.Commands.dll -ErrorAction SilentlyContinue    
 } else {
-    Import-Module $PSScriptRoot\PoshSec.PowerShell.Commands 3.5\PoshSec.PowerShell.Commands.dll
+    Import-Module $PSScriptRoot\PoshSec.PowerShell.Commands 3.5\PoshSec.PowerShell.Commands.dll -ErrorAction SilentlyContinue
 }
 
 #List Custom Modules Here
-Import-Module $PSModRoot\getdrives.psm1
+Import-Module $PSModRoot\getdrives.psm1 -ErrorAction SilentlyContinue
diff --git a/Scripts and Modules/Modules/PoshSecFramework/Software-Management/Get-SecRunningProcess.ps1 b/Scripts and Modules/Modules/PoshSecFramework/Software-Management/Get-SecRunningProcess.ps1
@@ -0,0 +1,45 @@
+ function Get-SecRunningProcess
+{
+  Param(
+    [Parameter(Mandatory=$false,Position=1)]
+    [string]$computer="",
+
+    [Parameter(Mandatory=$false,Position=2)]
+    [string]$procname=""
+  )
+
+  $runproc = $null
+
+  if($computer -eq "") {
+    $computer = Get-Content env:ComputerName
+    if($procname -eq "") {
+      $runproc = Get-Process
+    }
+    else {
+      $runproc = Get-Process -name $procname
+    }
+  }
+  else {
+    if($procname -eq "") {
+      $runproc = Get-Process -computername $computer
+    }
+    else {
+      $runproc = Get-Process -computername $computer -name $procname
+    }
+  }
+
+  $properties = @()
+
+  if($runproc) {
+    $runproc | ForEach-Object {
+        $proc = New-Object PSObject
+        $proc | Add-Member -MemberType NoteProperty -Name "Computer" -Value $computer
+        $proc | Add-Member -MemberType NoteProperty -Name "ProcessName" -Value $_.ProcessName
+        $proc | Add-Member -MemberType NoteProperty -Name "PID" -Value $_.Id
+        $proc | Add-Member -MemberType NoteProperty -Name "MemoryUsage" -Value "$($_.WS / 1KB) K"
+        $properties += $proc
+    }
+  } 
+
+  Write-Output $properties
+} 
diff --git a/Scripts and Modules/Modules/PoshSecFramework/Software-Management/Software-Management.psd1 b/Scripts and Modules/Modules/PoshSecFramework/Software-Management/Software-Management.psd1
diff --git a/Scripts and Modules/Modules/PoshSecFramework/Software-Management/Software-Management.psm1 b/Scripts and Modules/Modules/PoshSecFramework/Software-Management/Software-Management.psm1
@@ -6,4 +6,5 @@
 . (Join-Path $PSScriptRoot Compare-SecFile.ps1)
 . (Join-Path $PSScriptRoot Compare-SecSoftwareVersion.ps1)
 . (Join-Path $PSScriptRoot Get-SecDriver.ps1)
-. (Join-Path $PSScriptRoot Get-SecFile.ps1)
+. (Join-Path $PSScriptRoot Get-SecFile.ps1)
+. (Join-Path $PSScriptRoot Get-SecRunningProcess.ps1)
diff --git a/Scripts and Modules/Scripts/Patch Management/waucheck.ps1 b/Scripts and Modules/Scripts/Patch Management/waucheck.ps1
@@ -18,6 +18,9 @@ Specifies a single computer to scan.
 
 .PARAMETER showintab
 Specifies whether to show the results in a PoshSec Framework Tab.
+
+.NOTES
+  pshosts=storedhosts
 #>
 
 Param(
@@ -34,7 +37,10 @@ Param(
 	[string]$computer,
 
 	[Parameter(Mandatory=$false,Position=5)]
-	[boolean]$showintab
+	[boolean]$showintab,
+
+  [Parameter(Mandatory=$false,Position=6)]
+	[string]$storedhosts
 )
 
 Function Get-Pcs{
@@ -108,8 +114,18 @@ else {
 
 $wumaster = ""
 $kbItems = $kbs.Split(",")
+[PSObject]$hosts = $null
+
 if(-not $computer){
-  $hosts = $PSHosts.GetHosts()
+  if($storedhosts) {
+    #The storedhosts have been serialized as a string
+    #Before we use them we need to deserialize.
+    $hosts = $PSHosts.DeserializeHosts($storedhosts)
+  }
+  else {
+    $hosts = $PSHosts.GetHosts()
+  }
+
   if(!$hosts) {
     $hosts = Get-PCs    
     foreach($h in $hosts) {

diff --git a/Scripts and Modules/Scripts/System Information/installedprograms.ps1 b/Scripts and Modules/Scripts/System Information/installedprograms.ps1
@@ -0,0 +1,86 @@
+<#
+.DESCRIPTION
+  Lists all of the applications that are installed on the system.
+
+AUTHOR
+Ben0xA
+
+.PARAMETER showintab
+  Specifies whether to show the results in a PoshSec Framework Tab.
+
+.PARAMETER storedhosts
+  This is for storing hosts from the framework for scheduling.
+
+.NOTES
+  pshosts=storedhosts
+#>
+
+Param(	
+	[Parameter(Mandatory=$false,Position=1)]
+	[boolean]$showintab=$True,
+
+  [Parameter(Mandatory=$false,Position=2)]
+	[string]$storedhosts
+)
+#Start your code here.
+$progs = @()
+$installedprogs = @()
+
+if($storedhosts) {
+  #The storedhosts have been serialized as a string
+  #Before we use them we need to deserialize.
+  $hosts = $PSHosts.DeserializeHosts($storedhosts)
+}
+else {
+  $hosts = $PSHosts.GetHosts()
+}
+
+if($hosts) {
+  foreach($h in $hosts) {
+    $PSStatus.Update("Querying $($h.Name), please wait...")
+    if($h.Status -eq "Up") {      
+      $progs = Get-RemoteRegistryKey $h.Name 3 "Software\Microsoft\Windows\CurrentVersion\Uninstall\"
+      if($progs) {
+        $idx = 1
+        foreach($p in $progs) {
+          $PSStatus.Update("Adding $idx out of $($progs.Length) on $($h.Name), please wait...")
+          $progdata = Get-RemoteRegistryValue $h.Name 3 "$($p.Path)$($p.Key)"
+          $instprog = New-Object PSObject
+          $instprog | Add-Member -MemberType NoteProperty -Name "Computer" -Value $p.Computer
+          $rslt = $progdata | Where { $_.Name -eq "DisplayName"}
+          if($rslt) {
+            $instprog | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $rslt.Value
+          }
+          else {
+            $instprog | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $p.Key
+          }
+          $instprog | Add-Member -MemberType NoteProperty -Name "DisplayVersion" -Value $($progdata | Where { $_.Name -eq "DisplayVersion"} | Select -ExpandProperty Value)
+          $instprog | Add-Member -MemberType NoteProperty -Name "InstallLocation" -Value $($progdata | Where { $_.Name -eq "InstallLocation"} | Select -ExpandProperty Value)
+          $instprog | Add-Member -MemberType NoteProperty -Name "InstallDate" -Value $($progdata  | Where { $_.Name -eq "InstallDate"} | Select -ExpandProperty Value)
+          $instprog | Add-Member -MemberType NoteProperty -Name "InstallSource" -Value $($progdata  | Where { $_.Name -eq "InstallSource"} | Select -ExpandProperty Value)
+          $installedprogs += $instprog
+          $idx += 1
+        }
+      }
+    }    
+  } 
+
+  if($installedprogs) {
+    $installedprogs = $installedprogs | Sort-Object Computer, DisplayName
+    if($showintab) {
+      $PSTab.AddObjectGrid($installedprogs, "Installed Programs")
+      Write-Output "Installed Programs Tab Created."
+    }
+    else {
+      $installedprogs | Out-String
+    }
+  }   
+  else {
+    Write-Output "Unable to find any installed programs"
+  }
+}
+else {
+  Write-Output "Please select the hosts in the Systems tab to scan."
+}
+
+#End Script
diff --git a/Scripts and Modules/Scripts/System Information/runningprograms.ps1 b/Scripts and Modules/Scripts/System Information/runningprograms.ps1
@@ -0,0 +1,109 @@
+<#
+.DESCRIPTION
+  Lists all of the applications that are currently running.
+
+AUTHOR
+Ben0xA
+
+.PARAMETER showintab
+  Specifies whether to show the results in a PoshSec Framework Tab.
+
+.PARAMETER storedhosts
+  This is for storing hosts from the framework for scheduling.
+  
+.PARAMETER processname
+  The name of the process.
+
+.PARAMETER ignoreprocesses
+  A comma separated list of processes to ignore.
+  
+.PARAMETER baselinepath
+  The path to the baseline xml for comparison.
+
+.NOTES
+  pshosts=storedhosts
+  psfilename=baselinepath
+#>
+
+Param(	
+	[Parameter(Mandatory=$false,Position=1)]
+	[boolean]$showintab=$True,
+
+  [Parameter(Mandatory=$false,Position=2)]
+	[string]$storedhosts,
+
+  [Parameter(Mandatory=$false,Position=3)]
+	[string]$processname,
+
+  [Parameter(Mandatory=$false,Position=4)]
+	[string]$ignoreprocesses,
+
+  [Parameter(Mandatory=$false,Position=5)]
+	[string]$baselinepath
+)
+#Start your code here.
+$processes = @()
+$outprocs = @()
+$ignore = ($ignoreprocesses -split ",")
+
+if($storedhosts) {
+  #The storedhosts have been serialized as a string
+  #Before we use them we need to deserialize.
+  $hosts = $PSHosts.DeserializeHosts($storedhosts)
+}
+else {
+  $hosts = $PSHosts.GetHosts()
+}
+
+if($hosts) {
+  foreach($h in $hosts) {
+    $PSStatus.Update("Querying $($h.Name), please wait...")
+    $processes += Get-SecRunningProcess $h.Name $processname
+  }
+
+  if($processes) {
+    foreach($proc in $processes) {
+      if($ignore -notcontains $proc.ProcessName) {
+        $outprocs += $proc        
+      }
+    }
+    if($baselinepath -ne "") {
+      if(Test-Path $baselinepath) {
+        $baseprocs = Import-Clixml -path $baselinepath
+        $results = Compare-Object $baseprocs $outprocs -property Computer, ProcessName
+        if($results) {
+          if($showintab) {
+            $PSTab.AddObjectGrid($results, "Process Comparison Results")
+            Write-Output "Process Comparison Results Tab Created."
+          }
+          else {
+            $results | Out-String
+          }
+          #overwrite baseline
+          $outprocs | Export-Clixml -path $baselinepath
+        }        
+      }
+      else {
+        $outprocs | Export-Clixml -path $baselinepath
+        Write-Output "Baseline file created."
+      }
+    }
+    else {
+      if($showintab) {
+        $PSTab.AddObjectGrid($outprocs, "Running Programs")
+        Write-Output "Running Programs Tab Created."
+      }    
+      else {
+        $outprocs | Out-String
+      }    
+    }    
+  }
+  else {
+    Write-Output "Unable to find any running programs"
+  }
+}
+else {
+  Write-Output "Please select the hosts in the Systems tab to scan."
+}
+
+#End Script
diff --git a/Scripts and Modules/Scripts/System Information/startupprograms.ps1 b/Scripts and Modules/Scripts/System Information/startupprograms.ps1
@@ -23,7 +23,6 @@ Param(
   [Parameter(Mandatory=$false,Position=2)]
 	[string]$storedhosts
 )
-
 #Start your code here.
 $progs = @()
 
@@ -38,6 +37,7 @@ else {
 
 if($hosts) {
   foreach($h in $hosts) {
+    $PSStatus.Update("Querying $($h.Name), please wait...")
     $progs +=  Get-RemoteRegistryValue $h.Name 3 "Software\Microsoft\Windows\CurrentVersion\Run\"
     $progs +=  Get-RemoteRegistryValue $h.Name 3 "Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"
   }