Created
December 11, 2024 10:12
-
-
Save Joseph413168/770eb56ec43f70575ca50d8217b63e49 to your computer and use it in GitHub Desktop.
Powershell Security Audit (Important note : power does not allow execution of .ps1 scripts which will result in this error when the file is attempted to be executed through powershell PS C:\Users\yousu\Desktop\projects> .\"Security Audit.ps1" .\Security Audit.ps1 : File C:\Users\yousu\Desktop\projects\Security Audit.ps1 cannot be loaded because …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function to log results to a file | |
| function Log-Results { | |
| param ( | |
| [string]$logMessage | |
| ) | |
| $logFilePath = "C:\Users\yousu\Desktop\projects\SecurityAuditResults.txt" | |
| $timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" | |
| $logMessage = "$timestamp - $logMessage" | |
| Add-Content -Path $logFilePath -Value $logMessage | |
| } | |
| # Generate a random password | |
| $length = 12 | |
| $passwordChars = ([char[]](48..57 + 65..90 + 97..122) | ForEach-Object { [char]$_ }) + '!@#$%^&*()' | |
| $password = -join ($passwordChars | Get-Random -Count $length) | |
| Log-Results "Generated Secure Password: $password" | |
| # Get user account information | |
| $userAccounts = Get-LocalUser | |
| $userAccountsInfo = $userAccounts | Select-Object Name, Enabled, LastLogon | |
| Log-Results "### User Account Information ###" | |
| $userAccountsInfo | ForEach-Object { Log-Results "$($_.Name) - Enabled: $($_.Enabled) - LastLogon: $($_.LastLogon)" } | |
| # Get failed login attempts | |
| $failedLogons = Get-WinEvent -FilterHashtable @{LogName='Security'; Id=4625} -MaxEvents 10 -ErrorAction SilentlyContinue | |
| if ($failedLogons) { | |
| Log-Results "### Failed Login Attempts ###" | |
| $failedLogons | ForEach-Object { Log-Results "Failed login attempt at $($_.TimeCreated) - Account: $($_.Message)" } | |
| } else { | |
| Log-Results "No failed login attempts found." | |
| } | |
| # Get firewall status | |
| $firewall = Get-NetFirewallProfile | |
| Log-Results "### Firewall Status ###" | |
| $firewall | ForEach-Object { Log-Results "Name: $($_.Name) - Enabled: $($_.Enabled) - DefaultInboundAction: $($_.DefaultInboundAction) - DefaultOutboundAction: $($_.DefaultOutboundAction)" } | |
| # Get antivirus status | |
| $antivirus = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntiVirusProduct | |
| Log-Results "### Antivirus Status ###" | |
| $antivirus | ForEach-Object { Log-Results "Antivirus: $($_.displayName) - State: $($_.productState)" } | |
| # Get system uptime | |
| $uptime = (Get-CimInstance Win32_OperatingSystem).LastBootUpTime | |
| $uptimeFormatted = (Get-Date) - $uptime | |
| Log-Results "### System Uptime ###" | |
| Log-Results "System Uptime: $($uptimeFormatted.Days) days, $($uptimeFormatted.Hours) hours, $($uptimeFormatted.Minutes) minutes" | |
| # Get disk usage | |
| $diskUsage = Get-PSDrive -PSProvider FileSystem | |
| Log-Results "### Disk Usage ###" | |
| $diskUsage | ForEach-Object { | |
| $usedPercentage = [math]::round(($_.Used / $_.Used + $_.Free) * 100, 2) | |
| Log-Results "Drive: $($_.Name) - Size(GB): $([math]::round($_.Used / 1GB, 2)) - Free(GB): $([math]::round($_.Free / 1GB, 2)) - Used(%): $usedPercentage" | |
| } | |
| # Get running services | |
| $services = Get-Service | |
| Log-Results "### Running Services ###" | |
| $services | ForEach-Object { Log-Results "Name: $($_.Name) - Status: $($_.Status)" } | |
| Log-Results "### Security Audit Completed Successfully ###" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment