Agent-less Windows System Vulnerability and Network Scanner

This is an open-source batch script designed to scan and collect system and network information from a Windows machine without requiring any external agents or software installations. The script gathers a wide range of data, including system information, installed software, network configurations, and more, which can be useful for vulnerability assessment and network analysis.

Features

The script collects various system and network details, including but not limited to:

• System Information: Detailed system specifications and environment variables.
• DotNet Framework Versions: Installed .NET Framework versions.
• AMSI Providers: Registered Anti-Malware Scan Interface (AMSI) providers.
• Registered Antivirus: Details of installed antivirus software.
• Audit Policies: Active audit policy configurations.
• Auto-Run Executables: Programs configured to run at startup.
• Firewall Rules: Configured Windows Firewall rules.
• Windows Defender Settings: Registry settings and exclusions for Windows Defender.
• Personal Certificates: Exported .pfx certificates from user profiles.
• User Folders: File listings from the Downloads, Documents, and Desktop directories.
• Installed Updates and Hotfixes: Installed updates and hotfixes via WMI.
• Local Users and Groups: Details about users and local groups on the system.
• Network Information: ARP table, DNS cache, active connections, and open ports.
• RDP Connections and Settings: Remote Desktop configuration and connection details.
• Secure Boot Configuration: Bootloader settings.
• PowerShell History: Command history from the PowerShell console.

Usage

1. Clone the repository to your local system:

   git clone https://github.com/codeterrayt/Agent-less-Windows-System-Vulnerability-and-Network-Scanner.git

2. Navigate to the directory:

   cd Agent-less-Windows-System-Vulnerability-and-Network-Scanner

3. Run the script with administrative privileges:

   • Right-click on Agent-less Windows System Vulnerability and Network Scanner.bat and select Run as Administrator.
   • Alternatively, open a Command Prompt as Administrator and execute:

     Agent-less Windows System Vulnerability and Network Scanner.bat

4. After execution, the output files will be stored in the _output directory within the script's directory.

Output

The script generates a structured directory containing text files and registry exports that include:

• System configuration and software details.
• Network settings and vulnerabilities.
• Active security configurations and policies.
• system_info.txt: Detailed system information.
• dotnet_versions.txt: Installed .NET Framework versions.
• amsi_providers.txt: AMSI providers registered on the system.
• registered_antivirus.txt: List of registered antivirus products.
• audit_policy_settings.txt: Audit policy settings.
• auto_run_executables.txt: Executables set to run at startup.
• firewall_rules.txt: Firewall rules.
• Windows Defender: Directory containing Windows Defender settings and exclusions.
• personal_certificates.txt: Personal certificates stored on the system.
• environment_variables.txt: Environment variables.
• user_folders_*.txt: Lists of files in user folders (Downloads, Documents, Desktop).
• file_information_*.txt: File information and versions.
• installed_hotfixes.txt: Installed hotfixes.
• installed_products.txt: Installed software products.
• local_group_policy_settings.html: Local group policy settings.
• local_groups.txt: Local groups.
• local_users.txt: Local users.
• installed_updates.txt: Installed updates.
• ntlm_authentication_settings.txt: NTLM authentication settings.
• rdp_connections.txt: RDP connections.
• remote_desktop_settings.reg: Remote desktop settings.
• secure_boot_configuration.txt: Secure boot configuration.
• sysmon_configuration.reg: Sysmon configuration.
• uac_system_policies.reg: UAC system policies.
• windows_defender_exclusions.txt: Windows Defender exclusions.
• powershell_console_history.txt: PowerShell console history.
• arp_table.txt: ARP table.
• dns_cache.txt: DNS cache.
• network_profiles.txt: Network profiles.
• network_shares.txt: Network shares.
• tcp_udp_connections.txt: TCP/UDP connections.
• rpc_endpoints.txt: RPC endpoints.
• open_ports.txt: Open ports.

Prerequisites

• Administrator Privileges: The script requires elevated privileges to access sensitive system and network settings.
• Windows Environment: This script is compatible with Windows operating systems.

Disclaimer

This tool is intended for educational and authorized use only. The developers are not responsible for any misuse or damage caused by this script.

Contribution

Contributions are welcome! Feel free to fork the repository and submit pull requests.

License

This project is licensed under the MIT License.

Support

If you find this project useful, please consider giving it a ⭐️ on GitHub!

Developed with ❤️ by CodeTerrayt