recon script [Add to github]
# Define a function to sanitize file names
function Sanitize-FileName {
param(
[string]$FileName
)
# Remove invalid characters
$InvalidChars = [System.IO.Path]::GetInvalidFileNameChars()
foreach ($Char in $InvalidChars) {
$FileName = $FileName -replace [Regex]::Escape($Char), ''
}
# Optionally, replace spaces with underscores (if desired)
# $FileName = $FileName -replace ' ', '_'
return $FileName
}
# Function to execute command and write output in Markdown format to a specific file
function Write-MarkdownSection {
param (
[string]$Title,
[string[]]$Commands,
[string]$OutputFile
)
Write-Output "Scanning $Title..."
# If the file doesn't exist, create it and write the heading
if (-not (Test-Path $OutputFile)) {
"# $Title" | Out-File -FilePath $OutputFile -Encoding utf8
}
foreach ($Command in $Commands) {
# Write command in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$Command | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Execute command and capture output
$Output = Invoke-Expression $Command
# Write output in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$Output | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
Add-Content -Path $OutputFile -Value "`n" -Encoding utf8
}
Write-Output "$Title completed"
}
# Hostname and Username (Updated to include 'whoami /priv')
$Title = "Hostname and Username"
$Commands = @("whoami", "whoami /priv")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# User Groups
$Title = "User Groups"
$Commands = @("whoami /groups")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Existing Users List
$Title = "Existing Users List"
$Commands = @("Get-LocalUser")
$OutputFile = Sanitize-FileName("$Title.md")
# Remove the file if it exists to start fresh
if (Test-Path $OutputFile) {
Remove-Item $OutputFile
}
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Include details for each user in the Existing Users List.md
Write-Output "Retrieving details for each user..."
$Users = Get-LocalUser | Select-Object -ExpandProperty Name
foreach ($User in $Users) {
$UserTitle = "Details for User: $User"
$UserCommand = "net user `"$User`""
Write-Output "Scanning $UserTitle..."
# Write expandable section start
'<details>' | Out-File -Append -FilePath $OutputFile -Encoding utf8
"<summary>$UserTitle</summary>" | Out-File -Append -FilePath $OutputFile -Encoding utf8
'' | Out-File -Append -FilePath $OutputFile -Encoding utf8 # Empty line for Markdown formatting
# Write command in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$UserCommand | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Execute command and capture output
$UserOutput = net user $User
# Write output in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$UserOutput | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Write expandable section end
'</details>' | Out-File -Append -FilePath $OutputFile -Encoding utf8
Add-Content -Path $OutputFile -Value "`n" -Encoding utf8
Write-Output "$UserTitle completed"
}
Write-Output "User details retrieval completed"
# All Group Names
$Title = "All Group Names"
$Commands = @("Get-LocalGroup | Select-Object -ExpandProperty Name")
$OutputFile = Sanitize-FileName("$Title.md")
# Remove the file if it exists to start fresh
if (Test-Path $OutputFile) {
Remove-Item $OutputFile
}
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Include details for each group in the All Group Names.md
Write-Output "Scanning groups and their members..."
$Groups = Get-LocalGroup
foreach ($Group in $Groups) {
$GroupTitle = "Group: $($Group.Name)"
$GroupCommand = "Get-LocalGroupMember -Group `"$($Group.Name)`""
Write-Output "Scanning $GroupTitle..."
# Write expandable section start
'<details>' | Out-File -Append -FilePath $OutputFile -Encoding utf8
"<summary>$GroupTitle</summary>" | Out-File -Append -FilePath $OutputFile -Encoding utf8
'' | Out-File -Append -FilePath $OutputFile -Encoding utf8 # Empty line for Markdown formatting
# Write command in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$GroupCommand | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Execute command and capture output
$GroupOutput = Get-LocalGroupMember -Group $Group.Name
# Write output in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$GroupOutput | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Write expandable section end
'</details>' | Out-File -Append -FilePath $OutputFile -Encoding utf8
Add-Content -Path $OutputFile -Value "`n" -Encoding utf8
Write-Output "$GroupTitle completed"
}
Write-Output "Groups and members completed"
# System Information
$Title = "System Information"
$Commands = @("systeminfo")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Network Information
$Title = "Network Information"
$Commands = @("ipconfig /all")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# ARP Table
$Title = "ARP Table"
$Commands = @("arp -a")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Routing Information
$Title = "Routing Information"
$Commands = @("route print")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Active Network Connections
$Title = "Active Network Connections"
$Commands = @("netstat -ano")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Installed Software (32-bit)
$Title = "Installed Software (32-bit)"
$Commands = @('Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | Where-Object { $_.DisplayName } | Select-Object -ExpandProperty DisplayName')
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Installed Software (64-bit)
$Title = "Installed Software (64-bit)"
$Commands = @('Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | Where-Object { $_.DisplayName } | Select-Object -ExpandProperty DisplayName')
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Running Processes
$Title = "Running Processes"
$Commands = @("Get-Process")
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Running Services
$Title = "Running Services"
$Commands = @('Get-CimInstance -ClassName win32_service | Select Name, State, PathName, StartMode | Where-Object { $_.State -like "Running" }')
$OutputFile = Sanitize-FileName("$Title.md")
Write-MarkdownSection -Title $Title -Commands $Commands -OutputFile $OutputFile
# Folder Permissions in C:\ (Updated to use icacls)
$Title = "Folder Permissions in C"
$OutputFile = Sanitize-FileName("$Title.md")
Write-Output "Scanning $Title..."
# Remove the file if it exists to start fresh
if (Test-Path $OutputFile) {
Remove-Item $OutputFile
}
# Write heading
"# $Title" | Out-File -FilePath $OutputFile -Encoding utf8
# Define folders to skip
$FoldersToSkip = @(
'Windows',
'Program Files',
'Program Files (x86)',
'Users',
'$Recycle.Bin',
'System Volume Information',
'PerfLogs',
'Recovery',
'Documents and Settings'
)
# Get all directories in C:\ and skip specified folders
$Folders = Get-ChildItem -Path 'C:\' -Directory -Force | Where-Object { $FoldersToSkip -notcontains $_.Name }
foreach ($Folder in $Folders) {
$FolderPath = $Folder.FullName
$FolderName = $Folder.Name
$Command = "icacls `"$FolderPath`""
# Write expandable section start
'<details>' | Out-File -Append -FilePath $OutputFile -Encoding utf8
"<summary>Permissions for Folder: $FolderName</summary>" | Out-File -Append -FilePath $OutputFile -Encoding utf8
'' | Out-File -Append -FilePath $OutputFile -Encoding utf8 # Empty line for Markdown formatting
# Write command in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$Command | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Execute command and capture output
Try {
$IcaclsOutput = icacls "$FolderPath" 2>&1
} Catch {
$IcaclsOutput = "Failed to get permissions for ${FolderPath}: $_"
}
# Write output in code block
'```powershell' | Out-File -Append -FilePath $OutputFile -Encoding utf8
$IcaclsOutput | Out-File -Append -FilePath $OutputFile -Encoding utf8
'```' | Out-File -Append -FilePath $OutputFile -Encoding utf8
# Write expandable section end
'</details>' | Out-File -Append -FilePath $OutputFile -Encoding utf8
Add-Content -Path $OutputFile -Value "`n" -Encoding utf8
}
Write-Output "$Title completed"
Write-Output "System information has been saved to individual Markdown files."
Last updated