-
Notifications
You must be signed in to change notification settings - Fork 0
/
dat_main.ps1
216 lines (199 loc) · 8.89 KB
/
dat_main.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
. ".\Functions\Get-PerformanceMetrics.ps1"
. ".\Functions\Get-SystemUptime.ps1"
. ".\Functions\Get-RunningProcesses.ps1"
. ".\Functions\Get-WindowsUpdateHistory.ps1"
. ".\Functions\Get-DriversInformation.ps1"
. ".\Functions\Get-HardwareInventory.ps1"
. ".\Functions\Get-SoftwareLicensing.ps1"
. ".\Functions\Get-SystemInformation.ps1"
. ".\Functions\Get-SecurityUpdateStatus.ps1"
. ".\Functions\Get-EventLogSummary.ps1"
. ".\Functions\Format-AndLogInformation.ps1"
. ".\Functions\LogAndDisplay.ps1"
. ".\Functions\Get-BackupStatus.ps1"
. ".\Functions\Get-OpenPorts.ps1"
. ".\Functions\Get-UserGroups.ps1"
. ".\Functions\Scan-SuspiciousRegistryEntries.ps1"
. ".\Functions\Get-DiskHealth.ps1"
function Show-Menu {
param (
[string]$Title = "dag's Audit Tool - Interactive Mode"
)
Clear-Host
Write-Host "================ $Title ================"
Write-Host "1: Operating System Information"
Write-Host "2: CPU Information"
Write-Host "3: Memory Information"
Write-Host "4: Disk Information"
Write-Host "5: Network Information"
Write-Host "6: User Accounts"
Write-Host "7: System Services"
Write-Host "8: Installed Software"
Write-Host "9: Hardware Inventory"
Write-Host "10: Software Licensing"
Write-Host "11: Event Log Summary"
Write-Host "12: Security and Update Status"
Write-Host "13: Performance Metrics"
Write-Host "14: System Uptime"
Write-Host "15: Running Processes"
Write-Host "16: Windows Update History"
Write-Host "17: Drivers Information"
Write-Host "18: Backup Status"
Write-Host "19: Open Network Ports"
Write-Host "20: User Groups"
Write-Host "21: Scan for Suspicious Registry Entries"
Write-Host "22: HDD/SSD Health"
Write-Host "23: Full System Audit"
Write-Host "Q: Quit"
}
function Run-InteractiveAudit {
$LogFilePath = "$env:USERPROFILE\Documents\SystemAuditLog.txt"
do {
Show-Menu
$input = Read-Host "Please make a selection"
switch ($input) {
'1' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty OSInfo) }
'2' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty CPUInfo) }
'3' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty MemoryInfo) }
'4' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty DiskInfo) }
'5' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty NetworkInfo) }
'6' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty UserAccounts) }
'7' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty SystemServices) }
'8' { LogAndDisplay (Get-SystemInformation | Select-Object -ExpandProperty InstalledSoftware) }
'9' {
$hardwareInventory = Get-HardwareInventory
Write-Host "`n=== Graphics Cards ==="
LogAndDisplay $hardwareInventory.GraphicsCards
Write-Host "`n=== Sound Devices ==="
LogAndDisplay $hardwareInventory.SoundDevices
Write-Host "`n=== Network Adapters ==="
LogAndDisplay $hardwareInventory.NetworkAdapters
Write-Host "`n=== USB Devices ==="
LogAndDisplay $hardwareInventory.USBDevices
}
'10' { LogAndDisplay (Get-SoftwareLicensing) }
'11' {
Write-Host "Gathering Event Log Summary..."
$eventLogSummary = Get-EventLogSummary
Write-Host "`n=== System Logs ==="
$eventLogSummary.SystemLogs | ForEach-Object {
$logEntry = $_ | Format-List | Out-String -Width 4096
Add-Content -Path $LogFilePath -Value $logEntry
Write-Host $logEntry
}
Write-Host "`n=== Application Logs ==="
$eventLogSummary.ApplicationLogs | ForEach-Object {
$logEntry = $_ | Format-List | Out-String -Width 4096
Add-Content -Path $LogFilePath -Value $logEntry
Write-Host $logEntry
}
}
'12' {
Write-Host "Gathering Security and Update Status..."
$securityUpdateStatus = Get-SecurityUpdateStatus
LogAndDisplay $securityUpdateStatus
}
'13' {
Write-Host "Gathering Performance Metrics..."
$performanceMetrics = Get-PerformanceMetrics
LogAndDisplay $performanceMetrics
}
'14' {
Write-Host "Gathering System Uptime..."
$systemUptime = Get-SystemUptime
LogAndDisplay $systemUptime
}
'15' {
Write-Host "Gathering Running Processes..."
$runningProcesses = Get-RunningProcesses
LogAndDisplay $runningProcesses
}
'16' {
Write-Host "Gathering Windows Update History..."
$windowsUpdateHistory = Get-WindowsUpdateHistory
LogAndDisplay $windowsUpdateHistory
}
'17' {
Write-Host "Gathering Drivers Information..."
$driversInformation = Get-DriversInformation
LogAndDisplay $driversInformation
}
'18' {
Write-Host "Gathering Backup Status..."
$backupStatus = Get-BackupStatus
LogAndDisplay $backupStatus
}
'19' {
Write-Host "Gathering Open Network Ports..."
$openPorts = Get-OpenPorts
LogAndDisplay $openPorts
}
'20' {
Write-Host "Gathering Users and their Groups..."
$usedGroups = Get-UserGroupMemberships
LogAndDisplay $usedGroups
}
'21' {
Write-Host "Scanning for Suspicious Registry Entries..."
$susReg = Scan-SuspiciousRegistryEntries
LogAndDisplay $susReg
}
'22' {
Write-Host "Gathering Disk Health..."
$diskHealth = Get-DiskHealth
LogAndDisplay $diskHealth
}
'23' {
Write-Host "Performing Full System Audit..."
$auditReport = Get-SystemInformation
$auditReport.PSObject.Properties | ForEach-Object {
$sectionName = $_.Name
$sectionData = $_.Value
Write-Host "`n=== $sectionName ==="
if ($sectionName -eq "HardwareInventory") {
$sectionData.PSObject.Properties | ForEach-Object {
$hardwareSectionName = $_.Name
$hardwareSectionData = $_.Value
Write-Host "`n===$hardwareSectionName==="
LogAndDisplay $hardwareSectionData
}
} elseif ($sectionName -eq "EventLogSummary") {
"SystemLogs", "ApplicationLogs" | ForEach-Object {
$logType = $_
Write-Host "`n===$logType==="
$sectionData.$logType | ForEach-Object {
$logEntry = $_ | Format-List | Out-String -Width 4096
Add-Content -Path $LogFilePath -Value $logEntry
Write-Host $logEntry
}
}
} else {
LogAndDisplay $sectionData
}
}
Write-Host "Gathering Backup Status..."
LogAndDisplay (Get-BackupStatus)
Write-Host "Gathering Open Network Ports..."
LogAndDisplay (Get-OpenPorts)
Write-Host "Gathering Users and their Groups..."
LogAndDisplay (Get-UserGroupMemberships)
Write-Host "Scanning for Suspicious Registry Entries..."
LogAndDisplay (Scan-SuspiciousRegistryEntries)
Write-Host "Gathering Disk Health..."
LogAndDisplay (Get-DiskHealth)
}
'Q' {
return
}
default {
Write-Host "Invalid selection, please try again."
}
}
if ($input -ne 'Q') {
Write-Host "Log file saved to: $LogFilePath"
Write-Host "Press any key to continue ..."
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown')
}
} while ($input -ne 'Q')
}
Run-InteractiveAudit