GithubHelp home page GithubHelp logo

hartl3y94 / hostrecon Goto Github PK

View Code? Open in Web Editor NEW

This project forked from dafthack/hostrecon

0.0 0.0 0.0 14 KB

This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.

License: MIT License

PowerShell 100.00%

hostrecon's Introduction

Invoke-HostRecon

Invoke-HostRecon runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance phase of an engagement. It gathers information about the local system, users, and domain information. It does not use any 'net', 'ipconfig', 'whoami', 'netstat', or other system commands to help avoid detection.

For more info check out this blog post: http://www.blackhillsinfosec.com/?p=5824

HostRecon Demo Video: https://www.youtube.com/watch?v=H4wzhmaBgM0

Situational Awareness

Invoke-HostRecon gets the following information from the system without running system tools like 'net', 'ipconfig', etc.

Current Hostname
IP Information
Current Username
Current Domain Name
All Local Users
Local Admins Group
Netstat Information
DNS Cache Information
Shares
Scheduled Tasks
Web Proxy Information
Process Listing
AntiVirus Information
Firewall Status
Local Admin Password Solution (LAPS)
Domain Password Policy
Domain Admins Group Members
Domain Controllers
Check for Sysinternals Sysmon
Checks for Common Security Products

Common Security Product Detection

Invoke-HostRecon attempts to enumerate common security products on the system including AV, IDS, AppWhitelisting, Behavioral Analysis, etc.

Egress Filter Check

Invoke-HostRecon also includes a functionality for assessing egress filtering from the system. The -Portscan flag can be passed to initiate an outbound portscan against allports.exposed to help determine open ports allowed through an egress firewall. (Credit for the Portscan module goes to Joff Thyer)

Usage Example

This command will run a number of checks on the local system including the retrieval of local system information (netstat, common security products, scheduled tasks, local admins group, LAPS, etc), and domain information (Domain Admins group, DC's, password policy). Additionally, it will perform an outbound portscan on the top 128 ports to allports.exposed to assist in determining any ports that might be allowed outbound for C2 communications.

Invoke-HostRecon -Portscan -TopPorts 128

hostrecon's People

Contributors

dafthack avatar garrett-white avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.