Powershell: IOC Detection with PowerShell
IoC Project:
Windows 10 error
Python project for IT
Please as always do not scan, or run any script on a network computer that you do not have permissions, or even scan a website without consent, this is for educational purpose only, no malware and no malicious code in my script, you may use and modify as you please. Also I am learning python script myself, I am not a guru, but creating projects does help a lot! happy scripting and enjoy.
​
The provided Python script is a graphical user interface (GUI) application built using the Tkinter library. Its primary purpose is to gather and display various system and network information about the host machine.
If run properly, you will get the following results:
Hostname:
IP Address:
Installed Printer:
The current logged on user is:
Missing Drivers:
No missing drivers found.
Restart Required: No
Open Ports:
- Port 135: open
- Port 139: open
- Port 445: open
Antivirus Status: Antivirus is running.
Network Connection: Wi-Fi
System Uptime: 1 day, 13:17:13.999990
Today's Date:
Domain Status: PartOfDomain: False
Visit my website: if you have a website
​
Python script:
​
​import os
import platform
import subprocess
from tkinter import ttk
import threading
import socket
import webbrowser
import psutil
import win32print
import win32com.client
import winreg
import nmap
import datetime
from datetime import date
import wmi
import tkinter as tk
from tkinter import ttk, messagebox
import speedtest
# Function to get the current logged on user
def get_current_user():
return os.getlogin()
# Function to get host information
def get_host_info():
hostname = socket.gethostname()
ip_address = socket.gethostbyname(hostname)
printer_name = win32print.GetDefaultPrinter()
missing_drivers = get_missing_drivers()
restart_required = check_restart_required()
open_ports = scan_open_ports(ip_address)
antivirus_status = check_antivirus_status()
network_connection = check_network_connection()
uptime = get_system_uptime()
today = get_today_date()
current_user = get_current_user()
wmi_os = wmi.WMI().Win32_ComputerSystem()[0]
domain_status = "PartOfDomain: " + str(wmi_os.PartOfDomain)
output_text.delete(1.0, tk.END) # Clear previous output
output_text.insert(tk.END, f"Hostname: {hostname}\n\n")
output_text.insert(tk.END, f"IP Address: {ip_address}\n\n")
output_text.insert(tk.END, f"Installed Printer: {printer_name}\n\n")
output_text.insert(tk.END, f"The current logged on user is: {current_user}\n\n")
output_text.insert(tk.END, "Missing Drivers:\n")
if missing_drivers:
for driver in missing_drivers:
output_text.insert(tk.END, f"- {driver}\n")
else:
output_text.insert(tk.END, "No missing drivers found.\n")
output_text.insert(tk.END, "\nRestart Required: ")
if restart_required:
output_text.insert(tk.END, "Yes\n")
else:
output_text.insert(tk.END, "No\n")
output_text.insert(tk.END, "\nOpen Ports:\n")
if open_ports:
for port, state in open_ports.items():
output_text.insert(tk.END, f"- Port {port}: {state}\n")
else:
output_text.insert(tk.END, "No open ports found.\n")
output_text.insert(tk.END, "\nAntivirus Status: ")
output_text.insert(tk.END, antivirus_status + "\n")
output_text.insert(tk.END, "\nNetwork Connection: ")
output_text.insert(tk.END, network_connection + "\n")
output_text.insert(tk.END, "\nSystem Uptime: ")
output_text.insert(tk.END, uptime + "\n")
output_text.insert(tk.END, "\nToday's Date: ")
output_text.insert(tk.END, today + "\n")
output_text.insert(tk.END, f"\nDomain Status: {domain_status}\n")
output_text.insert(tk.END, "\nVisit my website: ")
output_text.insert(tk.END, "site here", "website_link")
output_text.tag_config("website_link", foreground="blue", underline=True)
output_text.tag_bind("website_link", "<Button-1>",
lambda event: webbrowser.open_new("https://gedwinquezada.wixsite.com/chaos2security"))
# Function to get missing drivers
def get_missing_drivers():
missing_drivers = []
wmi = win32com.client.GetObject("winmgmts:")
devices = wmi.InstancesOf("Win32_PnPEntity")
for device in devices:
if device.ConfigManagerErrorCode != 0:
missing_drivers.append(device.Name)
return missing_drivers
# Function to check restart required
def check_restart_required():
try:
key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Control\Session Manager")
value, _ = winreg.QueryValueEx(key, "PendingFileRenameOperations")
return bool(value)
except FileNotFoundError:
return False
# Function to scan open ports
def scan_open_ports(ip_address):
nm = nmap.PortScanner()
nm.scan(ip_address, arguments='-p 1-1000') # Scan ports 1 to 1000
open_ports = {}
for host in nm.all_hosts():
if nm[host].has_tcp(22) and nm[host]['tcp'][22]['state'] == 'open':
open_ports[22] = 'Open'
if nm[host].has_tcp(80) and nm[host]['tcp'][80]['state'] == 'open':
open_ports[80] = 'Open'
if nm[host].has_tcp(443) and nm[host]['tcp'][443]['state'] == 'open':
open_ports[443] = 'Open'
return open_ports
# Function to check antivirus status
def check_antivirus_status():
try:
output = subprocess.check_output(
r'wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get displayName /value', shell=True)
if b"displayName=" in output:
return "Antivirus installed and running"
else:
return "No antivirus installed or not running"
except subprocess.CalledProcessError:
return "Error checking antivirus status"
# Function to check network connection
def check_network_connection():
interfaces = psutil.net_if_stats()
connection_type = "Wi-Fi" if "Wi-Fi" in interfaces else "Ethernet"
return f"Connected via: {connection_type}"
# Function to get system uptime
def get_system_uptime():
boot_time = psutil.boot_time()
current_time = datetime.datetime.now().timestamp()
uptime_seconds = current_time - boot_time
uptime_days = uptime_seconds // (24 * 60 * 60)
uptime_hours = (uptime_seconds % (24 * 60 * 60)) // (60 * 60)
uptime_minutes = (uptime_seconds % (60 * 60)) // 60
uptime_seconds = uptime_seconds % 60
return f"{int(uptime_days)} days, {int(uptime_hours)} hours, {int(uptime_minutes)} minutes, {int(uptime_seconds)} seconds"
# Function to get today's date
def get_today_date():
today = date.today()
return str(today)
# Function to perform vulnerability scanning
def perform_vulnerability_scan(target):
try:
ip_address = socket.gethostbyname(target)
print(f"Resolved IP Address: {ip_address}") # Debugging line
nm = nmap.PortScanner()
# Updated scan arguments for more detailed results
nm.scan(ip_address,
arguments='-p- -sV --script "C:\\Program Files (x86)\\Nmap\\scripts\\vulscan\\vulscan.nse" -O -v') # Check if the scan was successful
if nm.all_hosts():
print("Scan completed successfully.") # Debugging line
scan_data = nm[ip_address]
vulnerabilities = {}
for proto in scan_data.all_protocols():
for port in scan_data[proto]:
port_data = scan_data[proto][port]
# Collect detailed script results
script_results = port_data.get('script', {})
if script_results:
vulnerabilities[port] = {
'name': port_data.get('name', 'unknown'),
'state': port_data.get('state', 'closed'),
'product': port_data.get('product', 'unknown'),
'version': port_data.get('version', 'unknown'),
'vulnerabilities': script_results
}
if not vulnerabilities:
print("No vulnerabilities found for the scanned ports.") # Debugging line
return vulnerabilities
else:
return "No hosts found."
except socket.gaierror as e:
return f"Error: Unable to resolve hostname/IP - {e}"
except nmap.PortScannerError as e:
return f"Nmap error occurred: {e}"
except Exception as e:
return f"Error occurred during vulnerability scanning: {e}"
# Function to display vulnerability scan results
def display_vulnerability_scan_results(vulnerabilities):
output_text.insert(tk.END, "\nVulnerability Scan Results:\n")
if isinstance(vulnerabilities, dict) and vulnerabilities:
for port, details in vulnerabilities.items():
output_text.insert(tk.END, f"Port {port}:\n")
output_text.insert(tk.END, f" Name: {details['name']}\n")
output_text.insert(tk.END, f" State: {details['state']}\n")
output_text.insert(tk.END, f" Product: {details['product']}\n")
output_text.insert(tk.END, f" Version: {details['version']}\n")
output_text.insert(tk.END, " Vulnerabilities:\n")
for script, result in details['vulnerabilities'].items():
output_text.insert(tk.END, f" - {script}: {result}\n")
elif isinstance(vulnerabilities, str):
output_text.insert(tk.END, vulnerabilities)
else:
output_text.insert(tk.END, "No vulnerabilities found.\n")
def get_system_info():
sys_info = {
"OS": platform.system(),
"OS Version": platform.version(),
"Platform": platform.platform(),
"Processor": platform.processor(),
"Architecture": platform.architecture(),
"Hostname": platform.node(),
}
info_str = "\n".join([f"{key}: {value}" for key, value in sys_info.items()])
return info_str
def get_cpu_memory_usage():
cpu_usage = psutil.cpu_percent(interval=1)
memory_usage = psutil.virtual_memory().percent
return f"CPU Usage: {cpu_usage}%\nMemory Usage: {memory_usage}%"
def get_disk_usage():
disk_info = []
partitions = psutil.disk_partitions()
for partition in partitions:
usage = psutil.disk_usage(partition.mountpoint)
disk_info.append(
f"Partition: {partition.device}\n"
f" Mountpoint: {partition.mountpoint}\n"
f" File system type: {partition.fstype}\n"
f" Total Size: {usage.total // (2 ** 30)} GiB\n"
f" Used: {usage.used // (2 ** 30)} GiB\n"
f" Free: {usage.free // (2 ** 30)} GiB\n"
f" Usage: {usage.percent}%\n"
)
return "\n".join(disk_info)
def get_network_status():
hostname = "google.com"
response = os.system(f"ping -c 1 {hostname}")
network_info = f"{hostname} is {'reachable' if response == 0 else 'not reachable'}\n"
try:
st = speedtest.Speedtest()
st.download()
st.upload()
results = st.results.dict()
network_info += (
f"Download Speed: {results['download'] / 1_000_000:.2f} Mbps\n"
f"Upload Speed: {results['upload'] / 1_000_000:.2f} Mbps\n"
)
except ImportError:
network_info += "Speedtest module not installed. Install it using 'pip install speedtest-cli'\n"
return network_info
def check_security_updates():
if platform.system() == "Windows":
try:
update_session = win32com.client.Dispatch("Microsoft.Update.Session")
update_search = update_session.Search("IsInstalled=0")
return f"Found {update_search.Updates.Count} updates available."
except Exception as e:
return f"An error occurred while checking for updates: {e}"
else:
return "Security update check not supported for this OS."
def scan_for_malware():
if platform.system() == "Windows":
try:
result = subprocess.run(
["C:\\Program Files\\Windows Defender\\MpCmdRun.exe", "-Scan", "-ScanType", "1"],
check=True,
capture_output=True,
text=True
)
return "Malware scan initiated successfully.\n" + result.stdout
except subprocess.CalledProcessError as e:
return f"An error occurred while scanning for malware: {e}\n{e.output}"
else:
return "Malware scan not supported for this OS."
def check_software_updates():
if platform.system() == "Windows":
try:
result = subprocess.run(
["powershell",
"Get-Package -ProviderName Programs | ForEach-Object { $_.Name; Get-Package -ProviderName Programs -Name $_.Name -IncludeWindowsInstaller -AllVersions | ForEach-Object { $_.Name, $_.Version } }"],
check=True,
capture_output=True,
text=True
)
return "Software updates:\n" + result.stdout
except subprocess.CalledProcessError as e:
return f"An error occurred while checking for software updates: {e}\n{e.output}"
else:
return "Software update check not supported for this OS."
def diagnose_system():
global running
running = True
results = []
results.append("System Information:\n" + get_system_info())
results.append("\nCPU and Memory Usage:\n" + get_cpu_memory_usage())
results.append("\nDisk Usage:\n" + get_disk_usage())
results.append("\nNetwork Status:\n" + get_network_status())
results.append("\nSecurity Updates:\n" + check_security_updates())
results.append("\nMalware Scan:\n" + scan_for_malware())
results.append("\nSoftware Updates:\n" + check_software_updates())
# Show results in a message box
messagebox.showinfo("Diagnosis Results", "\n".join(results))
def stop_diagnosis():
global running
running = False
messagebox.showinfo("Stopped", "Diagnosis has been stopped.")
#########################################################################
# Function to clear output
def clear_output():
output_text.delete(1.0, tk.END)
# Create the main window
window = tk.Tk()
window.title("Host Information")
window.geometry("800x600") # Set a larger size of the window
# Create a scrollable text area for output
output_text = tk.Text(window, height=20, width=60, font=("Arial", 12))
output_text.pack(side="left", fill="both", expand=True)
# Add a scrollbar for the text area
scrollbar = tk.Scrollbar(window, command=output_text.yview)
scrollbar.pack(side="right", fill="y")
output_text.config(yscrollcommand=scrollbar.set)
# Create button to get host info
get_info_button = tk.Button(window, text="Get Host Info", command=get_host_info, font=("Arial", 14))
get_info_button.pack(pady=10)
# Create an entry for the user to input the IP address or website
target_label = tk.Label(window, text="Enter IP Address or Website:")
target_label.pack(pady=10)
target_entry = tk.Entry(window, font=("Arial", 12))
target_entry.pack()
# Create button to perform vulnerability scan
vulnerability_scan_button = tk.Button(window, text="Perform Vulnerability Scan",
command=lambda: display_vulnerability_scan_results(
perform_vulnerability_scan(target_entry.get())), font=("Arial", 14))
vulnerability_scan_button.pack(pady=10)
# Create button to clear output
clear_output_button = tk.Button(window, text="Clear Output", command=clear_output, font=("Arial", 14))
clear_output_button.pack(pady=10)
# Define the style for the button
style = ttk.Style()
style.configure("TButton", font=("Arial", 12), padding=(15, 15)) # Adjust padding as needed
# Create the Diagnose/Tshoot button with the custom style
diagnose_button = ttk.Button(window, text="Diagnose/Tshoot",
command=lambda: threading.Thread(target=diagnose_system).start(),
style="TButton")
diagnose_button.pack(pady=30, padx=40) # Padding around the button
# Create the Stop button with padding inside and around the button
stop_button = tk.Button(window, text="Stop", command=stop_diagnosis,
width=20, height=2, font=("Arial", 12),
padx=10, pady=5) # Padding inside the button
stop_button.pack(pady=10, padx=10) # Padding around the button
# Create a button widget
exit_button = tk.Button(window, text="Exit", command=window.destroy,
width=20, height=2, font=("Arial", 12),
padx=10, pady=5) # Padding inside the button
stop_button.pack(pady=10, padx=10) # Padding around the button
# Place the button in the window
exit_button.pack()
# Run the Tkinter event loop
window.mainloop()
# Start the Tkinter event loop
window.mainloop()
