WINspect - Powershell-based Windows Security Auditing Toolbox

WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a Windows machine aiming to identify security weaknesses and point to components that need further hardening. The main targets for the current version are domain-joined windows machines. Howerver, some of the functions still apply for standalone workstations.

This current version of the script supports the following features :

• Checking for installed security products.
• Enumerating World Exposed local filesystem shares.
• Enumerating domain users and groups with local group membership.
• Enumerating registry autoruns.
• Enumerating local services that are configurable by Authenticated Users group members.
• Enumerating local services for which corresponding binary is writable by Authenticated Users group members.
• Enumerating non-system32 Windows Hosted Services and their associated DLLs.
• Enumerating local services with unquoted path vulnerability.
• Enumerating non-system scheduled tasks.
• Checking for DLL hijackability.
• Checking for User Account Contol settings.
• Checking for unattended installs leftovers.

Github Project