CyberPolice

An epic windows securing and hardening script
Log | Files | Refs | README

CheckFiles.ps1 (3387B)

      1 Write-Host The CYBER POLICE are searching for unauthorized files... -ForegroundColor Gray
      2 $thispath=Split-Path -parent $MyInvocation.MyCommand.Definition
      3 $path = Split-Path -parent $thispath
      4 $configpath = "$path/ConfigFiles"
      5 $path2=Get-content $path/CyberPoliceOutput/path.txt
      6 $extensions =@()
      7 $tools =@()
      8 
      9 foreach($line in Get-Content $configpath/extentions.txt) {
     10     $extensions += $line
     11 }
     12 foreach($line in Get-Content $configpath/badtools.txt) {
     13     $tools += $line
     14 }
     15 
     16 if(Test-path "$path2\CheckFilesOutput\VerySuspicious\FoundInUsers.txt") {Clear-content "$path2\CheckFilesOutput\VerySuspicious\FoundInUsers.txt"}
     17 if(Test-path "$path2\CheckFilesOutput\VerySuspicious\FoundInAppData.txt") {Clear-content "$path2\CheckFilesOutput\VerySuspicious\FoundInAppData.txt"}
     18 
     19 Write-host "The CYBER POLICE are checking the $extensions..." -ForegroundColor Cyan
     20 foreach($ext in $extensions){
     21 	Write-host "Checking for .$ext files"
     22 	if(!(Test-path "$path2\CheckFilesOutput\Extentions\$ext.txt")){New-Item -path $path2\CheckFilesOutput\Extentions\$ext.txt -name $ext.txt -type "file" | Out-Null}
     23     else{Clear-content "$path2\CheckFilesOutput\Extentions\$ext.txt"}
     24 	C:\Windows\System32\cmd.exe /C dir C:\*.$ext /s /b | Out-File "$path2\CheckFilesOutput\Extentions\$ext.txt"
     25 
     26     if(!((gc $path2\CheckFilesOutput\Extentions\$ext.txt) -eq $null)){Write-Host "Stuff Found!" -ForegroundColor Yellow}
     27 
     28     foreach($line in Get-Content $path2\CheckFilesOutput\Extentions\$ext.txt) {
     29         if(($line -like '*C:\Users\*') -and !($line -like '*AppData*') -and !($line -like '*CyberPatriotScriptsQ*')) {
     30             $line >> $path2\CheckFilesOutput\VerySuspicious\FoundInUsers.txt
     31             Write-Host "The CYBER POLICE have found a very suspicious file!" -ForegroundColor Red
     32             Write-Host "Location: $line" -ForegroundColor Magenta 
     33         }
     34         elseif (($line -like '*C:\Users\*') -and ($line -like '*AppData*')) { 
     35             $line >> $path2\CheckFilesOutput\FoundInAppData\FoundInAppData.txt
     36         }
     37     }
     38 }
     39 Write-host "CYBER POLICE are done busting files via extentions" -ForegroundColor Green
     40 Write-host "The CYBER POLICE are checking for $tools..." -ForegroundColor Cyan
     41 foreach($tool in $tools){
     42 	Write-host "Checking for $tool"
     43 	if(!(Test-path $path2\CheckFilesOutput\Tools\$tool.txt)){New-Item -path $path2\CheckFilesOutput\Tools\$tool.txt -name $tool.txt -type "file" | Out-Null}
     44     else{Clear-content "$path2\CheckFilesOutput\Tools\$tool.txt"}
     45 	C:\Windows\System32\cmd.exe /C dir C:\*$tool* /s /b | Out-File "$path2\CheckFilesOutput\Tools\$tool.txt"
     46     
     47     if(!((gc $path2\CheckFilesOutput\Tools\$tool.txt) -eq $null)){Write-Host "Stuff Found!" -ForegroundColor Yellow}
     48 
     49     foreach($line in Get-Content $path2\CheckFilesOutput\Tools\$tool.txt) {
     50         if(($line -like '*C:\Users\*') -and !($line -like '*AppData*') -and !($line -like '*CyberPatriotScriptsQ*')) {
     51             $line >> $path2\CheckFilesOutput\VerySuspicious\FoundInUsers.txt
     52             Write-Host "The CYBER POLICE have found a very suspicious file!" -ForegroundColor Red
     53             Write-Host "Location: $line" -ForegroundColor Magenta 
     54         }
     55         elseif (($line -like '*C:\Users\*') -and ($line -like '*AppData*')) { 
     56             $line >> $path2\CheckFilesOutput\FoundInAppData\FoundInAppData.txt
     57         }
     58     }
     59 }
     60 Write-host "CYBER POLICE are done busting bad tools" -ForegroundColor Green